Environment: Citrix XenApp 6.5, Windows Server 2008 R2, Internet Explorer 8.
Scenario: you published IE as a XenApp application, you turned IESEC off through GPOs (or through the Server Manager) and you configured a default home page for all users through a GPOs.
Problem description: at their first logon, your users get the ‘res://iesetup.dll/HardAdmin.htm’ start page which says something like ‘Internet Explorer Enhanced Security Configuration is enabled’. You don’t understand why this happens as you are sure you correctly set the default home page and disabled IESEC. Anyway, when users log on a second time they see their correct home page. This problem might be very annoying when every user has a local profile which is deleted and then needs to be recreated each time.
Problem cause: this problem happens if you disable IESEC after installing XenApp and enabling Remote Desktop Services, in fact, when you do so, the NTUSER.DAT file located in the Default User folder retains some settings that bring you to the ‘res://iesetup.dll/HardAdmin.htm’ on your first logon.
Problem resolution: to avoid this problem disable IESEC before installing XenApp. If it’s too late and you have already installed XenApp without disabling IESEC first, you can replace the NTUSER.DAT file located in the Default User folder with a correct one; to do so follow step #4 described in this Microsoft article: http://support.microsoft.com/kb/933991
Sometimes, if you have your XenApp 6 servers in a multihomed environment, you may need to force the ICA listener to listen on only one NIC. For example it might happen that your web interface returns an ICA.launch which includes the wrong IP address.
The following steps shows how to perform the required configuration: