Archive

Archive for August, 2011

How to Adjust/increase/reduce the RTCP/RTP Port Ranges for use with RTSP

August 31, 2011 1 comment

To stream applications via RTSP, the App-V server uses three channels that are carried through three TCP sockets. First, the App-V client uses the RTSP channel to set up a connection with the App-V Management or Streaming Server. The server opens two private ports (one for the RTP channel and one for the RTCP channel.) The server also sends the port numbers to the client in a response. The client then opens two sockets. Then, the client connects to the private ports that are created on the server. The application is then streamed over the RTP channel. The RTCP channel provides real-time control over the data channel.

For each application that is streamed to an App-V client, a new set of RTP and RTCP channels are created. However, all streamed applications use one common RTSP channel. The RTSP channel is also used to discover available applications on the App-V server.

The default port range is from 49152 to 65535. This can be adjusted on either the streaming server (lightweight) or the Management server (heavyweight) but each one uses different configuration sources.

RtpTcpMinPort

This defines the lowminimumstart range for the private ports.  This will be used for both RTP and RTCP. For the App-V Streaming Server, it is found in the registry at the following location:

Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftGrid4.5DistributionServer

Value: RtpTcpMinPort

Data Type: DWORD

The default value is 49152 but the accepted ranges are from 1,025 – 65535.

For the App-V Management Server, this configuration comes from the SQL App-V Datastore. The database table that stores this is SOFTGRID_SERVERS and the column is rtp_min_port. The default value is 49152 but the accepted ranges are from 1,025 – 65535.

RtpTcpMaxPort

This defines the highmaximumstop range for the private ports.  This will be used for both RTP and RTCP. For the App-V Streaming Server, it is found in the registry at the following location:

Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftGrid4.5DistributionServer

Value: RtpTcpMaxPort

Data Type: DWORD

The default value is 65535 but the accepted ranges are from 1,025 – 65535.

For the App-V Management Server, this configuration comes from the SQL App-V Datastore. The database table that stores this is SOFTGRID_SERVERS  and the column is rtp_max_port. The default value is 65535 but the accepted ranges are from 1,025 – 65535.

Installation Options on the Streaming Server

Both RTPTCPMINPORT and RTPTCPMAXPORT are available command line options during the installation of the App-V Streaming Server. These options are not available on the App-V Management Server installer.

Categories: Uncategorized Tags: , , , , ,

Help! My Virtual PC Appears to be Possessed!!!! (a.k.a – the Case of the Auto-Hibernating Virtual PC)


I recently encountered a customer issue where, periodically, for what appears to be no reason at all, while a user is working in a Virtual PC (virtual machine in Windows Virtual PC for Windows 7) – it will hibernate on its own. In some cases, the user was in the process of doing work.

At first I did not think that would be possible but it was quickly confirmed. A quick investigation confirmed that MED-V 2.0 was installed – yet the user was working outside of MED-v using the Virtual PC in VPC only – or full desktop mode.

We also noticed the following event was being logged in the MED-V event log at the same time this was occuring.

Event ID: 11004

Task Category: Guest Patching

Message: “VM is being stopped during the configured update window.”

It turns out the Virtual PC was interrupted by the Guest Patching Service of MED-V 2.0. What we did to resolve this was adjust the registry value GuestUpdateDuration in the registry key (HKEY_LOCAL_MACHINESOFTWAREMicrosoftMedvv2VM) to 0. This prevented the problem from re-occuring.

MED-V assumes it will be waking a VM up when not in use by MED-V. When the same VM used by MED-V is currently opened exclusively by VPC in full desktop mode, MED-V tiggers VPC to close the VPC using its default action (hibernate.) The value GuestUpdateDuration defines the number of minutes that MED-V should keep the MED-V workspace awake for updating, starting at the time contained in GuestUpdateTime. Enter 0 to disable.

Remember that MED-V v2.0 was only designed for provisioning applications to run in seamless mode.

App-V: App-V Client Issues Streaming from App-V/IIS Server using XP with IPV6


The App-V Client (running under Windows XP) may fail to stream from App-V Server (or IIS Server) when running IPV6. You may get an error similar to the following:

[08/18/2011 10:23:32:058 JGSW ERR] {tid=10CC:usr=steveth}
The Application Virtualization Client could not connect to stream URL ‘http://server/content/application/package.sft’ (rc 16D1100A-0000E005, original rc 16D1100A-0000E005).

[08/18/2011 10:23:32:058 PMGR ERR] {tid=10CC}
Failed to background load package {package} (rc 16D1100A-0000E005).

[08/18/2011 10:23:32:059 AMGR WRN] {tid=10CC}
Attempting Transport Connection
URL: http://server/content/application/package.sft
Error: 24604F0A-40002EE2

Windows XP supports DNS queries only over the IPv4 protocol, but will support IPv6 queries (such as PTR and AAAA) which is why name resolution will fail.  Unless the the WinXP client is dual-stacked with both IPv4 and IPV6, you may have issues with the App-V client and IPv6.

It is important to note that this problem is only found on clients running exclusively IPv6 on Windows XP clients only.

 

Categories: Uncategorized Tags: , , , , ,

How an Enterprise Administrator can Determine MED-V 2.0 FTS Completion and Provide Remediation quickly.


When deploying large amounts of MED-V 2.0 workspaces in the enterprise, Microsoft offers several flexible options for determining on a large scale if MED-V First-time-setup occurred properly. The goal of this is to be able to incorporate this into an existing software/operations management infrastructure.

Event Viewer/Event Collections

In Windows 7, under the Applications and Services Event Logs, is the MEDV Event log for the Host Agent. If you are tracking event logs through an operations management application or other event collector you can leverage the following Event ID’s for tracking FTS progress.

EVENT ID

Task Category

Event String

Description

3068

Workspace Setup

Workspace setup completed workspace install action.

MED-V Workspace MSI Installer has completed. This will happen prior to FTS.

3072

Workspace Setup

Start of workspace setup sequence accepted by the user.

FTS has begun because the end user has clicked to start.

3073

Workspace Setup

Start of workspace setup forced.

User timeout value has passed and FTS is starting by force.

3057

Workspace Setup

Workspace setup started.

This event will be logged regardless of how FTS begins.

3077

Workspace Setup

Workspace is ready for use.

Final indication of FTS completion.

6016

Workspace Setup

The virtual machine is ready.

Indication that VM has completed its setup.

3150

Workspace Setup

Workspace setup sequence timed out

If found, will be coupled with 3078 and/or 3071.

3078 and 3071

Workspace Setup

Workspace setup failed.

MED-V FTS did not complete. Key Event ID’s for tracking FTS failures. 3071 will track as an Error.

3013

Workspace Setup

Error Detected  While launching workspace setup sequence

This will be followed by a more specific error.

3079

Workspace Setup

Retrying workspace setup.

If workspace setup times out or fails it will periodically continue to retry setup.

3064

Workspace Setup

Timed out turning off workspace.

This error can happen when trying to turn off/shutdown workspace.

3132

Workspace Setup

Error detected while detaching disk image from workspace.

When passing VFD to the workspace for the modified sysprep process, this error can occur.

3146

Workspace Setup

Failed to turn off workspace while finalizing the preparation of the workspace.

Usually follows Error 3064. This error can happen when trying to turn off/shutdown workspace.

 

Microsoft Enterprise Desktop Virtualization (MED-V) Configuration Pack

Microsoft also makes available a DCM (Desired Configuration Management) pack for MED-V FTS. You can download the DCM package here.

http://www.microsoft.com/download/en/details.aspx?id=26219

This MED-V Configuration Pack provides a way for administrators to use the Desired Configuration Management feature of System Center Configuration Manager to track the successes and failures of FTS.

The MED-V WMI Provider

MED-V 2.0 includes a fully-featured WMI (Windows Management Instrumentation) provider. You can also leverage any ESD (Electronic Software Distribution) solution that leverages WMI through a WQL query, script, or even through the WMIC command.

 

For example, the WMIC command above:

Wmic /NAMESPACE:\rootmicrosoftmedv PATH FTS_Status

returns the status code of 3013 indicating an error mirroring what will be in the local hosts event viewer’s MEDV log (Error Detected  While launching workspace setup sequence.)

Whereas the command below indicates successful completion (FTS_status=0.)

So what if there are errors? What is the best way to test FTS completion? For me, if there is an error during testing or even post-deployment, I will change the FTS mode from unattended to attended so I can watch the setup through the VPC preview screen. You can do this by changing the Mode registry value:

KEY: HKEY_LOCAL_MACHINESoftwareMicrosoftMedvv2Fts

Value = Mode

Data = Attended

You can also adjust the Powershell code by switching the –FtsMode switch over to “Attended” as shown in the example PowerShell code below:

import-module -Name “Microsoft.Medv”

$regFileInfo = New-MedvConfiguration -VmNetworkingMode “BRIDGED” -UxLogonStartEnabled “False” -UxCredentialCacheEnabled “True” -FtsMode “Attended” -VmMultiUserEnabled “False” -FtsAddUserToAdminGroupEnabled “True” -FtsStartDialogMsg “A virtual environment is being created for application compatibility. The first time setup process can take several minutes to complete.” -FtsFailureDialogMsg “First time setup failed while creating a virtual environment for application compatibility.” -FtsRetryDialogMsg “First time setup failed while creating a virtual environment for application compatibility.” -FtsSetUserDataEnabled “True” -FtsSetJoinDomainEnabled “True” | Export-MedvConfiguration -Path “C:medv2-packagesWindows XP Compatibility.reg” –PassThru

Now, the setup will show you the progress and you can home in on the issue that may be happening behind the scenes. In the example below, we see the failure is actually a timeout due to an invalid parameter being specified for the domain in the SYSPREP.INF file.

Categories: Uncategorized Tags: , , , ,

Transitioning Blog to Technet – http://blogs.technet.com/b/gladiatormsft


Effective this week, I will be transitioning this blog over to technet. There will be no more direct posts here. there will be only links referencing new posts on Technet. This site will remain up along with all of the existing posts.

Transitional Post Below:

http://blogs.technet.com/b/gladiatormsft/archive/2011/08/23/app-v-recommended-upgrade-preparations-and-rollback-procedures-when-upgrading-from-app-v-management-server-4-5-rtm-or-sp1-to-sp2.aspx

Categories: Uncategorized

App-V: Recommended Upgrade Preparations and Rollback procedures when upgrading from App-V Management Server 4.5 RTM or SP1 to SP2.


Before Upgrading to App-V 4.5 SP2 on the management server, it is recommended to first review the release notes for added features such as SQL mirroring support.

App-V 4.5 SP2 Release Notes

http://technet.microsoft.com/en-us/library/ff699130.aspx

Also, you can download the installation for SP2 here:

http://www.microsoft.com/download/en/details.aspx?id=25291

Pre-Upgrade Recommendations

The following are recommendations for preserving information and critical data to ensure a proper rollback is available in the event of an upgrade failure or a desired rollback to a previous version of the App-V server.

1.)    Backup a copy of the App-V management SQL datastore. In SQL this is the APPVIRT database by default.

2.)    If .NET 4.0 is installed and you are using Windows Server 2003, The current work around is to:

a. Remove the .NET 4.0 (temporarily as it will be re-added later.)
b. Restart the server.
c. Perform the Upgrade. Restart the server.
d. Reinstall the .NET 4.0 Framework.

Potential Upgrade Failures

The following are recommended options for rollback should an error occur during upgrade.

In the event of a 25109 error, please use Rollback Option #1 for rolling back the server to its previous state.

In the event of a 25119 error (or any error not otherwise mentioned), please use Rollback Option #2 for rolling back the server and data store to its previous state.

In the event of a 2512* error, please use rollback option #3 for rolling back the AppVirt management Service (ASP.NET Web Management Service) to its previous state.

In the event that the installation completes successfully and you decide for reasons otherwise not mentioned here to roll back the server to its previous state, please refer to Rollback Option #2 for rolling back the server to its previous state.

Rollback Option #1

A 25109 error indicates failure to connect to the database. In the event of this error, all that needs to be rolled back are the binaries on the App-V Management Server.

1.)    After the installation rolls back, very connectivity to the App-V Management server.

2.)    If the binaries list version numbers at SP2 (4.5.3.XXX) uninstall the App-V Management server and reinstall your previous version.

Rollback Option #2

A 25119 error or a successful completion of the upgrade means that both the App-V Management server binaries and the SQL data store have been upgraded. The rollback procedure requires both the server binaries and the data store to be reverted back to its previous version.

1.)    Restore the previously backed up version of the App-V data store on the SQL server back to its previous version.

2.)    The App-V Management Server will likely be rolled back to its previous version during the installation. If this as a rollback following a successful installation then the existing version will need to be uninstalled and the previous version will need to be reinstalled.

Rollback Option #3

1. Manually uninstall ONLY the AppVirt Management Service (Service – not server.)

2. Restart the server.

3. Reinstall AppVirt Management Service component from SP2 media.

– Steve Thomas

Yes, Trusteer Rapport does break App-V

August 18, 2011 1 comment

You may have encountered problem with slow logons, slow startups, and slow access to applications when using App-V in conjunction with security software known as Trusteer Rapport. The Trusteer Rapport issue is timing related. It also appears to have a signficant effect on Windows XP machines (since the App-V Client service cannot be set to a delayed start.)

For information on Trusteer Rapport, this is their own support page:

http://www.trusteer.com/support

According to their FAQ, it is currently listed as not being compatible with App-V and that they’re working with the vendor to resolve it.

From their FAQ, as it’s not entirely easy to find:

http://www.trusteer.com/support/faq/supported-platforms

There’s a section under there about “are there any known conflicts” which leads to the app-v page:

http://consumers.trusteer.com/appv

and here:

http://consumers.trusteer.com/compatibility-other-security-software

Why is it happening?

There is contention when you startup as this software is preventing SFTLIST from completing initialization. This is the SFT Listener process which is a primary component of the App-V Client service. If you combine this with  SFTTRAY launching at startup (within the “Run” registry key) as well as combining this with SFTDCC loading in USERINIT (to support DC Refresh upon login if configured) –  the resulting negative user experience ranges extremely slow logons to virtual applications never being available.

So What are your Options?

You can uninstall Trustee Rapport or you can try to get them working together by leveraging KB 973756 which takes SFTTRAY /autostart out of the run key.

http://support.microsoft.com/kb/973756

Step two in this article may turn you off as it requires putting the App-V client service in manual startup mode.

Also note – some customers have gotten success with the delayed start feature on Windows 7 for the App-V client service.

– Steve Thomas

App-V: Don’t use WMI for querying virtual registries.

August 10, 2011 5 comments

It is important to understand that the virtual registry is designed for virtualization of an application’s registry and it facilitates it through the interception of standard Win32 registry APIs. These APIs (i.e. RegOpenKeyEx, RegEnumKeyEx,  RegEnumValue,  RegCreateKeyEx, etc.)

I have, from time to time, dealt with alleviating confusion with how to access the virtual registry. I have often encountered a problem with applications and especially scripting where the application or script is unable to properly accessing the registry. Here is an example scenario which you can practice and demonstrate on your own sequencer and client.

On a machine with the App-V sequencer, pre-create the following registry key and value:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Test1\Key1
  • Value: Value1
  • Type: REG_SZ
  • Data: Data1

On an App-V 4.6 sequencer machine, create the following VREG exclusion:

  • \REGISTRY\Machine\Software\Test3\Key3\

Now, open up the App-V sequencer and create a new virtual application package. I do the experiment on both the 4.6 and 4.6 SP1 sequencer.

Accept the defaults, give it a test name. Start monitoring. During the monitoring phase, open a command prompt and do the following using the “reg” command.

Create the following key and value:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Test2\Key2
  • Value: Value2
  • Type: REG_SZ
  • Data: Data2

Using the following command:

reg add HKLM\Software\Test2\Key2

reg add HKLM\Software\Test2\Key2 /v Value2 /d Data2

Now Create the following key and value:

HKEY_LOCAL_MACHINE\SOFTWARE\Test3\Key3

  • Value: Value3
  • Type: REG_SZ
  • Data: Data3

Using the following command:

reg add HKLM\Software\Test3\Key3

reg add HKLM\Software\Test3\Key3 /v Value3 /d Data3

Don’t click Stop Monitoring button. Now run “regedit” from the same command prompt.

Verify the entries under HKEY_LOCAL_MACHINE\SOFTWARE\

You will see keys for test1 and test2, because of what was locally present (Test1) and remember the exclusion (Test3).

Now stop monitoring. Continue to configure the package by creating a command prompt shortcut for the package. Now launch the Command prompt when optimizing for streaming phase (launch phase) – then launch regedit.exe.

You will see only Test1 and Test2 keys again.  Exit regedit and exit the command prompt. Don’t close – select option to modify package.

Now confirm that under the “Virtual Registry” you will see keys test2 only.

Save the package and deploy and launch the application on a test App-V client. On that same machine with the App-V client, pre-create the following registry key and value:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Test1\Key1
  • Value: Value1
  • Type: REG_SZ
  • Data: Data1

Launch the application (which will launch the command prompt.) From a command prompt, launch regedit and you will see the virtual registry entries.

Open notepad, create and run a vbscript as below for using WMI to read registry keys that are created in above steps.

SCRIPT1.VBS

---------------BEGIN--------------------
dim RegKeyPath, RegValueName, RegValue
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set RegObj=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
RegKeyPath = "SOFTWARE\Test2\Key2"
RegValueName = "Value2"
RegValue = ""
RegObj.GetStringValue HKEY_LOCAL_MACHINE,RegKeyPath,RegValueName,RegValue
If IsNULL(RegValue) Then
 msgbox "Returns NULL"
Else
 msgbox RegValue
End If
---------END----------------

Now when you run this script in the virtual command prompt, it returns null. Now when you run this next script:

SCRIPT2.VBS

------------BEGIN-------------------
dim RegKeyPath, RegValueName, RegValue
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set RegObj=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
RegKeyPath = "SOFTWARE\Test1\Key1"
RegValueName = "Value1"
RegValue = ""
RegObj.GetStringValue HKEY_LOCAL_MACHINE,RegKeyPath,RegValueName,RegValue
If IsNULL(RegValue) Then
 msgbox "Returns NULL"
Else
 msgbox RegValue
End If
-----------END-----------------

Now when you run this script, it returns success. Why? If you look at the VBSCRIPT syntax, notice it uses the WMI provider to query the registry which is local and outside the virtual registry. Key Test1 is resident locally, and Key Test2 is virtual.

Steve Thomas

Categories: App-V Tags: , , , , ,

App-V: The Case of the Lingering File Type Association

August 9, 2011 3 comments

I recently encountered an issue where a customer deployed a virtualized instance of Adobe Reader and then later moved to a locally installed version. The customer was wondering why clicking on the PDF documents resulted in the virtualized instance of Adobe Reader trying to open the document (which was removed so an error was displayed.)

We examined HKEY_CLASSES_ROOT and found there was still the presence of the old FTA going back to SFTTTRAY /launch. Since the FTA’s stored in HKEY_CLASSES_ROOT  are an amalgamation of User and System FTA’s, we needed to check both the HKEY_LOCAL_MACHINE\Software\Classes key as well as the HKEY_CURRENT_USER\Software\Classes key because the USER-configured FTA’s will take priority.

In fact, tracking FTA’s with virtualized applications require searching the following keys to track down FTA storage:

  • HKEY_USERS\<User SID>\Software\Classes (or HKEY_CURRENT_USER\Software\Classes)
  • HKEY_CURRENT_USER\Software\Microsoft\SoftGrid\4.5\Client\FileExtensions
  • HKEY_LOCAL_MACHINE\Software\Classes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client\FileTypes

When searching for the .PDF and its corresponding document objects we found that the left over FTA was coming from the User Hives:

HKEY_USERS\<User SID>\Software\Classes (or HKEY_CURRENT_USER\Software\Classes)

HKEY_CURRENT_USER\Software\Microsoft\SoftGrid\4.5\Client\FileExtensions

The file type associations were no longer present under

HKEY_LOCAL_MACHINE\SOFTWARE\Classes and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client\FileTypes

We found that after removing the Adobe Application from the client, it would always appear to remain no matter what we were trying from the App-V angle. Even purging the global and user caches manually, the FTA would always come back even though it was not on any app-v client or server.

A Roaming, Mandatory Profile

Even going into the registry and manually removing it would not cause this issue to permanently go away.

What was even more disturbing was the fact it was still showing up under:

HKEY_CURRENT_USER\Software\Microsoft\SoftGrid\4.5\Client\FileExtensions

after every logoff.

That’s when it hit me! Roaming Profiles were being used. I was already aware of that but what we did not know (until I was looking at a userenv.log file to see if there were profile upload issues upon logoff) was the fact that the user was using a mandatory profile.

Now, while mandatory profiles are not recommended or needed for App-V server-based environments, they will not cause these types of problems in and off themselves so long as the mandatory profile is user-neutral of any App-V configuration.

So how did the FTA get there?

The Profile was created while an account had been logged in and connected to an App-V management server. Before the user logged off to preserve the profile, the App-V client had done a refresh against the publishing server and brought down Adobe Reader and the file type associations. The FTA information was stored in the user’s registry.

Modifying the original hive from the source mandatory user profile resolved the issue.

Steve Thomas

MED-V v1: Error: “System.NullReferenceException: Object reference not set to an instance of an object” when trying to browse for users using the “Find” option using the MED-V v1 Server Configuration utility.


When using the MED-V Server Configuration utility (serversettings.exe)) you will get an exception when you attempt to use the search capability to find users in Active Directory.

If you select the permissions tab, then select add, then select find, then select advanced, and then select find now. Finally, select one or two user groups. Click OK twice and you will get the following exception:

 

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
   at Kidaro.Management.Forms.UserSelectionUtils.FindUsers(IWin32Window parent, Boolean localUsers)
   at Kidaro.Management.Forms.UserSelectionUtils.EntitiesFindHandler.Handler(Object sender, FindUsersEventArgs e)
   at Kidaro.Management.Forms.UserSelectionForm.FireFindRequested()
   at Kidaro.Management.Forms.UserSelectionForm.FindClickHandler(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at DevExpress.XtraEditors.BaseButton.OnClick(EventArgs e)
   at DevExpress.XtraEditors.BaseButton.OnMouseUp(MouseEventArgs e)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at DevExpress.XtraEditors.BaseControl.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

This is a known issue in MED-V v1.0 SP1.

The current workaround is to avoid using the Find feature to select multiple users and/or groups. This issue still appears in SP2 for MED-V v1.

Categories: MED-V Tags: , , , ,