Ever since the summer (TechEd) I have been promising customers we would have a white paper coming on this. Well, we have just published a new App-V 5.0 and Citrix
integration overview white paper.
Whitepaper Title: App-V 5.0 and Citrix Integration overview
Abstract: This whitepaper is designed to provide administrators with guidance for combining Microsoft’s App-V 5.0 and Citrix solutions. It discusses the benefits of an App-V 5.0 and Citrix combined solution, and includes recommendations for Citrix images, App-V cache management, App-V management with Citrix, and other factors that impact user experience and administrative effort. Whether you are using XenApp or XenDesktop, this paper will be a must read!
It is available to download here
If you are like me you may be doing a lot of reimaging for Windows 8.1 now that is has become generally available. If you are also like me, you have installed Windows 8 on multiple devices and sign in with the same Microsoft Account. In case you did not already know, here is how you can easily re-find all of your Windows store applications without having to go through an search for all of them again. You can reload all of your Windows Store “Modern UI” applications simply by logging onto the same Microsoft account. All of the applications you have already installed in your other devices that use the same Microsoft Account are tagged to your account to simplify reloading. So to quickly refresh all of you Windows store-based (modern) applications:
1. Open the Microsoft Store Application from the Start Screen.
2. Bring up the Application Menu by simply just right-clicking.
3. Select Your Applications and Install!
It’s as simple as that!
So, I am hanging out on the Technet Forums one Saturday night and I got inspired by a thread (http://social.technet.microsoft.com/Forums/en-US/9b136314-77be-4568-8bc6-6e2ed865f43e/this-document-could-not-be-opened-it-does-not-appear-to-be-a-crystal-report-document) to write this particular blog post. Yes, before I go any further, I will acknowledge the pathetic revelation of what I like to do on a Saturday night – because there is nothing more wild and crazy than hanging out on the forums. Anyway, I wanted to stress the importance of how you can use the sequencer as a troubleshooting mechanism to determine whether an issue with a problematic application is tied to the sequencing process or is an issue with virtualization (in general or with a particular virtualization subsystem.) So, it makes total sense that here I am late on a Friday revealing doing something I love to do – wax poetic about App-V on my blog!
So, if you encounter errors in your application and you suspect that an important asset was not captured during sequencing or you cannot eliminate whether or not a clean sequencing machine was used – you can always DEVIRTUALIZE! Devirtualization is a great step in troubleshooting as it helps you determine if an APPV package has all of the necessary file and registry assets. Here is what you need:
You will need a clean sequencing machine with . . .
- . . . the same version of the sequencer used to sequence the application.
- . . . any dependencies or middleware that the application needs to run (otherwise not included in the package.)
- . . . a troubleshooting toolkit (i.e. Process Monitor)
Once this is in place, copy the package to the sequencer machine and then launch the sequencer application. From the Tools menu, select “Expand Package to Local System.”
Select the APPV package. It will then expand the package to a local installation footprint. If the application was sequenced properly, then all of the file, registry configuration, environment variables, and extension points will “install” to the local operating system. Once the expansion has completed, you can then proceed to launch and test the application. If the application functions correctly, you know the problems you have encountered with the application are not a result of sequencing issues. You can then redirect your troubleshooting towards issues including but not limited to:
- Virtualization subsystems (Virtual COM, Virtual Objects, Virtual Services, VFS, etc.)
- Incompatibilities with virtualization as a whole (drivers, COM+, etc.)
- Information that could have been captured incorrectly in the FSMetadata.xml file (Short Names, Directory Opacity)
- Registry Opacity
- Static Dependencies
If the application fails to launch or function as expected after de-virtualization, then you can proceed to troubleshoot using your troubleshooting toolkit. Usually Process Monitor is quick to isolate these issues (missing files or registry entries.) However, you should always inspect the native equivalent of the extension points as well.
If you have had a chance to sequence Firefox within App-V 5, you probably have encountered an issue where none of your preferences seem to be retained after exiting Firefox. Anything from loaded plug-ins, to tab preferences, to even the home page seem to always revert back to the default. This scenario is pretty easy to reproduce with a clean sequencer template and the default App-V sequencer exclusions. I used Firefox 18.0.2 installer to demonstrate this issue.
What is happening?
A user launches Firefox and proceeds to set all of their customizations (Home Page, Tab settings, etc.) with in the options menu (using the Firefox menu on the top left corner.)
After making these changes, exit out of Firefox (ensure the actual process terminates) and re-launch the application. All of those changes within the options menu are gone and you have been reverted back to the “first-launch” Firefox experience. A repeat process and it happens again. And again.
Troubleshooting what is actually happening
So for me, capturing two separate process monitor traces usually helps me sort this out. I started a Process Monitor trace to capture launching Firefox and saving a simple preference. Then I stopped the capture, saved it, and re-launched process monitor in order to capture the exit and re-launch for Firefox. I do this a lot and I will work from the middle. My initial guess was that the issue with saving the preferences actually happened on exit. Before I looked at the process monitor trace, I needed to know how these preferences are actually being stored (in the registry, within a file, etc.)
I found that the preferences are being saved in a file called prefs.js. Interesting. So I pulled up the first process monitor PML I captured and filtered for a path that contained prefs.js.
I found numerous CreateFile, QueryBasicInformation, and CloseFile operations on prefs.js as I was walking the trace through the normal VFS hook/walk functions (Integration symbolic link, “gold” package store, user-mode VFS, etc.) The CreateFile operations seemed to be normal when the desired access was READ, READ EA, SYNCHRONIZE and are successful. However, as I moved on down at the time I started changing settings and clicking OK, I saw that a CreateFile to the same Prefs.js file was failing with ACCESS DENIED. This time the desired access also included a GENERIC WRITE. Odd, these should normally be supported too.
Looking at the second trace where I captured closing and reopening Firefox, I found numerous instances of the failed writes to the prefs.js file. This prefs.js file was located beneath the user’s roaming %APPDATA% folder.
So again, what exactly is happening and why?
This requires a little bit of background. As you may have discovered, virtual assets in App-V (files, folders, registry keys, etc.) are not made invisible. They are not isolated in the sense they are in human readable formats – yet they are still state separated. When processes are hooked by App-V, they still see things virtually as they would in previous versions of App-V. It’s just the job of App-V behind the scenes to redirect everything to the appropriate location.
When you look at the file layouts of an AppV Package from within native explorer, you will see a read-only package beneath the %PROGRAMDATA%AppV folder. If you look inside C:Program Files, you will not see the Mozilla Firefox subdirectory. However, if you configure Explorer to launch inside an App-V bubble, you can view the VFS directly as the application sees it. All you have to do is first configure explorer to launch inside a separate process. In any explorer folder window pull up “Folder and Search Options,” select the View tab, and check the box to “Launch Folder Windows in a Separate Process.”
Then using the /APPVVE or /APPVPID extension launch a command prompt inside the virtual environment you would like to view. Then you can spawn an explorer process inside the App-V bubble.
In the figure below, the same folder is viewed with the top window coming from a native explorer process and the bottom from an explorer process running inside the virtual environment of Firefox.
Now using the same bottom window running in the virtual environment, I navigate over to that particular directory where the prefs.js file is.
I open and try to modify it. It prompts me to save it into a different location. The issue reproduces in this manner as well.
While running this process, we are viewing the true virtual package view in which we are combining and merging the view of two different namespaces. The base package or “GOLD Package” and the “User Store” (within the User Profile in %LOCALAPPDATA%.)
While this demonstration was long, I did it to demonstrate something implemented in the complex App-V 5 VFS is a component known as the VFS COW (Copy-on-Write) filter. The COW manages per-user data and package wide data that are stored per-user (in the case of applications that are targeted to the user.) Writes are redirected from the base package location to a COW location inside the user’s profile. This makes it possible for users to have different views of the same package and all changes are isolated between users. It also prevents users from tampering with App-V packages from outside the virtual environment yet it will STILL allow Anti-Virus applications to scan and REMOVE viruses from a virtual application should the rare case in which one would arrive via an App-V package. The mappings maintained inside the registry as shown here for FireFox (based on its GUID.)
One particular item that is also a feature of the COW are the COW Exclusions. Copy-on-Write functionality will not occur for certain file types. In the case of Firefox, it is not a problem with it writing to a COW location, but the file type in which it is trying to write. Files with extensions of EXE, CMD, MSI, COM, BAT, JS, VBS, DLL, and others cannot be modified because it will trigger a new instance of these files within the user’s profile and these extensions are normally associated with executable code or scripts.
How to resolve?
You have a few options here. You can simply exclude the folder containing the file from sequencing or you could take advantage of user state management solutions that work with App-V (UE-V, RES, AppSense, FlexProfiles, etc.)
Is this a Bug?
In the context of App-V, no. Is this a victim of the design of App-V 5? Before you rush to judgment, let me offer you this scenario and that might shed light on who you should be directing your potential outrage against. This particular issue boils down to one simple thing – Firefox saving preferences to a JS file. It is never a good idea for enterprises to have applications that are executable (or executable scripts) to reside in the context of the user’s profile. This is why most enterprises resent Google Chrome and other applications that install executable code into user profile locations. Historically, the AppData folders were also targets of AdWare and Spyware.
The feed of Windows Azure Pack Gallery Resources and SCVMM Service Templates which are compatible with the RTM releases is now LIVE
Windows Azure pack information can be found here: http://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack/default.aspx#fbid=w0JHn-YWZV6
The Windows Azure Pack is a collection of Windows Azure technologies available to Microsoft customers at no additional cost. Once installed in your datacenter, the Windows Azure Pack integrates with System Center and Windows Server to help provide a self-service portal for managing services such as websites, Virtual Machines, and Service Bus; a portal for administrators to manage resource clouds; scalable web hosting; and more.
The feed of Windows Azure Pack Gallery Resources and SCVMM Service Templates which are compatible with the RTM releases is now LIVE at:
This release includes more than 40 deployable templates to get you started including:
- SharePoint 2013
- SharePoint Foundation 2010
- Microsoft SQL Server 2013
- Domain Controller
- Windows Server 2012 R2 HA Network Gateway
- Windows Server 2012 R2
- Windows Server 2012
- Database Servers
- MySQL Server (Windows and Linux)
- Oracle Self Service Kit
- Linux applications including
- CentOS6 LAMP
- WordPress CentOS6
- Samples to enhance authoring
- Custom Script
- Custom Script with Environment Variables
- Linux Generic
- Service Template Example Kit
- and more
For information on how to use this feed and import items in the Windows Azure Pack you can use the following resources:
- Downloading and Installing Windows Azure Pack Gallery Resource:
- Video: Using the Service Models Web Platform Installer Feed – https://www.youtube.com/watch?v=eAvOUNqqYfc&feature=youtu.be
- Technet: Downloading and Installing Windows Azure Pack Gallery Resource – http://social.technet.microsoft.com/wiki/contents/articles/20194.downloading-and-installing-windows-azure-pack-gallery-resource.aspx
- Video: Virtual Hard Disk Requirements for the Virtual Machine Role Gallery – https://youtu.be/eAvOUNqqYfc
- Technet: System Center 2012 R2 Virtual Machine Role Authoring Guide – http://social.technet.microsoft.com/wiki/contents/articles/18272.system-center-2012-r2-virtual-machine-role-authoring-guide.aspx
Are you an App-V Guru? Are you good with traveling? Do you work well with customers? Are you agile when it comes to developing client solutions. Do you remain adept on ever-changing industry standards?
MCS (Microsoft Consulting Services) is hiring! Contact me for more information! 🙂
So, Microsoft had a bunch of new releases this week! Windows 8.1, Windows Server 2012 R2, a Bing Facelift. With all that has been going on in the past couple of weeks, it easy to miss something. For those of us who live in the world of virtualization and cloud, some additional (very handy) software and resources have been made available to make our lives much easier in the field.
For starters, we released some well-needed guidance for our VDI folks out there:
Desktop Hosting Reference Architecture Guide
DaaS (Desktops as a Service) continues to grow – especially in worlds where one-to-many virtual desktops are desired for the reduction of overall density and real estate consumption. In addition, something our internal field engineers have been perfecting over the past few years has also been made public – a performance and optimization guide for the Windows 7 operating system in a virtual desktop (VDI) environment.
Performance Optimization Guidelines for Windows 7 Desktop Virtualization
A Big Release for the BYOD (Bring-your-own-Device) Space, Stronger Security Options for Azure, and Free Stuff!
When you read the above link, you will also learn Microsoft now has Remote Desktop apps for iOS, Mac OS X and Android! Talk about burying the lead! Yes, with the release of Windows Server 2012 R2, we are introducing new Microsoft Remote Desktop end-user applications for iOS, Mac OS X and Android. Just like our modern apps for Windows and Windows RT these provide easy access to virtual machine based desktops, session based desktops and RemoteApp programs, as well as the ability to remote to a PC. With Windows Server 2012 R2 Remote Desktop Services we continue to improve the management and deployment, solutions economics, and end-user experience for virtual desktop and server based computing experiences. In particular, new storage capabilities like tiered storage spaces and online VHD de-dupe dramatically reshape the economics of delivering a remote desktop services solutions. And now these new apps extend a rich Windows experience to a new range of devices.
Except of course WP8 for right now 😦
The Windows Azure Multi-Factor Authentication Server (the on-premise version of PhoneFactor) is supported for use with RD Gateway and will function with RDWeb/RDG in an Azure VM, see http://technet.microsoft.com/en-us/library/dn394287.aspx for the most current documentation.
Also there is the Windows Azure Multi-Factor Authentication for Windows Azure Active Directory (http://technet.microsoft.com/en-us/library/jj713614.aspx – the hosted version of PhoneFactor) does not natively integrate with RD Gateway.
Free E-Books from Microsoft!
Finally, a wealth of free books have been released from MS Press revolving around public, private, and hybrid cloud scenarios.