Archive

Archive for March, 2014

App-V 5: On Roaming Exclusions

March 21, 2014 3 comments

When you use App-V with roaming profiles or a service or product that may roam integration settings of virtual applications, it was historically assumed by App-V that once a package’s extension points are laid down (or integrated,) roaming user profiles will carry it alongside the user’s catalog, keeping the two in sync.  The App-V 5 Client Integration component depends on the ability to rely on the client’s copy of the catalog to determine which extension points get generated (or re-generated.)  This is how App-V 5 Integration quickly calculates which extension points and integration links (junction points) will be needed to be created during publishing. Back in previous versions when everything was isolated into individual FSD and PKG files, it was pretty easy to integrate App-V data into your roaming user environments.

As you may note, I am purposely using the term “Roaming User Environment” – as in – a generic term that not only refers to Roaming User Profiles native to Windows, but also environments which may be roamed using Citrix UPM (User Profile Manager, AppSense UEM, UE-V, RES, Immidio, etc.) Many of these environment managers work more granularly than the standard Windows configuration. The App-V 5 client configuration allows administrators to align their roaming user environment configuration with their App-V client configuration.  Specifically, administrators identify which registry key locations under HKCU and which directory locations under %USERPROFILE% do not roam.

The App-V Client Integration component uses its Client Configuration to set and get roaming exclusions.  The exclusion lists are captured in the App-V Client Configuration using the following keys:

HKLMSoftwareMicrosoftAppVClientIntegrationRoamingFileExclusions

HKLMSoftwareMicrosoftAppVClientIntegrationRoamingRegistryExclusions

Each roaming exclusion list is a REG_SZ value which is a semicolon-separated list of paths to excluded data.  File exclusion paths are relative to %USERPROFILE% and contain no leading slash or trailing slash.  Registry exclusion paths are paths to keys relative to HKEY_CURRENT_USER and contain no leading or trailing slashes. The App-V client setup establishes a default roaming configuration for the client machine as a best effort during client installation according to these well-known Windows settings. For example, Windows never roams registry data under SOFTWAREClasses, and may erase it on logoff, so the exclusion list set during AppV Client setup will always include SOFTWAREClasses.

Configuration of Roaming Exclusions

Of course, one should recognize that this may not be enough. Administrators that wish to change the list of roaming exclusions from the default configuration populated during client installation can do so. Roaming Exclusions can be configured by way of:

Manual Registry Configuration: Per the information in the proceeding paragraphs, you can make adjustments by modifying HKLMSoftwareMicrosoftAppVClientIntegrationRoamingFileExclusions

And/or HKLMSoftwareMicrosoftAppVClientIntegrationRoamingRegistryExclusions

Please bear in mind that the changes you make will take effect for new users only logging onto that App-V 5 client.

PowerShell: You can use the following PowerShell Cmdlets to set roaming exclusions:

Set-AppvClientConfiguration –RoamingFileExclusions

Set-AppvClientConfiguration –RoamingRegistryExclusions

 

Please bear in mind that like everything else the CmdLet will check to see if these settings are applied and managed via GPO by checking HKLMSoftwarePoliciesMicrosoftApplication Virtualization.  If any of the provided configuration is in the GP registry node, the cmdlet will fail.  If the group policy does not own any of the supplied configuration, the settings are written to the HKLMSoftwareMicrosoft. Please also Please bear in mind that the changes you make will take effect for new users only logging onto that App-V 5 client.

Group Policy Object (GPO): The MDOP ADMX templates include settings for both Roaming File and Roaming Registry Exclusions. This will enable you to pre-deploy these configurations via GPO. The ADMX template can be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=41183

Deployment Using Installer Switch: Per http://technet.microsoft.com/en-US/library/jj687745.aspx – you can supply this configuration upon deployment of the App-V Client using the following switches:

/ROAMINGFILEEXCLUSIONS

Usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'

/ROAMINGREGISTRYEXCLUSIONS

Usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients

Administrators managing environments that don’t support roaming user profiles can disable all roaming exclusions by emptying the list using Group Policy.  This yields the best possible performance for integrated extension points because extension points are never re-integrated unless explicitly requested through manifest policy, dynamic configuration, or package updates.

The App-V 5 integration system (that creates and manages shortcuts, FTA’s, Integration Path junction points, etc.) use the roaming exclusions to force integration of extension points that otherwise appear to be up to date by maintaining this list of exclusions and comparing them at logon. At that time, for each package the user has published, all integration and extension points that package has will be checked to see whether it was integrated to a location included in the roaming exclusion lists.  If so, that extension point will be re-integrated.  Otherwise, no re-integration is necessary.

Windows XP: April 8th – Almost Here!


For the past couple of years, Microsoft has been advising customers of the planned end of extended support date for Windows XP. We’ve even been using a countdown clock on the Windows XP page (http://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx ) In fact, you’ve probably also been made aware of or have seen first-hand the end of notifications that are now popping up on Windows XP machines. You may have also recently read this as well:

http://blogs.windows.com/windows/b/windowsexperience/archive/2014/03/03/new-windows-xp-data-transfer-tool-and-end-of-support-notifications.aspx

The update KB 2934207 (Information Here – http://support.microsoft.com/kb/2934207) also adds in a notification prompt (which some in the press have affectionately referred to it as the “Death Notice.”)

If you are not seeing this update, it is likely because your Windows XP machine is being managed by WSUS, or Configuration Manager, or through the cloud with Windows Intune. Only Windows XP machines (Windows XP Home and Professional editions) who receive updates via WindowsMicrosoft Update will see these notifications.

If for some reason you are receiving these notices and you would like to disable them, you can do so in the registry under the one of the following keys:

HKLMSOFTWAREMicrosoftWindowsCurrentVersion

or

HKCUSoftwareMicrosoftWindowsCurrentVersion

Set the value of DisableEOSNotification (DWORD) to 1 to disable notifications. ) enables it.

Regardless of this change, the fact remains that end of all support except for custom support agreements is still April 8, 2014. If you are still running Windows XP in *ANY* form (physical desktops, VDI, MED-V, etc.) this affects you. Without a CSA, you will receive no further security updates and you run a risk of being vulnerable after that date. Also bear in mind that if you are virtualizing Internet Explorer 6, 7, or 8 with any non-Microsoft application virtualization solution, you will be indirectly affected as well.

Consumers, and Small-to-Midsize customers looking to update, can receive special offers and discounts via out Get2Modern page here: http://www.microsoft.com/en-us/windows/business/retiring-xp.aspx

A Custom Support Agreement (CSA) requires a Premier Services Agreement with Microsoft. If you are current an enterprise customer with a Premier contract, we have been making some changes to the Windows XP Custom Support Standard Program, which provides critical security updates, technical assistance and continued support for the product after April 8th. Please contact your Technical Account Manager (TAM) for more information.

Please note. This applies to Windows XP and NOT Windows XP Embedded. Windows XP Embedded is a different operating system designed for specialized OEM embedded devices and it has always ran on a different support lifecycle ending in 2016, which has been in place for a while in spite of what you may have read in articles out there on the Internet.

Categories: Uncategorized Tags: , , , , , , ,

Important Read: Internet Tolls And The Case For Strong Net Neutrality

March 21, 2014 2 comments

If you believe in the openness, freedom, and affordability of the Internet, this blog is very important. – http://blog.netflix.com/2014/03/internet-tolls-and-case-for-strong-net.html

Are you still Using MED-V? If so, do NOT install this update


If you are currently still running MED-V 2.0, be very aware of a known issue. If you install the RDP/RDC 8.1 update for Windows 7 SP1, you may notice after installing the update, you are seeing application crashes of the MED-V Workspace. This update is labeled KB2830477. It was originally released last year and there were sporadic reports of problems with MED-V hosts running it. It has recently been re-released (February 11, 2014) and I have noticed many more reports of this occurring. This issue has been reported for both XP Mode and MED-V in the Technet forums as well.

http://social.technet.microsoft.com/Forums/windows/en-US/ffe5c710-9fb1-4540-9d85-9d76e3a79846/kb2830477-causes-problems-in-wn7-x64-and-xp-mode?forum=w7itprovirt

Right now, there is an investigation ongoing. I would advise in the meantime that you do not install this update on MED-V hosts. If you have already installed this update on MED-V hosts and are experiencing the problem, you can simply uninstall the update and the issues should disappear.

Please note that this is an optional update. This update is not needed for MED-V or Windows 7 functionality. It is not a security update either. It may provide enhanced features if you need to connect your Windows 7 host to Windows Server 2012 or Windows Server 2012 R2-based RDP Sessions or RemoteApps.

Here is the subsequent KB article on the update:

KB2830477: “Update for RemoteApp and Desktop Connections feature is available for Windows”

http://support.microsoft.com/kb/2830477/en-us

Categories: MED-V, RDS, VPC Tags: , , , , , ,

Microsoft adds software boot camps as prizes for Imagine Cup 2014


Microsoft has already announced that one of the World Finalist teams in its 2014 Imagine Cup student competition will get to meet co-founder Bill Gates. Now there’s word that the company will give the winners in three of its categories some extra prizes in the form of software boot camps and experiences.

Read More: http://www.neowin.net/news/microsoft-adds-software-boot-camps-as-prizes-for-imagine-cup-2014

App-V 5: On Using Sequencing Templates

March 18, 2014 5 comments

Sequencing Templates (.APPVT) files are designed for automating the sequencing of applications. While you can take advantage of some of the benefits of templates with manual, interactive sequencing, be careful making assumptions when sequencing following the importing of a template in the Sequencer GUI. Sequencing Templates are also essential for the upgrading of packages.

Remember this from the App-V Sequencing Guide:

“Templates are also very important for upgrade scenarios.  The Sequencer does not save state so when a new Sequencer session is open and a package is opened for upgrade, the settings are in the default state.  If certain sequencer settings were changed when sequencing a package, the changes will not remain at time of upgrade.  Therefore, it is recommended to save a template for any package that has Sequencer customizations, and re-apply them on upgrade.  A template may also contain additional options such as Package Deployment Settings and Advanced Monitoring Options.”

Creating a Sequencing Template

Creating a sequencing template is pretty straight forward. You launch the App-V Sequencer and first set your advanced options for sequencing. You do this by going to the “Tools” menu and selecting “Options.”

All of the General Items and Exclusion Items can be adjusted using this dialog box. All of these settings will be saved into the template.

If you plan on only using these settings in your template, you can proceed to save as template using the “File” menu to “Save as Template.” However, if you want to include additional settings (for automated sequencing with PowerShell) instead of saving as template, proceed and go through the process of creating a blank dummy package. Make sure you click through to the advanced options so you can configure:

  • Operating System Options
  • Advanced Interaction

 

 

Once you have all of these settings the way you want them then you can proceed to save the template. Notice you will get a specific alert when doing so.

 

While it implies that the additional settings (OS, COM, objects) will not be saved in the template, you will find that they are, in fact, saved. What the effect of this message is any settings other than General Options or Exclusion Items will NOT be imported if you import the template into the sequencer GUI for the sequencing of a new package.

 

 

All of the settings will however be used if the template is used in conjunction with the New-AppVSequencerPackage PowerShell cmdlet. It will support the use of all of the template items. The use of PowerShell with templates opens the door of many possibilities for automating the sequencing of your packages. Here is an example:

 

Once the package has been created, you can verify the configuration held by observing the information in the App-V manifests.

 

Happy Automation!!

Enabling Advanced Windows Installer Logging

March 17, 2014 3 comments

Throughout my tenure while working in support, I would occasionally come across issues where the issue I was troubleshooting with a particular product was the actual installation. Too often the error would be some generic error (with an error code of 1603 or something similar) or one of those “unexpected errors.”

One way to get to more detailed information was to enable advanced debug logging of the Windows Installer service. You can enable advanced logging for a particular package by using the following synatx when attempting to run the installation:

Msiexec /i <path to your .msi package> /L*V C:\Setup.log

where the “L*V” is what enables the Windows Installer to create a verbose log file.

But what if you want to turn on debug logging for not just the packages being installed, but also for the Windows Installer service itself? This was used to isolate the strict name checking issue with App-V 5 MSI wrappers. You will need to do what we call the “Voice Warmup” trick. It gets its name from the fact that enabling all options spells out “voicewarmup.” To do so, do the following

1. From an elevated command prompt, stop the Windows Installer Service if started:

net stop msiserver

2. Open up the Registry Editor.

3. Navigate to the HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer.

4. Create a new string value (REG_SZ) called “logging.” (No Quotes)

5. In the data field, type “voicewarmup!” (No Quotes)

6. In the same key, you will also need to create a new DWORD value called “debug.”

7. In the data field, type “7.”

8. Exit the Registry Editor.

9. Restart the Windows Installer Service.

net start msiserver

After you install (or attempt to install) the application, the log files will be located in %TEMP%.

I would advise not keeping these values in place on a production server.

App-V 5: On Dynamic Configuration

March 17, 2014 3 comments

When you create a package using the App-V sequencer, everything that you will need for the package will be self-contained inside the .APPV package file. In addition to the file and registry assets, the APPV file also maintains XML metadata that governs the operating system integration configuration and extension points. This configuration is referred to as the manifest configuration. Most of the key information revolving around this information is found in the AppxManifest.xml and [Content_Types].xml files inside the package. You can view these files by renaming the extension of the App-V file to .ZIP and browse the contents using Windows Explorer.

In many deployment situations, you may require some slight adjustments to specific configurations and/or certain operating system extension points. It would be very cumbersome and unrealistic to have to open these packages up in the sequencer to make simple minor changes that affect only this metadata.

Dynamic Configuration is what allows Administrators to make these modifications to an App-V package without having to make any changes to the AppV package itself. Dynamic Configuration are XML files similar to the legacy OSD files in previous versions of AppV and Softgrid. Unlike the OSD files, the dynamic configuration files are technically optional. Unlike the SFT package with earlier versions of App-V and Softgrid, the APPV file is technically all you need to publish and App-V package in version 5.

But let’s say we want to adjust the deployment configuration or other user-specific settings. We have two type of dynamic configuration files:

  • The Dynamic Deployment Configuration file: <PACKAGE_NAME>_DeploymentConfig.xml
  • The Dynamic User Configuration: <PACKAGE_NAME_UserConfig.xml

We can use these configuration files to do a number of things, including:

  • Assign scripts to run during specific packageapplication events
  • Enable or disable a virtual subsystem
  • Override Shortcut Configuration

Dynamic User Configuration

The Dynamic User Configuration (<PACKAGE_NAME>_UserConfig.xml) file contains information that applies configuration for the package to the individual user. For example, if you supply shortcut configuration within this file, this will override the shortcut configuration that is contained within the package manifest. Also note, that if a Dynamic Deployment Configuration exists for the package, Dynamic User Configuration replaces the “User Configuration” section.

Dynamic Deployment Configuration

The Dynamic Deployment Configuration (<PACKAGE_NAME>_DeploymentConfig.xml) file contains information that applies to all users of that machine. It can have a “User Configuration” section which can be overridden by dynamic user configuration.

Example:

Let’s say you have a package deployed with the following extension point configuration:

  • Package Manifest: Contains two shortcuts
  • Dynamic Deployment Configuration: Has the shortcut subsystem enabled and two extra shortcuts targeted to users. Shortcut 3 and 4.
  • Dynamic User Configuration: Also has the shortcut subsystem enabled and one extra shortcut. Shortcut 5

In the example above, there are five shortcuts across all of the configuration files. To determine the effective configuration, we use the following formula:

  • If no dynamic deployment configuration or dynamic deployment configuration provided, Shortcut 1 and Shortcut 2 are integrated
  • If dynamic deployment configuration is provided, only Shortcuts 3 and 4 are integrated
  • If dynamic user configuration is provided, only Shortcut 5 is integrated
  • If both dynamic deployment configuration and dynamic user configuration are provided, only Shortcut 5 is integrated

 

Package Events and the Application of Dynamic Configuration

Dynamic Configuration can be applied using the Add-AppVClientPackage and Publish-AppVClientPackage package events. Dynamic Deployment Configuration can be optionally applied using the following syntax:

Add-AppvClientPackage <path to package> [- DynamicDeploymentConfiguration <path to file>]

While the configuration is added and downloaded, it will not take effect until the Publish Package event. At this time, optional dynamic user configuration can also be applied using the following syntax:

Publish-AppvClientPackage … [- DynamicUserConfigurationPath <path to file>] [-Global]

If Dynamic Deployment Configuration is provided on package add  and/or Dynamic User Configuration is provided on package publish (to user), they will be used during publishing integration. The [UserConfiguration] section (if available) from Deployment Configuration only is used during global publishing (thus targeting all users.) If the –DynamicUserConfigurationPath is specified using the Publish-AppVClientPackage cmdlet with the –Global switch, then the command will error out. The UserConfiguration section (if available) from the dynamic deployment configuration file is used if no explicit dynamic user configuration file is specified during Publish package operation.

Once the package has been deployed and the configuration has been applied, it is cached locally in the following locations:

  • Deployment Configuration:  %ProgramData%MicrosoftAppVClientCatalog Packages<PkgGuid><VerGuid>DeploymentConfiguration.xml
  • Dynamic user configuration file (if published to user) in both %AppData%MicrosoftAppVClientCatalog Packages<PkgGuid><VerGuid>UserConfiguration.xml

and %ProgramData%MicrosoftAppVClientCatalog Packages<PkgGuid><VerGuid>UserConfiguration.xml

But What if you are using a Publishing Server?

Since the publishing agent on the App-V client combines Package Add and Package Publish into a special event (Configure Package.) The default configuration will still be the configuration within the manifest, however, if you added optional deployment and user configuration data, it too will be downloaded with the package configuration. The App-V Client publishing agent can also optimize dynamic configuration content download and subsequent add/publish if client already has matching package with dynamic configuration. Bear in mind if you run into a potential conflict where you may have the same package deployed from multiple publishing servers with different dynamic configuration, the last configuration to download will override and become the effective configuration (last writer wins.)

 

App-V 5: More on Connection Groups

March 12, 2014 3 comments

Update 12/5/2014: There have been significant improvements to the behavior of Connection Groups including mixed targeting, optional membership, and version relaxation. Please refer to this document: http://technet.microsoft.com/en-us/library/dn858700.aspx#BKMK_cg_improvements after reading this article for the updates.

To continue my obsession with Connection Groups, I wanted to talk about some technical specifics that apply to Connection Groups and will help you determine your Connection Group deployment strategy.

Connection Group Priority

The concept of priority with regards to Connection Groups relate to what will occur when a package published belongs to more than one connection group. Group priority is specified as an attribute (Priority) of the AppConnectionGroup element in the Connection Group descriptor document. When an application is launched from such a package, the application will belong to the virtual environment of the connection group with the lower-numbered priority. It’s like Golf.

In the following example, we have three applications that have been published to a user:

  • Office 2010
  • Adobe Reader
  • Hyperion Add-in

In this same scenario, we also have two connection groups also enabled for that user:

  • Connection Group 1: Office 2010 and Adobe Reader – Enabled with Priority 2
  • Connection Group 2: Office 2010 and Hyperion – Enabled with Priority 1

Here is how the priority will have effect: When Office 2010 is launched, it will launch within the connection group #2

 

Connection Groups are not transitive

If you have ideas for “SuperBubbles” or AppClouds where default applications are assigned to everyone and these apps have add-ins that are provisioned in a second group. If both CG’s are assigned to a user containing an overlapping application, the CG with the highest priority wins.

 

Application User State in Connection Groups

If you currently have an application published and you would like to have that application added to a connection group, it is important to understand that package settings and user state will not be migrated to a connection group. Also, when a connection group is disabled, group settings and user state will not be migrated back to the individual package.

For example, let’s say you have published a web browser package (Chrome, Firefox, etc.) The user uses the package and sets their preferences. Then you publish additional add-in packages (Flash, Skype Click-to-call, etc.) If you then create and enable a connection group for that user containing the browser and these plug-in packages, you will notice that when you re-launch the browser, you will be presented with the default settings again. Connection Groups maintain different user states from individually published packages. This works the same in reverse if you remove the Connection Group but keep the packages enabled for that user.

It is recommended to use a user environment management tool (such as UE-V, RES, or AppSense) as a possible alternative for managing user state.

Beware of Disjointed Subsystem Configuration

Disjointed Subsystem Configuration will prevent Connection Groups from getting published properly. Virtual Subsystem settings must match (vCOM vObjects) otherwise, you will see an error. Applications that require conflicting COM settings could potentially be problematic.

 

Beware of Hard-Coded Paths insides INI files

You have to balance two things concerning App-v and Connection Groups when you encounter applications that rely on text-based configuration (INI files) that contain hard-coded paths:

1.)    App-V 5.0 does not tokenize the paths inside the files. This means that even though a correct path would be placed in the INI file by the application installation when sequencing, the application may not work when the Connection Group is deployed on the client machine.

2.)    Non-tokenized, non-VFS paths beneath the Root folder will not be merged in a connection group.

To resolve this, you will need to ensure that the Sequencer and Client machines for all applications in the connection group:

All have the same configuration with matching drive letters. This bypasses the need for tokens whose sole purpose is to accommodate the differences in Sequencer and Client environments. This will not work for all paths.

The sequencer and client machine must match bitness otherwise you may get bit with paths that are impacted by bitness. For example, if you sequence an application on a 32-bit machine and it installs to C:Program Files, that will get translated as C:Program Files (x86) if you deploy it on a 64-bit machine.

Installation paths like C:InstallationDirectory will work better (Just make sure it is different from the PVAD.)

Update 12/5/2014: There have been significant improvements to the behavior of Connection Groups including mixed targeting, optional membership, and version relaxation. Please refer to this document: http://technet.microsoft.com/en-us/library/dn858700.aspx#BKMK_cg_improvements after reading this article for the updates.

TechEd North America 2014: Come See Me Talk About App-V 5 Sizing and Capacity Planning

March 2, 2014 3 comments

Yes, it is time for another shameless plug. If you plan on attending TechEd North America this year (in warm Houston, Texas May 12-16) please make sure to clear your schedule on Thursday afternoon so you can see my presentation on App-V 5 Sizing: Planning and Designing a Highly Available, Scalable, and Resilient Management and Delivery System.

2:45 PM – Thursday May 15th

This presentation will discuss Microsoft Application Virtualization (App-V) 5.0 infrastructure design and lessons learned from a series of customer deployments. Topics will include

  • Management and Reporting Server Design
  • Shared Content Store Placement/Replication
  • Publishing Server Placement
  • Load Balancing Options
  • Rapid Scale-Out Solutions
  • Sizing Calculations
  • Data Store Capacity Planning

Examples for using Windows PowerShell to automate and bridge product gaps are demonstrated. Use cases discussed include Published Desktops vs. Applications, VDI Density, and IOPS/Application Footprint Reduction.

The session will be recorded for Channel 9 but come on, don't you want to be there in person? Especially since we can head on over to the party afterwards! 🙂

Categories: Uncategorized Tags: , , , , ,