Running a MED-V application that depends on presence may not properly show presence when hovering over it in the System Tray
Let’s review some basic information about how MED-V: The way MED-V V2 works is the Windows 7 host machine connects to the Guest Virtual PC through an RDP-style connection. This basically turns the Windows XP Virtual PC into a mini-RDP server. This must always be in the back of your mind while you test your applications under a MED-V solution. Leveraging RDP removes the need for a hooking DLL to be injected into the guest OS and cuts down on the overhead of the MED-V Guest Agent.
Since applications that run under MED-V are basically the same to the Windows 7 host as applications running remotely on an RDS or Terminal server, you will encounter specific limitations in cosmetic desktop features. For example, the AeroPeek style thumbnail preview of the remote application will not be visible. Window titles will show an appended (Remote) to differentiate it from the local applications.
In addition to what comes through the remote connections, MED-V will republish (pass along) critical messages that appear in the Windows XP system tray. For example, password expiry notices and update notices from WSUS (or Configuration Manager) will also appear on the local desktop. Applications that publish to the Windows XP System tray in the guest will also appear in the host (with an appended “Remote.”)
One item that is not simply a cosmetic issue that you will need to be aware of when considering MED-V for application remediation are applications that have presence indicators in the system tray. Changes in presence often cause a change in icon or icon color as well as their pop-out status message. While these status icons will appear in the Host system tray, there will be potential issues with changes in user presence updating icons properly. Applications such as Communicator, Windows Messenger, and Lotus SameTime may not always update/change presence notifications properly when running in a MED-V workspace.
Let’s use the example of a user being signed in initially as “available.” When the use steps away and becomes idle, the system tray icon may not initially reset the icon appearing in the host to “Away” even though the user is away from their desk.
Just about a year ago, I moved all new posts over to Technet.com. In spite of that, this blog still continues to get much attention due to a lot of the existing content proving to be very useful for users. For that I am extremely happy to help and it recently gave me an idea. I have been mulling over how I should focus my current blog over at Technet with regards to information, guidance, and support tips. While I have a lot of great information coming (a lot of new products/product versions in the pipeline) I also have a wealth of information I’ve been needing to post tat was related to existing products and legacy products (Softgrid/App-V 4.x/MED-V V1, etc.) I also realize there is a strong user community and install base still present who may not be moving off until the products get closer to end of life.
– Steve Thomas
With this said, I decided that I would use this blog on WordPress in the future for legacy product information (App-V 4.x/Softgrid/MED-V V1/VMM 2008/VPC) while keeping my blog over at Technet more related to current and forward technologies (App-V 5.0/UE-V/Hyper-V 2012/Win8/Win2012.)
In the past, desktop virtualization administrators have used Microsoft for only part of their VDI (virtual desktop infrastructure) while using solutions from VMWare of Citrix as the primary basis.
You may be already familiar with Microsoft’s client-hosted enterprise desktop virtualization solution – MED-V. VDI is Microsoft’s server-based desktop virtualization solution combining all of the following for engine support all the way to complete end-to-end management:
- Windows 7
- Windows Server 2008 R2
- System Center Virtualization Manager
- Remote Desktop Services
Windows Server 2008 R2 Service Pack 1 adds two new components (RemoteFX and Dynamic Memory) that fill two holes related to management flexibility and user experience that now make Microsoft almost a non-brainer choice for your VDI solution.
Microsoft’s virtualization main page is found here:
First things first,
Licensing Information regarding VDI. One of the first things customers want to know is what are the costs and the potential cost savings:
In terms of how it works, here is Microsoft’s VDI solution at a high level:
The next items of concern are often what infrastructure changes will need to be made. Moving to a VDI environment will require the presence of a Windows 2008 or Windows 2008 R2 domain controller (depending on the Hyper-V/RDS platform being used.) You will also need to update the schema accordingly to support these domain controllers and subsequent services required for the VDI environment.
Here are the outlines of the Windows 2008 and Windows 2008 R2 Schema changes:
Windows 2008 R2:
You will need to have Windows 2008 Schema changes minimally however, the minimum AD domain level supported is Windows 200 native. Windows 200 mixed or Windows 2003 interim are not supported.
The following are important considerations about assigning a personal virtual desktop to a user in AD DS:
- To deploy personal virtual desktops, your schema for the Active Directory forest must be at least Windows Server 2008. To use the added functionality provided by the Personal Virtual Desktop tab in the User Account Properties dialog box in Active Directory Users and Computers, you must run Active Directory Users and Computers from a computer running Windows Server 2008 R2 or a computer running Windows 7 that has Remote Server Administration Tools (RSAT) installed.
- You must use a domain functional level of at least Windows 2000 Server native mode. The functional levels Windows 2000 Server mixed mode and Windows Server 2003 interim mode are not supported.
- Ensure that the RDVH-SRV computer meets the Hyper-V installation prerequisites (http://go.microsoft.com/fwlink/?LinkId=122183).
- The user account and the virtual machine must both be members of an Active Directory domain.
- Personal virtual desktops can only use Windows client operating systems. You cannot install Windows Server® 2008 R2 on a virtual machine and assign it as a personal virtual desktop.
- A user can be assigned only one personal virtual desktop at a time.
- A virtual machine can be assigned as a personal virtual desktop to only one user at a time.
- The name of the virtual machine in the Hyper-V Manager tool must match the fully qualified domain name (FQDN) of the computer.
Alongside of instructure changes and concerns is capacity planning. Here is a good webcast on planning and sizing session virtualization and bandwidth for VDI:
And a good document as well:
RD Web Access Information:
RD gateway Information:
Why VDI for Hyper-v Whitepaper:
Windows 2008 R2 SP1’s RemoteFX feature for Hyper-V
If you have time, also check out the VDI videos on technet Edge:
NOTE: Officially, GINA chaining is officially not supported inside the MED-V workspace. The following information can be used for a case where the use of a custom GINA in addition to the MED-V GINA is mandatory and a workaround is needed.
Prior to Windows Vista, Microsoft used the graphical identification and authentication (GINA) module system to provide secure authentication and interactive logon services. The Microsoft GINA is a replaceable dynamically linked library that is loaded early in the boot process in the context of the Winlogon.exe process. Winlogon can be configured to use a different GINA, providing for non-standard authentication methods such as smart card readers or identification based on biometrics, or to provide an alternate visual interface to the default GINA.
GINA Chaining was a widely used practice with Windows 2000 and Windows XP by 3rd party vendors but not one for which we normally provide any guidelines (or support). Vendors have implemented chaining in different ways, generally by storing the old GINA in another location (usually OriginalGinaDll,) then later calling it from within their custom GINA and passing through the credentials. The MED-V GINA acts in this fashion as well.
Generally, the MED-V GINA does forward calls to the GINA listed under OriginalGinaDll (beneath the Winlogon registry key). If this value does not exist, then the chaining is performed to MSGINA. However, there are some calls that we do not forward (e.g. calls related to locking, which MED-V handles). It is hard to diagnose the issue without knowing exactly what the other GINA is requiring (e.g. what is it expecting that does not happen? Should the additional 3rd party GINA display a window prior to the login? Post login? While the workstation is locked? Etc.). For instance, the Checkpoint VPN GINA hooks the login window to detect when the user presses the OK button. Since MED-V uses auto-login, the OK button is never pressed and so Checkpoint does not detect the login. Additionally, it should be noted that the use of these types of configuration have not been tested, and every GINA replacement has quirks of its own.
1. Create the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\OriginalGinadll “<Path>\Ginaname.dll” and test the logon process again.
2. If this doesn’t work, contact the 3rd party vendor to find out how their GINA hooks the login window.
App-V’s native streaming, no installation and isolation capabilities deliver Office 2010 faster than a traditional install and with less user productivity impact. Users can run multiple versions side by side, easing the learning curve associated with advancements like the ribbon user interface. IT has more time to migrate LOB applications dependent on older Office versions.
If you haven’t seen them, go here: http://www.microsoft.com/video/en/us.
The Virtual PC team has announced the release candidate for Virtual PC 7 and XPM (Windows XP Mode on Windows 7)
This feature allows you to run an application inside a Windows XP virtual machine and have the application seamless integrate with the Windows 7 desktop from an application publishing standpoint.
This does not require MED-V although a future release of MED-V will allow for extended management capabilities and integration for XPM.