Posts Tagged ‘v1’

MED-V v1: Error: “System.NullReferenceException: Object reference not set to an instance of an object” when trying to browse for users using the “Find” option using the MED-V v1 Server Configuration utility.

When using the MED-V Server Configuration utility (serversettings.exe)) you will get an exception when you attempt to use the search capability to find users in Active Directory.

If you select the permissions tab, then select add, then select find, then select advanced, and then select find now. Finally, select one or two user groups. Click OK twice and you will get the following exception:


************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
   at Kidaro.Management.Forms.UserSelectionUtils.FindUsers(IWin32Window parent, Boolean localUsers)
   at Kidaro.Management.Forms.UserSelectionUtils.EntitiesFindHandler.Handler(Object sender, FindUsersEventArgs e)
   at Kidaro.Management.Forms.UserSelectionForm.FireFindRequested()
   at Kidaro.Management.Forms.UserSelectionForm.FindClickHandler(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at DevExpress.XtraEditors.BaseButton.OnClick(EventArgs e)
   at DevExpress.XtraEditors.BaseButton.OnMouseUp(MouseEventArgs e)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at DevExpress.XtraEditors.BaseControl.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

This is a known issue in MED-V v1.0 SP1.

The current workaround is to avoid using the Find feature to select multiple users and/or groups. This issue still appears in SP2 for MED-V v1.

Categories: MED-V Tags: , , , ,

MED-V V2, V1, or XP Mode?

It looks like both MED-V v1 and v2 will be around for the remainder of the Windows XP support lifecycle. Because of this, I often I get asked the question, “Which version of MED-V should I be using?” as well as “Why should I be using MED-V instead of Windows XP mode?” The following table lists the differences in the basic feature set between versions 1 and 2 of MED-V. This decision making relies on comparing several factors. You also have to take into consideration that MED-V v2 was a complete re-engineering of the product. There is no direct upgrade path between MED-V v1 and v2.

 General Feature Differences between MED V1 and V2

This table focuses on the Primary feature changes and enhancements that drove development of the MED-V/Windows 7/Optimized Desktop Strategy. These include features added into the product as a result of customer feedback for version 1.

Feature MED-V V1 MED-V v2
Policy Source XML-based from Server Local Registry (can be deployed by policy)
Authentications Source AD AD
SSO Support Host-Client? No Yes
SSO Client-Workspace Yes Yes
Workspace Support Persistent and Revertible Only Persistent

General Component Differences between V1 and V2

If you are an experienced MED-V v1 users, you will need to be aware of  some functional component differences. The following table lists the differences between the installable components available between versions 1 and 2 of MED-V.

Component MED-V V1 MED-V v2
MED-V Policy Server Yes No
Image Distribution Server Yes No
MED-V Client MED-V Client MED-V Host Agent
MED-V Workspace MED-V Workspace (Manually Installed) MED-V Guest Agent (Auto-installed)
VM Preparation VM Preparation Tool MED-V Workspace Packager
MED-V Management Console MED-V Management Console MED-V Workspace Packager
Diagnostics Kidaroreport.exe MED-V Toolkit

Differences that Affect Enterprise Decisions

There will be many customers who have been surveying MED-V for enterprise deployments. Many may have looking at MED-V version 1 and are trying to determine whether MED-V v1 or MED-V v2 is suitable. The following chart outlines many factors that determine adoption in the enterprise. Use this to help you make that decision.

Feature MED-V V1 MED-V V2
Client Host OS Support XP, Vista, and Windows 7 Windows 7
VPC Engine VPC 2007 (VPC 6) VPC7  (Non VT requires Patch)
URL Redirection Basic (Bidirectional) Host-to-Guest only
Full Desktop Mode Yes Only through VPC
Reporting (SQL) Yes No
Policy Source Server (XML) Registry/GPO
Seamless Integration Yes – Manual Yes – Automatic
Application Publishing Foundation Kidaro RDP/RemoteApp
Console Yes Yes (Workspace Packer)
Integrated Image Distribution TrimTransfer/BITS/Pre-Staging Pre-staging Only (ConfigManager Integration with DCM)
WMI Support No Yes

 The Feature Comparisons between XP Mode, MED-V V1, and MED-V v2

Finally, how both MED-V v2 and v1 stack up in comparison with XP Mode is outlined in the table below. XP Mode is designed to be a consumer solution while MED-V is for the enterprise.

Feature XP Mode MED-V v1 MED-V v2
Seamless Application Compatibility Environment X X X
Host/Guest Folder Integration X X
USB/Smart Card Redirection X X
Dynamic Application Publishing X Manual X
Custom XP Image X X
Domain Joined X X
SCCM Integration (Bridged) (Bridged and NAT)
IE6 Web Redirection Bi-Directional Host to Guest only
Shared VHD Support X X
Guest Wake-to-Patch X
Automated First-Time-Setup X X
Packaging/Configuration Wizard X X
WMI Monitoring Interface X
Network Printer Syncing  Steve Thomas X
Categories: MED-V, VPC Tags: , , , , , , , ,

MED-V v1: How to Configure MED-V Client-Side SSL

For MED-V v1, Client-side TLS/SSL security is an optional configuration which can be set to ensure only legitimate clients connect to the server. This will take security one-step further than the traditional server-based TLS/SSL.
To configure client-side SSL on the server:

1.) Verify SSL is enabled on the server (refer to Configuring Server Settings (on page 15)).

2.) Verify that the CA that issued the client certificate is in the Trusted Root Certificate Authorities of the Local Computer certificate store of the server.

3.) In the ServerSettings.xml file (located in the server installation\Servers directory), configure the following:

Set <RequireClientCertificate> to true.

4.) If you would like to verify the certificate thumbprint on the client:

In the <ClientCertificateThumbprint> tag, add the thumbprint so that the server will only accept client certificates with the specified thumbprint and a valid certificate chain. If the line is missing or blank, the server will accept all client certificates whose chain is valid.

Note: Verifying the certificate thumbprint on the client is only relevant if the administrator distributes one certificate to all clients.

5.) Restart the MED-V Servers service.

To configure client-side SSL on the client:

1.) Create a client certificate from the trusted CA and install it in the client’s Local Computer certificate store (refer to Configuring a Certificate for details).

2.) Verify that the CA that issued the client certificate is in the Trusted Root Certificate Authorities of the Local Computer certificate store of the client.

3.) In the ProfileInfo.xml file (located in the MED-V Client Installation\Management\Profile directory), copy and paste the thumbprint into the <ClientCertificateThumbprint> tag.

Note: Once the server side XML has been configured with the certificate attribute, this attribute is automatically added to the client side XML when creating a MED-V package.

Note: It is recommended to provide access permissions to the client certificate for Everyone.

On XP – use the WinHttpCertCfg.exe tool which can be downloaded from the Microsoft website.

On Vista or Windows 7 – use the MMC utility.

Categories: MED-V, VPC Tags: , , , ,

MED-V: Published Batch Files/Command Scripts Should use Internal Start Command to Call

Whether you are using MED-V versions 1.0 or 2.0, batch files or published batch files (or command scripts) with MED-V should be approached in the same manner. Essentially, when you are publishing any script using *.BAT or *.CMD extensions, you may find the parent command window never closes when spawning the external command.

For example,

If you were to run the following batch file:

%SystemRoot%\explorer.exe “\\NETWORK\FOLDER

The end result would be an open explorer window with a parent command prompt window remaining open until explorer is closed.

This is a design issue with command processing and batch files when using default syntax.

To resolve this, replace the last command by pre-pending a start command to it to make the window disappear.

Use the following syntax:

start %SystemRoot%\explorer.exe “\\NETWORK\FOLDER

Categories: MED-V Tags: , , , , , ,

MED-V v1 and Image Version Lineage

We speak of version lineage in MED-V, we are speaking of the model for version change control. Some application environments, such as Microsoft’s App-V (formerly called Softgrid) will use GUID identifiers to represent a version and separate it from the GUID identifier for the package itself. It allows App-V servers to manage versioning through its data store.

While there is a methodology for lineage in MED-V v1, it is very simple. It simply bases its version from the filename ending. Original image version will end in “_1” and will carry the underscore format. When you pack locally, or upload a new image to a MED-V server, it will always append

1.) Don’t use image names ending in “_1” when using the console. This will simply wind up having the image file names with confusing suffixes. For example, if you pack an image in the console and call it “XPImage_1,” it will pack it as “XPIMAGE_1_1.CKM” instead. Let the console do it for you.

2.) When you select an image to upload to a server, and you have multiple versions, it will upload only the latest one based solely on filename.

3.) Don’t modify version stamps outside of the console.. While you can do it, users often forget to modify the .INDEX file that corresponds and if there is any mismatch in expected file name between the .CKM file and its corresponding index file, the MED-V console will just ignore the image altogether.

4.) Deleting an image version from the console WILL delete the CKM file and INDEX file for the image. Be very careful when deleting images.

It is also important to understand that MED-V will always download the latest version whether it is from a MED-V image distribution server or even in the event of pre-staged folders. Even though TrimTransfer does not work with pre-staged images, version lineage does.

Categories: MED-V, VPC Tags: , , , ,

MED-V: Support for Multiple Drives within MED-V

July 12, 2011 1 comment

Support for multiple drives and volumes within a virtual PC (workspace) used by MED-V will depend on the version of MED-V being used. MED-V v2 only supports the use of one fixed disk volume within a single virtual hard disk (VHD.)

It is technically possible to use more than one partition/volume within a single virtual hard disk but it is not recommended if it can be avoided.

MED-V v1 supported the use of multiple virtual hard disks (VHDs.) In addition, MED-V also supported multiple volumes (drives) as well as the use of the SUBST command to mount drive letters to local directories.

Categories: MED-V, VPC Tags: , , , , , ,

MED-V: Performance Issues when using Internet Explorer 8 and later in a v1 workspace

Due to performance limitations of Virtual PC 2007 and the additional resources required for Internet Explorer version 8 and later to function properly, it is not recommended to use any version greater than Internet Explorer 7 in the MED-V 1.0 Workspace.

Only Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are officially supported for the MED-V 1.0 SP1 workspace installation. This is referenced on the following link:

For Version 2 of MED-V, Windows Internet Explorer 6, Windows Internet Explorer 7, Windows Internet Explorer 8, and Windows Internet Explorer 9 are supported for the MED-V 2.0 workspace installation.

Categories: MED-V, VPC Tags: , , , , , ,