Category Archives: Uncategorized

App-V Internet Explorer Add-on Conflict: Watch those Registry Keys

Students run into this problem in our App-V training classes every time.

The Problem

In one of the labs we deal with creating and deploying a handful of browser plugins in a connection group.  And everyone runs into an issue of some of them seemingly not working.  The lab specifies a set of plug-ins to use, but I usually encourage students to work off-script and sequence from a bigger set I have available or download something they use at work.  Typically, they sequence a bunch of add-ons, running a smoke test on each to verify operation.  Then, when they place them in a connection group, some don’t appear in the browser.

The Cause

The problem happens due to created registry keys.  Add-ons to the Internet Explorer are registered via one of several registry keys, by adding in a subkey with the appropriate information.  But out of the box, the naked OS does not have the base keys that you register under.  Thus, when you install the plug-in it creates the base key along with its subkey, both of which are then marked as “Override Local” keys.

In particular, I have noticed the following keys (under HKLM or HKCU):

  • Software\Microsof\Internet Explorer\Extensions
  • Software\Microsoft\Internet Explorer\MenuExt
  • Software\Microsoft\Internet Explorer\Explorer Bars
  • Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

but there may be more not on my list yet.

Left as Override Local, these keys cause the add-on to work just great when tested alone, but placed in a connection group this package will cause other addons to not be seen.  The technical details and scenarios I described in the research paper Pellucidity and Deletion Objects: Connection Groups and Layering in App-V 5 a couple of years back.

The Solutions

The solution is to locate those keys and make sure they are marked “Merge with Local” in the sequencer.  There are three ways to handle this:

  1. View the virtual registry in the sequencer editor and manually locate and change the setting on those keys.
  2. Using AppV_Manage 3.11 or above, run the analyzer.  I have added warnings in the analyzer for the three specific keys above, as well as a bunch of other things that you should be aware of in your package.  Basically, if you see yellow in the analyzer, you had better check it out.
  3. Pre-create those keys in your sequencer image.  These are just like the ODBC key and dummy printer key that became best practices for sequencing over the years.  Those two keys you no longer have to worry about because the installer for the Sequencer creates them for you.

While the last solution is probably the one you should use, be aware that this is probably not a complete list.  A better practice is the first in the list; to always review the virtual registry keys for potential keys marked as override that should be marked as merge (to allow for integration) or those marked merge that should be marked as override (to prevent visibility of locally installed junk).  The same goes for file folders.

Other good advice…

Double-checking your package with an up-to-date AppV_Manage analyzer is also a really good idea (it is free). Now between updates to support new App-V features (4 releases adding features to App-V in the last 13 months), plus the additions I am constantly adding to the quality of the analyzer to help you understand more about what is in your package, your current version is probably out of date. So every time you think about  it, check the TMurgent home page to see if there is an update.  The sequencer editor hides an awful lot of detail that we can expose, and I am constantly looking for examples of problem packages that I can add detection of.  When the next version is posted (probably 3.11?) is released soon this will include::

  • Detection of bad ProgIDs.
  • Detection of shortcuts with spaces at the end.
  • Display of longest file path (could cause file-not-found issues).
  • Detection of Services ignored by the sequencer due to incorrect logon accounts.
  • These keys mentioned above, if marked Override Local.
  • Publishing issues with non-com based Browser Extensions.
  • Publishing issues with Com-based Browser Extensions.
  • Publishing issues with Browser Helper Objects.
  • Detection of internal scripts (Office 2013).
  • Overhauled Analysis of COM, including linking COM entries to usage.
  • Detection of whether the DCOM warning is real or not.
  • Counts of Registry Keys and Values, including those hidden deletion markers not shown by the sequencer.





JreBlock: Script for hiding native Java

Photo: Patrick Mangan

By Patrick Mangan

JreBlock: is a simple PowerShell script to help when you need to sequence a Java JRE inside of an App-V virtual environment and want to block visibility to other Java versions that might be natively installed at the client.

The typical technique to sequencing Java JREs is to actively attempt to hide all other versions of Java from the virtual environment other than the one you want. Arron Parker provided a cmd script back in the App-V 4.5 days, but it needs to be updated to the latest versions of Java to use it.

This is a PowerShell script that anticipates the likely versions of Java over the next few years, and allows you to optionally specify a maximum version if that isn’t enough.

To use the script using the default settings, which handle up to version, you would run the following commands:

  • Before sequencing, PowerShell.exe -ExecutionPolicy Bypass ” jreBlock.ps1 $true”
  • While Monitoring, PowerShell.exe -ExecutionPolicy Bypass “jreBlock.ps1 $false”
  • and then install the JRE that you need.

It will create a few more blocker keys than you need, but better safe then sorry.

The tool is free for personal or commercial use.

Here is the ZIP package with the PS1: jreBlock V

Patrick Mangan is a consultant at TMurgent Technologies where he specializes in sequencing difficult packages.

Why our App-V Training Classes are Finally Upgraded to “Masters” Level

When App-V 5 was released two years ago, I blogged about how we were renaming our training classes as “Experts” level, rather than the Masters Level designation that we used for the App-V 4.6 classes.

The idea was that while I had been working with pre-releases for almost a year, I knew that we didn’t know enough about the completely rewritten product.  At the time, I was guessing it would take about a year of digging through the mud to uncover enough about how the product really worked under the hood to be comfortable enough to consider the product mastered.  Little did I know that it would take two years!

We are finally there.  While I think that we did a pretty darned good job with our training classes over the last two years (ask anyone that attended) we are now convinced that we can teach you more about mastering the product in one week than you can learn on your own working with the product full time for years and years.  Our classes, both those run by TMurgent and those run by Kevin Kaminski over at The Big Hat Group, will be designated  as “Masters Level” in 2015.

App-V 5.0 Sp3 Upgrade: Clear Browser Cache to clear issue on Server MC upgrade

Just in case this bites someone else…

An upgrade of App-V Server to 5.0 SP3 includes a replacement Management Console.  As this is Silverlight based, this means that the website delivers a Silverlight XAP file to your browser.  Where it remains in your browser cache.

Upgrade of the server does not always mean that the browser cache gets flushed.  So you might find that while your console is “working”, you are not getting the new UI features (in this case for connection groups). To verify, open the console and click on the “About” link (upper right) to check the version, which should now be 5.0.10107.  If not, clear your browser cache.  And don’t forget about any shortcut links that you made to the console.  In my case, typing the URL in a browser got me the new console, but clicking the link each time got me the old one.


Tim on App-V 5.0 SP3

image attribution Stuart MilesThis week Microsoft released the anticipated App-V 5.0 SP3, along with an updated UE-V 2.1, as part of the MDOP fall release.  We normally expect the MDOP release around November 1st, so this drop is a little later than usual for some reason.  But it is well worth the wait.

While Microsoft App-V is generally regarded as the best application virtualization solution out there, the product did take a step back in the 5.0 re-write that was released two years ago.  Oh, it was still better than the alternatives, but not necessarily better than App-V 4.6.  At that time, I cautioned companies to work with 5.0 in their labs, as eventually they will want to move to the new platform, but if they were on 4.6 currently they shouldn’t be in a hurry to upgrade in production. 

With the release of 5.0 SP2 last fall, I felt that it was mostly ready.  On one hand, 5.0 SP2 allowed you to do many things that you just couldn’t do otherwise, while on the other hand there were some annoyances that kept it from being declared the best.

During 2014, we saw a couple of “hotfix” releases, especially HotFix 4 and HotFix 5, which were really feature releases and major performance improvements.  5.0 was looking really good.

With the release of SP3 this week, I think that 5.0 is now the best release, clearly surpassing even App-V 4.6.  Which is important since the end of support for App-V 4.6 SP3 as I read it as Dec 2 2014,  or this guy thinks  might be next June.   In any case, time to get moving. 

So what do we get in SP3?

To start with, everything here is based upon a combination of access to pre-release software, plus a review of the release notes.  The msdn download center has been all bonkers so I haven’t gotten the actual bits yet. 

In the release, all components of App-V are upgraded.  Server, Sequencer, and Client.  There are MDOP downloads, RDS downloads, and Hosting Provider downloads showing on the site (even if the download button isn’t working.

See the release note here, but read my summary as well…

  • Single Install. First, we get a roll-up of those important “hotfixes”.  A single install for new clients is a beautiful thing.
  • Connection Group Flexibility. This consists of four things:
    1. You can now include apps published to the user and those published globally in the same group (as long as you enable the connection group to the user).  Previously all packages in the group had to be published the same way as the group.
    2. You can mark packages as optional in the group.  This means you can define a master group for anyone getting the primary package that includes all possible add-ons, but publish the add-ons independently without having to manage a group for each permutation.  It is kind of like the And/Or used in the Configuration Manager, except that the group GUID is consistent at the client.
    3. You can mark a package version with a wildcard of “*”.  So if you upgrade the package you don’t have to think about updating the connection group.
    4. You can now unpublish and/or remove a package from the client without disabling the connection group (as long as the package is optional in the group).
    5. Connection groups can get upgraded even if in use.  This is similar to the package pending scenarios (where a package add/publish/unpublish/remove is queued up for execution at a later time when the package is not in use), except that in this case pending means that the client needs to make additional changes to state but you immediately get the effect for newly launched packages/groups.

Keep in mind that this new flexibility is not available to Config Manager deployments at this time.  That would require a rev of Config Manager.  So those that deliver using the App-V Server, Stand-alone deployments, or with third-party tools, get a leg up.

  • Publishing for other users. You may now publish/unpublish a package, or enable/disable a connection group to a user other than yourself via powershell.  The limitation is that the user must be currently logged in, or at least profile still available on this machine, and that you must be an administrator.  The powershell now accepts the user SID as an optional parameter.
  • Local Publishing Authorization.  The Group Policy (as well as regular registry based configuration) for App-V is expanded to allow you to control if package and connection group publishing is limited to only Administrators.  Previously, it was possible for users with standard rights to self-publish by googling the PoweShell commands.
  • Merged Roots. This is huge! When packages are placed in connection groups, an improved merging of identical paths between the packages occurs.  There were improvements in HotFix 5, but is even better now.
  • Goodbye PVAD (almost). Thanks to merged roots, it is no longer necessary to declare a PVAD folder in the sequencer and install the software to be virtualized into that folder.  In fact, I found out that if you are going to use a Connection Group, you are probably better off using a VFS style install! With SP3, there still is a PVAD, it is just hidden.  For most all applications, this turns out to be just fine, but we know of a few applications that require PVAD installation, so how to we handle that?  You have a couple of ways to do this:
    1. There is a new command line switch, -EnablePVADControl when you launch the Sequencer GUI to show the PAD prompt like before.
    2. You can set a new registry DWORD HKLM\Software\Microsoft\AppV|Sequencer\Compatibility\EnablePVADControl to 1.
    3. Or, when you enter monitoring mode, just browse to the C:\ folder.  The Sequencer created a random PVAD folder name (looks like a GUID) for you.  Just install the app there.

So how do you know when to sequence to the PVAD?  .  Each app will act differently, but often the when at the client and you launch the virtual app, it will in some way complain that it isn’t installed or configured correctly and refuse to run. When the app doesn’t work at the client, give PVADing a try.  It might just work. 

The MVPs have a short list of apps that we have found that need PVADing, including:

ArcGIS Desktop tool
Avaya CMS Supervisor R17
Wonderware InTouch 10.x

I also think that we will find apps that have long path length issues with VFS style installs, and a PVAD install, especially one carefully crafted with a long PVAD, might be needed.

  • PowerShell Changes. Some small changes were made to the PowerShell interface to support the new features.
  • Client Publishing from Publishing Server. Some behind-the scenes changes were made to support the new connection group features.  This mostly affects manual diagnostic debugging from the client of the publishing information as the new client will automatically use the new syntax.  If previously you used http://servername:port to test the publishing server, you now use http://servername:port&clientversion=5.0.xxxxx.x&clientos-WindowsClient_6.2_x64 (replacing the x’s with the actual client version and the OS as well).
  • RunVirtual. RunVirtual is now supported for per-user published packages. WooHoo.
  • Some App-V Client Debug logs have been consolidated, and some moved to a ServiceLog subfolder.  See the release notes if you care.
  • Virtual Services with DACLS Fix. For some time, certain windows services that use “unusual” Service DACL settings to protect themselves would not work when installed using the sequencer.  This included the FlexNet licensing service and those of Google Chrome Enterprise.  While the prior work-around to manually modify these permission settings in the Sequencer will still work, you no longer need to do so.

NOTE: Microsoft doesn’t list this as a feature or fix with the release.  It seems that this was simply a side effect of a different fix to virtualized services.  They only became aware of this fix when I discovered it and asked about it.  No word on what they were trying to fix, but presumably it was to fix a different virtual service issue reported by a customer.

Please pay attention to the details in the readme about the order of upgrade installation, as this is different from prior releases due to the changes to support the new connection groups.  You should upgrade the servers before upgrading ANY clients.

This information is based on working with some pre-release builds, and re-checking the release notes to make sure that there are no unexpected surprises. We will switch out and use the new version in our training class this week (if I can get it downloaded!).  Perhaps we will learn a little more. 

Also check out Thamim’s blog on the subject here:

PS: I have a new version of AppV_Manage ready to release that works with the new features, and works with the Windows 10 Preview, where there are some PowerShell differences that needed addressing.  I will get that released soon.

My Favorite BriForum moment, 10 years later

BriForum 10th Anniversary This year marks the 10th Anniversary of BriForums, a rather unique conference that I have had the privilege of speaking at many times. In fact, I’ve lost count of how many I have spoken at since I have spoken at every one and for many of those years there has been both one in Europe and one in the US. This year I will be speaking both at the London show next month and the Boston show this summer.

My favorite moment at BriForum? Well it isn’t the fire and subsequent Bomb evacuation at the 2nd Washington show, which while quite memorable, doesn’t compare to the first show.

The very first BriForum was held in a movie theater in Silver City (near Washington DC). Most of the speakers barely knew each other, mostly from on-line presence and randomly running into each other at other shows like the Citrix iForum (what Synergy used to be called). Some of us had met at dinners held by posters at the ThinList, but by and large we didn’t know each other that well.

Which made it such an exciting show to hear sessions led by these awesome people. And all of us were in awe of each other, while hoping that we were good enough to not get heckled off stage when it was our turn.

So there I was, standing on the stage of a movie theater giving my presentation when I got interrupted. You know the crappy music they play along with advertisements to go buy some popcorn and soda before the movie starts? Well that started up in my room about 30 minutes into the session.

Not knowing what to do, I exited out into the lobby to find Gabe making popcorn at the popcorn machine. No, he didn’t turn on the music, but he was the guy who could figure out how to get it off. I returned to the room and it stopped. But that’s not the end of the story.

When the videos came out, I realized that the entire time I was on microphone. Everything thing I said; the conversation with Gabe and all, came out on the recorded audio.

UPDATE: Brian posted a link to the video here. The music hit at just after the 34 minute mark.

Fortunately neither Gabe nor I used any bad language!

Request for new VDI Term: “Semi-Persistent”

VDI is often categorized as either Non-Persistent or Persistent.

Non-persistent VDI is where you use a shared common image. Only one image to maintain. When the user logs off, the image is destroyed and the next time the user logs on they get the original image.

Persistent VDi is where the complete image is retained upon logout and the next time the user logs on they get the exact same image they had when they logged off.

The reality is that usually Non-persistent VDI implementation brings along some user data from the prior session. This is handled by Roaming Profiles at a minimum, but may also have folder redirection or a user environment add-on product to manage the user-related-data, either app related (UEV, AppSense, RES, TriCerat, Norskale, etc) or layering (Unidesk, Citrix PVD, 2012R2 “User Layer”).

I think we need a different term for this, segregating it from Non-persistent. I’m going to start calling this “Semi-Persistent”. What do you think?

AppV 5 Connection Group “Pellucidity” and Deletion Objects

I have written a new “white paper” on App-V 5. This one looks at package “pellucidity” (the layering effect caused by the settings “override local” or “merge with local”), and package deletion objects and how these are implemented at the client when you use Connection Groups.

As it was in 4.6 with DSC, all is not as simple as you might think. The paper makes a nice reference with charts showing you what happens in each of the possible combinations. Fortunately, most of the time the client is doing the reasonable thing. But when you hit those other cases you need a reference like this to figure out what is going on. It’s full of charts like this…

…as well as explanations. You might think the virtual file system and virtual registry would behave the same way, but you’d be wrong!

White Paper at Pellucidity and Deletion Objects: Connection Group Layering in App-V 5