Category Archives: Uncategorized

Errror 000012 on Add-AppvClientPackage

A customer was using XenApp with PVS. The same PVS image was used on machines on a farm. They added App-V 5 to the PVS image and decided to use the PowerShell interface to add applications virtually at boot time. One of the servers refused every app, while everything else worked on the ‘identical’ servers.

Investigation showed that the Add cmdlet was failing with Error 0000012.

No other messages in the event logs, even turning on the debug logs.

In further investigation, the customer had configured the App-V client to place the package store on a secondary partition. On boot, while Windows was wiped out, this partition remained. The folder referenced existed on both good and bad machines, but was empty on the bad machines.

Looking at permissions, since the standard Windows error 12 is an Access error, the security settings and standard attributes of the good and bad server folders were Identical.

Solution: The App-V client protects the package cache. As such, it expects to create and set special attributes on this folder and everything under it. Possibly someone manually created this folder, causing the problem. The solution was just to delete the folder referenced in the registry config. The next time an app was added, the App-V client recreated the folder correctly, and everything worked.

The long term solution was to add the deletion of this permanent cashed to the bootup script. They also could reconfigure the client to the ‘standard’ location, but reducing writes to the PVS partition is probably preferred.

My Favorite BriForum moment, 10 years later

BriForum 10th Anniversary This year marks the 10th Anniversary of BriForums, a rather unique conference that I have had the privilege of speaking at many times. In fact, I’ve lost count of how many I have spoken at since I have spoken at every one and for many of those years there has been both one in Europe and one in the US. This year I will be speaking both at the London show next month and the Boston show this summer.

My favorite moment at BriForum? Well it isn’t the fire and subsequent Bomb evacuation at the 2nd Washington show, which while quite memorable, doesn’t compare to the first show.

The very first BriForum was held in a movie theater in Silver City (near Washington DC). Most of the speakers barely knew each other, mostly from on-line presence and randomly running into each other at other shows like the Citrix iForum (what Synergy used to be called). Some of us had met at dinners held by posters at the ThinList, but by and large we didn’t know each other that well.

Which made it such an exciting show to hear sessions led by these awesome people. And all of us were in awe of each other, while hoping that we were good enough to not get heckled off stage when it was our turn.

So there I was, standing on the stage of a movie theater giving my presentation when I got interrupted. You know the crappy music they play along with advertisements to go buy some popcorn and soda before the movie starts? Well that started up in my room about 30 minutes into the session.

Not knowing what to do, I exited out into the lobby to find Gabe making popcorn at the popcorn machine. No, he didn’t turn on the music, but he was the guy who could figure out how to get it off. I returned to the room and it stopped. But that’s not the end of the story.

When the videos came out, I realized that the entire time I was on microphone. Everything thing I said; the conversation with Gabe and all, came out on the recorded audio.

UPDATE: Brian posted a link to the video here. The music hit at just after the 34 minute mark.

Fortunately neither Gabe nor I used any bad language!

Request for new VDI Term: “Semi-Persistent”

VDI is often categorized as either Non-Persistent or Persistent.

Non-persistent VDI is where you use a shared common image. Only one image to maintain. When the user logs off, the image is destroyed and the next time the user logs on they get the original image.

Persistent VDi is where the complete image is retained upon logout and the next time the user logs on they get the exact same image they had when they logged off.

The reality is that usually Non-persistent VDI implementation brings along some user data from the prior session. This is handled by Roaming Profiles at a minimum, but may also have folder redirection or a user environment add-on product to manage the user-related-data, either app related (UEV, AppSense, RES, TriCerat, Norskale, etc) or layering (Unidesk, Citrix PVD, 2012R2 “User Layer”).

I think we need a different term for this, segregating it from Non-persistent. I’m going to start calling this “Semi-Persistent”. What do you think?

AppV 5 Connection Group “Pellucidity” and Deletion Objects

I have written a new “white paper” on App-V 5. This one looks at package “pellucidity” (the layering effect caused by the settings “override local” or “merge with local”), and package deletion objects and how these are implemented at the client when you use Connection Groups.

As it was in 4.6 with DSC, all is not as simple as you might think. The paper makes a nice reference with charts showing you what happens in each of the possible combinations. Fortunately, most of the time the client is doing the reasonable thing. But when you hit those other cases you need a reference like this to figure out what is going on. It’s full of charts like this…

…as well as explanations. You might think the virtual file system and virtual registry would behave the same way, but you’d be wrong!

White Paper at Pellucidity and Deletion Objects: Connection Group Layering in App-V 5

App-V 5 and App Related Data

One of the big benefits of App-V has always been that applications that needed certain kinds of remediation to work today were automatically dealt with.

I’m talking about apps that were developed without complete support for multiple users (or multiple tenants), or for apps that assumed systems that have no security protection to write to common locations.

We just sequenced them, and App-V automatically redirected any writes by the user to a safe location isolated to only that app. And it all roamed with the user.

Until version 5.0, where Microsoft decided that virtualized apps should behave more like non-virtualized apps. For the most part, the changes in 5.0 are welcome and make the job of preparing and distributing apps easier. But not for a log of older apps.

Primarily we are talking apps that were originally developed before UAC in Windows Vista, but also apps originally developed before people understood multi-user in Windows XP. These categories, unfortunately, include a whole lot of business apps developed by enterprises themselves. And in most cases the enterprise cannot update the app. Reasons for being unable include:

  • No longer knowing where the source code is
  • Developer is no longer at the company
  • Don’t have the tools to even rebuild that old code
  • Nobody wants to take ownership of it

In App-V 5, we really have a couple of big problems with these apps:

  • The virtual app doesn’t roam all of the changes made by the user (the ARD).
  • The app won’t work because of file or registry writes that now fail

You would still have those problems with a natively installed version, so App-V 5 isn’t breaking anything that way, but usually these apps worked great in App-V before.

A while back, I created a tool (AppRemediation) to take care of much of the first issue. I continue to find more things and need to update that tool at some point; it doesn’t get 100%.

So to better understand the problem, I performed some new testing. The accompanying chart shows the results of all of that testing.


Click for a larger image

Testing was done using a new version of my home-built AppVPersonalization tool that allows you to write to specific places and see if it works, or where the data is being written.

The testing consisted of making a package with files, registry items, and environment variables of different kinds inside the package. I tested both cases of having the program be located inside the PVAD folder and not (VFS’d). I also tested as an admin or standard user, and with the program elevated to a different admin user using RunAsAdministrator. The chart above shows what happens in the different scenarios.

I am hoping that Microsoft will continue to adapt the App-V product to improve it’s ability to make virtual applications easier for these older applications. If not, at least you know a little more about what to look out for.

AppV is Hot Now

Microsoft App-V seems incredibly hot right now, with everyone getting ready to jump on App-V 5 when SP2 comes out. There is way more activity in this space than I have ever seen!

 

I have been running training classes on App-V for over six years now. Back when Microsoft bought Softricity, I saw an interest spike. But it was not a big spike, and it did not last long. I also have been seeing a somewhat larger boost in interest in the last 2+ years as customers started on their Windows 7 Migration, a boost that has continued through this year. That boost has caused me to add an extra class into the schedule each year, and those classes have been mostly full.

But in all of that time I never booked a student for a class until after the previous class had completed. Until now. This summer it has been hot. We have a class starting next week in Boston. Full. The next class is in Phoenix in December. Full. I added a new class today in January through our partner in Phoenix (ThinClient Computing). It already has students booked. What is going on?

Companies that use App-V 4.6 are ready to move over to 5.0. Companies that use Citrix Streaming for App Virtualization (which is going away) are switching over to App-V. Companies that never used App-V and are now a tad late in their Windows 7 Migration are using it to get done faster. Companies that completed an overhaul to SCCM2012 are now ready to virtualize their apps. Companies that finished their Migrations are virtualizing apps for flexibility. It is like a huge wave hitting us right now.

And finally there is what Microsoft is doing to the product. App-V 5 is a complete rewrite of the application virtualization stack; modernizing what AppVirt is all about and trying to make it simpler. While I have recommended App-V 5 for new customers, I have been cautious with existing customers thinking about upgrading to version 5 until we see a number of new issues resolved and other new things that we had been asking for. Most of these should be solved with the release of SP2, although I am still cautious about how well it will perform. . But the customer interest tells me that they are ready commit to SP2 now, before we even see the final bits.

App-V is finally hot.

TIP: Solving FTA Conflict in App-V

Back when we created SoftGrid, the OS only supported one “owner” application for a given file type association. And we learned to live with this, but really didn’t like it all that much. Now we don’t have to.

Background on FTA Conflict

For natively installed applications, somewhere along the way Microsoft added a new interface for developers (or more specifically installer developers) to let them install their applications in a way that the file associations references were cumulative. Using this “interface”, and the user would see additional applications as “open with” options, and the user could choose which to take ownership as default action. This “interface” is known by several names, depending on who is doing the talking: “Registered Applications”, “Application Capabilities”, or “Default Programs”.

With App-V 4.* this capability, if used by the installer developer, was simply ignored and we ended up with the FTA last-write-wins scenario. This meant the last virtual app arriving to the user machine with the conflicting FTA won. With distributing the packages via the App-V Server, this meant that the last application package added to the management console always won. But with SCCM delivery you could never really control the order (except via task sequences, and then only for new systems created after the task sequence is created/updated) so different users could get different file associations.

But in App-V 5 the ability to capture and expose “Registered Applications” is implemented fully by App-V, assuming that the person creating the installer did the right thing. But it turns out that very few installer developers bothered to add this new capability into their packages.

This “interface”, is implemented by the installer as a series of optional registry settings.

  • It starts by adding a new registry string value under the “HKLM\Software\RegisteredApplications” or “HKCU\Software\RegisteredApplications” key (depending on if the install was per-machine or per-user). The new value name would be a unique name, such as the name of the application. This would be a Reg_SZ that would contain the relative path to another key in the same hive. Typically, this would be “Software\[ProgramName]\Capabilities
  • Then add the named key to the registry.
  • Under that key, add two Reg_SZ values, called “ApplicationDescription” and “ApplicationName”.
  • Also under that key, and a key called FileAssociations
  • Under FileAssociations, add values for each supported file association. The value name for each is the file extension, starting with the period (as in “.zip”). The data for the value is the ProgID registered for that file association, which you can find as the default value for the FTA.

The “interface” supports a lot of other capabilities to be added, but these are the ones I am most interested.

How to use this to solve FTA conflict when the developer didn’t

Here is what I do to make these app file associations work the way that they really should have to start with.

Sequence the app normally and get into the sequence editor virtual registry. Look to see if it added anything under the HKLM or HKCU Software\RegisteredApplications.

If not locate the file associations in the virtual registry. They will look like this:

Click on each FTA and look at the ProgID. Some will not have ProgIDs, so skip those. (If anal, you might look for a “open with progid” subkey that will have the progid).

Create a “.reg” file that will create the entries that you need. If the installer added the FTAs under machine, you will use the HKEY_LOCAL_MACHINE hive in this file, otherwise use the HKEY_CURRENT_USER. With App-V, it doesn’t matter which you use because the publishing action at the client moves the keys depending on whether the -Global flag was used. For example, to handle WinZip, I created the following file:

    
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WinZip\Capabilities]
“ApplicationDescription”=”WinZip file compression utility by Nico Mac Computing”
“ApplicationName”=”WinZip”

[HKEY_LOCAL_MACHINE\SOFTWARE\WinZip\Capabilities\FileAssociations]
“.7Z”=”WinZip”
“.B64″=”WinZip”
“.BHX”=”WinZip”
“.BZ”=”WinZip”
“.BZ2″=”WinZip”
“.cab”=”WinZip”
“.gz”=”WinZip”
“.hqx”=”WinZip”
“.LHA”=”WinZip”
“.LZH”=”WinZip”
“.MIM”=”WinZip”
“.RAR”=”WinZip”
“.tar”=”WinZip”
“.TAZ”=”WinZip”
“.TBZ”=”WinZip”
“.TBZ2″=”WinZip”
“.tgz”=”WinZip”
“.TZ”=”WinZip”
“.UU”=”WinZip”
“.UUE”=”WinZip”
“.wjf”=”WinZip.JobFile”
“.wzconfig”=”WinZip.SetupConfig”
“.wzmul”=”WinZip.RegFile”
“.wztheme”=”WinZip.Theme”
“.XX”=”WinZip”
“.z”=”WinZip”
“.zip”=”WinZip”
“.zipx”=”WinZip.ZIPX”

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
“WinZip”=”Software\\WinZip\\Capabilities”

Revert your sequencing VM and re-sequence. After completing the install, run the reg file (while in monitoring mode). That’s it.

Results

When the virtual package is deployed, the user can right-click an appropriate file type and have access to all of the registered options. In the image below, the deployed WinZip package is the default action for the .Zip file type, but the native windows explorer handing of zip files remains available.

When the user wants to change the default themselves, they can click on that “choose default program” menu shown above, or go to the Control Panel, Default Programs,
then click on “Associate a file type or protocol with a specific program”. Locate the file type, and they can pick the default from any program that registered itself correctly.

Alternatively, the user can go to the Control Panel, Default Programs,
then click on “Set your Default Programs” and bump a registered application to be the primary (default) for all of it’s registered associations.

Summary

Using this technique, we can easily improve the behavior of applications while virtualizing!

PS: You MSI repackagers could do this also.

What’s a Citrix Streaming Customer to do now?

OK. So XenDesktop 7, the new combined version of XenDesktop and XenApp is now released.

And we can see that Citrix has not integrated their own application virtualization solutions (Citrix Streaming) into the Citrix Studio console. Instead, they have chosen to with integrate Microsoft App-V 5.

And not just into the Management console, but also in the new AppDNA, which not only analyzes applications but can now even produce App-V packages for some apps.

Why?

  • Because they want to be a better Microsoft Partner?
  • Because they were looking at a significant effort to port to Windows 8/2012?
  • Because, well not that many customers were using Citrix Streaming?

Well we don’t really know, but it is reasonable to assume that it is a combination of all three. Here is my guess:

Citrix Streaming was (reportedly) born out of the inability of Citrix to purchase Softricity, plus Softricity starting to go after their customers to do app virtualization on the desktop rather than on Presentation Server (the earlier name for XenApp). But then Microsoft went and bought Softricity (renaming it to App-V) and Citrix found themselves in a awkward position of competing against their best partner. Although Citrix has gone way out of their way in the last couple of years to assure both customers and Microsoft that they aren’t competing with Citrix Streaming and fully support both AppVirt products, it has to be a least a small thorn in the relationship. And that relationship is more important to Citrix than any single product, let alone one that you can’t claim adds a penny to the revenue stream.

Windows 8/2012 does not support the device driver development model used by the Citrix Streaming Client. Getting a version running on that platform would be an effort. I wouldn’t think it would be an overly significant effort, but more than many releases.

To the best of my knowledge, most Citrix Customers using an Application Virtualization solution select App-V over Citrix Streaming today. Of those using Citrix Streaming, they tend to be using it only on XenApp. Of course, only Citrix really knows those numbers, but I am reasonably confident that this is the case.

I think we need to add to this that having their own AppVirt solution has become an unnecessary distraction to a company with a lot of products, attempting to move their customer base out of the comfortable sale of the past (XenApp) to what they view as the future (a mixture of virtual desktops and mobile deployments).

So what’s a customer to do?

Well it’s unlikely that you’d want to move to ThinApp, so maybe App-V?

If you’re deploying on XenApp, you already have a license for it. For VDI/Desktops, you need MDOP (and an Software Assurance Agreement), and that might be a problem for you. I have noticed fewer customers with this issue lately, because they added in SA and MDOP when planning their Windows 7 migration. But that doesn’t help if you aren’t in that group, so in that case you may be facing costs to Microsoft in order to make the switch to App-V.

There is no conversion program to convert your existing Citrix Streaming packages to App-V. Citrix didn’t do one. Microsoft (so far) didn’t do one. Although asked to look at it, I’m not doing one. I could create one, but I don’t see the market potential to put everything else I’m planning to do this summer on hold. Maybe someone else will step up, but don’t hold your breath waiting on that.

The good news for existing customers, is that Citrix Streaming still works with XenApp on 2008/R2 and on Windows 7. You just don’t have integration. If you aren’t moving to newer platforms yet, you have some time.

When you make the move to App-V, I expect that much of the packaging skills of your existing staff to transfer over. I think you’d be better off getting them a little training on App-V (which of course IS my business so you probably shouldn’t take my word for it). But once they understand the nuances of App-V, all of the application specific knowledge will transfer right over.

For a well trained expert, the rate-of-effort to package in App-V is in general similar to that for Citrix Streaming, which of course is LESS than for MSI packaging. Their is a somewhat better support network out there when dealing with App-V than Citrix Streaming today, including application specific information (recipes) and out-source packaging factories.

Warning: Commercial here

If you need help in making the transition, TMurgent can probably help. Contact us for a discussion.