Tim on App-V 5.0 SP3

image attribution Stuart MilesThis week Microsoft released the anticipated App-V 5.0 SP3, along with an updated UE-V 2.1, as part of the MDOP fall release.  We normally expect the MDOP release around November 1st, so this drop is a little later than usual for some reason.  But it is well worth the wait.

While Microsoft App-V is generally regarded as the best application virtualization solution out there, the product did take a step back in the 5.0 re-write that was released two years ago.  Oh, it was still better than the alternatives, but not necessarily better than App-V 4.6.  At that time, I cautioned companies to work with 5.0 in their labs, as eventually they will want to move to the new platform, but if they were on 4.6 currently they shouldn’t be in a hurry to upgrade in production. 

With the release of 5.0 SP2 last fall, I felt that it was mostly ready.  On one hand, 5.0 SP2 allowed you to do many things that you just couldn’t do otherwise, while on the other hand there were some annoyances that kept it from being declared the best.

During 2014, we saw a couple of “hotfix” releases, especially HotFix 4 and HotFix 5, which were really feature releases and major performance improvements.  5.0 was looking really good.

With the release of SP3 this week, I think that 5.0 is now the best release, clearly surpassing even App-V 4.6.  Which is important since the end of support for App-V 4.6 SP3 as I read it as Dec 2 2014,  or this guy thinks  might be next June.   In any case, time to get moving. 

So what do we get in SP3?

To start with, everything here is based upon a combination of access to pre-release software, plus a review of the release notes.  The msdn download center has been all bonkers so I haven’t gotten the actual bits yet. 

In the release, all components of App-V are upgraded.  Server, Sequencer, and Client.  There are MDOP downloads, RDS downloads, and Hosting Provider downloads showing on the site (even if the download button isn’t working.

See the release note here, but read my summary as well…

  • Single Install. First, we get a roll-up of those important “hotfixes”.  A single install for new clients is a beautiful thing.
  • Connection Group Flexibility. This consists of four things:
    1. You can now include apps published to the user and those published globally in the same group (as long as you enable the connection group to the user).  Previously all packages in the group had to be published the same way as the group.
    2. You can mark packages as optional in the group.  This means you can define a master group for anyone getting the primary package that includes all possible add-ons, but publish the add-ons independently without having to manage a group for each permutation.  It is kind of like the And/Or used in the Configuration Manager, except that the group GUID is consistent at the client.
    3. You can mark a package version with a wildcard of “*”.  So if you upgrade the package you don’t have to think about updating the connection group.
    4. You can now unpublish and/or remove a package from the client without disabling the connection group (as long as the package is optional in the group).
    5. Connection groups can get upgraded even if in use.  This is similar to the package pending scenarios (where a package add/publish/unpublish/remove is queued up for execution at a later time when the package is not in use), except that in this case pending means that the client needs to make additional changes to state but you immediately get the effect for newly launched packages/groups.

Keep in mind that this new flexibility is not available to Config Manager deployments at this time.  That would require a rev of Config Manager.  So those that deliver using the App-V Server, Stand-alone deployments, or with third-party tools, get a leg up.

  • Publishing for other users. You may now publish/unpublish a package, or enable/disable a connection group to a user other than yourself via powershell.  The limitation is that the user must be currently logged in, or at least profile still available on this machine, and that you must be an administrator.  The powershell now accepts the user SID as an optional parameter.
  • Local Publishing Authorization.  The Group Policy (as well as regular registry based configuration) for App-V is expanded to allow you to control if package and connection group publishing is limited to only Administrators.  Previously, it was possible for users with standard rights to self-publish by googling the PoweShell commands.
  • Merged Roots. This is huge! When packages are placed in connection groups, an improved merging of identical paths between the packages occurs.  There were improvements in HotFix 5, but is even better now.
  • Goodbye PVAD (almost). Thanks to merged roots, it is no longer necessary to declare a PVAD folder in the sequencer and install the software to be virtualized into that folder.  In fact, I found out that if you are going to use a Connection Group, you are probably better off using a VFS style install! With SP3, there still is a PVAD, it is just hidden.  For most all applications, this turns out to be just fine, but we know of a few applications that require PVAD installation, so how to we handle that?  You have a couple of ways to do this:
    1. There is a new command line switch, -EnablePVADControl when you launch the Sequencer GUI to show the PAD prompt like before.
    2. You can set a new registry DWORD HKLM\Software\Microsoft\AppV|Sequencer\Compatibility\EnablePVADControl to 1.
    3. Or, when you enter monitoring mode, just browse to the C:\ folder.  The Sequencer created a random PVAD folder name (looks like a GUID) for you.  Just install the app there.

So how do you know when to sequence to the PVAD?  .  Each app will act differently, but often the when at the client and you launch the virtual app, it will in some way complain that it isn’t installed or configured correctly and refuse to run. When the app doesn’t work at the client, give PVADing a try.  It might just work. 

The MVPs have a short list of apps that we have found that need PVADing, including:

WinZip
ArcGIS Desktop tool
Avaya CMS Supervisor R17
Wonderware InTouch 10.x

I also think that we will find apps that have long path length issues with VFS style installs, and a PVAD install, especially one carefully crafted with a long PVAD, might be needed.

  • PowerShell Changes. Some small changes were made to the PowerShell interface to support the new features.
  • Client Publishing from Publishing Server. Some behind-the scenes changes were made to support the new connection group features.  This mostly affects manual diagnostic debugging from the client of the publishing information as the new client will automatically use the new syntax.  If previously you used https://servername:port to test the publishing server, you now use https://servername:port&clientversion=5.0.xxxxx.x&clientos-WindowsClient_6.2_x64 (replacing the x’s with the actual client version and the OS as well).
  • RunVirtual. RunVirtual is now supported for per-user published packages. WooHoo.
  • Some App-V Client Debug logs have been consolidated, and some moved to a ServiceLog subfolder.  See the release notes if you care.
  • Virtual Services with DACLS Fix. For some time, certain windows services that use “unusual” Service DACL settings to protect themselves would not work when installed using the sequencer.  This included the FlexNet licensing service and those of Google Chrome Enterprise.  While the prior work-around to manually modify these permission settings in the Sequencer will still work, you no longer need to do so.

NOTE: Microsoft doesn’t list this as a feature or fix with the release.  It seems that this was simply a side effect of a different fix to virtualized services.  They only became aware of this fix when I discovered it and asked about it.  No word on what they were trying to fix, but presumably it was to fix a different virtual service issue reported by a customer.

Please pay attention to the details in the readme about the order of upgrade installation, as this is different from prior releases due to the changes to support the new connection groups.  You should upgrade the servers before upgrading ANY clients.

This information is based on working with some pre-release builds, and re-checking the release notes to make sure that there are no unexpected surprises. We will switch out and use the new version in our training class this week (if I can get it downloaded!).  Perhaps we will learn a little more. 

Also check out Thamim’s blog on the subject here: https://virtualvibes.co.uk/connection-groups-2-0-in-app-v-5-0-sp3-more-manageable-more-flexible/

PS: I have a new version of AppV_Manage ready to release that works with the new features, and works with the Windows 10 Preview, where there are some PowerShell differences that needed addressing.  I will get that released soon.

By Tim Mangan

Tim is a Microsoft MVP, and a Citrix CTP Fellow. He is an expert in App-V and MSIX.