After a Microsoft support-case in which I was assisted by Sasha Loncarevic in resolving a problem where excel.exe initiated by a virtual application – had a parent process named SVCHOST.exe – an original solution came about. This solution could in a very short time be reused in a very similar scenario. Previously – only one similar thread had been posted in the forums describing a very spot on scenario. Excel is started outside of the virtual environment. Hopefully this interview can bring insight how Microsoft assists customers in resolving their issues and some insight to the details that caused it.
Hello Sasha,
Can you please introduce yourself?
Hi, my name is Sasha Loncarevic and I am an Escalation Engineer at Microsoft UK. I have been with Microsoft for 11 years, most of that time working with Enterprise customers to resolve complex issues in Remote Desktop Services and APP-V scenarios. Besides working on the most political/severe problems, Escalation Engineers also work with the Product Groups and Sustained Engineering teams to debug problems and deliver Hotfixes for bugs in the source code.
How long have you been working with App-V / Softgrid?
I started working with APP-V in early 2007; shortly after Softricity was acquired by Microsoft.
Whats installed on your computer?
A full Microsoft stack as you can imagine! I have several machines at work: three are running Hyper-V to host my repro environments, so around 10 guest VMs each at any one time. My main tools machine has Office 2010 (OneNote and Lync being my favourite apps), Visual Studio 2008 and 2010, Platform SDKs, DDK, Debugging Tools for Windows, our internal CRM tools, and a loads more.
How are you assisting customers?
Around half of my time is reactive – working on support incidents raised by external customers. The other half of my time is dedicated to building out our internal and external diagnostics capabilities: tools for data collection, automation of problem identification etc. The third half of my time is spent mentoring junior engineers and working on business improvement projects.
Are you actively participating in the App-V Community – directly or indirect?
Unfortunately not as much as I would like. With my work time already over-committed and having four beautiful and active children, I can never find time to maintain a blog, or regularly contribute to other blogs or newsgroups. However, after resolving a reactive incident I will often promote the solution to a knowledge base (KB) article. We do track how often our articles are viewed by the public, so I know that my contributions are making a difference (aggregated to >5000 views in the past year).
Since this interview came about after investigating OLE-calls and / or COM-objects – lets transition into that…
You assisted in investigating issues – where Excel and other locally installed applications were called from a virtual application, but not started within the virtual environment. Usually the parent process of those applications (excel as an example) was SVCHOST.exe
Can you tell us more about why SVCHOST.EXE starts Excel.exe among several other programs?
First some background: Excel is an OLE server. OLE is an old technology that allowed you to embed content from different applications into a single document stream – for example if you embed an Excel spreadsheet into a Word document, you could double click the object to start editing the spreadsheet using Excel menus and functions, but whilst still in the Word window. OLE evolved into COM, which defines a standard way of interfacing with objects. Excel is a COM server, and Word (or any other application) can use COM to create Excel objects and control them, including what OLE originally enabled. COM allows objects to support multiple interfaces, and many objects support the IDispatch interface, which allows them to be controlled via scripts e.g. vbscript.
COM also defined ways for objects to be created – either within the host process, or in a separate process. In the early days of Office, it was possible for an embedded spreadsheet to be served (drawn, updated) by an Excel DLL loaded into the Word process. Nowadays Office is too big and complex for that, and Excel objects are served by an external instance of Excel.exe. This is called an ‘Out-of-process’ COM object, and the COM server process (Excel.exe) will be usually be launched by the DcomLaunch service, running in an svchost.exe process.
As we know, svchost.exe is not running within the APP-V virtual environment and this can therefore present problems for virtualized applications that use out-of-process COM. APP-V examines all CoCreateInstance calls inside the virtualized processes, and will launch out-of-process server processes inside the virtual environment in most cases. Recently we had a case where APP-V was fooled by SAP asking for an in-process Excel object, and mistakenly allowed Windows to handle the activation because the target object (Excel) had a legacy “InProcServer32” and “InProcHandler32” registry entry (i.e. it incorrectly appears to support in-process activation). In this case Excel was launched by svchost.exe outside the virtual environment. There are two potential solutions for this problem – change SAP to request an out-of-process Excel object, or delete the “InProcServer32” and “InProchandler32” registry value for Excel.
There often many questions regarding “the wrong” software starting when using a combination of virtual and locally installed applications – one scenario described by the App-V Team blog (1)
How can one avoid such issues – what can one do to resolve those if they show themselves?
I don’t believe there is a blanket rule, or general advice for this. I expect that even armed with the knowledge from my earlier statement there will still be borderline scenarios that will require a live debug to resolve. That being said, the tool that we almost always start off with when troubleshooting problems of this nature is Process Monitor (procmon) from SysInternals (now Microsoft). The standard advice is to get traces from working (i.e. non-virtualised) and failing examples, and compare the two. I usually start analysis by right clicking on process names in both traces that I am definitely not interested in, and then selecting ‘exclude’ in the dropdown menu – usually by process name but in some cases by process ID (we wouldn’t want to take out all svchost.exe’s for example, if we were troubleshooting an issue like the ‘wrong parent’ problem).
Is this the reason why the previous recommendation was that any virtualized program should not be installed natively?
I think you mean any application that will be need to be accessed by a virtualized application should also be virtualized…
APP-V does try its best to “marshal” interaction between locally installed and virtualized applications, however in some cases there are just too many brittle touch points, or different ways to exercise the Windows APIs to achieve the same result, that APP-V hasn’t catered for.
What does a registry key under HKEY_CLASSES_ROOT\CLSID represent (or HKLM\Software\Classes)?
COM objects are identified by GUIDs and friendly names e.g. {00030000-0000-0000-C000-000000000046} is also Excel.Worksheet. The CLSID subkey of HKEY_CLASSES_ROOT is where every COM object is defined, listed by its GUID. Here will be detailed whether the COM object supports in-process and/or out-of-process activation, and what executables encapsulate the object’s functionality. If an object has a friendly name, it will also have an entry (using that name) in the base of HKEY_CLASSES_ROOT, where we map to its GUID. The base of HKEY_CLASSES_ROOT also contains file association information used by the Windows shell.
Why does removing InprocHandler32 and InprocServer32 let us avoid having SVCHOST.exe starting a locally installed application outside of the virtual environment?
This should be answered earlier.
What tools did you use while troubleshooting?
Mostly WinDBG (Windows Debugger) and our source code explorer, but also Netmon, Perfmon, many SysInternals tools (Process Monitor being an important one). I also use tools I have written myself, e.g. to gather and decode software traces (ETW)
How many applications have you sequenced?
Only around 20, and usually following customer recipes in order to reproduce problems that I can then debug or troubleshoot further.
Any special thanks you wish to send-out?
I work with really smart and motivated people at Microsoft; far too many to call out individually. Often I also work with customers that deserve special mention, in that they partner well with us to find solutions to really tricky problems (e.g. willing to capture endless traces, enable remote debugging etc).
What improvements do you wish to see in App-V?
I believe that error handling and reporting could be improved to help customers resolve problems without coming back to Microsoft. I would also love to see a Process Monitor Comparison tool, that would know what sort of differences to look for during sequencing, native execution and virtualised execution. In fact I started writing such a tool, but it is currenlty somewhere in the middle of a huge ’to-do when I get time’ pile.
With that – we thank Sasha for the time taken to answer this and hope that it can provide insight for everyone using App-V!