Notifications are globally suppressed

Posted by nickekallen on in ConfigMgr 0 Comment

After reviewing the fact that no new notifications were provided by the SCCM 2012 Client for applications beeing deployed a quest for the right log-file to locate the root-cause, it was a great relief to identify all notifications beeing processed in a single log-file.

SCNotify_DOMAIN@USERNAME_1.log presents a complete history of what the user has been presented with. However, this was shown;

 

Notifications are globally suppressed, this event will not be processed by NotifyObjectInstanceBase   (Microsoft.SoftwareCenter.Client.Notification.NotifyObjectInstanceBase at IsKnownEvent)

It seems that the Computer Agent settings has a setting which doesn’t directly reveal its impact, however the documentation clearly states that it will disable notifications.

Additional software manages the deployment of applications and software updates

Enable this option only if one of the following conditions apply:

You use a vendor solution that requires this setting to be enabled.
You use the System Center 2012 Configuration Manager software development kit (SDK) to manage client agent notifications and the installation of applications and software updates.

 

It seems that reboot notifications are not impacted by this as it requires a few more tricks provided by Microsoft to suppress them.

Experts2Experts Virtualization Conference

Posted by nickekallen on in App-V, Citrix, Deployment 0 Comment

E2EVC Virtualization Conference

Join me and quite a few of the virtualization community in Rome for a weekend of interesting sessions and great discussions. E2E Virtualization Conference allows for a chance to meet up lots of great people out there willing to share everything they have encountered in the most relaxed conference for Virtualization specialists.

During the weekend of 1 – 3 November the hotel ROMA CITTA H10 will be full of us geeks that non-biased can discuss (for the 10th year around) the in’s and out’s of the technology out there in the end-user computing market.

The schedule is packed with sessions starting at eight in the morning and ending at just before seven o’clock at night.

Office and its poor handling of slow-links

Posted by nickekallen on in Office 0 Comment

Office is and has been a core application for a quite a while within most Windows environments.  This is a small list of things that have been adopted to make the user experience better for users not located close to the file-servers, or articles that allow you to understand why things happens.

Slow network performance when you open a file that is located in a shared folder on a remote network computer
Known issues with Office if Desktop or My Documents is redirected
An Office program is slow or may appear to stop responding (hang) when you open a file from a network location
Excel workbooks may open slowly over the network
Slow performance when you browse the My Documents folder in the document library in Windows 7 or in Windows Server 2008 R2

and for the PST / OST-files;

Limits to using personal folders (.pst) files over LAN and WAN links
Network Stored PST files … don’t do it!

Access

Using a wan with ms-access? How fast, how far?

Detection logic for MSU in SCCM 2012

Posted by nickekallen on in ConfigMgr 0 Comment

I spent the day reading quite a few blog-articles relating to the detection logic for Microsofts new patching format, and howto properly output that into SCCM 2012.

Detection Method for MSU in Applications for SCCM 2012

Deploying the App-V 5.0 Client Using Configuration Manager 2012 SP1

How to create an application for deploying the App-V 5.0 Client with Configmgr 2012

SCCM 2012: Microsoft Update (MSU) als Applikation verteilen

All of the above does have a few issues though. The detection logic isn’t fulproof as a “false” one could easily error out. As I have previously written – the exit-code of a VBScript isn’t relevant when using it for Global  Conditions and the same seems to apply for Detection methods. As noted on Technet (however, for Global Conditions) the output must be through an Echo (or something similar) – which must be something for both a false and a true scenario.

Sample code;

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")

Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_QuickFixEngineering WHERE HotFixID = 'KB2506143'")

If colItems.Count = 0 Then

Wscript.StdOut.Write "False"

Wscript.Quit(0)

Else

Wscript.StdOut.Write "True"

Wscript.Quit(0)

End If

Break SSO for a Citrix ICA client

Posted by nickekallen on in Citrix 1 Comment

You want to remove the Citrix ICA Client (Receiver, Online Plugin – whatever the name is) from the Run-key for version 13.4 and below? That’s actually a bad idea – is it will break single-sign on due to a faulty repair in multiple versions of the client.

The Run-key is located here for a 64-bit version of Windows.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Citrix creates a String-value named ConnectionCenter that allows the ICA Client to startup during logon. If the value is removed – the ICA Client will initiate a repair that actually remove another registry key;

image

Once the above is wiped single-sign on is ruined.

A better way to proceed is to let the ConnectionCenter value be blank. That will avoid the repair from happening.

Appsense–First letter of username

Posted by nickekallen on in Appsense 0 Comment

I had to extract a the first letter of a username using Appsense Policy Configuration within Environment Manager. I would have hoped there was a trim functionality natively available, however none were found in the version that was dealt with.

Therefore a bit of optimized search had to be performed. As far as I can see this is faster than executing a script, but perhaps a bit more work to setup initially.

imageCreated 5 top Username matches with these regular expressions;

.*\\[a-eA-E]\w*
.*\\[f-jF-J]\w*
.*\\[k-oK-O]\w*
.*\\[p-uP-U]\w*
.*\\[v-zV-Z]\w*

Below each one I then parsed through the letters that the regular expression matched (A-E for example) and once a match was hit – set the environment variable FIRSTLETTER to the matching letter.

Search was for the letter A as a sample; *\a*
For each specific letter I used a query and not a regular expression.

I created an Appsense template for EM that you can download, which contains a reusable node!

App-V 5.0 Sequencer and Reboots

Posted by nickekallen on in App-V 4 Comments

App-V 4.X

Previously, in App-V 4.X, while sequencing you would never have to reboot. The idea, which worked in most cases, was the sequencer would simply – while in monitoring mode – execute what ever was in queue for the next startup before proceeding to the next part of the sequencing process.

This list of things to execute would be gathered and executed once you hit Stop Monitoring. Stop Monitoring was a button available in the sequencer up until App-V 4.6 and this could also be pressed multiple times. In App-V 4.6 SP1, and forward, changed the workflow of the sequencer and suddenly the button Stop Monitoring was not available. You could suddenly not hit this button multiple times, but simply check “I am finished” and click Next. Unfortunately – you could not go back. Multiple reboots were suddenly a hassle – as you would have to save the package and return to the start of the workflow to initiate a second reboot.

There had been a few known cases (never personally hit them) were reboots were simply not handled as nicely as one would like in this workflow. As always – things can get better.

App-V 5.0

In App-V 5.0 this changed drastically and now you were commanded to perform the reboot. The experience would be that at any time after the actual monitoring process started  a reboot could be executed, and once the computer starts up again the sequencer will resume operations.

Reboot.exe is the process that scans your computer and apparently it saves the state into a sub-key of the App-V sequencer.

image

HKLM\SOFTWARE\Microsoft\AppV\Sequencer\Resume is the place to watch out for!

Under Resume there is a Serialized State that seems to explain where the current state of the package is;

image

I haven’t personally experienced any issues with this, however quite a few people have. As far as I know they have always a few things in common;

  • The sequencer workstation is domain-joined
  • Its running as a virtual machine

Problems

What happens if you perform a reboot and you do have an issue?

Firstly – the sequencer can catch that it hasn’t been allowed to prepare enough for a shutdown;

the sequencer was unable to prepare for a system restart.

If no error message is presented this means that the sequencer was given enough time to prepare the sequence so that it should be successfully resumed once the computer is rebooted. However, something else can interfere during startup and then this happens;

image
An error encountered while trying to start the monitoring session.

Event Viewer

A good idea is to check Event Viewer under Application and Services –> Microsoft –> AppV –> Sequencer and the Admin-log.  By manually crashing the sequencer and just attempting to restart it this was generated;

An attempt to start the monitoring session failed (The process cannot access the file because it is being used by another process)

Run / RunOnce

You could avoid the reboot and manually locate what needs to happen for the application installation process. A tool to use in this process is Autoruns (from Sysinternals) or poke around the registry for potential clues in the Run registry key. Once you identify what is set there to run at the next reboot – simply run it to get it into the monitoring process. Hopefully this will allow you to proceed without having to deal with the reboot in itself.

Or you could to try to resume the sequencer again. I can’t say that I have been able to test this in anyway, but once a reboot is initiated the sequencer will write to RunOnce so that once you login again the process will resume;

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Manual resume

Try this;

C:\Program Files\Microsoft Application Virtualization\Sequencer\Sequencer.exe /resume

However, it did fail the first time … Why would it work the second time?

What could cause this?

My assumption would be that any type of process that would interrupt the sequencer to properly shutdown its business in Scratch or properly open it would of course interfere the process.

If there is a GPO that would clear out the temp-folder, very common within RDS environments, that could potentially cause issues (as the serialized state will be lost).
I have heard a rumour that redirect folders (such as My Documents, or AppData) might interfere.

App-V 5.0 SP2 (beta)–Client UI

Posted by nickekallen on in App-V 3 Comments

If you have installed the App-V 5.0 SP2 beta Client which is available on Connect, the first you notice that there isn’t anything on the start-menu. In the initial release of App-V 5.0 there was both a tray icon and a shortcut directly on the users start-menu (well, if using Windows 7) to view the state of the client, however (unlike the previous 4.X version) there was also no way of getting rid of the system tray icon (and /or official way of not getting the start-menu shortcut, but you can just delete it without any harm).

In a technical community though, the workaround is not far away and after a while someone figured out that by renaming one of the executable files you would simply fail the systam tray icon to start.

Not a pretty way togo?

Well, in App-V 5.0 SP2 (beta) the UI seems to be completely gone. Actually – there isn’t any system tray icon and no start-menu shortcut. Obviously we have been hearing the PowerShell drum for a while – so did they go for the bold move and completely wiped the icon?

I can’t say that the system tray icon is around anymore, however the interface for users can still be found – as a virtual app!

Lets hope this is the start of an awesome trend, but yeah – why not provide the App-V Client user interface as a virtual application?

image

Add-AppvClientPackage -Path .\AppVClientUI.appv | Publish-AppvClientPackage
PackageId            : 237cb45b-20c7-4c91-985c-39a94507975a
VersionId            : f53d7a26-7fe3-40ab-990e-f244dc59ff43
Name                 : Microsoft App-V 5.0 Client UI
Version              : 0.0.0.1
Path                 : C:\Users\\Desktop\AppVClientUI\AppVClientUI.appv
IsPublishedToUser    : True
UserPending          : False
IsPublishedGlobally  : False
GlobalPending        : False
InUse                : False
InUseByCurrentUser   : False
PackageSize          : 1241895
PercentLoaded        : 21
IsLoading            : False
HasAssetIntelligence : False

You can publish it globally or to a specific set of users. Anyway you like it!

Download the RTM-bits from Microsoft.

Global Conditions and VBScript

Posted by nickekallen on in ConfigMgr 2 Comments

Currently my days are filled of migrating previous heavy-duty VBScripts that have provided what SCCM 2007 doesn’t have, but SCCM 2012 offers in the Application Model.

A major part of replacing VBScripts are Global Conditions within Configuration Manager 2012. And as the original script is in VBScript along with the fact that the client base is Windows XP to some extent – VBScript will prevail a bit longer even though its now wrapped within a Global Condition.

What I should have done from the start was to read about Global Conditons in the official Technet-site. There are a few gotchas and I realized that even more of the old code could have been moved to native functionality. For example – File checks can traverse the environment variable %USERPROFILE% and effectively check for a file (or folder) in all users folders on a specific target.

Now, I didn’t do this. So therefore I suffered for a day.

As the VBScripts had already been used in production I knew the quality of them was quite high in terms of achieving what I wanted – stripping them down to a specific function (remove installs and only perform a specific check for example) was easy. My first belief was that the exit-code of the script mattered. This resulted in some odd experiences, because everything ended with error.

Reading the documentation revealed that the exit-code wasn’t as relevant (should always be 0)

The value returned by the script will be used to assess the compliance of the global condition. For example, when you use VBScript, you could use the command WScript.Echo Result to return the Result variable value to the global condition.

Great – I can perform an echo! Well, obviously  this is the way togo – howelse to return a string for example?

As my initial tests involved the check that could only return true or false that was what I returned (a boolean value). VBScript outputs –1 as true. So when my boolean variable was true – the output was –1. However, SCCM was none the wiser.

Result (from DcmWmiProvider.log )

ScriptProvider::ReadDiscoveryInformation – reading discovery script definition    ScriptProvider   8/20/2013 12:41:57 AM  1428 (0x0594)

ScriptProvider::ReadDiscoveryInformation – ScriptType: 1           ScriptProvider   8/20/2013 12:41:57 AM  1428 (0x0594)

ConvertToVariant failed to convert value:-1 to Type:Boolean (0x80041005).          ScriptProvider   8/20/2013 12:41:57 AM  1428 (0x0594)

Failed in discovering instance.

Type mismatch (Error: 80041005; Source: WMI)  ScriptProvider   8/20/2013 12:41:57 AM  1428 (0x0594)

This failed completely.

If the output instead becomes the string “true” or “false (Result = “True”) – the output is handled by SCCM and can easily be converted into a Boolean (which makes the SCCM admins life my easier).

Unfortunately – the successful use of a script has no output in any logs as far as I have seen.

App-V 5 installation fails

Posted by nickekallen on in App-V 0 Comment

When deploying the App-V Client at a customer site the installation failed (or halted was more like it). It seems that a few parameters caused issues and once reviewing the log-file it became apparent which. Last part of the log-file looked like this;

MSI (s) (68:78)  Executing op: CustomActionSchedule(Action=OptIntoMu,ActionType=3073,Source=BinaryData,Target=AppvPerformMUOptInInstall,)
MSI (s) (68:B4)  Invoking remote custom action. DLL: C:\Windows\Installer\MSI37CC.tmp, Entrypoint: AppvPerformMUOptInInstall
Fault injection has been disabled by policy.

The parameters set during the install (for App-V 5.0 SP1) was set like this;

/ACCEPTEULA=1 /ENABLEPACKAGESCRIPTS=1 /MUOPTIN=1 /CEIPOPTIN=1 /NORESTART /q

Toggling MUOPTIN to 0 resolved the issue – which is great. I am guessing that if updates are provided through Microsoft Update they will simply have to be deployed through normal software distribution.