What Can You Say...?
This is what happens when you don't bother to use your own software.
Maybe they used Windows 8 and thought "hey, we better start switching to Linux."
PowerShell: Persistent Environment Variables.
This comes up pretty often and if you haven't dealt with env. variables much in scripting (or even batch files) you may be confused as to why your variables don't stick around. For example:
$Env:SFT_SOFTGRIDSERVER = "appserver"
Perfectly valid, but only for that PowerShell session. Not sure why but they make you use .Net to set it permanently, and, while syntactically more complex, it isn't difficult.
[Environment]::SetEnvironmentVariable("SFT_SOFTGRIDSERVER", "appvserver", "Machine")Likewise you can get EV's:
[Environment]::GetEnvironmentVariable("SFT_SOFTGRIDSERVER", "Machine")It is important to note that once you set it with .Net you wont see it in $Env until you start a new session, you HAVE to retrieve it via .Net in order to see it in the same session. If you really need some functionality of $Env you can add it both ways, but I honestly can't think of a good reason you would need to do that. But it wont harm anything.
PowerShell: Get command definition.
With 5.0 being so PowerShell friendly, if you spend a decent amount of time in the shell you probably noticed that the definition of commands tends to get truncated when you, say Get-Command Test-LegacyAppVPackage. Which returns something like this (apologies for the horrible formatting to follow):
CommandType Name Definition ----------- ---- ---------- Cmdlet Test-LegacyAppvPackage Test-LegacyAppvPackage [-Source] <String[]> [-Ve... CommandType Name Definition ----------- ---- ---------- Cmdlet Test-LegacyAppvPackage Test-LegacyAppvPackage [-Source] <String[]> [-Ve...
You might find this trick handy (and for more than just this if you are clever).
$(Get-Command Test-LegacyAppVPackage).Definition
Which returns something like this:
Test-LegacyAppvPackage [-Source] <String[]> [-Verbose] [-Debug] [-ErrorAction <ActionPreference>] [-WarningAction <Acti
onPreference>] [-ErrorVariable <String>] [-WarningVariable <String>] [-OutVariable <String>] [-OutBuffer <Int32>]
Much better...
App-V 5.0: Where did my logs go?
If you are looking for a log file for the App-V 5.0 beta you have probably gone through the Admin Guide to no avail. Thankfully they are using event logging now. For some reason this is listed under the sequencer section of the Admin Guide but not the client.
App-V 5.0: Add publishing server.
Simple PS script to add a publishing server.
Import-Module AppVClient Add-AppvPublishingServer -Name <name> -Url http://<hostname>:<port>
MUCH better so far microsoft, MUCH better. Now it just needs to be reliable (something you can't really judge with a beta).
App-V 5.0 Beta, out now.
In case you haven't seen it the 5.0 beta is live.
Update on 2012-04-05 17:57 by Paul Fulbright
An interesting change...does this mean since they plan to EOL XP soon they are officially dropping support for it in App-V? Wouldn't be surprising. Also like that "any OS" is now the default.
Update on 2012-04-05 18:06 by Paul Fulbright
And quite possibly the nicest addition to the sequencer so far...
Killing A Process Safely...
Anyone who has ever done any real scripting in Windows knows there are about a million different ways to kill a process.
However, be it VBScript or PowerShell there is only really one "safe" way (not including heavily complicated .Net calls in PS):
taskkill /t /pid <pid>
A couple of quick details. /t tell it to "treekill", or in other words kill all child processes as well (which is pretty crucial when killing virtual apps as their child processes hold the virtual environment open).
/pid is pretty self explanatory, you can find a processes PID pretty easily:
$proc = Get-Process -ProcessName WINWORD$proc.ID
$proc.ID should contain the PID for the WINWORD process, in my case it was 344, so the resultant safe-kill command (which WILL prompt the user to save any unsaved documents) would be:
taskkill /t /pid 344
Programattically you can then have the script wait, check to see if the process still exists (after, say, 30-60 seconds for the user to save their files if they so choose), and then proceed from their, either moving on to whever task was at hand if it is stopped, or force killing the process if it is still running.
App-V Error: 00000002
Quicky post on a common App-V error code.
If you've gotten to the point where you can view the sftlog (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt) and see this entry then most likely the problem is with the CODEBASE line, specifically the HREF element. Make sure it is set tot he right protocol (FILE, RTSP, RTSPS, HTTP or HTTPS), the right server (either %SFT_SOFTGRIDSERVER% or the hardcoded servername) and the correct port (80, 322, 554 etc.).
App-V: VLC 2.0
Disabling update notifications appears to be held in the file located at:
C:\Users\h_fulbripd.US\AppData\Roaming\vlc\vlcrc
Thats a file not a folder. Simple way to capture config for this app is one of two options, either run the install/app and configure it then capture this folder and copy it to the sequencer when you sequence the app, or simple launch VLC after it installs (while still in the monitor phase) and configure it. Depending on your exclusions you may have to adjust them for the sequencer to pick this folder up, but that depends entirely on what changes you have made (it should pick it up fine by default in 4.6 SP1).
Update on 2012-03-09 19:23 by Paul Fulbright
Note: This version launches MUCH faster in App-V than 1.x did.
App-V: PrimalScript 2011
Pretty straightforward on this one. But a couple steps you need to take beforehand. First, download the following:
Install both of these on your clean Sequencer, when it comes time to install PrimalScript (you should already know how to get to this point) set the install directory to the folder on your Q: drive, choose Complete and uncheck the two VC++ 2k8 options. The rest of the install should go pretty smooth.
The only oddness I saw with the sequence (after the basic cleanup) was the first launch it PowerShell.exe hung (I may have been impatient) and I had to enter the serial # twice, which may have been residual issues from the first launch. Haven't been able to reproduce it yet.
Update on 2012-04-24 20:35 by Paul Fulbright
First update: The oddness WAS caused by my impatience with it's initial load. :sheepish:
Second: This same thing applies to the new 2012 batch of all these apps, just install the redists first, select custom blah blah blah.
PowerShell: Run via SCCM with Administrative rights.
If you have tried to run a PowerShell script before with SCCM you might have found it odd and not exactly intuitive. Here are a couple tips.
The most frustrating part of this problem is simply...not being able to tell what is wrong. The error message comes and goes before you have a chance of seeing it.
It isn't neccessary to do this (as I've already done it), but to solve the problem I modified my SCCM command line as follows:
%COMSPEC% /K powershell.exe -noprofile -file script.ps1 -executionpolicy Bypass
When running this the first thing you will notice is an error from cmd.exe saying UNC paths are not supported, reverting back to the windows directory. Well now your script wont launch because there is no correct working directory (which WOULD have been the network share on your distribution point). To get around THIS you have to set the following:
Key: HKLM\Software\Wow6432Node\Microsoft\Command Processor
Value: DisableUNCCheck
Data (DWORD): 1
Now if you run your program again you will see it says the execution of scripts on the local machine has been disabled. Luckily you have a hand dandy command prompt (thanks to the /K switch) so you can type powershell -command "Get-ExecutionPolicy -list".
You will see that everything is Undefined. If you go open up a regular command prompt and type the same thing, you should see whatever your actual settings are (in my case it was Bypass set to the LocalMachine scope and everything else undefined, this was set to Bypass for TESTING reasons).
A whoami in the SCCM kicked command prompt shows nt authority\system as you would expect.
So the problem appears to be that when run as the system account -executionpolicy is ignored and it doesn't appear to be getting/setting it's execution policy in the same place everything else is.
For instance, right now on the same machine I have two windows open, one powershell run as administrator (via a domain account in the local admins group), the other via the command prompt SCCM launches. Here are the Get-ExecutionPolicy -list results from each:
Local Admin:
SCCM
Same machine, two different settings. First attempt was to use:
powershell.exe -noprofile -command "Set-ExecutionPolicy Bypass LocalMachine" -File script.ps1
This failed and ultimately it appears that powershell will either run -command or -file, but not both.
So the solution to running PowerShell scripts as admin via SCCM is to do the following:
Create an SCCM Program with the following command line:
powershell.exe -noprofile -command "Set-ExecutionPolicy Bypass LocalMachine"
Then one with the following:
powershell.exe -noprofile -file script.ps1
And finally a cleanup program:
powershell.exe -noprofile -command "Set-ExecutionPolicy RemoteSigned LocalMachine"
Obviously RemoteSigned should be whatever your organization has decided as the standard Execution Policy level, the default I believe is Restricted, most will probably use RemoteSigned, security (over)conscious will probably use AllSigned.
Is this ideal? No. Of course not. It paying attention to the -ExecutionPolicy switch would be ideal.
But it works.
And on a bit of a side tangent, I think it is a pretty "microsoft" view of security to put this rather convoluted security system in place, and then still have VBScripts executable right out the gate on Windows 7 box. And batch files.
What is the point of all this obnoxious security when, at the end of the day...they can just use VBScript. Had they made you toggle a setting somewhere to enable VBScript and Batch files, had they not made 5 scopes of security policy for powershell, had they basically not admitted that they don't know how to do a secure scripting language (your security should probably come from the user rights, and not purely the execution engine, though, that's a finer point you could argue several ways), I'd probably be a lot more sympathetic.
Had SCCM not been such a myopic monolithic dinosaur, this wouldn't be a problem. These are all symptoms of what will eventually kill them. Legacy. 64-bit filesystem redirection, the registry as a whole, more specifically Wow6432Node, Program Files (x86), needing to use PowerShell, VBScript or Batch files to do a simple file transfer/shortcut placement.
This is System Center Configuration Manager. It can use bits to copy a multi-gigabyte install "safely" to a client machine...but only if it's then going to run an installer.
It can't copy a file and place a shortcut, or add a key to the registry, it only manages the configuration in the most outmoded and obsolete ways possible.
/rant
Update on 2012-03-08 23:05 by Paul Fulbright
Few quick notes. You see how MachinePolicy is set? That WILL override your SCCM packages, that means GPO is controlling the ExecutionPolicy, so while your command will take effect, it will be overruled.
Second note is the reason the two are different is because the SCCM version is using the x86 settings, not x64. Which, while it explains the difference, does not explain why running it with -ExecutionPolicy Bypass is ignored, nor why running a script as a user in SCCM works fine, but as an admin, it does not. End result being, you still need the workaround.
App-V: Error Code 0000C800 (Update)
I have a previous post about this particular error here, but a recent App-V Blog entry reminded me to post the other (though not nearly AS common if your DBA's aren't asleep) solution.
Catch that over here.
Cause
This can occur if TCP/IP is disabled in SQL Server Configuration Manager under SQL Server Network Configuration on the App-V Database SQL Server.
Resolution
On the SQL Server where the App-V Database resides, launch SQL Server Configuration Manager, navigate and expand the SQL Server Network Configuration node and enable the TCP/IP protocol on the SQL instance that hosts the App-V Database.
Also, sorry for the lack of updates lately, been working on some other non-App-V, non-XenServer (though still mostly Xen) stuff.
App-V: Feature Request.
I hope in the future they restrict checking for new updates to ONLY happen when a component of an application isn't already open.
I understand how it might seem like a good idea to have it check everytime, but when it is not capable of ignoring dependencies for something already running it makes it a really bad idea.
That you EVER see an error saying two applications in the same package cannot be opened with diffierent configurations is all proof you should need of that. It means more manual management and third party solutions to update certain types of apps (namely anything with more than one app).
Now if only they made it easy to get feedback to their engineers without opening paid-support tickets...
App-V: Clearing the cache...the hard way.
Ever cleared an application only to find it didn't delete everything? Clearing something from ProgramData is no big deal as this can be done fairly easily by anything running as the system account (SCCM for example). Clearing a users profile is another story.
If you have used a command prompt much at all then 'rmdir' is nothing new to you. What you may not realize is that rmdir isn't an executable, it's a command. So in this case calling "rmdir" in an SCCM package will net an unusable package. The workaround is thus:
%COMSPEC% /c rmdir /q /s "%USERPROFILE%\AppData\Local\SoftGrid Client\<FolderName>"
Put this in SCCM, set it to run as user, and it should clear the folder just fine.
In this case, to clear an app I used something along the same lines as what I use to clear office.
sftmime.exe CLEAR APP:"<AppName>" /LOG "C:\InstallLogs\Clear.log"Run %COMSPEC% package.sftmime.exe DELETE PACKAGE:"{<PackageName}" /LOG "C:\InstallLogs\Delete.log"sftmime.exe REFRESH SERVER:<ServerName> /LOG "C:\InstallLogs\Refresh.log"
Set the programs each to Start In: C:\Program Files (x86)\Microsoft Application Virtualization Client
Clear app can be done as admin or user, user gives the best chance of it clearing the folder you are trying to delete, but if the user doesn't have clear permissions this will fail (default permissions should be to allow a Clear if I recall).
Deleting the package is again a case of rights, most likely you will want to run this as admin so it deletes it globally and you are assured permissions to do so.
Refresh should be run as the user so the USER contacts the publishing server to retrieve their software.
In this case the reason for the refresh is because an application was updated and the update pulled down the new OSD but failed to pull down the updated SFT, which left it in a non-functional state. I still want the user to have the application and not need them to log off so I clear it, delete the folder, delete the app, then refresh the publishing server so they get their app back seamlessly.
Thanks to Justin for the tweak to make this work with SCCM.
App-V: Firefox 8
Was about to put up a whole guide on FF8 when I saw Aaron Parker put a guide up of his own. No point in re-inventing the wheel so I'll just point over in that direction.
Hasn't really changed much since the FF5 stuff I posted on the official forum and what was already out at the time, so it's largely mroe of the same.
One thing I did want to mention though which applies in general to more than just Firefox is how to handle swapping out applications like this.
For a few reasons I wont get into I decided to sequence this as a new app and not an upgrade to version 5. This causes an interesting issue. How do I remove version 5? If I just strip the permissions and delete it then anyone who tried to launch it between now and their next reboot will effectively not have Firefox.
What you want to do is slowly get rid of it. The best way I have found is to add Firefox 8 to the AVS, then goto the Firefox 5 Application Group and disable the shortcuts.
What this will do is LEAVE Firefox 5 working and intact for everyone who has it, but when they next reboot or log off/on the shortcuts will go away and the shortcut for 8 (which appears to have moved to the root of Programs btw) will come down.
After a span of time that seems to provide a reasonable likelihood that everyone who uses 5 has rebooted or relogged (3 months, 6 months, depends on the size and type of your company, if it's small enough maybe a month, if you force a reboot via something like SCCM, you can control it, but I'm trying to do this as "in the background" as possible) you can remove Firefox 5 from AVS all together.
App-V: Completely Redesigned Server Coming In 2012?
Little birdie mentioned that there will supposedly be a completely re-written App-V Server coming maybe around Summer 2012.
Can't really say who or what, and I may have missed the memo that made this obvious, but here's hoping for a PROPER server, with actual admin features.
App-V: Office 2010 w/Lync Step By Step.
This isn't the most rudimentary of guides, as you will need to have some idea what things mean (like that set LOCAL_INTERACTION_ALLOWED means to change it to true in the OSD tab for every application).
But this is about as streamlined as I can get it, without making any un-needed changes to the sequence.
The Prime Rule of Software Deployment.
There is but one rule that you need to remember if your job is deploying software. It is law, it is god, and you had best obey it if you want to simply your life.
There is no such thing as 100%.
You can apply it however you want, but it should be the first thing on your mind.
There is no such thing as a package/sequence that will run on every machine.
There is no such thing as a solution that will work 100% of the time.
There is no such thing as 100% reliability.
All good things to strive for, don't get me wrong. The point is not to rely on anything to be the "critical point". The one thing that makes everything else work. Reliability comes from simplicity. The more moving parts, the more likely it will be to fail, the more oddities will crop up, the more downtime you will have, the more work you will have to do.
It's easy to shoot for everything and the kitchen sink to provide awesome features to the client, or come up with an elaborate solution to a problem.
But bear this in mind. Duct tape is synonymous with fixing things for a reason. It's simple, it does a job, and very little can go wrong with it.
Find ways to make elegant and simple solutions work for complex problems and your life (and paycheck) will improve as a result.
Just some free advice inspired by a few recent questions.
App-V: Clear cache on Citrix.
Ran into a problem where I could NOT get app-v to clear the cache properly on a citrix server.
Set: HKLM\Software\Wow6432Node\Microsoft\SoftGrid\4.5\AppFS\State = 0
Delete all the OSD's in: C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\OSD Cache
Stop the Application Virtualization Client Agent service (this is a dependant service to say Yes when it asks to shut down the parent service). Note that if you have the client console open at the time (or any apps) you will get a connection error, this is harmless, it's just telling you that, well, you stopped the service and it cannot connect.
Open the client console, refresh the publishing server. Problem should be solved.
A pretty common indicator that an application is stuck in the cache is Error #: 00001004
If you see that error, you probably have some OSD's hung up in the cache. If this STILL doesn't resolve it, make sure that in the user profile(s, if you aren't doing mandatory profiles) the OSD caches are cleared as well. That SHOULDN'T be an issue, it's usually the machine cache that fails to be cleaned up properly.
Citrix: ICA Client 12 on Ubuntu.
Installing it is easy enough, the only hiccup I had was with certificate errors.
cp /usr/share/ca-certificates/mozilla/* /usr/lib/ICAClient/keystore/cacerts
Simple resolution.