On an App-V 4.5 client that is running a sequenced (virtualized) version of Microsoft Visio 2003, when attempting to open a Visio document from a SharePoint site by clicking the drop-down and selecting "Edit in Microsoft Office Visio" it may fail with the following error:
The document could not be opened for editing. A Windows SharePoint Services compatible application could not be found to edit the document.
To resolve this issue complete the following steps:
1. On the local computer, install Windows SharePoint Services Support from the Office installation media. It is listed under Office Tools. In my testing, both the version from Office 2007 media and Office 2003 media worked.
2. Add the following registry keys to the local machine:
[HKEY_CLASSES_ROOT\.vsd]
@="Visio.Drawing.11"
"Content Type"="application/vnd.visio"
"SoftGridSource"="{9C0394B8-E606-49C1-BF51-3DB13E127A77}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Paths\visio.exe]
@="\"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sfttray.exe\"
/launch \"Microsoft Visio 2003 1.0""
"UseUrl"="1"
"SaveUrl"="1"
Note that in this example "Microsoft Visio 2003 1.0" is the name of the package used in this example. You will need to use the name of the package in each specific case.
[HKEY_CLASSES_ROOT\Visio.Drawing]
@="VISIO Drawing"
[HKEY_CLASSES_ROOT\Visio.Drawing\CLSID]
@="{00021A14-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Visio.Drawing\CurVer]
@="Visio.Drawing.11"
Alternatively, you could add a short-cut to IE into the Visio package and launch the SharePoint site from IE that has been launched within the virtual environment.
Michelle Foley | Support Escalation Engineer
At Microsoft we are continually receiving feedback from customers and improving our products, and as part of this process we review open issues and supply hotfixes as appropriate. In line with this approach, we just published a new Microsoft Application Virtualization KB article which addresses the following issue:
When you run the German version of Microsoft Application Virtualization 4.5, you cannot add or change attributes in the Open Software Descriptor (OSD) tab.
For more information and to download the hotfix see the link below:
KB969564 - Hotfix Package 1 for Microsoft Application Virtualization 4.5 Cumulative Update 1: March 2009
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
If you’ve been using App-V and it’s cool Dynamic Suite Composition (DSC) feature for a while then I’m sure you’re already aware of the power and flexibility this provides by allowing you to combine multiple virtualized applications into a single virtual package by creating dependencies between the applications themselves. For example, using the DSC Tool you can specify that Package A requires Package B, and if Package A is launched it will automatically launch Package B within the same environment. But what if I have a situation where Package A requires the dependency to Package B, but you also want to create a dependency where Package B also requires Package A to run? This is what we call a circular dependency, and if you try something like this within the Dynamic Suite Composition Tool you’ll get an error that looks something like this:
So why is this a problem? It’s a problem because dependencies aren’t transitive (at least, not in the current release), and while a circular dependency will seem to work there are more subtle problems with this.
When package A depends on package B, a virtual environment (VE) is created at runtime that contains all the virtual resources from A and B’s packages, and changes to the VE are associated with A’s package when they are saved. When B depends on A, a second VE is created that also contains all the resources from A and B’s packages, but changes to the VE are associated with B’s package.
So you end up with two separate VEs. That’s the first problem. If you launch apps from A, they end up in a different VE from B’s apps and they may not interact they way you expect them to.
Each of the VEs has the resources from A and B loaded in a different order. That’s the second problem. Some resource in A and B may overlap, and the conflict will be resolved differently depending on which VE you’re running in, so you can get weird and inconsistent app behavior.
The VE state is persisted under the primary package. So apps running in the VE where A depends on B have their state saved separately from apps running in the VE where B depends on A. This is the third problem.
These problems are exacerbated when you consider that a user directly launching a package B app will get the app running in B’s VE, but if the same app is launched from within a running instance of a package A app, it will run in A’s VE… separate from other B apps, with a different ordering of resource layers, and with state persisted to a different place.
For simple apps, this may seem to work fine, but it can quickly become a big mess. What we suggest is that when you have two apps that always need to be together, you choose one to be the primary package and create OSD files for the apps from the other package in that primary package so that all apps are always launched the same way (in the same VE, with the same resource layering, and with changes persisted to the same place).
So if you decide to make A depend on B, you sequence B first, but use the sequencing wizard to remove any shortcuts or file types it creates. Then you sequence A, and add any shortcuts or file types for B that you want users to see. You’ll end up with a bunch of OSD files for A and none for B. At runtime, users will always launch apps with shortcuts/file types from package A, so they’ll always get the same VE, same resource layering, etc.
Hope this helps,
Eric Jewart | Senior App-V Development Lead
As you know, at Microsoft we are continually receiving feedback from customers and improving our products. Part of this process is to review open issues and supply hotfixes as appropriate. In line with this approach we release hotfixes on a regular basis. These fixes later get rolled up into a Cumulative Update release (CU1 for example) or a Service Pack (SP), and then ultimately are included in the next major or minor version of the product.
Today, we have published a new Microsoft Application Virtualization KB article which describes a hotfix package that contains the latest post CU1 hotfixes for Microsoft Application Virtualization 4.5. The article title and link is below:
KB969774 - Hotfix Package 2 for Microsoft Application Virtualization 4.5 Cumulative Update 1: May 2009
Note, that this is not a required update but if you are seeing these behaviors in your environment it may be appropriate for you to test and apply this update.
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
The IgnoredApps key is used to mark an inconsistency between a locally-cached .OSD file which is either corrupt or not accessible for various reasons and its original location. There could be many reasons for this, including but not limited to:
- Malformed XML
- File corruption
- Access Permissions erroneously placed on the cache
Location
The Key is located in the registry here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Softgrid\4.5\Client\IgnoredApps
The value is a String Data type that correlates to the UNC or URL path to the OSD file from the Content Path, and will be the time stamp of the OSD file in the cache.
Examples of the various reasons for an application to appear here would be:
- Unable to access or load OSD file from cache and cannot replace it with streamed or published copy due to access issues.
- Unable to access or load AppFS storage from cache and cannot replace it with streamed or published copy due to access issues.
- Unable to access or load icons from cache and cannot replace it with streamed or published copy due to access issues.
A common error message you may see that can result from this is:
The Application Virtualization Client could not launch the application you requested.
The specified application does not exist. Check the name you specified, and then try again.
Error Code: xxxxxx-xxxxxx04-00000A09
Why is this Key Here?
The Application Virtualization client keeps a list of OSD files that have been rejected in this key. The primary intent is to help optimize DC refresh (Publishing Refresh) by avoiding downloads of OSD files that cannot be used to create an application for the current user/machine, and have not changed since the last time they were downloaded (and hence, would still not be usable). When the OSD is downloaded on an attempt to create/add a new application, if the OSD is rejected for a reason that is not transient (unsupported OS, XML is invalid, etc.), an entry for it will be added to IgnoredApps. On every OSD download for a file that is not already cached, the list in the registry will be checked, and if an entry for the OSD path is found, the timestamps will be compared. If the timestamp is different, the IgnoredApps entry will be removed, the OSD file will be downloaded, and the parsing will continue (which may fail again, leading to a new entry on IgnoredApps). If the timestamp is the same, the OSD file will not be downloaded, and the attempt to create the application will fail.
The list is applied dynamically (checks are made in the registry each time they are applicable). The list is applied to any non-cached OSD path (local or remote).
You can manually add, remove, or modify entries, to prevent a download or force a download.
Removing these entries:
Even if the underlying issue has been corrected, you will still need to remove the entry(s) under this key manually. Once you corrected the underlying issues, remove the entries under the keys. You will need to restart the Application Virtualization Client service upon doing so.
Steve Thomas | Senior Support Escalation Engineer
Here’s an FYI on a cool webcast we’re hosting next week on how Microsoft is architecting their App-V infrastructure. This one is presented by Michael Gallegos who served as the internal technical lead for Application Virtualization with Microsoft since he joined the company in 2006. Prior to coming to Microsoft, Michael spent 11 years as a technical architect at the business consulting and outsourcing firm Accenture, where he was responsible for the design, implementation, and operations of software deployment and patch management services.
The overview and event details are below:
- Language(s): English.
- Product(s): Microsoft System Center Configuration Manager 2007.
- Audience(s): IT Professional.
- Duration: 60 Minutes
- Start Date: Tuesday, June 02, 2009 9:30 AM Pacific Time (US & Canada)
Event Overview
Microsoft is evaluating Microsoft Application Virtualization 4.5 (App-V) as a method to lower application management life-cycle costs. Attend this webcast to learn how App-V 4.5, in conjunction with Microsoft System Center Configuration Manager 2007 R2, provides an infrastructure for deploying virtualized rich client applications within an enterprise environment. When planned carefully, the same tools can be used to deploy a virtualized application that would normally deploy a desktop application.
For more information and to register online visit How Microsoft Is Architecting the Virtual Application Infrastructure (Level 300)
J.C. Hornbeck | Manageability Knowledge Engineer
Pictured from left to right: Michael Bilodeau, Sandy Gotlib, Scott Stearns, Lidiane Souza, Nidhi Doshi; Matthijs Gates
Several members of the App-V engineering team have made the trip West to Los Angeles for this week’s TechED 2009 North America. We are all really excited to get the chance to spend the week talking about our product with customers.
On tap for the week, we have five sessions of note. Here is the full list of sessions with time and room information:
· WCL320 “Microsoft Desktop Optimization Pack: Planning the Deployment of Microsoft Application Virtualization 4.5” – Tuesday at 10.15am – 11.30am in Room 151
· VIR304 “Microsoft Desktop Optimization Pack: Effective Management of Microsoft Application Virtualization 4.5 Clients” – Wednesday 8.30am – 9.45am in Room 411
· WCL310 “Microsoft Desktop Optimization Pack: Microsoft Application Virtualization 4.5 Sequencing Deep Dive”- Thursday 8.30am – 9.45am in Room 515a
· WCL03-INT “MDOP: Microsoft Application Virtualization Discussion” – Thursday 10.15am – 11.30am in Orange Theater 2
· VIR310 “Microsoft Desktop Optimization Pack: Microsoft Application Virtualization 4.5 Deployment Security Best Practices” – Thursday 4.30pm – 5.45pm in Room 515a
If you have a chance, please catch one of the App-V talks or stop by and chat with us at the MDOP booth in the TLC.
Scott Stearns | Test Manager for the Microsoft Application Virtualization Team
Just an FYI that we’re hosting a webcast on May 26th to discuss how Microsoft uses App-V 4.5 and ConfigMgr 2007 to deploy and manage applications, so if this is something that’s in your future (or your present) then mark your calendars now. The details and a registration link are below:
========
At Microsoft, application provisioning and management is largely a decentralized process. Users rely on time-consuming self-service tasks to obtain and install software. In this webcast learn how Microsoft Application Virtualization 4.5 (App-V) and System Center Configuration Manager 2007 R2 (Configuration Manager 2007) are helping to address these issues. Users have experienced significantly reduced application compatibility issues when running a number of virtualized applications. In addition, App-V and Configuration Manager 2007 are helping to address inefficiencies related to desktop application packaging, deployment, and security.
Language(s): English.
Product(s): Microsoft App-V.
Audience(s): IT Professional.
Duration: 60 Minutes
Start Date: Tuesday, May 26, 2009 11:00 AM Pacific Time (US & Canada)
Presenter: Michael Gallegos, Microsoft IT Program Manager II, Microsoft Corporation
========
For more details and to register online see TechNet Webcast: How Microsoft IT Deploys Application Virtualization (Level 300).
J.C. Hornbeck | Manageability Knowledge Engineer
We’ve had a few support calls on this so I wanted to send out a friendly reminder on how to obtain Cumulative Update 1 (CU1) for Microsoft Application Virtualization 4.5
Cumulative Update 1 for App-V 4.5 is now available and can be obtained via the Microsoft Volume License Services site at https://licensing.microsoft.com.
Note: MDOP and CU1 are also available via MSDN subscriptions for non-production use. See How to download the MDOP 2009 / App-V 4.5 CU1 from MSDN for details.
You will need to log in to get the update and there are instructions on the MVLS site regarding who to contact if you are unable to do so.
The new bits for each of the following items are available as part of the April 2009 MDOP subscription:
- Desktop Client
- Sequencer
- Streaming Server
- Management Server
Note: The updated Terminal Services Client is also available on the MSDN site as well.
Reference: KB963693 - Cumulative Update 1 for Microsoft Application Virtualization 4.5
Michelle Foley | Senior Support Escalation Engineer
We had a new Microsoft Application Virtualization KB article published last week. This one is about an issue you might run into if you try to change the icon of a virtualized app when publishing it as a Terminal Server RemoteApp:
KB970831 - Unable to change the icon for virtualized Terminal Services RemoteApp program
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
I had a support call on this the other day and realized that there really isn’t a good blog post on it so I decided I might as well go ahead and correct that situation now. You may run into an issue where the console just randomly crashes, or it crashes and generates either a 0000C800 or 0000C81D error code. There are a couple different causes and workarounds for something like this but the first thing to check for is asymmetrical package icons and either remove them or modify them to be symmetrical. For more details on this issue and how to correct it see:
KB942687 - When you use the SoftGrid Management Console, it may crash
You can find a free Icon editor online to modify the icons to be symmetrical. One that I have used is “Icon Snatcher” but I’m sure there are others that work just as well:
Icon Snatcher 3.6.1
Another scenario where you might see random console crashes is when the machine has more the 2 gigabytes of physical memory and more than ~1000 icons exist for all the packages loaded on the App-V Management Console. If this is your issue then you may also see an error like:
Event ID: 5000
Source: .NET Framework 2.0 Error
Description: The description for Event ID ( 5000 ) in Source ( .NET Runtime 2.0 Error Reporting ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event:
clr20r3, mmc.exe, 5.2.3790.2617, 43c70d1c, mscorlib, 2.0.0.0, 4333ab80, 4052, 27, pszqoadhx1u5zahbhohghldgiy4qixhx, NIL.
Keep in mind that if you don’t see this error that doesn’t necessarily mean you’re not running into the 2GB issue.
Note: This is really an issue with MMC.EXE, not SoftGrid/App-V specifically.
To resolve this issue, or to simply test whether this is the issue you’re running into, use one of the methods below:
1. Use MSCONFIG | Boot.ini Tab | Advanced Options | /MAXMEM=2048 (check this box and set memory to 2048) click OK, OK again and reboot the server.
2. Remove the physical memory from the box so it has a maximum of 2048 Meg of memory
3. Install the SoftGrid/App-V Management Console on another machine that only has 2048 Meg of Memory and manage the servers from this Management console.
4. If you are running App-V version 4.5 you can add the LoadConsoleIcons Dword and set it to 0 to the following hive:
HKLM\Software\Microsoft\SoftGrid\4.5\Management Console\LoadConsoleIcons=0
Once you determine that this is your issue then you simply have to decide which of the methods above you’ll want to employ as a more permanent solution.
Hope this helps,
John Behneman | App-V and SCVMM Support Engineer
Everywhere you look these days it’s all about blogs. Blogs here, blogs there, they’re all over the place. So have you ever wondered how many different blogs Microsoft hosts? Let me tell, you don’t want to know. Let’s just say it’s thousands and thousands. So with all these blog sites how do you ever find what you’re looking for? Well one way is via the Official Microsoft Team Blogs site itself. Yes, that’s right, another blog, but this blog is different in that it serves to track the official product related blogs all in one place. Currently it lists about 300 officially sanctioned, product and technology specific blogs so if you’re looking for something in particular you can probably find it here. The blog also plans a weekly compilation that you may be interested in but I don’t want to steal all of their thunder. For more information on what they have planned see the intro and link below:
-----
The directory below contains a listing of the official Microsoft Team Blogs and essential web feeds organized by category. There are currently 237 blogs listed in the directory below - last updated 17th March 2009. You can download OPML files here: Microsoft Team Blogs OPML Files
On BlogMS a summary will be published weekly (each Monday) and monthly providing you a single article with a listing of all the latest announcements. You can then browse through this article saving you valuable time and effort. When you identify articles of interest you will be able to click on the article link, and it will take you directly to the blog.
If you do specialize in certain products or technologies don't forget you can subscribe directly using RSS or bookmark your favorite sites. There are many more blogs published by Microsoft employees and communities which cannot all be listed here. A full directory of all Microsoft blogs can be found on the Microsoft Communities Website.
For further information about this site have a read of this page About BlogMS
To continue reading see Official Microsoft Team Blogs / Microsoft Blogs.
J.C. Hornbeck | Manageability Knowledge Engineer
I came across an interesting nugget of information about how GPOs are applied in a SoftGrid/App-V environment so I thought I’d pass it along here just in case any of you were curious how these things worked. The short version is that in 4.2 and earlier, policies were applied to the VReg and now in 4.5 they’re not, but here’s the full explanation from Matt Young, a senior SDE on the App-V team:
========
Each Group Policy Object (GPO) is manifested in the registry, in the form of keys/values, and they typically live under { HKCU || HKLM }\Software\Policies. These registry keys are pushed down from Active Directory upon user logon and in response to other events, as configured by the domain administrator.
For SoftGrid 4.2x and earlier, we would process the local policy files during launch and apply the keys/values to the virtual registry. Specifically, we used to apply group policy to the VReg as the last step in the launch sequence, after loading the read-only registry from section 9 of the sft file, deltas from cp file(s) and any keys defined in the <REGISTRY> tag the OSD file. We would apply GPO’s by parsing the .pol files and applying the keys/values to the VReg from the listener. This data was never cleaned out of the vreg (as it is in the native registry), and as policies change over time would result in a “union set” of the registry key manifestations of all GPO’s ever set. This caused issues for some, as policies when changed would update a portion of the VReg with a new value – in place. However other GPO’s will set a new value, sometime adjacent to the old value, causing indeterminate behavior depending on the specifics of the GPO.
When we looked at the various issues with our handling of GPO’s, we decided that GPO’s are not something that belong in the virtual registry at all. They belong in the native registry, where the existing mechanisms in Windows keep them secure and current. What was needed was not a series of “fixes” for how we duplicate these settings in the virtual registry, but to not have them present at all. If a virtualized application reads GPO values from the registry (either intentionally or as a result of some other action), the virtual registry should not ever provide an alternate view of these keys and values from that which is persisted in the native/real registry. Any deviation would be an instance of App-V altering policy settings defined by the Domain Admins.
In 4.5, we no longer process the local .pol files and apply them to the virtual registry. Furthermore, as the last step of the launch sequence, we forcibly obliterate any keys or values under the policy roots. This handles the case where a pre-4.5 package is loaded on a 4.5 client. Note: we do not delete them, as a deleted key or value “exists” in the VReg as deleted value. This has the side effect of not being able to intentionally set GPO values / keys in a package, however this was the goal.
========
So long story short, a policy should apply to a virtualized app the same way it does if the app were actually installed locally.
Hope this helps,
J.C. Hornbeck | Manageability Knowledge Engineer
If you have ever tried to setup an App-V Remote Management Console or upgraded your existing 4.1 SoftGrid environment to App-V 4.5 just to have the Remote Management Console stop working this post is for you. Lately we have received a number support calls regarding this issue and discovered that we don’t have any App-V specific documentation on how to set this up, this post will address this issue in detail.
Consider the configuration above, all Servers are Windows 2003 SP2 servers A represents a SQL 2005 Failover Cluster hosting the AppVirt Database, B is 2 IIS 6 servers with the App Virt Management (Web) Service component installed and load balanced with NLB C is 2 servers with the App Virt Management Server and Console installed also load balanced with NLB. D is essentially any XP, Vista or Win2kX with the App Virt Management Console component installed on it. For the App-V 4.5 Remote Console to work in the configuration mentioned above you must configure or verify that the following is true:
1. Both the B IIS 6 servers must have their machine accounts delegated in Active Directory
2. The cluster server virtual name A and the 2 B IIS 6 servers must have the appropriate Service Principal Names (SPNs) defined in Active Directory
The App-V IIS (B) Servers must have the following SPNs assigned to either it’s machine account or to the Domain Service account if the Application Virtualization Management Service is running under a context other than the Network Service account (Default Settting for 4.5)
SoftGrid/<ServerNetBiosName>
SoftGrid/<ServerFQDN_Name>
The SQL 2005 (A) servers must have the follow SPNs assigned to them, since this is a Failover Cluster and the App-V IIS Management servers are configured to access the AppVirt Database via the ClusterName then there has to be a SPN for the SQL Servers ClusterName if it is a standalone SQL server then replace the ClusterName with the name of the standalone server.
MSSQLSvc/<FQDN ClusterName>:1433
MSSQLSvc/<NetBios ClusterName>:1433
Please Note: If you use SETSPN.exe to set SQL server SPNs you need to use the latest version. I have run into an issue using an older version that would not allow you to add the :1433 suffix to the SPN it would fail with a Syntax message if this happens to you please download the Win2k3 SP2 version of the tool.
Updates to the Windows Server 2003 Support Tools are included in Windows Server 2003 Service Pack 2 http://support.microsoft.com/kb/926027
3. If a service account is used for the Application Virtualization Management Service then this account must be trusted for delegation, insure that the “Account is sensitive and cannot be delegated” is not checked, FYI - this could be set in a Group Policy.
If you are still running a Windows 2000 AD you may need to set “Account is trusted for delegation” on the Service Accounts used on the A SQL Cluster and B servers.
How to Verify and Set the proper SPNs
There are 2 tools that you can use to create, delete and list SPNs, the easiest one to use in my opinion is SetSPN.exe, Ldifde is good for locating or documenting SPNs in AD:
1. Setspn.exe – Support Tool
2. Adsiedit.msc – Support Tool
3. Ldifde – built-in tool (Windows 2003)
The simplest way to create, delete and list SPNs is to use SetSPN.exe
First find out what context your Application Virtualization Management Server and SQL Server (MSSQLSERVER) Services are running under, by default the Application Virtualization Server Service runs under the Network Service account which translates into the Servers Machine account. If it is a Domain Service account then you would run the SetSpn.exe against the Domain Service account. SPNs are by default registered when an application is installed, therefore if you leave these services set to their default context you should not have to worry about if the SPNs are register correctly. But you should still verify that they are there if you are having authentication issues with your Remote App-V management console.
To find the SPNs registered for the Machine Account run the following command:
setspn –L MachineName
To find the SPNs registered for the Service Account run the following command:
setspn –L Domain\ServiceAccountName
Here is an example of the output you should see, notice the SoftGrid SPNs:
You will also notice that there are no SPNs for my SQL server service, SQL 2005 is installed on this box and apparently did not register it’s SPNs for this service. Well, hold on, I just discovered that my SQL server Service is running under the Domain Administrator account:
Let’s see if it is registered under this account:
Well what do you know there it is! Lets go ahead and add the netbios name SPN registration just for good measure.
Lets pipe our list to find searching for “MSSQLSvc” and see what SPNs we have now.
We now have a SQL SPN for both the FQDN and NetBios name. Just for grins and so you can see how to delete a SPN if you need to, let’s delete the one we just created.
Now lets list them out again we should see that the MSSQLSvc/45RTM-DC:1433 is now gone:
Looks like it did. So in review here are the three commands you need to List (-L), Create (-A) and Delete (-D) SPNs:
To List:
Setspn –L <AD Machine or Domain Account>
Remember SPNs are registered with an AD object either a Machine account or User Account.
To Register:
Setspn –A MSSQLSvc/<ServerFQDN or NetBios Name>:1433 <domain\AccountName>
Remember to run this command twice to register both the FQDN and NetBios names of the Machine. If you are registering a SQL SPN remember to add the port Suffix if you are running SQL on a port other than 1433 (default) make sure you change it here to reflect the correct port. Adding a port suffix is not required for the SoftGrid service, this port suffix seems to be unique to the SQL service.
To Delete:
Setspn –D MSSQLSvc/<ServerFQDN or NetBios Name>:1433 <domain\AccountName>
Here is a couple of screenshots of using Adsiedit.msc to access and modify SPNs, all you do is start the MMC and find the Active Directory Object that you need to modify…
Right click on it and select Properties; you will be presented with the screen below:
Scroll down until you find the servicePrincipalName attribute highlight it and click edit and make whatever changes you need.
Adsiedit.msc provides a better perspective regarding the association between the SPNs and the Machine or Service account it is registered to. Once you understand this association I think setspn is the fastest way to register a SPN but use whatever tool you feel most comfortable with. Both tools get the job done.
Using a lidfde utility to find SPNs
You can run the following command line to output all the SPNs registered for a specific type of SPN, in the following example we are searching for ALL SQL SPNs in the directory not just the ones associated with a given Active Directory Object. You can obviously change the servicePrincipalName value to whatever SPN value you wish to find.
ldifde -f check_spn.txt -t 3268 -d "" -l servicePrincipalName -r "(servicePrincipalName=MSSQLSvc/*)" -p subtree
This script comes in handy when you need to clean up old SPNs that are no longer needed. If you recall I mentioned previously that when you install an application it will automatically register the SPNs it needs for the default service account its service uses, if you then change the service account to use a domain account you should createdthe SPNs for this new account and delete them from the old account. In large Active Directory infrastructures having spurious SPNs registered in AD can cause problems for applications that reference SPNs to find services and resources. The best policy is to find and delete any spurious SPNs lingering in your Active Directory Infrastructure.
Conclusion of Part 1
Now that you have your App-V infrastructure configured properly to support App-V 4.5 Remote Console functionality you should be able to access your App-V Management Servers remotely. If this is not the case and you are receiving errors we will be covering the troubleshooting and known issues in subsequent posts in this series. One of the first things I would try is using a different account that has proper access rights, IIS 6 has a 16k Kerberos token size limit by default and if you are using an account that is a member of a lot of AD groups you may be exceeding this limit. I will get into more on this in my next post…
Here is a hint on a workaround:
955585 CLM: HTTP Bad Request (Request header too long)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;955585
Many thanks to Michelle Foley, Justin Zarb, Steve Thomas, Sam Allen, Frank Szita, Raj Yarlagadda and others for the collaboration needed to create this blog posting.
References:
Setspn Overview
http://technet.microsoft.com/en-us/library/cc773257.aspx
The following is the contents of the C:\MSAppVirt_wd_client_setup_4.5.0.1485\AppVReadme.htm file relevant to SPNs and delegation the information is also found here:
http://technet.microsoft.com/en-us/library/cc817171.aspx :
To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed.
When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of packages, for Kerberos authentication to be enabled, the following SPNs must be registered, as follows:
On the IIS server, run the following commands using the SETSPN.EXE Resource Kit tool. The server Fully Qualified Domain Name (FQDN) must be used.
Setspn -r SOFTGRID/<Server FQDN>
Setspn -r HTTP/<Server FQDN>
326985 How to troubleshoot Kerberos-related issues in IIS
http://support.microsoft.com/default.aspx?scid=kb;EN-US;326985
319723 How to use Kerberos authentication in SQL Server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;319723
How to: Enable Kerberos Authentication on a SQL Server Failover Cluster
http://msdn.microsoft.com/en-us/library/ms189585(sql.90).aspx
How to use SPNs when you configure Web applications that are hosted on IIS 6.0
http://support.microsoft.com/kb/929650
Authentication delegation through Kerberos does not work in load-balanced architectures
http://support.microsoft.com/kb/325608
John Behneman | App-V and SCVMM Support Engineer
For Part 4 of this series I am going to use the same recording I made in Part 3 with TechSmith Camtasia Studio 6.1, but with some of the advanced features available for editing.
I’m not going to go in-depth with the features here. Techsmith has excellent tutorials already created on their Learning Center.
By editing my recording of the sequence from Part 3, I was able to take out over 3 minutes of unimportant material. In addition, I was able to add annotations to important points in the sequence. I actually did less annotation, or callouts, then I originally planned because I kept my audio narration. If you don’t like hearing your voice, you may choose to use more annotation.
My favorite feature of Camtasia is called SmartFocus. SmartFocus intelligently adds keyframes to your recording that will optimize the viewing for the resolution the video is published. This means you could record your sequence at 1024x768 and publish it for a Zune or other mobile device with great, viewable quality. SmartFocus is applied during editing, so it’s a decision you can make later. You can also manually add SmartFocus keyframes to the timeline. It is as easy as resizing and dragging a square.
Camtasia tries to make all the features as easy to use as possible, so the learning curve is very low.
Using Camtasia to document and edit your Sequencing offers you these advantages:
- SmartFocus
- Editing
- Audio Enhancements
- Annotation
- Preset publishing templates for blogs, CD,
iPod Zune, web, and more. - Output in multiple formats including Windows Media, Flash, and Quicktime.
In addition, if you output to Flash, you can create interactive hotspots that will let you actually create an interactive simulation that could be used to teach Sequencing.
You can take a look at the original video from part 3 here.
My edited, enhanced version can be viewed here.
Finally, take a look at SmartFocus showing off with this mobile-device ready version.
Steve Bucci | Senior Support Engineer
