Using the DeploymentConfig and the UserConfig XML files it is possible to modify the virtual registry. There are some points of attention when using this feature. Let’s take a look.

Enabling packaging scripts

When the App-V 5 client is installed the option “EnablePackageScripts” is disabled.

This means that scripts will not be executed when the package is published or launched.

It must be changed when we want to modify the registry through the config scripts.

This can be changed using the command: Set-AppvClientConfiguration -EnablePackageScripts $true

Modifying the DeploymentConfig or the UserConfig

When scripts are enabled we can modify the Config files. I use the UserConfig.xml file and Notepad++ (because it recognizes the XML syntax).

Remove the following lines to enable the registry part of the config file:

Result:

Now it is possible to modify the registry entries, for example:

Using Variables

The [{AppVCurrentUserSID}] is a variable that will be replaced by the username.

The following variables or tokens are available:

Example

Let use the variables or tokens in a scenario to test it’s functionality.

This script will write the ComputerName or Hostname to the virtual registry:

Save the file.

If the package is already published, first unpublish the file on the client using:

Unpublish-AppvClientPackage -name *

Then re-publish the file using:

Publish-AppvClientPackage -name *appname* -DynamicUserConfigurationPath UserConfig.xml

Now that the package is published using PowerShell, we can check in the virtual registry if the registry key exists.

First, get the GUID of the package using:

Get-AppvClientPackage –Name *app*

Use the PackageID to open the virtual registry using the command:

Regedit.exe /appvve:4a45f14e-34b0-4bf6-89b9-3781b1cab127_2f113a80-3308-48a1-af4c-ae99ebd4b8a1

This will result in the following registry entry in the virtual environment. The ComputerName or Hostname is used in the folder name.

After installing Microsoft SQL 2012, when opening information about a user in the Security section, I received the following error:

“Could not load file or assembly ‘Microsoft.SqlServer.Sqm, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91′ or one of its dependencies. The module was expected to contain an assembly manifest. (SqlMgmt)”

I tried moving files around as explained here but without success.

After I installed SP1 (SQLServer2012SP1-KB2674319-x64-ENU.exe) the error went away and I was able to see the information.

When deploying an App-V 5 package to a client using System Center Configuration Manager 2012 R2 (SCCM 2012 R2), it encountered that the package didn’t start to download and it just hangs on 0%.

Viewing the details of the error it shows error code 0x87D00607 (-2016410105)

Opening the C:\Windows\CCM\Logs\DataTransferService.log using Trace64 (or Trace32) or CmTrace it shows an error:

(CmTrace.exe can be found here: C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe)

Using this error I opened the Internet Information Service MMC on the SCCM server and navigated to Sites, Default Web Site, SMS_DP_SMSPKG$. Right click on the SMS_DP_SMSPKG$ site and choose Advanced Settings.

The path to the content was changed to F:\. After I changed it back to C:\ and ran an IISRESET it started to work correctly and there were no errors in the DataTransferService.log.

Microsoft has released App-V 5 SP2 hotfix 5 on the 13th of June, 6 weeks after the release of hotfix 4. Hotfix 4 contains a couple of new features that customers we’re waiting for for quite some time. Some people even called it App-V 5.1.

In this blog post I am going to take a closer look at hotfix 5 to find out if it has the same impact as it’s predecessor.

Upgrade procedure

This hotfix is cumulative and the procedure is straight forward. There is a reboot at the end.

Now that the client is upgraded, let’s take a look at the new features:

Connection groups cannot support both user-published and global-published packages

Virtual applications can be published to the user or globally. When a package is published globally, every user on that system can use the package. A Connection Group makes it possible for two or more application to interact with each other.

Before hotfix 5 it was not possible to let a user published package interact with a global published package. Since hotfix 5 this has changed and it is now possible to let these two publishing options interact with each other.

Create a connection group before HF 5	Create a connection group after HF 5
Adding a user published package to the system:	Adding a user published package to the system:
Adding a globally published package to the system:	Adding a globally published package to the system:
Creating a Connection Group XML file See this Past Bin file	Creating a Connection Group XML file See this Past Bin file
Adding the Connection Group XML file	Adding the Connection Group XML file
Error, failed to complete the requested operation:	Enabling the Connection Group XML file No errors.
Event log displays the following explanation: The globally published package is not published to the target (User) of the operation.
Conclusion, it is not possible to let a user published package interact with a global published package before App-V 5 SP2 Hotfix 5	Conclusion, it is possible to let a user published package interact with a global published package in App-V 5 SP2 Hotfix 5

At the moment the App-V Server do not support both user-published and global-published packages so PowerShell is required.

Enabling user-publishing in the Administrator context through Windows PowerShell

This new feature let’s you remotely publish packages to users on a system. Administrative credentials are required to remotely publish packages.

Here is an example how to remotely publish a package to a user.

In the user session, verify that the package isn’t published by running the command: Get-AppvClientPackage
In the user session, find the SID of the user by using, for example, whoami /user
I want to publish total commander for the user. In the session with administrative credentials, run the command: Publish-AppvClientPackage -Name *commander* -UserSID S-1-5-21-606230243-4064475508-401584655-1624
In the user session, verify that the package is published by running the command: Get-AppvClientPackage

The same steps can be used to unpublish a package using the command Unpublish-AppvClientPackage -Name *commander* -UserSID S-1-5-21-606230243-4064475508-401584655-1624

The same steps can be used to enable and disable a Connection Group using the command Enable-AppVClientConnectionGroup and Disable-AppVClientConnectionGroup

Deprecation of PackageStoreAccessControl support in App-V 5.0 SP2

If PackageStoreAccessControl is enabled, a user cannot browse through folders of unpublished packages. The default directory of these packages is C:\ProgramData\App-V.

This feature still works in App-V 5 SP2 hotfix 5 but it will be reviewed in a future release so it is advisable not to enable it.

More information about this can be found here.

Conclusion

The current release notes do not describe any problems so I think that “hotfix” is not the best term to describe this update. Hotfix 5 brings in two new nice features and makes the product even more mature.

Publish-AppvClientPackage -Name *commander* -UserSID S-1-5-21-606230243-4064475508-401584655-1624
Unpublish-AppvClientPackage -Name *commander* -UserSID S-1-5-21-606230243-4064475508-401584655-1624
Enable-AppVClientConnectionGroup -Name MyConnectionGroup -UserSID S-1-5-21-606230243-4064475508-401584655-1624
Disable-AppVClientConnectionGroup -Name MyConnectionGroup -UserSID S-1-5-21-606230243-4064475508-401584655-1624

When building a new (hosted) desktop the question about what profile type to use regularly pops up. The chosen profile type has impact on logon times, performance and manageability.

The use of a UEV or UEM tool for profile virtualization is used in most environments now a days so the choice between a Local and a Mandatory profile has to be made. According to this article of Citrix the difference between a Local Profile and an Mandatory profile is not much.

I prefer to use the Local profile and make it Temporary because with this profile users get a profile that logs on fast, it can’t get corrupted and I don’t have to create and maintain the Mandatory Profile.

A Local Profile is default but to set it to Temporary requires a change in the registry. Changing a profile from Local to Temporary is often called “bitflip”.

Here is a screenshot of the Local Profile, which is default at logon. In this scenario it stays on the system when logging of:

To change the Status from Local to Temporary the following registry key needs to modified:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*SID*\State

In this screenshot the Profile is set to the status Local (598)

The value of the State key needs to be changed to value 128.

When using a script, the SID of the user has to be found. The following PowerShell script can be used to write the SID of the current user to a variable and set the State to value 128 (Temporary):

The script must run with administrative credentials because it writes to HKLM.

See this PaseBin site to copy and past the correct code.

In this screenshot the Profile is set to the status 128 (Temporary):

After the value of Status has changed to Temporary:

When the user logs off the profile is automatically removed from the system.
UEV/UEM tools will save and inject any personal settings from the user.

This blog post is inspired by Shaun Wendland’s presentation at Synergy 2014.

Since version 7, XenDesktop uses the FlexCast Management Architecture (FMA). FMA replaces Independent Management Architecture (IMA).

FMA highly depends on a connection to a SQL database.

When the database isn’t available, no new connections can be made. Existing connections will stay active. So the database is the hearth of the infrastructure.

In this blog post I am going to configure, backup and restore the XenDesktop database(s).

Configuration of the different databases

XenDesktop has three databases:

1. Site
2. Logging
3. Monitoring

The SQL server where the databases are hosted are shown in the column Server Address.

Best practice is to change the Logging and the Monitoring database so when problems occur it will not effect all three functionalities. The Site database cannot be changed.

Changing the Logging Database

Click on the Logging database and click on Change Database
Fill in the name of the SQL server and the name of the Logging database. Click on OK
Click on OK
Wait for the wizard to finish.
The Logging database is now a separate database.
View from SQL Management Studio

Changing the Monitoring Database

Click on the Monitoring database and click on Change Database
Fill in the name of the SQL server and the name of the Logging database. Click on OK
Click on OK
Wait for the wizard to finish.
The Logging database is now a separate database.
View from SQL Management Studio

Ok, so now Site, Logging and Monitoring are configured to use three separate databases.

Backup

The next step is to create a backup (plan) of the databases so they can be restored in case of a failure.

I am using a Maintenance Plan to create a backup, this requires that “Agent  XPs”  option is enabled on the SQL server. See this article for more information.

The following SQL script can be used to enable Agent XP’s:

PasteBin here

Paste the code and click on Execute
Successful changed from 0 to 1 (enabled)
Run a RECONFIGURE
Do a refresh of the SQL Management Console
Agent XPs is now enabled.

Creating a Maintenance Plan

Using a Maintenance Plan we can create SQL backups.

Open Microsoft SQL Server Management Studio
Expand Management and right click on New Maintenance Plan
Give the Maintenance Plan a name
In the Toolbar, double click on “Back Up Database Task”
Next to Databases, click on the dropdown arrow. Select the database that need to be back upped Click ok
Select “Create a sub-directory for each database” Click on OK
From the Toolbox, double click Maintenance Cleanup Task
Open the Maintenance Cleanup Task Enter the directory where the backups are saved. Add the file extension BAK Enable the option to remove backups older the X days/weeks. I choose 3 days. It must be long enough for you to detect failures and to enough time to restore to a point in time where everything worked fine.
Now that the backup is configured and old backups are removed regularly, it’s time to enable the backup.
Click on the dots in the Subplan
Configure how often the backup should be made. Click on Ok
Now that the Maintenance Plan is configured, the plan can be executed. Make sure the SQL Server Agent is running. Right click on the plan and select Execute
Verify that the backups exist:

Restoring the XenDesktop database from backup

Ok, so let’s pretend that our junior system engineer made a massive mistake or XenDesktop does not respond as we would like. Then it’s time to restore the database from backup:

Right click on Database and select Restore Files and Filegroups
Change the database name to a unique name, I have chosen to add Restore behind it. Select From Device Click on the dots
Click on Add and navigate to the .BAK file from the backup Click on Ok
The filenames will be unique Click on OK  to start the restore.
The database is successfully restored.

Point XenDesktop to the new database

So now that the database is restored to a point in time where everything worked fine, it’s now time to point XenDesktop to the restored database.

Please use PasteBin to copy the PowerShell commands. Scripts can be found here.

Start PowerShell on a server where the XenDesktop SDK PowerShell cmdlets are available Load the XenDesktop snap-ins using Add-PSSnapin Citrix*
Run the command: Get-LogDataStore Write down the connection string.
The connection string is build up of the following components:
The next step is to fill a variable with the new connection sting, I modified the database name. $cs = "Server=MEM01;Initial Catalog=CitrixWhitepaperRestore;Integrated Security=True“
Once the variable is filled, we can now reset all the active connections using the command: Set-LogDBConnection -DataStore Logging -DBConnection $null Set-MonitorDBConnection -DataStore Monitor -DBConnection $null Set-MonitorDBConnection -DBConnection $null Set-AcctDBConnection -DBConnection $null Set-ProvDBConnection -DBConnection $null Set-BrokerDBConnection -DBConnection $null Set-EnvTestDBConnection -DBConnection $null Set-SfDBConnection -DBConnection $null Set-HypDBConnection -DBConnection $null Set-ConfigDBConnection -DBConnection $null -force Set-LogDBConnection -DBConnection $null -force Set-AdminDBConnection -DBConnection $null -force
Now all the connections are closed, the connection to the restored database can be created: Set-ConfigDBconnection -DBConnection $cs Set-AdminDBconnection -DBConnection $cs Set-LogDBconnection -DBConnection $cs Set-AcctDBconnection -DBConnection $cs Set-BrokerDBconnection -DBConnection $cs Set-EnvTestDBconnection -DBConnection $cs Set-HypDBconnection -DBConnection $cs Set-MonitorDBconnection -DBConnection $cs Set-ProvDBconnection -DBConnection $cs Set-SfDBconnection -DBConnection $cs     If you did not change the Logging and the Monitor database, also run these commands:   Set-LogDBConnection -DataStore Logging -DBConnection $cs Set-MonitorDBConnection -DataStore Monitor -DBConnection $cs   Because I moved the Logging and Monitor database I get an error. This is fine because I do not want to restore these databases;
Start the Citrix DesktopStudio. Click on Configuration The Site database now points to the restored database:

That’s it, we first created three separate databases for Site, Logging and Monitoring. Then we created a backup of the databases and simulated a restore. And at last we pointed XenDesktop to the restored database. Hopefully everything works fine now.

Thanks to Shaun Wendland for the inspiration.

The PN Agent is a seamless way to publish Citrix shortcuts for users. Citrix Storefront 2.5 re-introduces pass-through authentication for legacy clients, this makes it more seamless for the end-user.

In this blog I am going to configure the PN Agent to point to StoreFront 2.5 using pass-through authentication. I assume that Storefront is installed.

Click on Authentication and click on Add/Remove Methods
Select Domain pass-through
Click on Receiver for Web and click on Choose authentication methods
Select Domain pass-through
Click on Stores and click on Configure Legacy Support Enable Legacy Support and write down the URL. The configuration files that we are going to modify are now generated.
Open the file C:\inetpub\wwwroot\ Citrix\*Store name*>\ Views\PnaConfig \config.aspx
Replace the following code: Save the file	<LogonMethod><%= ViewData[PnaConfigViewConstants.LogonMethodId]%></LogonMethod> <EnableSavePassword>false</EnableSavePassword> <EnableKerberos><%= ViewData[PnaConfigViewConstants.EnableKerberosId] %></EnableKerberos>     <LogonMethod>sson</LogonMethod> <EnableSavePassword>false</EnableSavePassword> <EnableKerberos>false</EnableKerberos>
Open the file  C:\inetpub\wwwroot\ Citrix\*Store name*\web.config
Replace the following code: Save the file	<pnaProtocolResources changePasswordAllowed=”Never” logonMethod=”prompt” kerberosEnabled=”false” changePasswordMethod=”Proxy” changePasswordUrl=””>     <pnaProtocolResources changePasswordAllowed=”Never” logonMethod=”sson” kerberosEnabled=”false” changePasswordMethod=”Proxy” changePasswordUrl=””>
Reset IIS
The following settings are modified on the client:
Install Citrix Receiver using the following command line: (Replace the server location with the location written down at the creation of the legacy site)	CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL=”ReceiverInside,ICA_Client,AM,SELFSERVICE ,SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d” ENABLE_SSON=”YES” SERVER_LOCATION=”https://Citrix/Citrix/*Store*/PNagent/config.xml&#8221;   Pastebin: here
Reboot the machine
Verify if the process ssonsvr.exe is running.
Open GPedit.msc and import the Citrix ADM file (icaclient.adm) from C:\Program Files (x86)\Citrix\ICA Client\Configuration
Change the following settings:
Reboot the machine

After logging on the Citrix Receiver PN Agent makes a connection to the Legacy Support site and the icons will be displayed on the desktop and start menu.

In this blog I am going to

• Configure pass-through authentication to Citrix StoreFront 2.5 using Citrix Receiver 4.1.
• Use Keywords to mark applications and desktop as favorite within Citrix Receiver

Here are the version numbers of the software components that I use:

- StoreFront: 2.5.0.29

- Citrix Receiver: 14.1.0.0

Step 1 – Enable Domain Pass-through Authentication on the StoreFront server

This step enables pass-through authentication on the StoreFront server so this authentication method is allowed.

Open the StoreFront console Click on Authentication and click on Add/Remove Methods
Select Domain pass-through
Click on Receiver for Web and click on Choose authentication methods
Select Domain pass-through   Click Ok

Step 2 – Installing the Citrix Receiver on the client

Citrix Receiver for Windows 4.1 can be downloaded here

This command line enables Single Sign On for pass-through authentication, creates a top folder in the start menu and uses the application Categories to create subfolders under the top folder in the start menu. So:

• The StartMenuDir is the is the name of the top folder in the start menu that will be created and where the shortcuts will be placed.
• The Category is the folder specified in Citrix AppCenter under “Client application folder”. This folder will be created under the StartMenuDir in the start menu of the client and the shortcut will be placed in this folder.

The client’s start menu will look like this when every step in this blog is completed. Sneak preview:

Here is the location in the start menu where the values of the parameters StartMenuDir and UseCategoryAsStartMenuPath are placed.:

If necessary, these values can also be modified later .

After the Citrix Receiver 4.1 installation, the client must be rebooted because after a reboot the process ssonsrv.exe (single sign on service) is started.

Ssonsrv.exe must be started for pass-through to work so after the reboot, verify if the process is started.

Step 3 – Configure pass-through on the client

There are a few Group Policy settings to configure to allow the client to send credentials to the StoreFront server and use pass-through authentication. Here is how to set it up:

Open GPedit.msc and import the Citrix ADM file (icaclient.adm) from C:\Program Files (x86)\Citrix\ICA Client\Configuration
Change the following settings:
Reboot the client

Step 4 – Add the StoreFront site to Internet Explorer’s Local Intranet zone

The StoreFront server must be added to the Local Intranet zone within Internet Explorer because this zone allows Automatic logon by default. This is necessary so the Citrix Receiver 4.1 can send the credentials for pass-through authentication to the StoreFront IIS site.

To verify if the StoreFront site is in the Local Intranet zone, open the StoreFront site and right click on a spot on the site. Click on Properties and verify that after Zone: Local Intranet : Protected Mode: Off is displayed:

Step 4 – Log on automatically to Citrix Receiver

When a user logs on to Windows, Citrix Receiver 4.1 is started in the background and the Receiver icon is displayed next to the clock. When the Receiver is started it doesn’t logon to StoreFront automatically and so the start menu will not be filled with shortcuts of published Citrix applications and desktops.

Executing the following command (for example at logon) let’s the Citrix Receiver 4.1 silently log on to the StoreFront server: “C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe” –logon

Here you can find are all the command line parameters for SelfService.exe

Step 5 – Adding start menu shortcuts

Only Favorite apps on the “desktop” of the Citrix Receiver will be placed in the start menu.

In the default configuration, the “desktop” is empty so no shortcuts will be placed in the start menu:

It is possible for Citrix administrators to mark applications as Favorite so they will be added automatically to the Citrix Receiver “desktop”. Because the applications are on the “desktop”, they will also be placed in the start menu.

To mark an application as favorite so they will be placed on the “desktop”, keywords must be added. This can be done in Citrix AppCenter:

Open Citrix AppCenter
Open the Properties of the applications that must be mandatory
In the Application Description add the text:   KEYWORDS:Mandatory Or KEYWORDS:Auto   When using Auto, the end user can remove the favorite application from the Receiver “Desktop”and it won’t return.   When using Mandatory the end user can remove the favorite application from the Receiver “Desktop” but the application or desktop will return in the favorite list and in the start menu.

Step 6 – Test

Now that every prerequisite is in place, we can test pass-through authentication and creation of shortcuts in the start menu.

When the Receiver is started, click on Logon or use Step 4 to automatically log on.
Receiver must not ask for a user name and password, it must log on without requesting credentials.

After logging on in Citrix Receiver, favorite applications are visible on the Receiver’s “desktop” and the start menu is filled with these favorite applications:

Notes/Findings

• When the top folder, in my case “Citrix Applications and Desktops”, is deleted, it will not be re-created at next logon or reboot. To re-add the top folder, the end user has to mark the application again as Favorite (place it in the Receiver’s “Desktop”) within Citrix Receiver 4.1.
• When the top folder, in my case “Citrix Applications and Desktops”, is deleted and a user adds a new application as favorite, the folder is recreated with only the new shortcut.
• Keywords also work with the Citrix Web Interface if the Citrix Web Interface XML server is added to the Delivery Controllers list in StoreFront

Feature compare with PNagent

• The PNagent (3.x) places a shortcut for every accessible application and desktop in the start menu by default. To use the same functionality in Receiver 4 application keywords (auto or mandatory) need to be used and added to every application and desktop.
• Receiver with PNagent (3.x) logs on automatically, this has to be done manually in Receiver 4. Or the command line described in step 4 needs to be used.

Things to test

• Desktop shortcuts

If an end user is working on a Citrix published Desktop and they start a published application from the Receiver, a new Citrix session is started. This isn’t desirable from a licensing perspective and it also slows down application start times. Using the Prefer keyword when publishing the application the Receiver checks if a the application is available locally and will start this application from the same machine as the Desktop session.

Here are some examples how to use this feature:

KEYWORDS:prefer=”Notepad”

KEYWORDS:prefer=”\\Programs\Accessories\Notepad”

KEYWORDS:prefer=”\Programs\Accessories\Notepad” Mandatory

The Mandatory keyword places the application as Favorite on the Receiver “desktop” and returns automatically if the users removes this applications from the Favorites list.

KEYWORDS:prefer=”\Programs\Accessories\Notepad”

KEYWORDS:prefer=”Notepad” Auto

The Auto keyword places the application as Favorite on the Receiver “desktop” and does not return automatically if the users removes this applications from the Favorites list.

Notes:

• Shortcuts (in my example Notepad) must be in the start menu
• If you change the prefer parameter the applications must be re-added to the Favorites list before the changes are applied. This can be done using the Auto or the Mandatory parameters.

If you are going to test the scenarios keep in mind that after every change to the prefer parameter the application has to be re-added to the Favorite list of the Receiver before it is applied!

In XenDesktop 5.6 there is a feature call: Disconnected session time interval which causes desktops to logoff after a specified amount of disconnect time. This is a nice feature but doesn’t always work well when there are applications that require user interaction at closure.

Often the result is that users return to their partly restarted desktop where some processes are closed and other are still open and this leads to failing applications.

The following script will query the Desktop Controller for sessions that are Disconnected for more then 9 hours and will force a logoff so the Desktop is rebooted. I scheduled this script to run every hour and never had a Desktop that was Disconnected more then 8 hours.

Use PastBin to copy the script without errors, script posted here: http://pastebin.com/MYpitCds

App-V 5 uses two Microsoft SQL databases. One to store information about virtual applications, users, configuration settings, etc. And another to store Reporting information.

There are two common ways to create the databases:

- Run the App-V setup on the SQL server;

- Extract the SQL scripts, modify the content and run the scripts on the SQL server;

The second method is also possible in combination with Falko’s PowerShell scripts to modify the SQL script. More info here.

When the database is created, it is possible to make this database high available using the options within SQL server.

There are two options to make the database high available:

- Mirroring

- AlwaysOn

Pros and Cons of SQL of SQL High Available options:

I prefer to use AlwaysOn even if it requires the Enterprise edition of SQL and a Windows Cluster is required (more complex). Shared storage is not necessary for the cluster and you can use Windows Server 2012 R2 Standard.

This post describes the complete installation of the cluster, SQL Server 2012 Enterprise and the configuration of SQL AlwaysOn. If you are only interested in AlwaysOn, skip to step 3.

The following steps will be described:

1) Create a Windows 2012 R2 Cluster

2) Set up SQL 2012 R2

3) Create a High Available AlwaysOn database

Step 1 – Create a Windows cluster

Start Server Manager and click on Add Role Click Next
Click Next
Click Next
Click Next
Select Failover Clustering
Click Add Features
Click Next
Click Install
Click Close

Repeat the steps above for the second (and perhaps more) server(s).
Make sure the drive letters are identical.

When the Windows Cluster role is installed on all servers, open the Windows Cluster Manager on the first server.

Configure the Windows cluster

Right click on Fail Over Cluster Click on Create Cluster
Click Next
Add all the computer objects that will be part of the cluster Click Next
Click Next
Click Next
Click Next
Click Next
Click Finish
Specify the cluster name and the IP address where clients will connect to. Click Next
Click Next
Click Finish

The cluster is now created with (in my case) two nodes.

Step 2 – Set up SQL 2012 R2

Mount the SQL 2012 R2 Enterprise ISO Click on New SQL Server Stand-Alone installation (no need to click on SQL Server Failover Cluster!)
Click Ok
Click Next
Click Next
No connection to Windows Update Click Next
Click Install
Click Next
Click Next
I installed the minimal required components for the App-V AlwaysOn configuration. And Reporting for future usage. Click Next
Optional change the values. Click Next
Click Next
Optional: Change the Service Accounts
Click Next
Optional: Change the Authentication Modes
In my configuration I have two additional disks. One for the databases and backup (D:\) and one for the Logs (E:\) I modified the directories to these disks.
Click Next
I will not configure reporting at this moment. Click Next
Click Next
Click Next
Click Install
Click Close

Service Pack 1 Update

Click Next
Click Next
Click Next
Click Next
Click Next
Click Update
Click Close

Enable AlwaysOn

AlwaysOn is disable by default, this must be enabled before this feature can be used.

Open the SQL Server configuration manager Open the properties of the SQL Server service
Enable Enable AlwaysOn Availability Groups Click Ok

Step 3 – Create a High Available AlwaysOn database

Now that all the pre-requisites are in place, it is possible to start with the set-up of the AlwaysOn configuration.

Open the properties of the App-V databases Change the recovery model to Full
Create a backup of the database
Create a new Availability Group
Click Next
Select both database (group members will failover at the same time) Click Next
Click Connect
Select Automation Failover for both databases. Select Synchronous Commit for both databases (this makes transactions a bit slower but availability higher) Select Readable Secondary for the Secondary database Click Next
Click Next
Click Next
Enter the IP address of the Listener
Enter the DNS name of the Listener Click Next
Enter the path of the network folder. This folder will be used initially to synchronize the database. Afterwards it can be deleted. Click Next
Click Next
Click Finish
The database is now in sync with the secondary on the second server.

After the database is synchronized, the wizard has also created:

- A computer account in Active Directory with the Listener name;

- A DNS record with the name of the Listener;

- The Role within the Windows Cluster;

- Added the Listener IP address to the active node.

Using the Windows Cluster is it possible to failover de App-V database between two (or more) servers. It will do this automatically if a server is unavailable.

Modify the database connection afterwards

If the management server is already installed, it is possible to point to the AlwaysOn database by modifying the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Server\ManagementService

Modify:

- MANAGEMENT_DB_SQL_INSTANCE (default MSSQLSERVER)

- MANAGEMENT_DB_SQL_SERVER_NAME (change to Listner DNS name)

Check if MANAGEMENT_DB_NAME (AppvManagement) is still correct.

Restart the App-V

UEM tools, like AppSense DesktopNow, can be used to present and modify App-V 5 applications. Some of the benefits of integrating App-V packages within AppSense are:

• Package modification;
• Reduced packaging times;
• Granular access control;
• License control;
• Extensive reporting;
• Etc.

AppSense created a document about these benefits, which can be downloaded here.

But they lack the technical details how to modify App-V packages using AppSense Environment Manager. In this post I am going to describe three ways to modify App-V packages using AppSense Environment Manager.

AppSense DesktopNow components

AppSense DesktopNow consists of the following components:

• Environment Manager
• Application Manager
• Performance Manager

Using Environment Manager it is possible to create shortcuts to App-V packages and modify AppSense packages. With Application Manager it is for example possible to block executables  and using Performance Manager system resource usage can be guarded.

Modify the native environment

To modify the native (non virtual) registry and file system, Environment Manager offers many options from the ribbon. This makes it easy to modify the registry of the file system:

But unfortunately the file and folder method cannot be used for App-V applications and the registry is not the best way to do it (see later in this post).

Processing of (personal) settings

AppSense processes modifications (modified by the user or by the administrator) in the following manner:

Settings in the local file system or registry is overwritten by the App-V package and the App-V package settings are overwritten by scripting, scripting is overwritten by Personalization.

So if we want to modify an App-V package we can:

• Modify the Personalization layer;
• Use scripting;
• Modify the local file system;

1) Modify App-V packages using the Personalization layer

Personalization is the profiling solution of DesktopNow and manages the profile of the user. Here are the changes that users make to their applications en workspace saved. If you do not use this feature (because you use a roaming profile or another profiling solution) you need to enable it to modify App-V packages.

The benefit of Personalization, in contrast to other profiling solutions, is that it uses the process name to save modifications. This makes it easy to migrate personal settings between different versions with the same executable name.

Enable Personalization

If Personalization isn’t already active in the Configuration, it needs to be enabled.

Open Environment Manager
Click on Manage, Personalization Servers
Click on Add Server and enter the server name of the personalization server. Click on Add Click on Ok Now the Personalization server is enabled within the AppSense configuration. The configuration needs to be deployed to the clients, then personalization is active.
Deploy the configuration using the Management Server

The next step is to add a App-V application to the Personalization list.

Open Environment Manager
Click on User Personalization
Click on Connect
Click on Add Server and enter the server name of the personalization server. Click on Add Click on Connect Click on Ok
Click on Add Application
Fill in the Name and the executable of the virtual application, in my case XMLSpy.exe Click on Ok

The next step is to add the package to an Application Group.

A group is not mandatory but it is a best practice. It allows other applications to access the Personalization information. If you add an application to a group later, when users have already personalized their applications, their settings will be lost.

Click on Application Groups
Click on Add Application Group
Enter a Name Click on Ok
Click on Add application
Select the application and click on Ok

When the group is created and the application is added, the next step is to add the registry keys and/or the files which need to be saved (personalized).

Click on Registry
Add the registry path that you want to Personalize Click on Ok
Add HKCU\Software to the excludes list. This is a best practice and will prevent pollution of the personalization database.

Now that the Application Group is configured, it needs to be assigned to a group of users or computers.

Click on Personalization Groups
Click on Add Personalization Group
Enter a name
Add a membership role
Modify the membership role Click on Ok
Click on Application Personalization
Select the Application Group Click on Ok

Now the Personalization settings of the application are assigned to the members of the group.

Inject settings into the Personalization layer

Open the Environment Manager
Click on User, Process Started
Add a new Node
Enter the name of the executable
Add an Execute action
Enter the following code: This will add the registry key and the value in the Personalization layer of XMLSpy	Filename: %SystemRoot%\System32\cmd.exe Working directory: %SystemRoot%\System32 Parameters: /APPSENSESPECIAL:XMLSpy.exe:.* /C "REG ADD "HKCU\Software\Altova" /v License /t REG_BINARY /d 12345"
Make sure that REG.exe is removed from the Application Exclusion list otherwise REG.exe has no rights to write to the Personalization layer.

So this method takes a lot of steps to get the custom settings (a license key) into the virtual environment. But the benefits are that end user can modify the changes and they will be written to the Personalization layer and processed last.

2) Modify App-V packages using the local registry

If you do not want to use Personalization within AppSense, there are alternatives.

It is possible to modify the local registry. App-V reads these these keys and the modification is applied.

In the local registry, under HKCU \Software\Microsoft\AppV\Client\ Packages\*GUID*\Registry\User\*SID*\ the virtual registry of the App-V packages resides.

These registry keys can be modified directly.

It is a bit difficult to create a script to modify these registry keys because the SID of the user needs to be queried and placed into the script. See this post how to resolve the SID.

Two remarks when using this method:

1) Make sure that the package is published to the user before the script is ran, otherwise the package GUID and version cannot be found.

1) In combination with Personalization, this feature can not be used to overwrite settings because Personalization is injected later and will overwrite the modified keys.

3) Modify App-V packages using the scripting possibilities of App-V

Another option to inject settings into AppSense is using the scripting possibilities of App-V.

In App-V 5 there is a new argument called “/appvve”. This stands for App-V Virtual Environment and using this argument it is possible to inject settings into the virtual environment.

Open the Environment Manager
Click on User, Process Started
Add a new Node
Enter the name of the executable Click on Ok
Add a an Execute
Enter the following code: Change the GUID of the App-V package. The part before the _ is the package GUID and the part after the _ is the version.	Filename: %SystemRoot%\System32\cmd.exe Working directory: %SystemRoot%\System32 Parameters: /APPVVE:33c04038-f77e-4d86-937f-4a4ea747b3e2_9e10883f-1c3a-436f-a355-25dddd1296c1 /C REG ADD HKCU\Software\Altova /v License /t REG_BINARY /d 12345

Two remarks when using this method:

1) Make sure that the package is published to the user before the script is ran, otherwise the package GUID and version cannot be found.

1) In combination with Personalization, this feature can not be used to overwrite settings because Personalization is injected later and will overwrite the modified keys.

Conclusion

Although it is not easy to modify App-V 5 virtual applications using AppSense, it is possible.  The best way to do it is to inject settings into the Personalization layer using Personalization groups.

Using this method the personal settings from the user are applied as last, saved when there is a new versions of the application en interchangeable with other applications in the group.

.NET Framework 3.5 is not in the cached installers in Windows Server 2012 R2. When installing .NET Framework 3.5 you need to specify the \Sources\SXS folder on the DVD.

You can use the Server Manager wizard, DISM or Add-WindowsFeature commands to install .NET Framework 3.5. But this often fails after installing a bunch of updates. It says because it can’t find the sources.

Here’s how to fix it:

There are multiple versions of the Windows 2012 R2 DVD available so make sure to use the one that you installed Windows Server 2012 R2 with.

When using a SQL Server AlwaysOn, sometimes databases become out sync and need to be resumed.

Right click the database
Select, New Query
Enter: ALTER DATABASE [database name] SET HADR RESUME
Click on Execute
The database will start synchronizing, this will take some time.
After a period of time , the database is Synchronized and back online.

The vCenter 5.5 installation creates a self signed certificate. Best practice is to replace it with an external trusted certificate. But if you do not want to pay any money for a certificate or just want to use the self signed certificate, the following error pops-up when adding vCenter as a host in XenDesktop:

Error id: XDDS:D883C098

Cannot connect to the VCenter server due to a certificate error. Mare sure the appropriate certificates are installed on the VCenter server, and the install the appropriate certificates on the same machine that contains all the instances of the Host service.

Here’s how to fix it:

On the vCenter server, navigate to: C:\ProgramData\VMware\VMware VirtualCenter\SSL (I had to take ownership of the folder to view the content)
Copy the cacert.pem file to the XenDesktop 7.5 C:\ drive
Open a MMC console on the XenDesktop 7.5 host
Add the Certificates snap-in for the Computer
Navigate to the Trusted Root Certification Authorities Expand Certificates
Right click on Certificates, All Tasks and select Import Click Next
Click on X.509… and select All Files
Navigate to C:\ Select the cacert.pem file
Click on Open
Leave the Trusted Root Certification Authorities store selected Click Next
Click Finish
Successfully imported.

Repeat these steps for all your XenDesktop Controllers.

Check in the Certificates MMC if the certificate uses a FQDN, then this is also necessary in the XenDesktop 7.5 Host wizard.

To test if the certificate is valid, open the website: https://vCenterServer.domain/sdk

The certificate is valid if there is NO notification of a untrusted certificate.

Now, let’s add the vCenter as a Host in XenDesktop 7.5.

I use the Add Host in XenDesktop Studio but this could also be done using the initial installation.

Click on Hosting
Click on Add Connection and Resources
Make sure that you use the FQDN of the vCenter server, if this is also applied to the certificate. Click Next   Now there is no error message displayed.
Click Finish

When creating new machines from Citrix Provisioning Services, the XenDesktop Host window shows no resources:

This can be solved by specifying which storage to use within Citrix XenDesktop.

Open the XenDesktop Studio
Navigate to Hosting
Click on Add Connection and Resources
Select the network that the VDI desktops may use
Select the storage that the VDI desktops may use
Click Finish

Now the XenDesktop Host Resources are visible in the Citrix PVS console.

When creating VDI desktops from the Citrix Provisioning Services (PVS) console using the XenDesktop Setup Wizard, the following error can occur:

XenDesktop FullAdmin or MachineAdmin permission required

This can be solved by starting the PVS console or log on with the account that is configured to start the SOAP service with. Restart the wizard and it will  continue to the next step.

During the installation of the XenDesktop VDA on a Windows 2008 R2 server, the installation fails with error:

Failed to configure component ‘Microsoft Remote Desktop Connection’ because it is not installed

More details are available:

After going through the Setup log I found out that the WIndows Firewall service was disabled.

I enabled the service and disabled the Firewall using:

netsh advfirewall set allprofiles state off

After re-running the Setup, everything worked fine.

Microsoft lacks an easy way to set the language and keyboard options in Windows.
There are different articles, scripts, tools etc. out there to configure this.

I created my own custom Group Policy to set the default input language to Dutch and the keyboard to United States International.

Download the .ADM file here

How to apply this policy:

Open the Group Policy Management Console
Create a new GPO or edit an existing one
Right click on the GPO en click on Edit
Expand the User Configuration, Policies and right click on Administrative Templates
Click on Add/Remove Templates
Click on Add
Select the Keyboard_Layout.adm
Click on Close
Expland Classic Administrative Templates
Expand Keyboard Layout
Enable Keyboard Layout Switching
Enable Language Setting and select Dutch
Enable Keyboard Setting and select Keyboard-setting US –International
Click Ok

Restart the client or and log on with a user account that has the policy applied. Check the language options.

You can add/change/remove languages from the .ADM file using a text editor.

When configuring Citrix XenDesktop’s VM Hosted App functionality the connection to the app would hang on “Connection established. Negotiating capabilities…”

I tried several solutions:

1) Change the permissions on HKLM\SOFTWARE\Microsoft\MSLicensing as described in this article: http://support.citrix.com/article/CTX123816

2) Delete the registry keys: HKLM\Software\Microsoft\MSLicensing\HardwareID and HKLM\Software\Microsoft\MSLicensing\Store

3) Delete the registry keys Certificate, X509 Certificate and X509 Certificate ID from HKLM\System\CurrentControlSet\Services\TermService\Parameters

But none of them worked for me. For me the solution was to change the value of AppInit_DLLs from c:\progra~2\citrix\system32\mfaphook.dll to mfaphook.dll. This key can be found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows.

Afterwards the receiver could connect to the VM Hosted App.