locked
Application publishing issues after temp profile usage RRS feed

  • Question

  • We haven't figured out the solusion to this issue but we do know the cause and a workaround for it that works, kind of...

    A brief description would be that after permission issues for some users roaming profile storage on the fileserver application publishing and several applications fail in a different way for different users. This is due to the creation of C:\Users\TEMP, TEMP.DOMAIN etc folders rather than using C:\Users\Username folders. The issue seems to be that App-V 5 client remembers this temporary folder in a way that we havent figured out yet, all references to the temp folders for each users account UID in the registry has been removed and the roaming profie was deleted locally and on the fileserver YET app-v remembers the path C:\Users\TEMP and tried to create shortcuts etc there without success --> the packag then failes completely and dissapears from the client/powershell Get-AppvClientPackage view as if its not even published to the user.

    The BIG question is how the "#¤/&¤ can you get the App-V client to forget about the C:\Users\TEMP foders and retun to the users correct folder? We have tried to remove all user accounts UID from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\MAV\Configuration\Packages etc and also the users profiles so this data must be stored somewhere else. The issue is local to specific XenApp servers, if the temporary profile wasnt created on a server the issue will never appear there.

    The workaround is that all users with the issue have full access to the paths C:\Users\TEMP and C:\Users\TEMP.DOMAIN folders, however when app-v generates shortcuts in that folders we'll need to manually move them to the correct path so that they are available to the users, smooth!

    The environment is based on 4x Windows 2008 R2 server with citrix XenApp 6.5. App-V 5 SP1 RDS client is installed and configured to use a single publishing server "Add-AppvPublishingServer -Name SERVERNAME -URL http://FQDN:8080"

    The details:

    (we think) Some users had the follow error since they couldn't access the faulty profile path TEMP or TEMP.DOMAIN:

    Failed to create file by callback data: \Device\HarddiskVolume2\Users\USERNAME\AppData\Roaming\Microsoft\AppV\Client\VFS\FE7FE758-FDD8-4208-AF3D-E2505AEF6791\AppData\Adobe\Acrobat\

     

    Another user got only one package (the only package without a shortcut):
    This user receives 1 out of 8 packages.
    We have tried removing the local and centrally stored roaming profile without any change.

    The following is recorded in the event viewer (Microsoft\AppV\Client\Admin):

    Log Name:      Microsoft-AppV-Client/Admin
    Source:        Microsoft-AppV-Client
    Date:          2014-02-04 09:30:04
    Event ID:      19104
    Task Category: Publishing Refresh
    Level:         Error
    Keywords:      Publishing Refresh
    User:          DOMAIN\username
    Computer:      XENAPPSERVER1.domain.com
    Description:
    Part or all packages publish failed.
     published: 1
     failed: 8
    Please check the error events of 'Configure/Publish Package' before this message for the details of the failure.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-AppV-Client" Guid="{E4F68870-5AE8-4E5B-9CE7-CA9ED75B0245}" />
        <EventID>19104</EventID>
        <Version>1</Version>
        <Level>2</Level>
        <Task>36</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000800000</Keywords>
        <TimeCreated SystemTime="2014-02-04T08:30:04.164025400Z" />
        <EventRecordID>661</EventRecordID>
        <Correlation />
        <Execution ProcessID="3376" ThreadID="34620" />
        <Channel>Microsoft-AppV-Client/Admin</Channel>
        <Computer>XENAPPSERVER1.domain.com</Computer>
        <Security UserID="S-1-5-21-XXXXXXXX" />
      </System>
      <EventData>
        <Data Name="Value1">1</Data>
        <Data Name="Value2">8</Data>
      </EventData>
    </Event>


    In addition to the above the following is recorded for every failed package (Microsoft\AppV\Subsystems-RegistryStaging), however the package that works arent displayed in the log.

    Log Name:      Microsoft-AppV-Subsystems-RegistryStaging/Debug
    Source:        Microsoft-AppV-Subsystems-RegistryStaging
    Date:          2014-02-04 09:30:02
    Event ID:      2002
    Task Category: None
    Level:         Information
    Keywords:     
    User:          DOMAIN\username
    Computer:      XENAPPSERVER1.domain.com
    Description:
    Configure package called on already configured package '{a849ce4c-2b7b-46a9-b54e-c72e61858de1}' version '{e780bf5c-effa-4419-bd4a-03bcc394baf4}'.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-AppV-Subsystems-RegistryStaging" Guid="{1f4a896a-fea6-4862-bbeb-aaa190ae31c0}" />
        <EventID>2002</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2014-02-04T08:30:02.853894400Z" />
        <EventRecordID>89</EventRecordID>
        <Correlation ActivityID="{01AFCC48-F800-0001-4FF3-2C81241CCF01}" />
        <Execution ProcessID="3376" ThreadID="34620" ProcessorID="3" KernelTime="544" UserTime="3885" />
        <Channel>Microsoft-AppV-Subsystems-RegistryStaging/Debug</Channel>
        <Computer>XENAPPSERVER1.domain.com</Computer>
        <Security UserID="S-1-5-21-XXXXXXXX" />
      </System>
      <EventData>
        <Data Name="package">{A849CE4C-2B7B-46A9-B54E-C72E61858DE1}</Data>
        <Data Name="version">{E780BF5C-EFFA-4419-BD4A-03BCC394BAF4}</Data>
      </EventData>
    </Event>

     

    We also notice the following errors in Microsoft\AppV\Subsystems-shortcuts when AppV tries to generate icons in the wrong/old profile path (cmd.exe "set" displayes the correct path but why cant appv get this info?):

    Log Name:      Dbg
    Source:        Microsoft-AppV-Subsystems-shortcuts
    Date:          2014-01-28 13:55:47
    Event ID:      130
    Task Category: None
    Level:         Error
    Keywords:     
    User:          DOMAIN\username
    Computer:      XENAPPSERVER1.domain.com
    Description:
    Failed to write shortcut file 'C:\Users\TEMP.DOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\' with error '6629316385409335299'.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-AppV-Subsystems-shortcuts" Guid="{a7782ffe-c5f5-4554-ab1c-acb874c1ccf9}" />
        <EventID>130</EventID>
        <Version>1</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2014-01-28T12:55:47.925264700Z" />
        <EventRecordID>251</EventRecordID>
        <Correlation />
        <Execution ProcessID="3376" ThreadID="3628" ProcessorID="0" KernelTime="378" UserTime="136" />
        <Channel>Dbg</Channel>
        <Computer>XENAPPSERVER1.domain.com</Computer>
        <Security UserID="S-1-5-21-XXXXXXXXXXXX" />
      </System>
      <EventData>
        <Data Name="string">C:\Users\TEMP.DOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\</Data>
        <Data Name="uint64">6629316385409335299</Data>
      </EventData>
    </Event>

     

    We noticed thet the user DOMAIN\user had a TEMP.DOMAIN profile path due to faulty permissions on the profile store and that this path thoug its fixed was stil configured in the AppV part registry according to below.
    Since this key is global to the server and not bound to the user account it wasnt removed with the user profile, we tried removing the specific keys manually where the user account UID occured without any change to the problem. The removed keys werent regenerated in the registry though.
    The specific user account SID uses TEMP.DOMAIN paths (\Users\TEMP.DOMAIN\AppData\Roaming\Microsoft\AppV\Client\VFS) for two String Value names "TargetLongName" and "TargetShortNamefolders" in the following key (and others):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\MAV\Configuration\Packages\04ADC3E8-E368-4B95-98AF-F53A625070CD_C248B175-B174-41F5-A4D6-62835CF86519\UserConfig\S-1-5-21-XXXXXXXXXX

    As mentioned the UID keys "S-1-5-21-XXXXXXXXXX" did not reappear UNTILL we manually created the folder C:\Users\TEMP.DOMAIN with full permissions for the affected user. Once this folder was created App-V recreated the registry keys "S-1-5-21-XXXXXXXXXX" with the correct \Users\USERNAME\* values however the icons for the applications was distributed to the C:\TEMP.DOMAIN\Desktop folder and since the users desktop is accually in C:\Users\USERNAME\Desktop none of the icons was visible to the user.

    Another user had similar issues but with the java plugin for internet explorer failing without error messages, once that user got access to C:\Users\TEMP.DOMAIN the user was again able to run java.

    Tuesday, February 4, 2014 1:29 PM

All replies

  • First of all, what type of profiles are being used (Local, Domain Roaming, Mandatory?)

    Do you have any special group policies (such as deletion of cached local profiles, etc.)

    Are you using the Citrix UPM to manage profiles?

    Are you using the default for %LOCALAPPDATA%?

    What are the following configuration in the registry?

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Integration

    The Values for

    IntegrationRootUser

    RoamingFileExclusions


    Steve Thomas, Senior Consultant, Microsoft

    App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat

    http://blogs.technet.com/gladiatormsft/
    The App-V Team blog: http://blogs.technet.com/appv/
    The MED-V Team Blog: http://blogs.technet.com/medv
    The SCVMM Team blog: http://blogs.technet.com/scvmm/

    “This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks.”

    Sunday, February 16, 2014 6:35 AM
  • Please see my answers in bold below.

    First of all, what type of profiles are being used (Local, Domain Roaming, Mandatory?)

    Roaming

    Do you have any special group policies (such as deletion of cached local profiles, etc.)

    No

    Are you using the Citrix UPM to manage profiles?

    No

    Are you using the default for %LOCALAPPDATA%?

    Yes

    What are the following configuration in the registry?

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Integration

    The Values for

    IntegrationRootUser

    %LOCALAPPDATA%\Microsoft\AppV\Client\Integration

    RoamingFileExclusions

    This one doesn't contain a value

    Monday, February 17, 2014 9:44 AM
  • So do you have the profiles configured to delete the locally cached copy of the profile upon logoff? I'm trying to piece this together in my environment for a repro.

    Steve Thomas, Senior Consultant, Microsoft

    App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat

    http://blogs.technet.com/gladiatormsft/
    The App-V Team blog: http://blogs.technet.com/appv/
    The MED-V Team Blog: http://blogs.technet.com/medv
    The SCVMM Team blog: http://blogs.technet.com/scvmm/

    “This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks.”

    Thursday, February 27, 2014 2:44 AM
  • Hi Warnbrant,

    Mate did you ever get down to the root cause for this issue?

    Pretty much in the same boat as you. 

    About ready to log a support ticket.

    Cheers

    Jeremy


    • Edited by JeremyGWong Monday, October 13, 2014 3:38 AM
    Monday, October 13, 2014 3:37 AM
  • Hello,

    My suspicion here is that a value under HKLM causes the issue.

    There are a few values that relate to the SID - that could be Worth checking out.


    Nicke Källén | The Knack| Twitter: @Znackattack

    Monday, October 13, 2014 8:23 PM
  • Cheers,

    Ended up putting in some workarounds.

    • Citrix\Microsoft best practice hotfixes
    • Review all userprofiles to check correct permissions etc (powershell script)
    • Purge Key each week, possibly switch to nightly.

    $CitrixOU =Get-ADComputer -filter * -searchBase 'OU=Citrix,OU=Servers,DC=test' | Select-Object -expand Name

    Invoke-Command -cn $CitrixOU {gci HKLM:\SOFTWARE\Microsoft\AppV | foreach-object {gci $_.pspath} |where-object {$_.name -like "*S-1*"} |remove-item -Recurse -Force}

    until we can work out if this is 'by design'


    Thursday, October 16, 2014 6:44 AM