About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
Recently I published an article on my blog that shows how to run an executable of choice when the Citrix Receiver exits.
Using public resources such as the Citrix Public Symbol Server we can analyze, understand and finally make the code more readable.
I will try to make this session not an “enter the matrix one” but one that could be considered as an intro into using Ida Pro for reverse engineering and app compat fixing.
Hope to see you all in Rome, my session is scheduled Friday November 1 from 18.30 – 19.15. There will be room for questions so feel free to take your own Crapplication™ and ask about it after the session.
See you in Rome!
I wanted to do an unattended install of the Microsoft App-V 5.0 SP1 client.
I wanted to install using the MSI’s instead of using the exe installer so I unpacked the MSI’s from the installer as documented here.
The install failed however with MSI error 1603. I activated logging but that was not very helpful since it only logged "MainEngineThread is returning 1603".
Manual install of the MSI gave a bettor error message:
I had already installed the MSVC++ 2005 SP1 runtime but the version was slightly lower.
Unfortunately Microsoft doesn’t publish the build numbers with their downloads so it takes some searching to determine the correct download.
Version 8.0.61001 is labeled as "Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update" and can be downloaded here.
There is a similar requirement for the Microsoft Visual C++ 2010 runtime which should be at least 10.0.40219. This one is easier though because the required version is extracted together with the MSI files.
As a final note you need to set the AcceptEULA MSI property to 1 for both the client and language pack MSI or the install will fail.
I wanted to run a virtual Citrix License server in my LAB.
Unfortunately Citrix only provides the VPX License Server in XenServer format (.xva). If you want to run the VPX on VMware ESX or Microsoft Hyper-V you need to convert it first.
The option to convert a Xen Virtual Appliance to OVF format was removed in XenConvert 2.4.1. So for a conversion you need version 2.3.1.
Here are the direct download links:
However when I tried to convert the downloaded VPX (Citrix_License_Server_VPX_v11.10.0_Build_12002.xva) I got the error "Failed to decode tar header record":
A while ago I was doing some research for Magic Filter when I stumbled upon something interesting within Receiver.
Inside wfica32.exe is a function called _Eng_RunExecutableOnExit. That name caught my interest, I’ve made it a little more readable with Ida Pro:
Today I was troubleshooting a warning message that popped up when launching a network application with RES Workspace Manager:
Usually this is a simple fix: add the servername (file://server) to the Local Intranet zone:
That worked when I launched the application directly. However when launching the application with RES Workspace Manager I would still get the warning. Even stranger: when I clicked Cancel the application would still be launched.
I needed to connect remotely via Remote Desktop to a Windows Server 2012 machine.
I received an rdp file that was configured to use an RD Gateway server:
However when trying to connect from my Windows 7 laptop (x64) machine, I got the following error message:
In Enterprise environments users are often working on a remote (virtual) desktop such as when using SBC or VDI.
They typically get a full screen session, perhaps on a thin client, and have not idea that they are using a remote desktop.
Clever users know they can use alternative key combinations such as Shift-F2 for Citrix or Ctrl-Alt-End for RDS.
But that’s not the seamless experience we want to give our users, is it?
Some time ago I wrote about the PNAgent data that is stored in the registry in XML format.
After that post Andrew Morgan asked me if I could extract the PNAgent icons from the XML data.
That got me interested so let’s look at this data!
If you look at XML from PNAgent the icondata as in the AppData.Details.Icon node you’ll see something like this:
Seems like the icon data is stored/encrypted in a proprietary format.
ClickOnce is a Microsoft technology that enables an end user to install an application from the web without administrative permissions.
That’s great isn’t it?
While ClickOnce may sound great to developers it’s actually a nightmare for Enterprise administrators because they try to prevent users from installing software themselves.
ClickOnce also incorporates an Automatic Updates mechanism which means that users might run different or not tested/approved versions…
It get’s even worse in virtual environments such as VDI and SBC where machines are often non-persistent. Each time the users starts the application they will see a screen similar to the one below while they actually download and install it over and over again:
If the environment is persistent, it’s not guaranteed that the user works on the same machine each day. This means that the application will be installed on every box the user ever logs onto…
How does it work?
In order to understand how we can best treat ClickOnce applications we need to understand how they work since MSDN documentation does not describe this in detail.
You need to download the SDK installer and download from there.
This sort of annoys me since I sometimes need to install WinDBG quickly for some troubleshooting.
I watched the URL’s with Fiddler while using the SDK Installer and here are the current URL’s:
.NET .NET FrameWork Active Directory Altiris Apple Automation Manager Citrix Dell Delphi Excel Exchange Exchange2003 Exchange2010 Hack HP iOS Java LinkedIn Linux Lync MSI Office Office 2010 Passat Password PowerPoint PowerShell RES RNS510 SasLibEx SCOM Security Terminal Server ThinApp TSAdminEx VBS VCDS Visual Basic Visual Studio VMWare Volkswagen VW Windows PE Wordpress XenApp