Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Windows 2003’ Category

ClickOnce is a Microsoft technology that enables an end user to install an application from the web without administrative permissions.

That’s great isn’t it?
While ClickOnce may sound great to developers it’s actually a nightmare for Enterprise administrators because they try to prevent users from installing software themselves.

ClickOnce also incorporates an Automatic Updates mechanism which means that users might run different or not tested/approved versions…

Virtual Environments
It get’s even worse in virtual environments such as VDI and SBC where machines are often non-persistent. Each time the users starts the application they will see a screen similar to the one below while they actually download and install it over and over again:


If the environment is persistent, it’s not guaranteed that the user works on the same machine each day. This means that the application will be installed on every box the user ever logs onto…

How does it work?
In order to understand how we can best treat ClickOnce applications we need to understand how they work since MSDN documentation does not describe this in detail.


The case of the COM Port Redirection

SecutestOne of my colleagues asked me to assist in troubleshooting an application called SmartWare FM running on Citrix XenApp.

This application reads data from an external device called SECUTEST.

The device is connected to a COM port which is redirected to the XenApp session. In contrast to Microsoft Remote Desktop Services COM ports are not automatically redirected in XenApp but need to be mapped via eg a logonscript (NET USE COM1: \\Client\COM1:) or using UEM.

In my case the COM port was mapped with RES Workspace Manager:



I noticed something interesting today: I needed to generate a Code Signing certificate from a Windows 2003 CA Server.

However the default Code Signing Template does not allow us to export the private key. I found a nice trick however that enables us to request a code signing certificate WITH private key.

To do this I first needed to enable the Code Signing template on the CA Server. This can be done using the Certification Authority MMC Snap-in: right click on the Certificate Templates node and select New | Certificate Template to Issue | Code Signing:




imageSome applications use the computer’s name as a unique identifier, rather than using the user name. In a single-user-per-computer environment, this strategy works well.

However, in a Multi User environment such as Citrix XenApp or Microsoft’s Remote Desktop Services (Terminal Server), all connected users report the same computername.

If the application relies on unique computernames to handle tasks such as file and record locking, then the application will fail.

imageWe can however set an Application Compatibility Flag in the registry to return the username instead of the computername.

To demonstrate this behaviour I wrote a small Test Application called TestAppCompatFlags.exe.


Replacing WFP Protected files

imageOn Windows 2000, XP and Server 2003 a mechanism called Windows File Protection (WFP) is used to protect system integrity.

How does WFP Work?
Inside SFCFILES.DLL a list of files is kept that are monitored for changes. When a monitored file gets deleted, modified or overwritten WFP will restore the original from one of the following locations:

  • Cache Folder (%systemroot%\System32\DllCache)
  • Network Installation Path
  • Windows CD (or i386 folder on harddisk)

But what if we need to replace such a file? You could write a batch file that copies the modified file to the cache folder, installation path and destination. And this may work if it’s quick enough.

A more reliable method is to use an undocumented export from sfc_os.dll called SfcFileException (only exported by ordinal #5).


Within half an hour of writing the article "Application causes Screen Flickering in Citrix XenApp Session" I got a message that the hotfix in that article also fixes a similar problem in PowerPoint 2010.

Office 2010 uses hardware acceleration for displaying images and when this is enabled (which is the default) you will see constant screen flicker when you try to display a presentation with Images on Citrix XenApp (Server 2003):

Screen Flickering when running WPF Applications on Citrix XenApp



Yesterday I was asked to troubleshoot an interesting issue with an application running on Citrix XenApp.

This customer is running Citrix XenApp 5 on Windows Server 2003 (x86). On the Client Side the Online Plugin version 12.3 is used.

The Problem
When this particular application was active the screen was flickering and black blocks appeared at seemingly random places. Further more it was not possible to resize the window:


My experience is that display issues are often related to either HDX Flash Redirection (offloading flash to the client) or the Multi Monitor hook.



My Network Places Internals

Nethood IconI am using a PowerShell script to copy some elements of from the users old profile location to a new location. This includes the Nethood ("My Network Places") folder which contains the Network Places shortcuts.

A user reported that she could not save documents to Network Places anymore and after inspection the Network Places shortcuts were broken.

I started comparing the old Nethood folder to the new and observed the following difference in Explorer:


When copying entries from the Nethood folder with Explorer manually they worked fine, so somehow Explorer gives the Nethood folder special treatment.


Today I was troubleshooting a message that appeared when a user tries to edit a document from SharePoint on a Citrix XenApp server.

The user browsed to a word document on Sharepoint and selected “Edit in Microsoft Office Word” from the Combobox:

Edit in Microsoft Office Word

This would present the following error message to the user:

'Edit Document' requires a Windows SharePoint Services-compatible application and Microsoft Internet Explorer 6.0 or greater.


Session freeze when starting Excel

Windows 2003 Enterprise (32 bit), Citrix XenApp 5, RES Workspace Manager 2011, McAfee VirusScan Enterprise 8.7.0i.

When a opening an Excel workbook from Sharepoint the whole session freezes.

I asked the user to open an Excel workbook from Sharepoint and I noticed the following popup:

Some files can harm your computer. If the file information looks suspicious or you do not fully trust the source, do not open the file | You are opening the following file: | File name: My Workbook.xls | From: Sharepoint

So my first thought was that the user somehow clicked this message to the background and IE was waiting for a response.