Innovative Technology Weblog

One of the most anticipated features of SCCM 2007 R2 is “App-V Integration”. We have recently tested the end-to-end scenario for this integration and we can say with confidence: it BLOWS . In a nutshell, by integrating App-V with SCCM you lose App-V’s best features and reduce the solution to something that’s even worse than SCCM by itself!

So what happens when you enable the App-V/SCCM integration feature in the SCCM Management Console?

• Control of the App-V client is seized by the SCCM client. If you had App-V running on its own before you enabled the integration, you’ll notice that all App-V apps that are published through App-V’s Publishing Server are now rendered invalid. On launch you’ll get a “Unable to initialize package information (0×00000000)” error.
• You must now publish your App-V apps through SCCM as “Virtual Application Packages”. This works by importing the .XML file of the App-V package. SCCM will distribute the packages to its Distribution Points and you can enable those Distribution Points for HTTP(S) streaming.
• To get the App-V apps to your clients, you’ll have to create SCCM advertisements. Basically SCCM advertisements replace the App-V Publishing Server. The behavior of getting App-V apps to your desktop now becomes eerily similar to SCCM’s way of installing applications. No more getting your shortcuts immediately upon logon (like you get with App-V); you will have to go get a cup of coffee and hope that SCCM is willing to give you your apps today.
• If you created non-mandatory assignments, then you’ll have to go to Add/Remove Programs yourself and click “Run” for all the apps that you want. However clicking “Run” doesn’t actually run your app, it only registers the App-V app with the local App-V client. Don’t expect to see any progress bar or visual feedback that the registration actually happened; just keep scouring around in your Start Menu in hope of finding the shortcuts for your new app.
• If you created mandatory assignments, you’ll get one or more notifications from SCCM (after some time ofcourse) that SCCM has App-V apps for you that it would like to register with the local App-V client. It will do that on *every* desktop you logon to. Prepare to spend quite a bit of quality time with the SCCM Client…
• If you’re using either Windows Terminal Services or Fast User Switching in Vista, you’re SOL because the SCCM Client is allergic to terminal sessions. You’ll get a message telling you that “No programs are available to run from a Terminal Services session”. How nice. If you happen to be running the console session, you won’t notice this limitation because at the console session, everything works just fine. So make sure you also test your solution via a terminal session so you won’t get caught by surprise.

As a result of the findings described above, we were pretty disappointed with the solution and decided to reverse our decision to integrate App-V with SCCM. However we did like the idea of using SCCM Distribution Points to stream App-V apps from. So we had a go at doing a manual integration of App-V with SCCM so that we could use just the SCCM parts we wanted. The idea was inspired by Tim Mangan’s article which included this diagram:

In his article he never got around to actually testing if it was possible to stream an application that was published by App-V’s Publishing Server from an SCCM Distribution Point. He only verified that is was possible to install the App-V app through an MSI with SCCM. So we ventured to get HTTP streaming working against SCCM Distribution Points, with the shortcuts still being provided by an App-V Publishing Server. In a nutshell: it works! You do have to setup a few mechanisms to get load balancing working though.

Here is how it works:

• First and foremost: disable the App-V integration with SCCM. To do this, go to the SCCM Console -> Site Database -> Site Management -> <Site> -> Site Settings -> Client Agents -> Advertised Programs Client Agent -> Properties and make sure “Allow virtual application package advertisement” is NOT selected.
• Enable your SCCM Distribution Points for BITS, HTTP and HTTPS content transfer. To do this, go to the SCCM Console -> Site Database -> Site Management -> <Site> -> Site Settings -> Site Systems -> <your DP> -> ConfigMgr distribution point -> Properties and select “Allow clients to transfer content from this distribution point using BITS, HTTP and HTTPS”.
• We found that (at least in the RTM version of SCCM 2007 R2) you don’t have to enable “virtual application streaming” on the “Virtual Applications” tab of the distribution point to be able to stream from a SCCM DP when using our manual integration. The added benefit of this is that you can now also use Secondary Site DP’s as streaming servers!
• Set up an App-V Management Server on any server you like. You can even set it up on a SCCM server, it doesn’t matter. Use the default installation settings for the entire installation. After installation, set the Default Content Path to the following: http://%SFT_SOFTGRIDSERVER%
• Add an App-V package to SCCM for distribution and streaming:
  • Go to the SCCM Console -> Site Database -> Computer Management -> Software Distribution -> Packages -> New -> Package. Enter the information about your package and click Next. Select “This package contains source files” and set the Source Directory to the location of your App-V package and click Finish. Note that you import the App-V package as a normal SCCM package and NOT as a Virtual Application Package. Importing it as a Virtual Application Package will cause the .SFT file in the App-V package to be renamed and cause the .SFT file to be added to not 1 but 2 locations on each SCCM Distribution Point, doubling storage requirements.
  • When the package is added to SCCM, find the Package ID and use it to update the streaming location in the App-V OSD files. For each OSD file in your App-V package, update the HREF statement to HTTP://%SFT_SOFTGRIDSERVER%/SMS_DP$/SMSPKG/<your SCCM Package ID>/<name of your SFT file>
    (If you are using a File Share Distribution Point, the IIS vdir may be different than SMS_DP$. Verify the vdir name in IIS Manager and ensure that all DP’s are either standard DP’s or File Share DP’s.)
  • Now add some SCCM Distribution Points to your package so that SCCM can distribute the App-V content
• Import the same App-V package into the App-V Management Server so that you can distribute the shortcuts and set permissions:
  • On the App-V Management Server, go to the App-V Management Console, go to Applications
    -> Import Application and go to the same App-V package folder. Select the .SPRJ file and click Open. Perform your regular App-V import steps and finish the import.
  • The imported applications in the App-V Management Console should now show the correct http:// paths to both the OSD file(s) and the SFT file(s).
• That’s it! Now just configure your App-V Clients on the desktops to use your newly setup App-V Management Server by configuring a Publishing Server and use Group Policy to set the %SFT_SOFTGRIDSERVER% to the name of a SCCM Distribution Point nearby. We set this variable to DNS name that uses DNS Round Robin to distribute the load to multiple DP’s.

Last tuesday, October 14th 2008, Getronics delivered an impromptu musical to commuters in the main central trainstation Utrecht CS in The Netherlands. Travelers were astonished, then positively surprised with this latest marketing stunt from the newly revitalized IT company.

Watch the video on YouTube

In an act of “endeavoring to deliver a release with support [that] customers deem important” VMware accidentally left a licensing timebomb enabled in the build that it shipped to customers about three weeks ago. The timebomb causes all installed licenses for ESX to be regarded as invalid on August 12, 2008. This in turn causes virtual machines to not be allowed to start from a powerdown or suspended state or allow virtual machines to be VMotioned to another ESX host.

VMware provides one way to prevent encountering the problem and one temporary workaround until they can provide a patch: VMware has released express patches to remedy the problem.

Full repeat of VMware’s latest e-mail advisory:

Dear VMware Customers,

We have released the express patches for the product expiration issue. Please go to http://www.vmware.com/go/esxexpresspatches for download and KB articles. Since our last customer email we have completed our verification tests that the express patches we’ve released are fully compatible with the VMware Update Manager. Please see the KB articles for deployment information regarding Update Manager.

The KB articles are kept up-to-date. Please refer to the KB articles for information and updates.

In our last update, we referred to an initiative by our support and engineering teams to find an option to apply the patch without the necessity of entering maintenance mode and VMotion of VM’s to other servers, or VM power-off and re-power-on. Our earlier tests have not found a consistently successful way to address this. We continue to investigate this possibility, as we know that it would reduce the maintenance burden on our customers who may not have a patched server available for VMotion.

We are on target to release updated versions of the ESX/ESXi 3.5 Update 2 patch at 6 PM PST today. This is for customers who have not already upgraded to the previously released version of ESX/ESXi 3.5 Update 2

Thank you,

The VMware ESX Product Team

Problem:

An issue has been discovered by many VMware customers and partners with ESX Update 2 (build number 103909) and ESXi 3.5 Update 2 (build number 103908) where Virtual Machines fail to power on or VMotion successfully. This problem began to occur on August 12, 2008 for customers that had upgraded to ESX 3.5 Update 2. The problem is caused by a build timeout that was mistakenly left enabled for the release build.

The following message is displayed in the vmware.log file for the virtual machine:

This product has expired. Be sure that your host machine’s date and time are set correctly.
There is a more recent version available at the VMware web site: http://www.vmware.com/info?id=4.
————–
Module License Power on failed.

Affected Products:

- VMware ESX 3.5 Update 2 & ESXi 3.5 Update 2. Thank you, The VMware ESX Product Team

- The problem will be seen if ESX350-200806201-UG is applied to a system.

- No other VMware products are affected.

Resolution:

VMware Engineering has produced express patches for impacted customers to resolve the issue

I have had a love/hate relationship with the VMWare Server 2 beta for the last couple of months and today, I’m sorry to say we have parted ways. First up, my quarrel is not with VMWare products as a whole (I still love Workstation and ESX) but frankly with the poor interaction you get with VMWare in their own beta programs. It really is a far, far cry from the type of interaction and feedback you get in the Microsoft beta programs…

I would have been able to live with the lack of interaction if I weren’t having any major problems with the product. But as such things go, I ran into one showstopping problem… It turns out that on my hardware (which is a big, tricked out server that cost a small fortune and which I am not replacing) VMWare Server 2 had major issues correctly virtualizing Windows Server 2008 x64. Just that one OS. Everything else worked fine: Windows 2003 x86 & x64, even Windows 2008 x86 ran without a hitch. It has to be said that this is not a generic problem, since most others either don’t run into the problem (on a HP nx6325 laptop I also have no issues whatsoever), or they just don’t understand why things are breaking. But I’m certainly not the only one, judging from the replies and the 300+ views on the thread I posted in the VMWare Server 2 beta 2 community.

Now, I could manage without Windows 2008 x64 servers for a good while, since Exchange 2007 also runs on Windows 2003 (or if you’re really nuts like me, you can hack the x86 version on Windows 2008 into production ). But now that I’m participating in the Exchange ‘14’ TAP, I just have to have a Windows 2008 x64 machine. Either that or just don’t bother at all.

In my experience with Microsoft Technology Adoption Programs, Microsoft usually goes above and beyond to help their customers if they run into a blocking problem with the product, even if you are the only customer experiencing the problem. The experience with VMWare was pretty much the opposite, unfortunately. I have filed not one but two Support Requests and never have gotten more interaction than the support engineer asking me to run their support-info-gathering script (vm-support.vbs) and attaching the output to the Support Request. After that, either the support engineers go deaf or they just can’t help me anymore

So now I have grown tired of waiting for information that won’t come and I have decided to uninstall VMWare Server 2 and install VMWare Workstation 6 instead. I would’ve installed Hyper-V, but alas my 1st gen AMD Opterons don’t support the CPU Virtualization extensions needed for Hyper-V…

I’m actually quite sad to see VMWare Server 2 go, because I really liked the way you could manage VMWare Server 2 via the standard VMWare Virtual Infrastructure Client, even over the internet. I liked where VMWare Server 2 was going but it seems it was just to immature for my bleeding-edge needs…

Anyway, Workstation 6 has taken over now and my first Exchange ‘14’ server is (virtually) buzzing with a large grin

That’s a dozen more mailboxes to add to the running-Exchange-‘14’-in-production-count, DavidEsp!

I ran into a problem today (Feb 29th 2008) while installing a second Exchange 2007 server. The issue first became evident when noticed that I couldn’t move mailboxes from one MBX server to another. The error message I was getting everytime was “The Exchange server address list service is not running on SERVERX”…etc. I tried to find more info on the web and noticed that more people all around the world were experiencing similar issues, always with the Address List Service not running as the root problem. Me (and many others) were thinking that this could have something to do with the Exchange Rollup 1 patch for Exchange 2007 SP1, but even after removing it from all my Exchange servers the issue remained. Now finally, the root cause has been found: Exchange chokes on todays date!

It turns out an actual leap year bug has found its way into the Exchange 2007 product, causing problems all around the world. Changing the date has been confirmed both by Microsoft PSS and from people in the field to fix the problem. For everyone who can’t or won’t temporarily change the date of their entire system, you will have to wait until after midnight before you get everything back to normal (I sure don’t blame you, I have to wait as well). I do recommend rebooting your Exchange servers after midnight because I don’t think the Address List Service will come back online on its own.

A leap year bug….sheesh!

Read more about it here: http://forums.microsoft.com/TechNet/ShowPost.aspx?PageIndex=1&SiteID=17&PageID=1&PostID=2928121