SMART Notebook 11.4 and App-V 5.0

After some discussion during AppV User Group in Amsterdam about sequencing SMART Notebook I decided to post some steps and topics that could show up when sequencing SMART Notebook with App-V 5.0 SP2.

Pre-sequencing

Download the web-installer, the drivers and any potential galleries you would like to use from SMARTs homepage. Drivers have to be deployed seperately as they can not be virtualized, and therefore it might also be a good idea to install them as a prerequisite on the sequencer.

Regardless if you have been using App-V 4.6 or App-V 5.0, the architecture of your operating system is important. Notebook has some hard-coded paths, and therefore my recommendation would be to create a package for each type of architecture. In this post, Windows 7 x64 will be the one used – both for my sequencer and my client.

Sequencing

Apart from performing an ordinary installation the following choices were made;

PVAD was set to c:\dummy

Installation was set to the default folder suggested by the installer.

I did not start any application during sequencing.

To disable the automatic check for updates everyday the following needs to be set.

1. Set the following registry key.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SMART Technologies\Product Update]
"CheckUpdates"=dword:00000000 

2. Remove the shortcut to SMART Product Update

Post-sequencing

Enable interaction with the local system using the Advanced-tab in Editing mode.

image

SMART Notebook does come with a few drivers, and these drivers can not be virtualized. To leverage them you would need to extract them and deploy them natively. Here comes methods which you can use to extract and deploy the drivers;

Drivers downloaded

To gain full functionality you would need to extract the drivers. The web-installer will download everything for you into the following folder, however it will remove all the contents once it is completed the installation.

%TEMP%\SMARTInstallWrapper\Wrapper_11.4.520.1\

Primarily the following contents are important if you want to deploy the drivers;

SMART Common Files, SMART Product Drivers

They are downloaded with easy to deploy MSI-files and corresponding language files, so to add them as a seperate pre-requisites shouldn’t be to complicated.

Drivers installed

In addition to the above drivers, there are additional drivers installed – which the sequencer will warn us about. image

Look within the installation of SMART and find the following folder;


C:\Program Files (x86)\SMART Technologies\Education Software\Printer Drivers\

Extract the folder, and save a copy. To install the driver, you would need to use the following command-line;

"C:\driver\XPSPrintCapturex64.exe" -i -p "C:\driver\\"

C:\driver would contain the entire contents of Printer Drivers, looking something like this;

image

We can find the installation-routine by checking the CustomAction table from the downloaded MSI-installation of SMART Notebook;

image

Using the same method the uninstall command can also be found;

image

Summary

You should now have the ability to gather Everything you need to virtualize SMART Notebook. Depending on your infrastructure, all of this can be wrapped into multiple installers, scripts or similiar things to easily deploy to your endpoints.

Adobe Creative Cloud and integration (and the challenge with AppV)

Adobe Creative Cloud is the latest way that Adobe will now offer software on a subscription model (or software as a service, or the cloud, or… well whats the new buzzword?). This allows customers to pick and select what software they want to use, download the media and then install the software they desire.

The installers are quite hefty and if you download almost all software within a suite you end up with a big-bundle of software in a rock-solid 16gb installation package. Even splitting up everything into an installation package per software (such as Photoshop..) the installation itself usually weigh in at 1-2gb.

Usually the software are standalone applications, however two pieces within the suite offer integration across applications. Adobe Bridge and Extendscript Toolkit seem to integrate into just about any piece of software.

Lets run through a few examples;

Any software allows the immediate jump to Adobe Bridge;

image

Adobe Bridge has the ability to execute startup scripts and each software installed will provide their own set;

image

Extendscript Toolkit will list all software (and the objects they are using);

image

It seems that the ability to integrate between these different pieces of software is a mixture of feature enablement and simple listing of folders.

The startup-scripts for Adobe Bridge for example seem to directly correlate to the amount of folders listed within the Startupscripts CC folder;

image

The ability to directly see different pieces of software through Extendscript Toolkit and the ability to invoke Adobe Bridge doesn’t seem to be related to the enumeration of any folder.

After reviewing procmon activity for quite a while there seems to only be single processing of a file that I didn’t fully explain. Now, this seems “easy to identify”, right? Keep in mind that I stated that there is _one_ file which is processed during startup that I didn’t fully explained. This means; I have taken the time to understand every single file which Bridge reads, or attempts to read during startup. I also processed captures when starting Bridge from any other suite, or when Extendscript Toolkit started.

image

Yes, figuring this out took me about 3 days of just reviewing and explaning every single line that Process Monitor gave me during a few use cases. Process Monitor doesn’t tell you whats wrong – it tells you what happens.

 

image

Once realising that this file was unexplained it is time to understand it a bit more…

The PCD.DB file, which is an unknown extension, was processed during each startup. If opening the file with notepad the following showed up;

image

SQLite Format 3 seems to relate to a database and after a quick search a utility to browse the database was found -  named SQLite Database Browser.

Cracking the PCD.DB file with SQLite DB Browser immediately showed this;

image

Reviewing the data using Browse Data tab the contents could be immediately spotted;

image

 

Why is this relevant? It seems that the integration between different pieces of the Adobe-suite has a check against this database if the component that it wants to integrate with is actually installed. As everything is contained into a single file it becomes a nightmare to manage in – lets say… – a Connection Group within App-V. In essence it means that the last file that gets read is the one that sets the stage for all Adobe-software. For example:

You create a package with Adobe Photoshop.

You create a new package with Adobe Bridge

If the Photoshop-package is the last one to load, the db-file will not contain any information about Adobe Bridge (as it is effectively overwritten by the one created in the Photoshop-package).

How do you handle it? You start with the worst case scenario!

Generate a package with all software you are licensed to install, install it and then save a copy of the PCD.DB.

Insert this file into every single Adobe (CC)-package you will create and the integration will work without issues!

Apple itunes 11.1.4 and Software License agreement (and Process Monitor)

After discussing the an upgrade of iTunes throughout the organization and the implications of suppressing the forced Software License Agreement within iTunes on the initial launch I decided to go on a discovery with the iTunes application.

Previously all packagers have surpressed the Software License Agreement by providing the iTunesPrefs.xml file within the package and placed a copy within both %APPDATA% and %LOCALAPPDATA%. During an upgrade the fact that such a file would be replaced of course overwrites any user preferences. Potentially we could provide some additional scripting to crack open the files and replace any particular value that would tell iTunes that the Software License Agreement is accepted. The value (for 11.1.4) looks like this in %APPDATA%;


<key>license-agreements</key>

<dict> <key>EA1068</key> <true/>

</dict>

Thats a lot of work. And I am lazy.

Let’s review the start-up process of iTunes, without having accepted the Software License Agreement in Process Monitor

The actual license-agreement is obtained from a file called License.rtf, so we can easily search for this file within Process Monitor to see just about where iTunes is deciding to show the Software License Agreement.

image

If we review the activity above we can spot that pre-reading the License.rtf file (sv.lproj is for Swedish – so I am getting a Swedish license agreement) it checks a few registry keys and the file iTunesPrefs.xml. Obviously the checking of the iTunesPrefs.xml-file is to check wether or not this particular user had accepted the license agreement. However, the check for the registry key within HKEY_LOCAL_MACHINE was a bit unexpected. Actually it is looking for the registry value SLA – Software License Agreement. Unfortunately there is no documentation of this value anywhere. Obvious one is just to create a DWORD with a value of either 1 or 0. Neither changes the behavior of iTunes, however it can be confirmed that iTunes does read the value. Creating a string (REG_SZ) with a 1,0,Yes,No,Accepted, iTunes or any other value doesn’t change anything.

It seems to be a perfect fit though? The name SLA seems to fit the scenario, however what value can actually change the behavior of iTunes? Within %APPDATA%\Apple Computer\iTunes and the file iTunesPrefs.xml there actually is an answer to the question. It seems that setting the same value as located within iTunesPrefs.xml gets iTunes to suppress the presentation of SLA for all users on machine.

image

The value seems to change for every new version of iTunes– so with a new version of iTunes one would have to accept it once manually and extract the necessary value from the iTunesPrefs.xml-file

Final registry key from a Windows 7 x64;


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\iTunes]
"SLA"="EA1068"

Let’s wrap up a MST-file for easy deployment!

Desktop shortcut

Stops the desktop shortcut from beeing created

Goto the InstallExecuteSequence-table and set the following;

image

Language / Software Update / Suppress reboot / SLA

Forces the language to English, disable the Software Update and suppress any reboot – aswell as allow the installation to complete by accepting SLA

Goto the Property-table and set the following;

image

iTunes lockdown and SLA

Lockdowns any feature you want of iTunes and suppresses the SLA prompt. For a full explanation of the Parental Control feature within iTunes you can read the Apple-published article; How to manage iTunes Control features. The suggested value below will do some basic lockdown such as disabling checks for new versions

Goto the Registry-table;

image

Finally a nice clean installation for iTunes!

Redistribute Failed Packages in ConfigMgr

Since the topic of redistributing failed packages is quite often surfacing in larger environments and there are quite a few PowerShell scripts out there to achieve this.

David O´Brien has written a PowerShell script that redistributes all packages that has any state (but successfull) to all DPs. In a larger environment this would be very risky (consider the amount of bandwidth you could potentially consume).

David went about the task by looking up the current state of the SMS_PackageStatusDistPointsSummarizer which has 7 states of a package , and then looping through all packages for all DPs and initiate the operation RefreshNow for each package and DP.

Within SCCM 2012 R2 there seems to be 9 possible states of a package, where a state 7 and 8 seems to be undocumented. State 7 would indicate that the source-files were not reachable for the SCCM 2012 server, and State 8 would indicate that a package validation failed (for any reason).

Quite often the need is more targeted and in particular we are required to only verify a single package or distribution point. As we would go through the console to check the state of a package and look under Content Status to see – it would be easiest to simply trigger a redistribute action for all DPs that are reported as failed. Previously Greg Ramsey released the great tool to start the action Validate All DPs, which can be initiated from any package under Content Status. Great tool! Lets take that one step further and create two additional menus within Configuration Manager console!

Redistribute a package to all DPs where it failed under Content Status

image

image


Param(
[Parameter(Mandatory=$true)]
[String]$SiteSrv,
[Parameter(Mandatory=$false)]
[String]$SiteNamespace,
[Parameter(Mandatory=$True)]
[String]$PackageID
)

$SiteCode = $SiteNamespace.Substring(14)

Write-Host "Checking" $PackageID -ForegroundColor red
Write-host "Will check for Installed Failed status (3) and Validation Failed (8)"
Write-Host ""

$sOpt = New-CimSessionOption –Protocol DCOM
$SiteServerCIM = New-CimSession -ComputerName $SiteSrv -SessionOption $sOpt

$DPs =  Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_PackageStatusDistPointsSummarizer -Filter "PackageID = '$($PackageID)' AND (State = '3' OR State = '8')"
if ($DPs -ne $null)
{
$Count = $DPs |measure
Write-Host "There are $($Count.count) failed DPs at the moment."
Write-Host "Press any key to redistribute..."
Write-Host ""
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
foreach ($dp in $DPs) {
Write-Host "Redistributing $($DP.PackageID) to $($DP.ServerNALPath.Substring(12,7))...." -ForegroundColor Green
try {

Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_DistributionPoint -Filter "PackageID='$($DP.PackageID)' and ServerNALPath like '%$($DP.ServerNALPath.Substring(12,7))%'" | Set-CimInstance -Property @{RefreshNow = $true}
}
catch {
Write-Host "Failed to redistribute to $($DP.ServerNALPath.Substring(12,7))" -ForegroundColor Red
}

}
Write-Host "Press any key to close window...."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
}
else
{
Write-Host "There are no Failed DPs" -ForegroundColor Green
Write-Host "Press any key to close..."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

}

Remove-CimSession -CimSession $SiteServerCIM 

Create the following XML-file to enable the right-click menu under Content Status. The file should be placed in the following folder;

14214306-59f0-46cf-b453-a649f2a249e1


<ActionDescription Class="Executable" DisplayName="Redistribute to all failed DPs" MnemonicDisplayName="Redistribute to all failed DPs" Description = "Redistribute to all failed DPs" RibbonDisplayType="TextAndSmallImage">
<ShowOn>
<string>ContextMenu</string>
<string>DefaultHomeTab</string>
</ShowOn>
<Executable>
<FilePath>PowerShell.exe</FilePath>
<Parameters>-Executionpolicy bypass -nologo -WindowStyle normal -command "&amp; 'C:\PowerShellScripts\RedistFailed.ps1' '##SUB:__Server##' '##SUB:__Namespace##' '##SUB:PackageID##'" </Parameters>
</Executable>
</ActionDescription>

To enable a second menu under Distribution Point Configuration Status you can use the following script;

image

image


Param(
[Parameter(Mandatory=$true)]
[String]$SiteSrv,
[Parameter(Mandatory=$false)]
[String]$SiteNamespace,
[Parameter(Mandatory=$True)]
[String]$Server
)

$SiteCode = $SiteNamespace.Substring(14)

Write-Host "Checking" $Server -ForegroundColor red
Write-host "Will check for all failed packages (NOT State 0)"
Write-Host ""

$sOpt = New-CimSessionOption –Protocol DCOM
$SiteServerCIM = New-CimSession -ComputerName $SiteSrv -SessionOption $sOpt
try {
$pkgs =  Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_PackageStatusDistPointsSummarizer -Filter "ServerNALPath like '%$($Server)%' AND (State != '0')"

if ($pkgs -ne $null)
{
$Count = $pkgs |measure
Write-Host "There are $($Count.count) failed packages at the moment."
Write-Host "Press any key to redistribute..."
Write-Host ""
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
foreach ($pkg in $pkgs) {
Write-Host "Redistributing $($pkg.PackageID) to $($Server)...." -ForegroundColor Green
try {
Get-CimInstance -CimSession $SiteServerCIM -Namespace $SiteNamespace -ClassName SMS_DistributionPoint -Filter "PackageID='$($pkg.PackageID)' and ServerNALPath like '%$($Server)%'" | Set-CimInstance -Property @{RefreshNow = $true}
}
catch {
Write-Host "Failed to redistribute to $($pkg.ServerNALPath.Substring(12,7))" -ForegroundColor Red
}

}
Write-Host "Press any key to close window...."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
}
else
{
Write-Host "There are no Failed pkgs" -ForegroundColor Green
Write-Host "Press any key to close..."
$a = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

}

Remove-CimSession -CimSession $SiteServerCIM

}
Catch {
Write-Error "Failed to query $($Sitesrv)"
Remove-CimSession -CimSession $SiteServerCIM
} 

To enable the right-click menu, create a new XML-file under the following folder;

d8718784-99d5-4449-bc28-a26631fafc07

Content;

<ActionDescription Class="Executable" DisplayName="Redistribute all failed Pkgs" MnemonicDisplayName="Redistribute all failed Pkgs" Description = "Redistribute all failed Pkgs" RibbonDisplayType="TextAndSmallImage">
<ShowOn>
<string>ContextMenu</string>
<string>DefaultHomeTab</string>
</ShowOn>
<Executable>
<FilePath>PowerShell.exe</FilePath>
<Parameters>-Executionpolicy bypass -nologo -WindowStyle normal -command "&amp; 'C:\PowerShellScripts\redistfailedpkgstodp.ps1' '##SUB:__Server##' '##SUB:__Namespace##' '##SUB:NAME##'" </Parameters>
</Executable>
</ActionDescription> 

You can download the scripts from here, but you need to copy the XML-files into the folder of the Admin-Console yourself to make them visible.

Location;

c:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\Extensions\Actions

Adobe Reader Security – Trusted certificates

When Adobe Reader XI 11.0.0.6 was released there was suddenly a new pop-up once you open Adobe Reader for the first time, and had settings in the profile from an older Adobe Reader X installation.

image

The message reads;

Trusted certificates from your previous version of Adobe Reader were found. Would you like to import them?

Any certificates that are not imported in this step will not be available in this version of Adobe Reader.

Adobe calls this the Addressbook and apparently this specific feature is the Addressbook Import.

There is a setting within the Windows Registry reference (under Security –> Addressbook Import) that documents three options an administrator can make to avoid having this nagging users.

The setting is “iImportAddressBook” and has three options;

  • 0: Do not copy the old address book. The user is NOT prompted and the address book should NOT be installed.
  • 1 or null: Default: The user is asked whether the address book should either be installed or not.
  • 2: Import the address book silently.

To suppress this message, and silently import the address book you can set it the suggested DWORD-value to 2. It would look something like this;

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Security\cDigSig]
 "iImportAddressBook"=dword:00000002

If you need this to be part of the deployment the suggestion is to add this value as part of the Registry. Recommended approach is to use Adobe Customization Wizard XI – if using the Adobe supported editor the registry key will be part of their custom MSI table EnterpriseRegistries.

App-V 5 Error codes

As App-V 5 introduces lots of new error codes – here comes a summary of a few of them. After reviewing a few of the error codes there are some great sharing among people who are writing blog-articles!

See Ralph Jansens summary for App-V 5 error codes

App-V error codes

Application  Launch failures

Error code: 0C80070057
Summary Solution: Upgrade to App-V 5.0 SP2
http://blogs.technet.com/b/virtualvibes/archive/2013/06/13/0c80070057-app-v-error-code.aspx

Error code: 0xFD01F25-0x7B
Solution Summary; Delete desktop.ini files within package
http://t3chn1ck.wordpress.com/2014/01/16/app-v-5-0-error-0xfd01f25-0x7b/

Error code: 0xc0000142
Solution Summary; Enable 8.3 Name creation on NTFS-volumes, or ensure that the client computer account has access to the source-files.
http://support.microsoft.com/kb/2777003/
http://cloudsurvivalguide.com/tag/0xc0000142/
http://blogs.technet.com/b/gladiatormsft/archive/2013/06/11/app-v-5-0-on-these-0xc0000142-errors-and-where-they-are-coming-from.aspx
http://blogs.msdn.com/b/sgern/archive/2013/11/14/10467791.aspx

Error code:Microsoft App-V Client” terminated with service-specific error: {Error in Application} The application failed to start properly (0x%lx).
Solution Summary; Uninstall App-V Client, Delete c:\programdata\appv and then reinstall App-V Client
http://social.technet.microsoft.com/Forums/en-US/80816b21-e0d1-41e0-bb74-c9eb1dc25a34/the-application-failed-to-start-properly-after-update-to-sp2?forum=mdopappv
http://social.technet.microsoft.com/Forums/en-US/c18b9678-3fbb-42c0-8427-c8401ee5a40d/appv-client-5-service-can-not-start-error-575?forum=mdopappv
http://blogs.msdn.com/b/sgern/archive/2013/03/21/10404146.aspx

Error code:0x83401D2A-80070490
Summary solution: Verify that you haven’t delete anything from the sequence that is required.
http://blogs.technet.com/b/virtualworld/archive/2013/05/24/app-v-5-0-error-virtual-fonts-subsystem-failure-on-first-launch.aspx

Error code: 0x8e90060a-003000F
Summary Solution: Conflicting settings between packages part of a Connection Group. Presumably resolved in App-V 5.0 SP2
http://ictworkspace.wordpress.com/2013/03/14/microsoft-app-v-5-connectiongroups-and-errors/

Error code:0x41e04304-00000028
Summary Solution: A package is part of to many Connection Groups with the same priority. Either prioritize the Connection Groups or remove it from one Connection Group.

Publishing failures

Error code:0×59701607 – 0xB
Solution summary: Delete user profile
http://social.technet.microsoft.com/Forums/en-US/f88bc1f6-569e-4c63-8343-bf676a1257f3/appv-5-part-or-all-packages-publish-failed?forum=mdopappv

Error code:0x4FC01304-0×80070003
Solution Summary; Execute the following Powershell commands;

Remove-AppvClientPackage *
Get-AppvPublishingServer | Sync-AppvPublishingServer

http://trentent.blogspot.de/2013/02/appv-5-issues.html

Error code:0x87D01280 Virtual application is in use
Summary Solution; As of App-V 5.0 SP2 a package in use is diverted to be removed at next reboot / logon. Stop the package to remove it immediately
http://www.applepie.se/app-v-5-0-sp2-and-pending-removal-update
http://blogs.technet.com/b/virtualvibes/archive/2013/12/03/pending-tasks-in-app-v-5-0-sp2.aspx

Error code:0×80190190
Summary Solution; Allow greater kerberos-tickets. Error code results in ACCESS DENIED.
Implement the following registry key;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"MaxFieldLength"=dword:0000fffe
"MaxRequestBytes"=dword:01000000

http://social.technet.microsoft.com/Forums/en-US/15035eed-e52c-4fa5-bd54-135c616f7b3e/appv-5-client-configuration-publishing-refresh-error-0×80190190?forum=mdopappv

Error code: 0x45500D27-0×80190191
Summary Solution: Ensure that AUTHENTICATED USERS is member of User group on Publishing Server.
http://blogs.technet.com/b/virtualworld/archive/2013/11/21/debugging-app-v-5-0-error-code-0x45500d27-0×80190191.aspx

Error code:0×80190194
Summary Solution; Error code means 404 response from web-host. Ensure that you have the right URL and port for the publishing server you configured.
http://social.technet.microsoft.com/Forums/en-US/c7e40a19-56c9-481a-bf87-fcb4c8bbd42d/problem-with-configuring-appv-client-50-with-publishing-server?forum=mdopappv
http://social.technet.microsoft.com/Forums/en-US/eb998be3-0915-4d7a-96af-7249c139276a/appv-50-sync-error-httprequest-sendrequest-failed?forum=mdopappv

Error Code: 070000000B
Summary Solution: Install all the pre-requisites for the App-V Client. In particular http://support.microsoft.com/kb/2533623/
http://social.technet.microsoft.com/Forums/en-US/ed9af6d5-7f09-45af-891f-444f4af8de26/unable-to-publish-a-package-in-app-v-50-client?forum=mdopappv

Add package

Error code:0C80070002
Summary Solution; App-V Package installation root is diverted, and a temp-folder is required. Create the folder temp at the same level as the App-V package installation root
http://social.technet.microsoft.com/Forums/en-US/849af455-5a1f-477a-bb29-430153587b7b/addappvclientpackage-fails-with-error-0c80070002?forum=mdopappv

Oracle Java JRE 7 Update 51 MST

imageI created an MST-file for the Oracle JRE 7 Update 51 MSI and thought it would be a good idea to make it available for download.

Do note that in JRE 7 U45 there is a new exception-list which can be configured – another potential way to customize your package. See the exceptionlist documentation

How do you retrieve the Java 7 MSI-files?

See this FAQ answer for Oracle;

https://java.com/en/download/faq/msi.xml

Very detailed guide;

http://www.74k.org/extracting-java-msi-from-java-exe

How do you pre-configure settings for the deployment?

See this very detailed explanation from Oracle about deployment.properties;

http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/properties.html#overview

What does the MST file contain?

Registry-key to disable updates

[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
"EnableJavaUpdate"=dword:00000000
"EnableAutoUpdateCheck"=dword:00000000

Properties set to set security level for web-browsers to medium

WEB_JAVA_SECURITY_LEVEL set to M

(options are V for Very High and H for High (default)

Custom action to remove start menu shortcuts

Will remove the following directory;

%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Java

Download the MST-file here

There is a very detailed post on Itninja about the possibilites for deployment if more tweaking is necessary.

Identify CustomActions using Process Monitor

SysInternals has for a long time provided us with the valuable tool Process Monitor, which everyday presents new use cases.

While troubleshooting an installation that seemed to be running a specific CustomAction once a self-heal was initiated and in error set a few registry keys to an odd-value.

The registry-keys could not be located within the Registry-table and there was a ridiculus amount of CustomActions.

Registry key that was wrongfully set looked like this (when it was not correct);

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Taylor\Workbench\Installed Products]
"Proficy Machine Edition (TM)"="v5.50 Build 3655"
"View"="v5.50 Build 3655"
"Logic Developer - PLC "="v5.50 Build 3655"

Unfortunately, none of the CustomActions had very descriptive names as to which one would touch this key and there were a lot of them. A lot. Infact they started at 5750 and stopped at 6720 in the InstallExecuteSequence table.

How do you identify a CustomAction which sets a registry key ? Using timestamps in Process Monitor of course!

A fare warning before you start the steps; A lot of memory will be required due to the capture of Process Monitor

1. Fire up Process Monitor and let it monitor. No filter needs to be applied immediately.

2. Initiate the installation using verbose-logging. A sample command-line could look like this;

msiexec /i install.msi /qb TRANSFORMS=install.mst /l*v install.log

3. Once the installation is completed, stop the monitoring within Process Monitor.

4. Search for the registry key (or file if that is your case). As we are looking for when the registry key is updated, certain operations aren’t applicable. For example, RegOpenKey isn’t something that corresponds to the operation we are looking for. Therefore you can exclude this and avoid a lot of traversing through unnecessary finds.

As you can see, searching can take a bit of time;

image

The 3 million rows are quite heavy;

image

5. Once the applicable registry key is found and the RegSetValue is located the timestamp is located.

(click the image to see all of it)

image

6. Review the log-file generated during the installation and find the corresponding timestamp (12:04:11,972791 is the time in the screenshot).

The accuracy of Process Monitor has given us a very precise timestamp (972791 are the last digits) and we can easily see that during the time-slot of 12:04:11 there are 7 different CustomActions occuring, however only two occur within the reach of 12:04:11:97~.

image

As the FindfxViewVersion1 is actually executed after the timestamp, we can safely assume that it is the FindFrameWorXVersion that is setting the registry key in question.

7. Looking at the InstallExecuteSequence table the CustomAction is set to run at sequence # 6260, however no conditions are set for it.

The CustomAction will in error execute during any repair (and self-heal) and reset the registry keys due to the lack of conditions.

The following modification was done using InstEd to add a condition;

image

You could play around with different conditions that might suite your case and Symantec has provided a great overview of some commonly used scenarios!

ArcReader 10.2 sequenced

imageArcReader is a great viewing tool used through many organizations. I wouldn’t necessary force it to be virtualized primarily for one reason;

It is delivered by ESRI (the company making the software) as an MSI. It does contain quite a few CustomActions, however on a personal level I would consider this a low risk endeavour to deploy using traditional deployment methods.

Prerequisites

Obtain the install files from ESRI. You would need to register, however downloading can be directly from their website.

System requirements are documented in a PDF and there shouldn’t be anything out of the extraordinary if deploying onto a Windows 7 machine. The target environment this post will focus on is Windows 7 x64, and therefore it will be sequenced on Windows 7 x64.

Once downloaded extract all the files (default location is your documents folder);

image

PVAD will be set to c:\program files (x86)\arcgis\arcreader10.2

Sequence

You can choose to install the application with the default options, there isn’t anything in particular that requires altering due to the sequencing process. Recommended is to disable the customer experience improvement program participation.

Post sequencing

It seems that the icon for the ArcReader was detected to be a generic one, there a manual update was required.

For some reason, the first icon was selected.

image