Skip navigation

Category Archives: Windows 2012


okay, I’m glad I can back and write something newish. This post is all about creating event log forwarding , centralized event log and WinRM.

Overview

Why you need centralized event log solution

Windows Event log has always been first line of defense and reflect what happened to your computers.  It will be  your company’s frontier defense line against PTH, or any hack attacks. If any events happened to IT people’s laptop that has privilege account logged in before, it will be great early alert for IT Admin to take action against this account or focus and track it down.

In the ideal world, we would have all events from everyone and understand what exactly happened. But the reality is no one is able to handle that amount of work and whether this can be efficient enough to provide useful information is another question.

If collector servers or clients are offline, the related events will be holding and submit to server once client/server comes back online.

so this is big Yes to nice to have, but how?

Who we are collecting

Because we only monitor very critical and abnormal events (like security logs get wipe out), the chance it happens should be very minimum so we don’t need big space for log collector. We can collect event logs from Laptops, Servers, Desktops which is assigned by computer groups.  We can deploy GPO to enable computers to look for collector for subscriptions. Each computer can submit to multiple collectors at same time.

What we collecting

We only collect critical events like security logs get wipe out, local administrator account get logged in laptop or local administrator group membership has been changed, service get installed at beginning level. Those events will be absolutely critical. We can control which event we want easily for each subscriptions.

What we do with those logs

SCOM can be used to monitor those security logs and alert to related teams for further investigation. SIEM can be used to collect logs from log collect server and log server can overwrite old logs to save disk space.

Enough to say, let’s take some action here.

I’m going to build 1 collector server to collect one client log. Yes, you can use multiple collectors as active active solution just in case one of collectors is down.

In this lab, I’m going to use HTTPS as protocol rather than HTTP.

 

Configuration

Tasks on Collect server

We have quite few things to do on the collect server. The first step is to enable Winrm on the server.

WinRM configuration

WinRM is acting as proxy and interface on the server and passing the request to event log service in the background. Hence we must enable WinRM.

One of precondition to enable WinRM is to enable firewall service. Because when you run winRM qc, following things happened.

The above command will perform the following steps:

  • Start the WinRM service.
  • Set the WinRM service type to auto start.
  • Create an HTTP listener on port 5985 to accept requests on any IP address.
  • Enable firewall exception for WS-Management traffic (for http only)

Note:

In old WinRM, it’s using port 80/443. From WinRM 2.0, it starts to use 5985/5986.

Hence, yes, windows Firewall must be on.

Next, we need to create a new Rule as we are going to use HTTPS 5986.

So You must create Inbound Rules to allow TCP 5986 to work.

If you enable windows firewall, you might want to open following ports as well.

Remote Desktop – User Mode (both TCP/UDP)

File and Printer Sharing (Echo Request – ICMPv4-In)

 

Then, you can run Winrm qc

Winrm qc is Winrm quick config to configures this machine to accept WS-Management request from other machine. (think about Web Proxy)

By default, WinRM can be used for different Resource URIs. It can be used by WMI, IPMI, WinRM Configuration and of course, Eventlog URI.(think about Web proxy acting as front listener and pass information to Exchange or other servers behind firewall).

When client hit on listener, depends on the path of files client API is access, different URIs will respond.

After you run winrm qc, (you also need to start WinRM service on all clients, just need to start service, no need to create listener). you can use following command to test.

You can run Winrm id

event001

This information to prove WinRM is starting correctly. Also it tells you which URI responsible for security profiles.

For detecting client firewall and server whether they can reach to each other, following command can be used.

Winrm id -r:dest_server

Winrm id -r:source_server

event002

now, we need to check whether listener is present.

Winrm e winrm/config/listener

 

event003

Great, now we have a listener which accept request.

But notice it is HTTP protocol, there is no HTTPS?

In terms of getting HTTPS, you would need to have a Web Server certificate. A standard web server certificate will suffice there is no need to create a template for it. Just make sure you put FQDN in common name and DNS name as well. nothing special.

Once the certificate in place, you need to run mmc->Add Certificate snap-in ->Computer account

Double click the certificate (you generated from CA), go to Details and select Thumbprint

event004

Now, you need to high light all details of certificate thumbprint and Ctrl+C to copy the content

winrm create winrm/config/Listener?Address=*+Transport=HTTPS  @{Hostname=”ServerFQDNhere”;CertificateThumbprint=”9d0a10cbafd10fb34ff234a9c3ebbe7bee876d96″}

Modify above commandline with new content from thumbprint and also ServerFQDN, run it in Server command windows.

Use Winrm e winrm/config/listener to double check

You should see HTTPS appears as well.

event005

Notice you got hostname, IP, and Certificate Thumbprint here.

If you somehow want to delete and reset everything because you did something wrong, use following command.

winrm invoke Restore winrm/Config @{}

Be aware this reset winrm configuration. so if you have other important thing on WINRM, you need to be more specific

Now, Winrm is ready to use on Server.

Setup SPN for your server

WinRM is using kerberos as authentication by default, hence SPN is required.

after finishing WinRM, you can double check whether SPN is registered by running

setspn -l servername

then, you are looking for WSMAN/servername and WSMAN/ServerFQDN

If you can’t find it, you must use setspn to create one.

 

Eventlog configuration

Next step is configure Event forwarding subscription.

go to services.msc to make sure Windows event Collector service is running

Remember client will reach server to download subscription to find out what they need to upload.

First, we need to create subscription, open event viewer

event006

 

event007

Notice I select Source computer initiated.

 

event008

the reason I select event 999 is I can only create my event between 1-1000. so 999 is selected here.

event009

select HTTPS and Minmize Latency for the lab fact

click OK, OKAY, then it’s finished.

GPO configuration

Now, we need to create GPO.

There are two basic items you must put into GPO.

first one is the link lead client to server.

 

event010

This is where you configure the link for client seeking collector server. As you can see from the picture, I have setup two servers and one for http, one for HTTPS. Client is able to send events to both servers.

Be aware the format of link has to be Server=http://serverFQDN:5985/wsman/SubscriptionManager/WEC,Refresh=10

The refresh here means how often client contacts server for subscription information. 10 means 10 minutes.

Note:

If you want to refresh client to download latest subscription, best way to do is run gupdate /force

 

The second part of GPO item is security for event log Service.

Event log service on client must allow Network Service to access and transfer events to collector Server. hence, you need to grant permission for it.

The way you do is as following:

log on to client and run following command line

wevtutil gl security

event011

noticing everything after ChannelAccess:, which is start with O:BAG:SYD:xxxxx this is the one we after.

now, let’s read this line, it doesn’t contain (A;;0x1;;;NS). If it doesn’t, you need to add this one at the end of this line.

now, put it into GPO.

 

event012

and push the policy to client.

Client Configuration

Client configuration is relatively easy. Just make sure WinRM service is running(don’t need to be configured). Group policy has been pushed and applied.

Now, we do can use command line to manually create event to verify whether collector has got it.

eventcreate /T Error /ID 999 /L application /D “Test0001”

run this command in CMD window, it will create event in the application.

 

Troubleshooting

The main troubleshooting log is from server and client end.

Event logs

check Forwarded Events from  Windows Logs of Server to see forwarded events

Check Applications and Services->Microsoft->Windows->EventCollector

Check Applications and Services->Microsoft->Windows->Eventlog-ForwardingPlugin

Check Applications and Services->Microsoft->Windows->Windows Remote Management

Errors I have encountered

Access denied, error code 5

event013

I had a terrible experience on my first run which I spent days trying to resolve it.

If you can recall that network service is used from client to communicate to server, well, network service will act as computer object over the network. so from server point of view, this is request from Client computer account. My server somehow get default setting in security to block all computer account access.

 

event014

by default, there should be a group called “Everyone”. but it’s missing. After I added authenticated users group into this security, everything works.

 

Encountered an internal error in SSL library

event015

this is one of silly mistake I made in my life. After successful test with HTTP, I switched to HTTPS to make it work. but clearly, I forget to change port from 5985 to 5986. For trying to fix that, I even created a whole new template of cerificate….

Note:

If you replacing certificate, you need to reboot your server. Restart WINRM service is not enough.

 

Leave comments if you want

 

Reference:

http://blogs.msdn.com/b/deployment_service/archive/2015/09/11/windows-remote-management-winrm-troubleshooting-guide-for-remote-sessions-on-the-target-machines.aspx

 

Advertisements

Normally, I wouldn’t directly forward a link.

but this is too good to pass.

Here it is. 

 

 


From my last Post, we have discussed about what we need to achieve in the Lab.  I’m pasting the diagram here again so we can use that as reference. For more details, you can click last post to get it.

image

 

What a Windows 2012 file server can do?

 

A Windows 2012 File server can provide storage via SMB 3.0 Share and iSCSI. If you are looking for how to do SMB 3.0 share, please follow this link. Windows 2012 also provide native version of iSCSI feature which includes a iSCSI Server end and iSCSI initiator (client end). It’s all free.

With SCVMM 2012 SP1, the installation CD even comes with a SMI-S provider driver which you can install on Windows 2012 so VMM can import Windows 2012 File server into Library as iSCSI array rather than SMB Share.

Import Win2012 File Server via SMB share

 

I have mentioned this before. VMM can import a File Server via only one method. For example, if you have import this File server via SMB Share, you won’t be able to import this File server via iSCSI. You must remove the server from Library and import again.

Here is the procedure to import a Win2012 File Server into VMM.

Before you do anything, you need to add your VMM service account (For example, svc_vmm) into local administrator group on Win2012 File server.

Notice:

You can’t add a Active Directory Group into local administrator group and you must user individual user instead. Otherwise, it won’t work.

Like following:

image

After you have done that, open VMM console and choose Fabric,

image

image

Clearly, you have 3 options here. Let’s choose Windows based File (SMB Share).

image

Provide server’s FQDN

image

Now, what it does is to push/install VMM agent on File server with credential of account you choose before, that service account must have load admin rights on File server.

image

Now, remember those are SMB shares.

image

Notice:

the storage provider type is Native Windows WMI? That’s how VMM get all information by executing WMI remotely. But that native window WMI doesn’t support iSCSI.

image

 

If you click file Servers, you will see it.

Let’s check a Hyper-v Host properties

image

 

Import Win2012 File Server via iSCSI Protocol

 

With SMB Share, you can’t create storage pool from VMM, nor Logical Unit which sort of defeat purpose of VMM. At the end of the day, it is a Virtual Machine Manager. What happen if it can’t allocate resource inside of VMM with multiple tenants scenario?

With Windows File Server, you don’t need to download StarWind FreeNas or any other third party SAN/NAS tool, you can just build a iSCSI box base on Native Windows.

First of all, we need to install iSCSI features on Windows File server.

clip_image002[7]

Now, the next thing we need to install is SMI-S provider on Windows file Server. SMI-S will allow us to connect VMM with iSCSI.

so From VMM installation folder, you will find this file.

image

copy that file to File server. You need to check whether the stability patch has been installed already on File server. KB2770917

image

Now, you can install this SMI-S provider.

Notice:

You MUST reboot File server after installation otherwise, you will ran into some strange issues.

image

image

Don’t forget to reboot.

 

On the client end, Testhyp01 and Testhyp02, you can do following.

Install iSCSI Initiator

image

Run this iSCSI initiator

image

just type the IP of File server and click quick connect. It may not work for iSCSI, but at least, it creates an iSCSI initiator.

Install Multipath I/O

image

 

If you have already import File server, remember to remove it first.

Then, you can add storage again

image

This time, we choose SMI-S provider

image

after a scan

image

 

image

Now, you are able to see all drives on File server.

 

image

If you don’t have any classification, you will get this. Then, you can build classification. Classification is just resource tag which you use it to label different storage resource. I use Gold and Silver here.

image

 

image

image

image

 

SNAGHTML22e8fd52

 

Allocate storage resource in SCVMM 2012 SP1

 

When you allocate your storage resource in VMM, you should do it from Host Group folder level.

image

Notice:

Only iSCSI or SAN can be allocated to Host group. SMB share can only be allocated via host cluster level.

You can allocate Storage Pool

image

image

Create logical Unit base on your new storage pool,

On Host Cluster level

image

Convert this Available Storage to CSV

image

You can convert CSV back to available storage but only it has no VMs sitting on that.

image

 

The end


Now, in this post. I’m going to talk about Storage in SCVMM 2012 SP1 and also how to build a Windows 2012 File server to connect with SCVMM.

One thing I’m very sure about Microsoft is they must love Onions. Because a SCVMM 2012 combining with Windows File server 2012 is like a huge onion which has many layers.

With embedded VHD technology, Microsoft deployed one layer after another layer of VHD which makes me worried because VHD can be corrupted. What would happen if one of VHD layers corrupted and you will loss all data on top of this layer? Or shall we wait for Windows 2012 R2 which may use VHDX instead of VHD?

Anyway, with no further ado, let’s cut Onion open.

Following is the diagram of File storage I used in my lab.

image

Let me walk you through with this diagram first so you will have better understand instead of lossing yourself in a million picture of wizard.

Layer 1(Physical Disks):

Target: File Server

Let’s start with physical disk layer on physical Host.

Windows 2012 File server has 3 physical disk. 2 x RAID 1 for 0S which only 70GB. 1 900GB disk with Raid 0.

Let’s see a screenshot from File server

image

 

Layer 2 (Storage Pool):

Target: File Server

With Windows File server 2012, You can build a storage pool which we call it VMMlib01

image

 

Layer 3(Virtual Disks):

Target: File Server

Now, we build a virtual Disk on top of Storage Pool.

image

Since this is my File server, I have built number of Virtual disks (the virtual disk concept equals normal physical disk back in Win2k8). I have built 2 quorum disks size are 1GB for VMM cluster, and Hyper-v cluster.

VHD50, Virtual Disk 01 and VHD200 are my test virtual disks to store VMs.

for test purpose, I have setup both Fixed and thin disks.

 

Layer 4 (Volumes):

Target: File Server

Same thing as volume in old OS. You will give drive label to each volume.

image

I have create each volume for each virtual disk. Those disks will be shared via iSCSI.

Layer 5(Storage Pool):

Target: VMM server

In the VMM, there are multiple ways to import storage into VMM library. With same target host (like File server here), only one way of connection will be accepted.

For example, if I choose to use SMB share to connect to File server, then I can’t use iSCSI to connect in VMM.

You can choose to use simple SMB 3.0 share, but then you will loss lots of storage function.

If you choose using FC/iSCSI as storage, you will be able to define your storage as different classification. You may want to put fast storage pools into gold classification and slow storage to Silver or Brown.

The storage Pool you will find here is same thing as volume from File Server.

 

 

image

 

Layer 6 (Logical Unit)

Target: VMM Server

This logical Unit is created base on Storage Pool in VMM server. You can choose use some part of space to assign to Host group (Not cluster) and reserve some logical Units for future.

Layer 7 (Clustered Share Volume)

Target: VMM Server –> Hyper-v Cluster

Believe it or not, once you assign Logical Unit to Host group and it doesn’t mean your hyper-v Cluster is going to use it. From Cluster point of View, it just got available space.

You need to convert it to Cluster shared Volume

image

 

image

 

Now, if you switch to Hyper-v cluster, you will see your shared volume is there.

image

 

SNAGHTML1ee369da

 

To be continued …..


I understand there are quiet few articles regarding monitoring Memory status of Hyper-v. But I would still prefer to write down at least you don’t need to dig around again.

Hyper-v memory status is one of critical parameter you would always focus on.

If it was in Vmware, you would use Vmware embedded performance monitoring to see how much memory your host has and how much your VM takes.

You can do that either from vCenter or ESXi (esxtop).

With Microsoft Hyper-V, you can use following solutions.

  1. Hyper-v manager
  2. Powershell on Hyper-v Host
  3. Performance monitor on Hyper-v Host
  4. PAL analyse result of Performance Monitor
  5. SCOM
  6. SCVMM

 

Hyper-V is using Dynamic memory to allocate physical memory to VM. Instead of like Vmware which uses balloon, sharing to “work around” on optimizing memory usaging, Hyper-V simply just gives memory or take it back since it’s Microsoft Product.

Hyper-v Manager

 

image

The startup RAM is related with smartpage. If there is not enough physical memory available in host, Hyper-V will use SmartPage to use storage as memory to start machine.

Minimum RAM is guaranteed memory server assign this VM. As you know, with Dynamic memory, host does take memory back from VM when VM doesn’t need it. but host won’t take memory below minimum RAM.

Maximum RAM should be reasonable memory a VM may need.

Memory buffer is how much memory increases at time.

 

clip_image002

 

From above picture, the Assigned Memory is actually important. that’s how much memory a physical host has assigned to a VM but it doesn’t mean that’s how much VM believes it has.

For example, a VM can have 8GB memory but assigned memory could be 512MB. This case is important when host try to retrieve memory from VM. With dynamic Memory, when you increase memory on VM, you will see total physical memory from VM increase. but when host takes memory back, it won’t decrease that figure from VM.

 

Powershell on Hyper-v Host

 

image

image

image

image

 

image

 

Performance monitoring on Hyper-v

 

clip_image002[5]

 

clip_image002[7]

 

PAL analyse result of Performance Monitor

 

You can also download PAL

image

Generate Hyper-v performance monitor template

image

Import template to performance monitor and start monitoring for certain time, import result back to PAL

 

image

You will get report like this

image

 

image

 

SCOM and SCVMM is not discussed in this post.

But you can check out following reference to get more details.

 

 

 

Reference:

http://blogs.technet.com/b/haroldwong/archive/2013/03/26/server-virtualization-series-performance-management-memory.aspx

 

http://blogs.technet.com/b/haroldwong/archive/2013/03/08/hyper-v-2012-dynamic-memory-what-does-the-vm-think-it-has-versus-what-it-really-has.aspx

 

http://blogs.technet.com/b/chrisavis/archive/2013/03/06/monitoring-dynamic-memory.aspx


This Post is introducing Hyper-V VM to everyone. What’s Hyper-v 2010 VM components and what Hyper-v 2012 can do in vMotion.

Test environment:

Hosts:

Testhyp01, Testhyp02

Windows 2012

VM:

TestWin12-01

Hyper-v VM components

image

This is best to describe what components a VM would have.

VHDX File

clip_image002

This is main disk file which contains all data, similar to vmdk file. The vhdx is the new format while the old format is called vhd which MS strongly suggests you to upgrade to vhdx due to possible data corruption.

The size of file is depending on what kind of disk you are choosing. If you choose Dynamic disk, then it could be small file like less than 10GB.

 

AVHDX File

AVHDX is the snapshot of that VM which basically increases size every time when you write to your VM. MS strongly suggests DO NOT use snapshot but I found it comes quite handy. Especially, you can always vMotion it or storage vMotion snapshot with VM.

Configuration File

clip_image002[5]

This lovely xml file is using computer GUID as file name. Yes, GUID not the name of your VM. So basically, it makes me very hard to locate configuration since there is no option for me to see what VM GUID is from Hyper-v Manager.

Imaging if you put all vms’ configuration files in the same folder, how can you tell which one is which one? so the best practise here is to put each VM in the separated folder.

P.S: You do can move files around later on.

Here is Powershell which helps you to fetch GUID

Using PowerShell you can find which GUID belongs to which VM.

 

PS> get-vm | ft -autosize vmname, vmid

 

VMName                 VMId

——                 —-

… 2012 DC            a1e1ab6b-a595-4089-bd9d-ab2040f3f603

2008 R2 Cluster Node 1 dbee3803-bf07-423d-84b7-3e0f98fafe2c

2012 Cluster Node 1    f3f0f575-1f00-4b4a-a07d-eb674c771bb5

2012 Cluster Node 2    6d10d079-90b4-4366-abc7-8df9ab4b3c60

 

PS> get-vm -id 6d10d079-90b4-4366-abc7-8df9ab4b3c60 | ft -autosize vmname, vmid

 

VMName              VMId

——              —-

2012 Cluster Node 2 6d10d079-90b4-4366-abc7-8df9ab4b3c60

 

 

BIN File

clip_image002[7]

BIN file is basically VM memory dump file. It is sued to recover your VM from fast turn on and turn off. For example, if you restart your Hyper-v host without shutdown VMs running on it, you will find all VMs are still in last running status after reboot hyper-v host. It’s quite good feature. Again, the size of BIN is the size of memory you assigned to your VM or if you are using dynamic memory, then that’s how much system gives to it.

The funny thing about BIN is you can’t put it into separate folder away from your VM. If you review VM configuration file (XML file) you won’t find setting for BIN.

I think this is very important feature like Vmware swap file. You may want to collect all swap file in one location rather than attaching with VM so you will be able to estimate how big VM folder will be.

Well, you do can turn off BIN file though, by changing following settings to Option 2 and 3.

clip_image002[9]

Once you are done that, you will see the size of BIN is 0, but again, you loss that useful feature of saving VM state.

P.S: If you are using DC as VM, please do choose Option 3. You don’t want to mass up with AD from saving state.

Smart Paging File

Well, this is rarely used or even appear. This file will appear only there is no free memory available and you want to start your VM. The system will use disk as memory (Minimum memory setting of your VM) to start your VM.

vMotion and storage vMotion

There is no doubt that Vmware is first company starting using vMotion and storage vMotion. But MS is the first company using storage vMotion without cluster and share storage. I guess this is dramatically disturb Vmware’s plan and they also announce vSphere 5 can do the same thing.

Anyway, let’s briefly go through what Hyper-V does for vMotion and storage vMotion.

If you go to Hyper-v Manager, right click VM you want to move

clip_image002[11]

You get this interface.

image

That’s right. There is no other option it’s just move. You can choose to move to different host or same host but different file location.

Let’s say if you choose option 1

clip_image002[15]

Type the other host name here

clip_image002[19]

If you choose Option 3

clip_image002[25]

That’s where you can choose destination location. Now, be aware that the destination folder need to have write permission and also permission to register VM into Hyper-v host.

clip_image002[1]

clip_image002[3]

clip_image002[5]

clip_image002[7]

clip_image002[9]

Please any feedback if you want. More posts are coming.


So one of most common software is Microsoft Office 2010. We all want that software be installed regardless it’s on physical machine or VDI. There are so many different options you can choose and you may face. This post is focusing on deploying Microsoft Office 2010 to VDI via App-V.

 

Why do we need to use App-V?

App-V allows user to steam down application parts which this app really needs when it runs. With VDI solution, if we don’t use App-V, we may install entire Office 2010 on each VDI VM and if you have 100 VDI VMs in your environment, it may use 200 or 300GB precious SAN space easily just for this software only. With tons of benefits of using App-V, I am not going to explain it too detail.

 

Why don’t people use App-V Office?

Well, reason No.1, it’s complicated. With using App-V, it involves so many different other technologies and all of them have to work together. Second reason is App-V still has some limitation with one app working other app since each App is supposing to work in it’s own sandbox. But this is going to change with App-v 5.0 sp1 and other tools to help you deploy office.

with no further ado, Let’s start

Environment introduction

Server:

Testhyp02: Windows 2012 with Hyper-v running on it, App-V Server & Management component has been installed. For more details, please to see my last post.

Workstation:

All workstations are VMs running on Hyper-v.

You will need to have at least two workstations.

VM1:

Windows 7 SP1, 32bit (As App-v Sequencing server to catch software installation)

VM2:

windows 7 SP1, 64bit ( As VDI template to run App-V software).

Note:

You must use Windows 7 with Service Pack 1 as client. Win7 without SP1 doesn’t support App-v Client. You must use 32bit for App-v Sequencing server since there are certain software which only has 32bit version!

Preparation for your VMs:

Now, I must ask you to focus on preparation of your VMs before you start installing.

  1. Build windows 7 32bit SP1 VM from scratch. (64bit if it is VM2)
  2. Make sure you have installed Integrated Service
  3. Make sure you have join the VM into your domain
  4. Disable firewall
  5. Create Install folder under c:\

 

  Search Internet and download following software on your c:\install\Other Toolsclip_image002

Notice: You need both 32bit and 64bit Powershell to install on VM1 and VM2.

6.    Install above software

7.    Download following software and put into c:\install\AppV Prep

clip_image002[5]

                 You need both 32bit and 64bit version of Deployment Kit

  • Office 2010 SP1 Professional Plus 32bit ISO (extract to a folder)
  • Office 2010 SP1 Profession Plus Volume License (XXXXX-XXXXX-XXXXX)
  • Microsoft Desktop Optimization Package (It contains App-V 5.0 sp1 non RDS client)
  • Microsoft Application virtualization 5.0 SP1 (from Volume License Portal)

 

 

You need to extract Office Deployment Kit to separated folder like above picture shows. Also extract Sequencing kit.

clip_image002[7]

clip_image002[9]

Extract Office 2010 Professional Plus ISO (must be 32bit) to a folder. Only 32bit Office will work with integration and it can work on both 32bit and 64bit Win7.

Copy App-V_Seq_Kit into Office folder and also Deployment kit as well

clip_image002[11]

 

clip_image002[13]

 

Deploy Office 2010 App-v Kit

There are lots of articles about it on the Internet. In this case, I’m using MAK to register.

image

Few things about this deployment.

1. Must use elevated CMD to run this command

2. Must NOT USE Powershell to run, it won’t work

3. When it is running, don’t jump on Services.msc to check what’s New, it will crash the installation

 

So what this command does is to install a License service like KMS in local PC with Volume serial number of Office 2010 to make sure Office application works correctly.

After installation, you can open servcies.msc and see whether it works or not.

clip_image002[27]

 

Install App-V Sequence

Install App-V Sequence on VM1 which is running windows 7 sp1 32bit with “Other Tools” installed first. Add IP address, DNS, Join domain, disable firewall and copy all above software on the VM1.

You shouldn’t have issue to run App-V Sequence

clip_image002[15]

clip_image002[17]

clip_image002[19]

 

Run App-v Sequence and do following steps

clip_image002[21]

Add keys like following

Open the "Exclusion Items" tab and add the following: [{Common AppData}]\Microsoft\OfficeSoftwareProtectionPlatform [{Common AppData}]\Microsoft\Windows With Mapping Type = “VFS”

clip_image002[23]

 

clip_image002[25]

 

 

Capture Office 2010 with Accelerate Package

Yes, you are very lucky that Microsoft has this accelerate package which does lots of work for you.

Now, it’s time to start App-v sequence

clip_image002[29]

 

clip_image002[31]

 

clip_image002[33]

 

clip_image002[35]

If you don’t have AP, you have to capture office installation procedure and hope it’s clean capture!

clip_image002[37]

 

clip_image002[39]

With AP helps, system all generate 3 copies of appv file with some modification in each. All what you need is the last version with integration embedded.

 

clip_image002[41]

 

clip_image002[43]

 

clip_image002[45]

 

Following is the first version.

clip_image002[47]

Continue to capture running parameters, do not run Sharepoint and Outlook components

 

clip_image002[49]

clip_image002[51]

clip_image002[53]

 

clip_image002[55]

 

clip_image002[57]

 

clip_image002[59]

 

Now, start to integration procedure

clip_image002[61]

 

clip_image002[63]

clip_image002[65]

You need to be patient since VM1 is loading 1.5GB office installation appv file.

 

clip_image002[67]

 

clip_image002[69]

 

clip_image002[71]

 

clip_image002[73]

Save as your package to new folder

clip_image002[75]

 

Deploy Office 2010 with App-v

Add your App-V package

clip_image002[81]

 

clip_image002[83]

Setup connection group and grant domain users group permission to connect

image

 

Setup Package access permission with domain users

 

image

 

image

Log on Publishing port to test

If it is empty like below, then it’s time to run IISRESET on app-v server.

clip_image002[85]

 

check again

clip_image002[87]

 

Deploy on VDI client

This is VM2 which needs to install all “other tools” list above.

App-v client must be installed on this template machine which will be used to deploy VDI.

There are two typies of Client. with RDS and without RDS. With RDS version is used in Session Host. In this case, we use without RDS version.

clip_image002[89]

clip_image002[91]

 

clip_image002[93]

 

image

clip_image002[99]

You also need to run Set-AppvClientconfiguration –EnablePackageScripts 1

 

image

 

Wait for 5 mins, Office applications should be push down to this client

clip_image002[101]

 

clip_image002[103]

Prepare VM for VDI

 

clip_image002[105]

 

Once you create new pool and deploy VM as VDI, the Office 2010 will just work. Winking smile

 

Please leave any feedback.

 

 

Reference:

How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0 using a Package Accelerator


I never expected it took me whole afternoon on just installing a App-V, well, I do admit I did went out for other stuff, but it is little ridiculous how complicated and lack of correct information the whole process is.

I write this post to help myself and others for future reference. If you do run into similar issue, hope this post can help.

Test Environment:

Windows 2012 runs HYPER-V on it

SQL 2008 R2 runs on Hyper-V

 

SQL Preparation:

This is the part which kills everyone. If you think you just jump on the SQL and create couple of DB and jump back and run installation wizard, then I can tell you will see following errors.

image

This warning is telling you that you didn’t prepare DB as what Microsoft wanted and go back now!

Funny thing is it only has one button “OK”, no cancel?

 

If you continue to install, you will run into The error was : Invalid object name ‘dbo.RoleAssignments’ after you finish installation.

image

The correct installation method is following kirxblog and prepare the DB.

Essentially, there are two methods to prepare DB. You can either bring installation disk on SQL server and run through installation wizard which requires you to install whole bunch of craps or you can manually install it as what this post will tell you.

1. get DB scripts ready

In terms of extract DB script, you need to find installation exe file and run it with /layout as parameter.

SNAGHTML64fb00c0

Once you have done that, you will following structure

clip_image002

2. Create 3 AD groups

Now, according to installation instruct of script, you need two groups which are read and write. I also create 3rd group called AppVAdmin for managing.

clip_image002[5]

You need to add App-V server computer account into AppvAdmin group. Also domain admins as well.

3. Modify DB scripts with Powershell script

The original DB script which you extracted from installation exe file requires SID of AD groups in terms of making it work! It’s not easy to find those SID and not mention other nasty stuff.

Thank for Kirx beautiful powershell script, we are able to prepare those DB scripts with Powershell script.

Instead of all other nasty information, all what you need to do is to provide name of groups and name of DBs. Powershell script will prepare the DB script and help you to finish the work.

download Kirx script and edit.

Found those lines and replace it

image

 

If you never run powershell script on this serve, you may want to unlock it.

clip_image002[7]

Make backup for your DB scripts and copy them to c:\temp folder like this.

c:\temp\ManagementDatabase and also report database script.

Copy kirx script to c:\temp

Run it, if it works, it should return with no result.

However, it will change the file name under those DB scripts.

Original folder.

clip_image002[9]

Changed

clip_image002[11]

 

3. run the Scripts on DB

Copy your new script to SQL server and open management studio

Run 1-1 Database script which will create new DB on SQL

Run all other script base on DB you just created

 

4. Add AppvAdmin group to db.Ower on new DB

Your AppvAdmin group should contain App-V server account by now

 

Install Prerequisites for App-V

You need to download Microsoft C++ 2010 x86 version and install on App-V server. Yes, it is x86 not x64 version!

Otherwise, you will get this one.

clip_image002[13]

 

Install App-V

Now, we can start to see those fish eggs , oh, no, orange Apps in the Box

clip_image002[15]

 

clip_image002[17]

Now, Unless you have SQL on your App-V box, otherwise, DO NOT tick those boxes. It will change your wizard steps.

clip_image002[19]

image

 

image

 

Once you finish installation, I strongly recommend you to restart your App-V and most likely, you just add computer account into AppvAdmin group and requires restart to take effect.

Otherwise, you may see this.

clip_image002[23]

After restart App-V, you should be able to this no error on console.

clip_image002[25]

 

 

 

 

 

 

 

Reference:

http://kirxblog.wordpress.com/2012/11/01/remote-database-preparation-for-app-v-5/