Before Upgrading to App-V 4.5 SP2 on the management server, it is recommended to first review the release notes for added features such as SQL mirroring support.

App-V 4.5 SP2 Release Notes

http://technet.microsoft.com/en-us/library/ff699130.aspx

Also, you can download the installation for SP2 here:

http://www.microsoft.com/download/en/details.aspx?id=25291

The following are recommendations for preserving information and critical data to ensure a proper rollback is available in the event of an upgrade failure or a desired rollback to a previous version of the App-V server.

1.)    Backup a copy of the App-V management SQL datastore. In SQL this is the APPVIRT database by default.

2.)    If .NET 4.0 is installed and you are using Windows Server 2003, The current work around is to:

a. Remove the .NET 4.0 (temporarily as it will be re-added later.)
b. Restart the server.
c. Perform the Upgrade. Restart the server.
d. Reinstall the .NET 4.0 Framework.

The following are recommended options for rollback should an error occur during upgrade.

In the event of a 25109 error, please use Rollback Option #1 for rolling back the server to its previous state.

In the event of a 25119 error (or any error not otherwise mentioned), please use Rollback Option #2 for rolling back the server and data store to its previous state.

In the event of a 2512* error, please use rollback option #3 for rolling back the AppVirt management Service (ASP.NET Web Management Service) to its previous state.

In the event that the installation completes successfully and you decide for reasons otherwise not mentioned here to roll back the server to its previous state, please refer to Rollback Option #2 for rolling back the server to its previous state.

A 25109 error indicates failure to connect to the database. In the event of this error, all that needs to be rolled back are the binaries on the App-V Management Server.

1.)    After the installation rolls back, very connectivity to the App-V Management server.

2.)    If the binaries list version numbers at SP2 (4.5.3.XXX) uninstall the App-V Management server and reinstall your previous version.

A 25119 error or a successful completion of the upgrade means that both the App-V Management server binaries and the SQL data store have been upgraded. The rollback procedure requires both the server binaries and the data store to be reverted back to its previous version.

1.)    Restore the previously backed up version of the App-V data store on the SQL server back to its previous version.

2.)    The App-V Management Server will likely be rolled back to its previous version during the installation. If this as a rollback following a successful installation then the existing version will need to be uninstalled and the previous version will need to be reinstalled.

1. Manually uninstall ONLY the AppVirt Management Service (Service – not server.)

2. Restart the server.

3. Reinstall AppVirt Management Service component from SP2 media.

Symptoms:

If you open a Visual Studio 2008 package for upgrade (or simply upgrade in the 4.6 SP1 sequencer) and upgrade the package to Visual Studio Service pack 1, it may fail to function properly on the App-V Client.

Cause:

This is caused by the Visual Studio SP1 installer setting a reparse point for key SxS (side-by-side) assemblies. The Visual Studio  2008 Service Pack 1 installer sets a reparse point from

<%SFT_MNT%>\<root>\VFS\CSIDL_WINDOWS\assembly\GAC_MSIL\WcfSvcHost\0.0.0.0__31bf3856ad364e35

to

<%SFT_MNT%>\<root>\VFS\CSIDL_WINDOWS\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_9.0.0.0_x-ww_e0abf5ea

This means that if the application on the client looks for the files in the first location, they won't be found because they are actually only located in the latter.  When running virtualized on the client, the VFS does not reflect to the application the fact this is a reparse point. The application thinks the files will be located here but they are not actually found here.

Resolution

During the monitor phase, when the upgrade application has completed, you will need to open a  command prompt and copy the files from:

Q:\<root>\VFS\CSIDL_WINDOWS\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_9.0.0.0_x-ww_e0abf5ea

to

Q:\<root>\VFS\CSIDL_WINDOWS\assembly\GAC_MSIL\WcfSvcHost\0.0.0.0__31bf3856ad364e35

so they are located in both locations.

For example, If the drive used for the SFT_MNT volume is Q:, then the syntax for copying via XCOPY would be:

XCOPY /S /E Q:\<root>\VFS\CSIDL_WINDOWS\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_9.0.0.0_x-ww_e0abf5ea Q:\<root>\VFS\CSIDL_WINDOWS\assembly\GAC_MSIL\WcfSvcHost\0.0.0.0__31bf3856ad364e35

Administrators can use the System Utilization Report to graph the total daily system usage. You can use this report to determine the load on your App-V Server.

This report tracks the usage over time during the reporting period for the specified server or for the server group.

The System Utilization Report also graphs the following system usage:

• Usage by day of the week
• Usage by hour of the day

The System Utilization Report also includes a summary of the total system usage for specific users and total session counts.

There is an issue, however that you may run into when you try to run a System Utilization Report by session count where you may get the following error:

Error: 0000B065

The SFTMMC.LOG (Management Console log) will also show the following:

2011-10-14 04:35:31                  https://steveth-appv/
ManagementConsole.MCException: Arithmetic overflow error converting expression to data type int. ---> SoftGrid.Management.GetReportDataFailedException: Arithmetic overflow error converting expression to data type int. ---> System.Data.OleDb.OleDbException: Arithmetic overflow error converting expression to data type int.
   at System.Data.OleDb.OleDbDataReader.ProcessResults(OleDbHResult hr)
   at System.Data.OleDb.OleDbDataReader.NextResult()
   at SoftGrid.Management.DataAccess.ReportDataAccess.GetSystemUtilizationBySessionData(DateTime startTime, DateTime endTime, Int32 serverGroupID, Int32 serverID, RptSystemDailySessions[]& dailySessions, RptSystemDayOfWeekSessions[]& dayOfWeekSessions, RptSystemHourOfDaySessions[]& hourOfDaySessions, RptSystemSessionUsageSummary& usageSummary)
   at SoftGrid.Management.Reports.GetSystemUtilizationBySessionData(DateTime startTime, DateTime endTime, Int32 serverGroupID, Int32 serverID, RptSystemDailySessions[]& dailySessions, RptSystemDayOfWeekSessions[]& dayOfWeekSessions, RptSystemHourOfDaySessions[]& hourOfDaySessions, RptSystemSessionUsageSummary& usageSummary)
   --- End of inner exception stack trace ---

Server stack trace:
   at SoftGrid.Management.Reports.GetSystemUtilizationBySessionData(DateTime startTime, DateTime endTime, Int32 serverGroupID, Int32 serverID, RptSystemDailySessions[]& dailySessions, RptSystemDayOfWeekSessions[]& dayOfWeekSessions, RptSystemHourOfDaySessions[]& hourOfDaySessions, RptSystemSessionUsageSummary& usageSummary)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at SoftGrid.Management.IReports.GetSystemUtilizationBySessionData(DateTime startTime, DateTime endTime, Int32 serverGroupID, Int32 serverID, RptSystemDailySessions[]& dailySessions, RptSystemDayOfWeekSessions[]& dayOfWeekSessions, RptSystemHourOfDaySessions[]& hourOfDaySessions, RptSystemSessionUsageSummary& usageSummary)
   at ManagementConsole.ManagementSession.GetSystemUtilizationBySessionData(DateTime startTime, DateTime endTime, Int32 serverGroupID, Int32 serverID, RptSystemDailySessions[]& dailySessions, RptSystemDayOfWeekSessions[]& dayOfWeekSessions, RptSystemHourOfDaySessions[]& hourOfDaySessions, RptSystemSessionUsageSummary& usageSummary)
   --- End of inner exception stack trace ---

This is caused by the system exceeding a limit of calculation. When running the system utilization report the system calculates the total session duration in seconds for all users for all of the applications that have been used during the specified time period. This total must not exceed the current limit of 2,147 million seconds.

Reduce the time period used to generate the system utilization report so it falls within the current allowed limit. 30 Days will usually be a safe maximum.

DC Refreshes and Application Launches may fail intermittently in the case of an unstable SQL Server connection. This can happen when the threshold for connectivity to overall service connectivity to SQL has not been reached but the authentication and/or authorization of a user actually timed out on the back end connection to SQL.
In essence, overall connections to the App-V server may still be maintained and the clients will not go into DO (Disconnected Operations Mode.) Authentications may fail due to intermittent availability of a remote SQL server.

While some have recommended modifying connection timeouts to the SQL datastore, but in my opinion, this would not be addressing the underlying issue. If connectivity is problematic to SQL, first find the root cause of the connectivity.

The error that commonly appears in this scenario is:

"A Network operation did not Complete in Time"
Error: xxxxxxxx-xxxxxxx0a-10000005

I have also seen this issue pop up when the back end SQL Server’s CPU Utilization was maxed out at 100% making the service temporarily unavailable.

Starting with the 4.6 sequencer, the default block size for sequenced packages was changed to 64K. In addition, the option to adjust this was removed from the sequencer. The block size used to be an issue when the network bandwidth was limited and large blocks could not be transferred. Now with more robust networks in place, this is not a problem anymore.

With certain 4.6 client configurations (using packages sequenced on 4.6 sequencers and later) involving RTSP streaming from management servers or streaming servers, users may notice significantly longer RTSP streaming times.

If you want to set the block size lower than 64K with the App-V 4.6 sequencer, you can still do this via the command-line sequencer. This will require an installation program, script, and/or batch file that will run completely unattended. The command line parameters are found here:

http://technet.microsoft.com/en-us/library/cc843675.aspx

You can use the /BLOCKSIZE option to specify a block size parameter of less than 64 (i.e. 32.)

To rectify this issue post-sequencing, you will need to make the following adjustments on the App-V Management server and/or streaming servers when using RTSP:

1.)    If using Windows Server 2003 for your App-V Management server, you can modify the TCP/IP settings on the Windows Server 2003 App-V Management server to immediately acknowledge incoming TCP segments per the following KB article: “Slow performance occurs when you copy data to a TCP server by using a Windows Sockets API program” (http://support.microsoft.com/kb/823764).

2.)    Use an alternative protocol for streaming (HTTP or SMB.)

3.)    Use a third-party sequencer/packager/encoder to adjust the block size.

4.)    Some of our customers have had success with adjusting TCP optimizations. For example, on servers running Windows Server 2003 Service Pack 2, you can turn on the TCP optimization feature "Receive-Side-Scaling" on by enabling the following registry parameter:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Data Type: DWORD

Value: 1

NOTE: This is only one part of the SNP (Scalable Network Pack features) that needs to be turned on. Other features such as offloading or TCP chimney do not need to be enabled. Please be aware of the fact that other applications that may be running on that server may not be tuned well for TCP optimizations. You will also need to reboot the server for this to take effect.

5.)    For servers running Windows Server 2008 and later, it is recommended to also have the receive window auto-tuning level set to either normal or experimental in addition to RSS being enabled.

To enable TCP Auto-Tuning and RSS:

• From an elevated command prompt, run the following command:

                netsh interface tcp set global rss=enabled autotuninglevel=normal

• Reboot the server.

Here is the scenario: You are leveraging an App-V Management Server that will be assigning groups from trusted domains to applications and/or provider policies. Often there are organizational changes (mergers, spin-offs, domain flattening, etc.) that will warrant domains going offline or trust removals with the current domain for which the App-V management Server belongs.

How does that affect the App-V management server in the event that these domains are no longer reachable? What will happen is those groups will not be able to resolve and “ghost” SIDs will display where the groups formerly displayed.

For example, in the example below, there are groups from two domains (SECUREPKI and CONTOSO) assigned to a default provider policy on an App-V 4.5 management server.

Once the domain CONTOSO becomes offline and no longer reachable, the Provider Policy will simply show ghosted SIDS as in the example below. Provider functionality will not be affected.

The same will also occur for application access permission assignments. The groups from the offline domain will simply display as “ghost SIDs” and the other user’s access will not be affected.

This allows for the App-V management server to remain functional while administrators clean up the decommissioned data.

How this was different with the Softgrid 4.1 Virtual Application Server

The process for previous releases of the Softgrid Virtual Application Server (what the App-V management server used to be called) resolving and accessing Active Directory was different. A special browsing account was required to access Active Directory. Account Authorities had to be configured as well. The group references were also stored in a different format within the database (see below.)

 4.5 and later

Pre 4.5

Using the same example with a 4.1 server, we will see the difference in the example below:

Like with the 4.5 server, the groups are unable to resolve their SIDs. However, we have found that unresolved groups within provider policy group assignment as well as application access permissions, may cause delays.

This delay can lead to “A Network Operation did not Complete in Time" error  (xxxxxx-xxxxxx0a-10000005)

 With 4.1, if you have a series of applications that have many groups assigned to the application that are no longer resolvable, then you may want to provide temporary remediation for your existing users while you clean up the ghost SIDs. You can simply de-select “Enforce Application Permission Settings” in the Provider Pipeline tab in the Provider Policy dialog box.

What to look for in the SFT-SERVER.LOG file

When this issue is happening, you will likely see entries similar to below upon service start in the SFT-SERVER.LOG

[2011-11-09 19:41:13.599] APP-V-SRV1 4512 4932 SW_ADSDataConnection::FillGroupRefToSIDMap - - - - 5 - Caching(LDAP://contoso.com/<GUID=f80b836b317f7f45afb437ff7db8e741>)->(S-1-5-21-6776287-1952083785-2110791508-36630)

[2011-11-09 19:41:18.161] APP-V-SRV1 4512 4932 SW_ADSDataConnection::DomainNameToType - - - - 5 - "Domain (CONTOSO.COM) error (1355)"

 When a client tries to launch an application, you will also see entries similar to below:

 [2011-11-9 19:44:24.685] APP-V-SRV1 3836 4436 SW_ADSDataConnection::DomainNameToType - - - - 5 - "Domain (CONTOSO.COM) error (1355)"

[2011-11-9 19:44:42.762] APP-V-SRV1 1984 4272 SW_ADSDataConnection::FillGroupRefToSIDMap - - - - 5 - "Could Not Get Group(LDAP://CONTOSO.COM/<GUID=857fed02a9a42b4d89b7879066f327fd>)"

 A slew of these entries may be present if there are a slew of unresolved groups for many applications.

Management Console Issues in Softgrid 4.1

You may also encounter the following error " A referral was returned from the server" when trying to add groups to the Provider Policy in the Softgrid 4.1 management console. You can resolve this by changing the ASP.NET configuration of the Softgrid Management Web Service. You can change the ADReferralChasingOption to "None.” Per the following KB article:

http://support.microsoft.com/kb/930974

Microsoft App-V is the only application virtualization product capable of virtualizing Visual Studio 2010. However, you may receive the following error message when attempting to launch the primary development environment (DEVENV.EXE) within a Visual Studio 2010 package virtualized with Microsoft App-V:

The 'Environment Package Window Management' package did not load correctly.

The problem may have been caused by a configuration change or by the installation of another extension. You can get more information by running the application together with the /log parameter on the command line, and then examining the file 'C:\users\<USERNAME>\AppData\Roaming\Microsoft\VisualStudio\10.0\ActivityLog.xml'.

Continue to show this error message?

 This is nothing to be alramed about. This can happen if one or more of the following is missing/configured incorrectly on the App-V Client where the Visual Studio package is being deployed:

- The Microsoft .NET Framework 4 Full Profile
- The KB 2468871 Update
- Interference from the Windows Presentation Foundation Font Cache Service.

To resolve this issue, be sure to complete the following steps on all App-V Clients to which the virtualized package of Visual Studio 2010 will be deployed.

1. Install Microsoft .NET Framework 4 Full Profile.  Using Microsoft Update, install all updates for Windows and .NET Framework.  The full download for the .NET Framework 4 Full Profile can be found here:

http://www.microsoft.com/download/en/details.aspx?id=17718

2. Make sure that the following update was installed by Microsoft Update.  If not, install it manually from the following location: http://www.microsoft.com/download/en/details.aspx?id=3556

3. Run services.msc and disable the Windows Presentation Foundation Font Cache service.

When you configure App-V’s desktop configuration refresh feature (i.e. DC Refresh, Publishing/Refresh) you have the option of setting this to occur “on login” and/or using a periodic interval. This configuration can be controlled at the client end or, in the case of an environment using the traditional App-V management server environment, can also be controlled via the provider policy.

The “On-Login” option is partially facilitated by registering the desktop configuration controller (SFTDCC.exe) into USERINIT under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon key.  A default installation of both the desktop and RDS App-V clients will do this and start SFTDCC on login. This option is always generally recommended for startup if the publishing configuration for applications is coming from an App-V management server. If you want to remove the on-login behavior, it is best recommended to do this through the client user interface or through a provider policy. Removing the SFTDCC entry from the USERINIT registry entry will simply result in the entry getting re-registered the next time the App-V client service restarts.

The "on login" behavior is a good thing because it ensures all of the user initialization, application asset caching, publishing (Icons, OSDs) and other setup is facilitated around the same time the user’s desktop becomes available. It also corrects potential problems.  For example, if another user had previous logged onto that desktop and for some reason deleted an application while you were logged out, this will re-provision your application.

In addition, if your access to an application was revoked while you were logged out, this is the process that hides your shortcuts, and essentially hides the application from you. This occurs even if the
applications assets were previously fully cached. If the SFTDCC component were not configured to start on login, or worse yet, the SFT Listener process were not engaged (most common if the App-V Client services is set to manual) the
shortcuts and assets would still be there, but they would not work. 

Slow Startups

A common misconception is that sometimes this “on-login” feature causes slow startups in Windows 7. While true, there have been issues where the presence of the App-V client has been a factor in slow startups, there is more to the story than that simple statement. Common troubleshooting steps that have been employed have involved setting the App-V Client service to manual (and thus devising some workflow to start the service post user login) or even removal of SFTDCC from USERINIT. I would advise against either of the above steps as this issue could be one of a few known bugs that have been fixed on both the App-V side as well as the Windows 7 side.

First and foremost, all of the major App-V startup bugs have been isolated and fixed as of App-V 4.6 Service Pack 1 hotfix 3. If you do not have hotfix 3 installed, please install it. You can download this via (http://support.microsoft.com/kb/2571168.) Of course, I would always recommend installing the latest hotfixes for App-V 4.6 SP1 but this one is essential for clearing up a lot of the slow startup problems.

In addition, I would also advise ensuring the following hotfixes have been installed for Windows 7 or Windows Server 2008 R2 to alleviate slow startup problems:

Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2617858

The desktop does not load and only displays a black or blue background after you log on to a computer that is running Windows 7 or Windows Server 2008 R2

http://support.microsoft.com/kb/2590550

And of course, don’t forget, it could be other software causing the slow startup and App-V may just be an innocent victim. Remember this? - https://madvirtualizer.wordpress.com/2011/08/18/yes-trusteer-rapport-does-break-app-v/

When many organizations move to Windows 7, they also take on the task of discovering, inventorying, testing, and remediating all of their current applications currently used in production. Often part of that process includes a decision to deliver those applications with App-V. The App-V 4.6 SP1 Sequencer and client offers a streamlined workflow to virtualize, package, and deliver those applications to the desktop or RDS server providing a simplified, centralized approach to application delivery and management. It also, at the same time, resolves many application interference issues through isolation and state separation.

When a product such as App-V undergoes a significant maintenance release, there are always the possible regressions. With 4.6 SP1, there were a few, and the App-V team was able to quickly isolate many of them and provide fixes in a timely manner. Servicing is always an important process in the support of production software.

App-V service releases (a.k.a hotfixes) are released in a manner that allows for the simplification of the deployment of fixes. Hotfixes are based on major release points (i.e 4.6, 4.6 SP1) and are designed to be cumulative. This way, if you deploy the recent hotfix pack, you can rest assured you are getting all of the cumulative patches released since the last major revision. In the case of App-V 4.6 SP1, the most recent release is 4.6 Hotfix Package 6 (build 4.6.1.30121.) if you are not currently running your 4.6 clients at this build you can leverage the hotfix download link found with the associated KB article here:
http://support.microsoft.com/kb/2693779

The hotfix packages are made available in MSP format. This allows for flexibility in enterprise deployment of the patch.  Remember, since the patches often affect revision changes of the App-V filter drivers, a reboot is necessary when deploying the patch.

But What about the Sequencer?

As many client changes involve patching the App-V System Guard (the component that facilitates the virtualization engine) it requires making revision to the App-V 4.6 SP Sequencer as well. I always advise all of my customers to ensure that they are always using the most recently released build of the App-V Sequencer.
The relase process for the sequencer is slightly different. Not every cumulative patch, involves a change to the sequencer. With this, you will not always see inclusion of the sequencer with every cumulative hotfix release. In the case of the most recent release of App-V as of this writing, the most recent service release of the App-V 4.6 SP1 sequencer is the refresh build that came with 4. SP1 Hotfix 3. You can download the release via the KB article for the hotfix here:

Hotfix Package 3 for Microsoft Application Virtualization 4.6 SP1: August 2011
http://support.microsoft.com/kb/2571168

Instead of an MSP file, when a sequencer is patched, an entirely new installation is made available. This makes sense because sequencer machines are often never “upgraded.” They are often cleanly reverted. This allows sequencing engineers to refresh their machines images used for sequencing in a clean manner without having to worry about patching.

App-V has a feature that can often answer many questions. Is there a way to allow anti-virus applications access to scan files in the virtual drive? How does AppLocker work with the virtual drive?  Is there a way in general to allow certain processes and services to interact with the virtual drive?

The answer is yes. Through the use of features known as “process inclusions” and “service inclusions” administrators can give specified services access to the virtual drive. Service inclusions exist for Windows Defender and the Anti-malware service if installed. AppLocker is also listed and this is how AppLocker is able to apply to App-V applications and scripts. Configuring service inclusions is a pretty easy process.

Simply create a string value (REG_SZ) under the following key:

X86

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\<version>\Client\AppFS\ServiceInclusions

X64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\<version>\Client\AppFS\ServiceInclusions

The name can be anything but the value must represent the short name of the service (usually matching its registration name.) For example, the following built-in services may need access in some circumstances.

• Application Experience (AeLookupSvc)
• AppLocker (AppIDSvc)
• Group Policy Client (gpsvc)

Since the access is given based on name, it is actually granted to the services’ Process ID (PID.) This will mean any processes and services spawned by this service will have access as well.  Also be advised that there will be no security check for the service account being used to authenticate the service as it was designed for services that would be running under the local system context. Unless there are specific permissions on items in the virtual drive denying access all services granted inclusions will be able to access and interact with everything in the virtual drive.

In the case of anti-virus software, we actively discourage direct scanning of the read/write package volumes (PKG files) as it drastically affects performance and could lead to potential corruption. This is a cause for concern for many security administrators as malware could use the folders virtualized under these PKG files (especially the user volume) if left unprotected. This is another situation where service and process inclusions could come in very handy. For example, let’s say you were running Symantec Endpoint Protection and you want to be able to protect internal files within the virtual environment while excluding the *.PKG and *.FSD files externally.

In the case of most anti-virus applications, you would need to create both service and process inclusions. For example, SEP uses a service called “Symantec Endpoint Protection.” To include this service, you would use its registered service name “SepMasterService.”

1.)   Add a value called SepmasterService1 (REG_SZ) under HKLM\Software\Microsoft\Softgrid\4.5\Client\AppFS\ServiceInclusions (HKLM\Software\Wow6432Node\Microsoft\Softgrid\4.5\Client\AppFS\ServiceInclusions if x64)

2.)   Give it a value of SepMasterService.

3.)   Add a value called ccSvcHst1 under HKLM\Software\Microsoft\Softgrid\4.5\Client\AppFS\ProcessInclusions (HKLM\Software\Wow6432Node\Microsoft\Softgrid\4.5\Client\AppFS\ProcessInclusions if x64)

4.)   Give it a value of ccSvcHst.exe

5.)   Restart the App-V Client Service for this to take effect.

After the App-V client is restarted, my anti-virus software will now have access to the virtual drive. Your mileage may vary depending on version and type of anti-virus with regards to which services and processes to include. One item to note when these services access the virtual drive – directories below package roots will not be available until those packages are launched. 

Limitations on Process Inclusions

There are some stricter limitations on process inclusions. Since we are not dealing with the service control manager, only processes running in the local SYSTEM context can be used. The process must be already running at the time the App-V Client service is started. If there is more than one instance of a process running at the time of the inclusion check, all instances of the process are granted access to the virtual drive.

Today (August 14th) an update was released that, once applied, will block RSA certificates with keys less than 1024 bits. The software update was released to the Download Center.

The security advisory is located at http://technet.microsoft.com/security/advisory/2661254.
The KB article is available at http://support.microsoft.com/kb/2661254.
 
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012.

Please refer to the KB article for direct links to download the update for your supported version of Windows.

If you are currently using Configuration Manager 2007 to distribute your App-V applications through virtual application advertisements *and* you stream from the distribution points *and* you are about to migrate from Configuration Manager 2007 to Configuration Manager 2012 – you will need to be aware of a very important registry setting introduced last year: LaunchIfNotFound.

The value is found in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\ Client\Network\Http or
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\SoftGrid\4.5\ Client\Network\Http

Technically, what the value does is control the behavior of HTTP streaming when a connection to the HTTP server can be established and the package file no longer exists on the HTTP server. If the value does not exist or if it is not set to 1, the App-V client will not let you launch the application even if it is fully loaded into the cache. To prevent this from happening you would need to manually create this value and set it to 1 (it is a DWORD value.)  This behavior is no different from RTSP. File streaming will, however, launch the application – EVEN – if the value of RequireAuthorizationifCached is set to 1.

Configuration Manager Migration

Now that Config Manager 2012 has released and with SP1 on the horizon, many customers have begun the migration process or are in the process of migrating. So here is where it is important to be aware of this important configuration item. Let’s say you are in the process of migrating from Config Manager 2007 to 2012 and you configured your virtual application advertisements to stream from the distribution point. As part of the migration process, an administrator will likely move the App-V packages over to the Config Manager 2012 site (and/or a different distribution point) and then converts/upgrades some of their Config Manager DP’s hosting the virtual application packages and assigns them to the Config Manager 2012 site as DP’s.
Well, something interesting happens. The content on the distribution point will now be converted to the new Config Manager 2012 content format and the old Config Manager content structure and folders are changed.  During this time, the existing Config Manager Client systems could still be using Config Manager 2007 (as upgrading all clients may take a while in customer environments) and fail to launch – EVEN if fully cached. Another scenario would be even if the user is on the new client, the end user may be launching an existing application that was already on their system and was fully cached. Either way, the user could be stuck getting the following message when trying to launch an application:

The Application Virtualization Client could not launch <APPLICATION NAME>

The requested package does not exist on the server. Report the following error code to your System Administrator.

Error code: xxxxxx-xxxxxxxx-40000194

Why is this Happening?

Why are the launch failures failing even though the applications have been fully cached.  This occurs because when using HTTP streaming, the App-V client will perform an additional authentication check to confirm that the content folder is accessible. This is done even if the RequireAuthorizationIfCached setting was set to 0 on the client.

Similar issues can also occur when migrating from a traditional App-V management server infrastructure solution over to Config Manager 2012. Administrators would need to maintain dual content stores for HTTP streaming until all applications have been delivered via Config Manager 2012.
So, if you foresee yourself in these scenarios, it is advised to set the LaunchIfNotFound value to 1. This will require that you have at least HF3 for App-V 4.6 SP1 installed:

 http://support.microsoft.com/kb/2571168

Also note that LaunchIfNotFound  can be set at the package level and in the network subkey for the entire client. If the key is found in both the package and network registry keys, then the value of per-package LaunchIfNotFound will overwrite the client-wide LaunchIfNotFound value.