EvilPeppard
asked on
Publishing application that requires elevated permissions in XenApp 6.0
I have a new XenApp 6.0 farm that I am about ready to deploy. We currently are on a Platinum 4.5 Farm, which we will be retiring.
I have all my applications about published, but one application is not working correctly for everyone. The published application will run just fine if the person running it is in our domain admins group, otherwise the application will not load correctly, and crash out on the person's computer. The same exact application runs without any problems on our 4.5 Farm.
The published application seems to need some type of elevated privileges to run on XenApp 6.0. Is there a switch or something I need to put in the command line properties of the published application to make it run correctly for everyone? Obviously I cannot make all of my domain users admins.
Thank you in advance for your time and feedback.
I have all my applications about published, but one application is not working correctly for everyone. The published application will run just fine if the person running it is in our domain admins group, otherwise the application will not load correctly, and crash out on the person's computer. The same exact application runs without any problems on our 4.5 Farm.
The published application seems to need some type of elevated privileges to run on XenApp 6.0. Is there a switch or something I need to put in the command line properties of the published application to make it run correctly for everyone? Obviously I cannot make all of my domain users admins.
Thank you in advance for your time and feedback.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I disabled UAC, set it to 'Never Notify', rebooted the Citrix server (only have the app installed and published on one server) and tried it again. The program loads up, then crashes at the very end.
For reference, the program is the Lenel security software which runs our card readers, door locks, and such. We have the latest version and service pack from the vendor. Again, it works just fine in our Platinum 4.5 farm that runs on Windows 2003 servers, just not our XenApp 6.0 farm, which runs on Windows 2008 R2 servers.
I tried using RDP to the server, then running the application, but I can only RDP to the server with an administrative account. Of course the administrative account runs the program just fine with UAC disabled, or set back to 'Default'.
I know this won't me of much help, but here is the crash info from the published application.
"Problem signature:
Problem Event Name: APPCRASH
Application Name: SystemAdministration.exe
Application Version: 6.4.500.0
Application Timestamp: 4ddac6b2
Fault Module Name: KERNELBASE.dll
Fault Module Version: 6.1.7601.17651
Fault Module Timestamp: 4e211319
Exception Code: e06d7363
Exception Offset: 0000b9bc
OS Version: 6.1.7601.2.1.0.144.8
Locale ID: 1033
Additional Information 1: df6e
Additional Information 2: df6e8eac191b7b2b0cb78f74ab 3f2d32
Additional Information 3: ab2f
Additional Information 4: ab2f52ffd30a539e7364a5053a 4784fd"
For reference, the program is the Lenel security software which runs our card readers, door locks, and such. We have the latest version and service pack from the vendor. Again, it works just fine in our Platinum 4.5 farm that runs on Windows 2003 servers, just not our XenApp 6.0 farm, which runs on Windows 2008 R2 servers.
I tried using RDP to the server, then running the application, but I can only RDP to the server with an administrative account. Of course the administrative account runs the program just fine with UAC disabled, or set back to 'Default'.
I know this won't me of much help, but here is the crash info from the published application.
"Problem signature:
Problem Event Name: APPCRASH
Application Name: SystemAdministration.exe
Application Version: 6.4.500.0
Application Timestamp: 4ddac6b2
Fault Module Name: KERNELBASE.dll
Fault Module Version: 6.1.7601.17651
Fault Module Timestamp: 4e211319
Exception Code: e06d7363
Exception Offset: 0000b9bc
OS Version: 6.1.7601.2.1.0.144.8
Locale ID: 1033
Additional Information 1: df6e
Additional Information 2: df6e8eac191b7b2b0cb78f74ab
Additional Information 3: ab2f
Additional Information 4: ab2f52ffd30a539e7364a5053a
ASKER
I tried adding my non-domain admin account to the local server Administrators group, then used RDP. I was able to get a remote desktop to the server, but the Lenel application crashed when I ran it through RDP.
Have you checked permissions on those files?
ASKER
After contacting the vendor, they tell me their product only works with Citrix 4.5 and earlier. The current version of Lenel software does not work on XenApp 5x - 6.x.
So, unless I want to publish this software just for Domain Admins, I cannot use the current version on my XenApp 6.0 farm.
So, unless I want to publish this software just for Domain Admins, I cannot use the current version on my XenApp 6.0 farm.
Hmm...what exactly are they saying is the unsupported part, out of interest? Xen App or Windows 2008/2008R2?
I go back to what I said previously - I've got over 15 years of experience of making non standard / unsupported apps work in a Citrix environment.
99% can be got to work in the environment - I caveat that with things such as incompatibility on x64 architectures.
I go back to what I said previously - I've got over 15 years of experience of making non standard / unsupported apps work in a Citrix environment.
99% can be got to work in the environment - I caveat that with things such as incompatibility on x64 architectures.
ASKER
@Tony1044
All I got from them is their current RDP-Licensed product only works in Citrix 4.5 or earlier. It will not work in Citrix Environments newer than 4.5 at this time.
All I got from them is their current RDP-Licensed product only works in Citrix 4.5 or earlier. It will not work in Citrix Environments newer than 4.5 at this time.
I hate companies like that because you're between a rock and a hard place. Get it to work and they won't support you. So what other option do you have? Walk away? Use out of date OS's and apps?
And for goodness sake...4.5 - We've had 5.0, 6.0 and now 6.5 and they're still only supporting 4.5!!!
And for goodness sake...4.5 - We've had 5.0, 6.0 and now 6.5 and they're still only supporting 4.5!!!
ASKER
@Tony1044
As for checking permissions on the files I listed in the crash report above, what specifically are you suggesting I look for, or potentially change?
I am still open to trying to get this to work for non-domain admins. In fact, I would love it if I could, I just don't want to create a security breach trying to make this one program work.
As for checking permissions on the files I listed in the crash report above, what specifically are you suggesting I look for, or potentially change?
I am still open to trying to get this to work for non-domain admins. In fact, I would love it if I could, I just don't want to create a security breach trying to make this one program work.
The problem that you have, is that it may not be the actual application listed that caused the crash.
Since it works for administrators, I think we can rule out a basic OS incompatibility.
You are really going to have to follow the steps I gave above to use Process Monitor to determine which files and/or folders and/or registry keys are responsible.
It's not half as daunting as it sounds.
In terms of security - usually rare to introduce any potential holes as more often than not you're going to relax files and keys that should already have those relaxed permissions.
Since it works for administrators, I think we can rule out a basic OS incompatibility.
You are really going to have to follow the steps I gave above to use Process Monitor to determine which files and/or folders and/or registry keys are responsible.
It's not half as daunting as it sounds.
In terms of security - usually rare to introduce any potential holes as more often than not you're going to relax files and keys that should already have those relaxed permissions.
ASKER
Well, ok. I will look at your steps from above when I have a minute. The priority on this has dropped significantly.
Thank you again for your assistance with this. I will report back after I have tried the steps.
Thank you again for your assistance with this. I will report back after I have tried the steps.
ASKER
I still have not gotten this particular program to work in our XenApp 6.0 environment, but as I said, the program has become a low priority, and now may actually get fully replaced, partially because of its lack of compatibility with XenApp.
2. What is the error message that you see? Did you check profile or tried recreating them?
3. Did you check if that application is compatible to be run on win 2008? Instead of Citrix, RDP into the Xenapp 6 server and launch the apps to see what you get?
4. Disable any printer recreation temporarily and check?