• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3658
  • Last Modified:

Publishing application that requires elevated permissions in XenApp 6.0

I have a new XenApp 6.0 farm that I am about ready to deploy.  We currently are on a Platinum 4.5 Farm, which we will be retiring.

I have all my applications about published, but one application is not working correctly for everyone.  The published application will run just fine if the person running it is in our domain admins group, otherwise the application will not load correctly, and crash out on the person's computer.  The same exact application runs without any problems on our 4.5 Farm.

The published application seems to need some type of elevated privileges to run on XenApp 6.0.  Is there a switch or something I need to put in the command line properties of the published application to make it run correctly for everyone?  Obviously I cannot make all of my domain users admins.

Thank you in advance for your time and feedback.
  • 7
  • 5
1 Solution
1. Check if domain users have permission to the folder where the exe or bat or cmd file of the application resides.
2. What is the error message that you see? Did you check profile or tried recreating them?
3. Did you check if that application is compatible to be run on win 2008? Instead of Citrix, RDP into the Xenapp 6 server and launch the apps to see what you get?
4. Disable any printer recreation temporarily and check?
Tony JLead Technical ArchitectCommented:
You may want to disable UAC if not already.

In order to troubleshoot this kind of problem which is almost always permissions related on either a folder or registry key(s) I always fall back on Sysinternals' tools.

If you head over to www.microsoft.com/sysinternals and download process monitor, it allows you to monitor files and registry access.

It can be a bit long-winded to do, but the process I use is as follows:

Ensure that the problem application is published on only one server - if necessary, make a copy just for one of the affected users;

Log onto the server this app is  now published from via RDP as an administrative user

Fire up process monitor from within the RDP session and filter on the .exe in question. You can also set up a highlight - in the first instance, I tend to highlight anything containiend "Denied"

Try and launch the published application.

Stop process monitor filtering (it'll fill memory and paging fairly quickly).

Scroll through the results on both the file and registry keys for any accessed denieds - make a note of any you relax.

Try the application again, and if no success, relax other keys/run through the process again (it can sometimes work to a further point, but hit another permissions issue later).

It can be a bit tedious but the only alternative is to start giving users elevated permissions.
EvilPeppardAuthor Commented:
I disabled UAC, set it to 'Never Notify', rebooted the Citrix server (only have the app installed and published on one server) and tried it again.  The program loads up, then crashes at the very end.

For reference, the program is the Lenel security software which runs our card readers, door locks, and such.  We have the latest version and service pack from the vendor.  Again, it works just fine in our Platinum 4.5 farm that runs on Windows 2003 servers, just not our XenApp 6.0 farm, which runs on Windows 2008 R2 servers.

I tried using RDP to the server, then running the application, but I can only RDP to the server with an administrative account.  Of course the administrative account runs the program just fine with UAC disabled, or set back to 'Default'.

I know this won't me of much help, but here is the crash info from the published application.

"Problem signature:
  Problem Event Name:      APPCRASH
  Application Name:      SystemAdministration.exe
  Application Version:      6.4.500.0
  Application Timestamp:      4ddac6b2
  Fault Module Name:      KERNELBASE.dll
  Fault Module Version:      6.1.7601.17651
  Fault Module Timestamp:      4e211319
  Exception Code:      e06d7363
  Exception Offset:      0000b9bc
  OS Version:      6.1.7601.
  Locale ID:      1033
  Additional Information 1:      df6e
  Additional Information 2:      df6e8eac191b7b2b0cb78f74ab3f2d32
  Additional Information 3:      ab2f
  Additional Information 4:      ab2f52ffd30a539e7364a5053a4784fd"

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

EvilPeppardAuthor Commented:
I tried adding my non-domain admin account to the local server Administrators group, then used RDP.  I was able to get a remote desktop to the server, but the Lenel application crashed when I ran it through RDP.
Tony JLead Technical ArchitectCommented:
Have you checked permissions on those files?
EvilPeppardAuthor Commented:
After contacting the vendor, they tell me their product only works with Citrix 4.5 and earlier.  The current version of Lenel software does not work on XenApp 5x - 6.x.

So, unless I want to publish this software just for Domain Admins, I cannot use the current version on my XenApp 6.0 farm.
Tony JLead Technical ArchitectCommented:
Hmm...what exactly are they saying is the unsupported part, out of interest? Xen App or Windows 2008/2008R2?

I go back to what I said previously - I've got over 15 years of experience of making non standard / unsupported apps work in  a Citrix environment.

99% can be got to work in the environment - I caveat that with things such as incompatibility on x64 architectures.

EvilPeppardAuthor Commented:

All I got from them is their current RDP-Licensed product only works in Citrix 4.5 or earlier.  It will not work in Citrix Environments newer than 4.5 at this time.
Tony JLead Technical ArchitectCommented:
I hate companies like that because you're between a rock and a hard place. Get it to work and they won't support you. So what other option do you have? Walk away? Use out of date OS's and apps?

And for goodness sake...4.5 - We've had 5.0, 6.0 and now 6.5 and they're still only supporting 4.5!!!
EvilPeppardAuthor Commented:

As for checking permissions on the files I listed in the crash report above, what specifically are you suggesting I look for, or potentially change?

I am still open to trying to get this to work for non-domain admins.  In fact, I would love it if I could, I just don't want to create a security breach trying to make this one program work.
Tony JLead Technical ArchitectCommented:
The problem that you have, is that it may not be the actual application listed that caused the crash.

Since it works for administrators, I think we can rule out a basic OS incompatibility.

You are really going to have to follow the steps I gave above to use Process Monitor to determine which files and/or folders and/or registry keys are responsible.

It's not half as daunting as it sounds.

In terms of security - usually rare to introduce any potential holes as more often than not you're going to relax files and keys that should already have those relaxed permissions.
EvilPeppardAuthor Commented:
Well, ok.  I will look at your steps from above when I have a minute.  The priority on this has dropped significantly.

Thank you again for your assistance with this.  I will report back after I have tried the steps.
EvilPeppardAuthor Commented:
I still have not gotten this particular program to work in our XenApp 6.0 environment, but as I said, the program has become a low priority, and now may actually get fully replaced, partially because of its lack of compatibility with XenApp.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now