[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Publishing application that requires elevated permissions in XenApp 6.0

Posted on 2011-10-07
13
Medium Priority
?
3,517 Views
Last Modified: 2012-05-17
I have a new XenApp 6.0 farm that I am about ready to deploy.  We currently are on a Platinum 4.5 Farm, which we will be retiring.

I have all my applications about published, but one application is not working correctly for everyone.  The published application will run just fine if the person running it is in our domain admins group, otherwise the application will not load correctly, and crash out on the person's computer.  The same exact application runs without any problems on our 4.5 Farm.

The published application seems to need some type of elevated privileges to run on XenApp 6.0.  Is there a switch or something I need to put in the command line properties of the published application to make it run correctly for everyone?  Obviously I cannot make all of my domain users admins.

Thank you in advance for your time and feedback.
0
Comment
Question by:EvilPeppard
  • 7
  • 5
13 Comments
 
LVL 19

Expert Comment

by:basraj
ID: 36941540
1. Check if domain users have permission to the folder where the exe or bat or cmd file of the application resides.
2. What is the error message that you see? Did you check profile or tried recreating them?
3. Did you check if that application is compatible to be run on win 2008? Instead of Citrix, RDP into the Xenapp 6 server and launch the apps to see what you get?
4. Disable any printer recreation temporarily and check?
0
 
LVL 26

Accepted Solution

by:
Tony J earned 2000 total points
ID: 36947167
You may want to disable UAC if not already.

In order to troubleshoot this kind of problem which is almost always permissions related on either a folder or registry key(s) I always fall back on Sysinternals' tools.

If you head over to www.microsoft.com/sysinternals and download process monitor, it allows you to monitor files and registry access.

It can be a bit long-winded to do, but the process I use is as follows:

Ensure that the problem application is published on only one server - if necessary, make a copy just for one of the affected users;

Log onto the server this app is  now published from via RDP as an administrative user

Fire up process monitor from within the RDP session and filter on the .exe in question. You can also set up a highlight - in the first instance, I tend to highlight anything containiend "Denied"

Try and launch the published application.

Stop process monitor filtering (it'll fill memory and paging fairly quickly).

Scroll through the results on both the file and registry keys for any accessed denieds - make a note of any you relax.

Try the application again, and if no success, relax other keys/run through the process again (it can sometimes work to a further point, but hit another permissions issue later).

It can be a bit tedious but the only alternative is to start giving users elevated permissions.
0
 

Author Comment

by:EvilPeppard
ID: 36951765
I disabled UAC, set it to 'Never Notify', rebooted the Citrix server (only have the app installed and published on one server) and tried it again.  The program loads up, then crashes at the very end.

For reference, the program is the Lenel security software which runs our card readers, door locks, and such.  We have the latest version and service pack from the vendor.  Again, it works just fine in our Platinum 4.5 farm that runs on Windows 2003 servers, just not our XenApp 6.0 farm, which runs on Windows 2008 R2 servers.

I tried using RDP to the server, then running the application, but I can only RDP to the server with an administrative account.  Of course the administrative account runs the program just fine with UAC disabled, or set back to 'Default'.

I know this won't me of much help, but here is the crash info from the published application.

"Problem signature:
  Problem Event Name:      APPCRASH
  Application Name:      SystemAdministration.exe
  Application Version:      6.4.500.0
  Application Timestamp:      4ddac6b2
  Fault Module Name:      KERNELBASE.dll
  Fault Module Version:      6.1.7601.17651
  Fault Module Timestamp:      4e211319
  Exception Code:      e06d7363
  Exception Offset:      0000b9bc
  OS Version:      6.1.7601.2.1.0.144.8
  Locale ID:      1033
  Additional Information 1:      df6e
  Additional Information 2:      df6e8eac191b7b2b0cb78f74ab3f2d32
  Additional Information 3:      ab2f
  Additional Information 4:      ab2f52ffd30a539e7364a5053a4784fd"

0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:EvilPeppard
ID: 36951878
I tried adding my non-domain admin account to the local server Administrators group, then used RDP.  I was able to get a remote desktop to the server, but the Lenel application crashed when I ran it through RDP.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36952423
Have you checked permissions on those files?
0
 

Author Comment

by:EvilPeppard
ID: 36980639
After contacting the vendor, they tell me their product only works with Citrix 4.5 and earlier.  The current version of Lenel software does not work on XenApp 5x - 6.x.

So, unless I want to publish this software just for Domain Admins, I cannot use the current version on my XenApp 6.0 farm.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36981519
Hmm...what exactly are they saying is the unsupported part, out of interest? Xen App or Windows 2008/2008R2?

I go back to what I said previously - I've got over 15 years of experience of making non standard / unsupported apps work in  a Citrix environment.

99% can be got to work in the environment - I caveat that with things such as incompatibility on x64 architectures.

 
0
 

Author Comment

by:EvilPeppard
ID: 36993707
@Tony1044

All I got from them is their current RDP-Licensed product only works in Citrix 4.5 or earlier.  It will not work in Citrix Environments newer than 4.5 at this time.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36993720
I hate companies like that because you're between a rock and a hard place. Get it to work and they won't support you. So what other option do you have? Walk away? Use out of date OS's and apps?

And for goodness sake...4.5 - We've had 5.0, 6.0 and now 6.5 and they're still only supporting 4.5!!!
0
 

Author Comment

by:EvilPeppard
ID: 36993723
@Tony1044

As for checking permissions on the files I listed in the crash report above, what specifically are you suggesting I look for, or potentially change?

I am still open to trying to get this to work for non-domain admins.  In fact, I would love it if I could, I just don't want to create a security breach trying to make this one program work.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 36998254
The problem that you have, is that it may not be the actual application listed that caused the crash.

Since it works for administrators, I think we can rule out a basic OS incompatibility.

You are really going to have to follow the steps I gave above to use Process Monitor to determine which files and/or folders and/or registry keys are responsible.

It's not half as daunting as it sounds.

In terms of security - usually rare to introduce any potential holes as more often than not you're going to relax files and keys that should already have those relaxed permissions.
0
 

Author Comment

by:EvilPeppard
ID: 37019422
Well, ok.  I will look at your steps from above when I have a minute.  The priority on this has dropped significantly.

Thank you again for your assistance with this.  I will report back after I have tried the steps.
0
 

Author Closing Comment

by:EvilPeppard
ID: 37981648
I still have not gotten this particular program to work in our XenApp 6.0 environment, but as I said, the program has become a low priority, and now may actually get fully replaced, partially because of its lack of compatibility with XenApp.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question