Applications that are sequenced through the App-V 5.0 SP1 sequencer may not be installed correctly


Microsoft has published a new Knowledge Database regarding an issue with the MSI generation of the APP-V 5.0 SP1 X64 Sequencer. However only the 64-bit sequencer is affected by this issue.

Symptoms are described as following:

Applications that are sequenced through the Microsoft Application Virtualization 5.0 Service Pack 1 (App-V 5.0 SP1) sequencer may not be installed correctly when you try to add the package by using the generated MSI. The MSI setup starts, continues, and then exits without generating an error message. Additionally, a generic event that resembles the following will be logged in the Application log:

Log Name: Application
Source: MsiInstaller
Event ID: 1033
Task Category: None
Level: Information
Keywords: Classic
Windows Installer installed the product. Product Name: MyApp 1.0 Product Version: 1.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.

Note MsiInstaller 1033 events that have a status code of 1603 are generic and only indicate an installation failure. You must collect MSI logs to definitively identify this scenario. For information about how to do this, see the “More Information” section.


Visit the KB Article @ for workarounds and more information about this issue.


SPA Team



Rocket speed for large MSI packages

The Microsoft Windows Installer Technology has many different possibilities to speed your software package installation time.



The first obvious property MSIFASTINSTALL=0 can be set and will reduce the installation time. It’s a property introduced by Windows Installer version 5.0

Here the list of available values – good to see what options are part of the default setting

0 Default value
1 No system restore point is saved for this installation
2 Perform only File Costing and skip checking other costs
4 Reduce the frequency of progress messages


The second property DISABLEROLLBACK=1 is a real installation speed improver for large Windows Installer packages. This property is not well known as it’s property name does not reflect that it will enhance the installation speed aswell.

As this property will disable the rollback function, use it on software packages that have been tested in your target OS environment to make sure that the limited rollback functionality will not used.


Is your installation still not fast enough? Check the source files! Best performance can be achieved by using external compressed cab files.



Do not create log files! Log files will slow down your installation. Some vendor installation are using the MsiLogging property that will crates log files. Use a transform file and remove this property from the property table.


Insane but a verbose log file for a large installation can reach very fast unbelievable sizes

At the end combining all small possibilities can rocket speed your installation time. But bear in mind that Windows Installer based setup files will take some time when reaching > 30’000 file resources even using all possible speed enhancement tricks.

Citrix Application Streaming / Profiler – End of Life


Citrix has announced that their Application Streaming technology wont be supported on Windows 2012 Server.

According to “Calvin Hsu” from Citrix Inc.  development has actually stopped and Citrix is now recommending to switch over to Microsofts Application Virtualization Technology App-V.

Citrix wont provide any migration tool, therefore recreation of all packages will be required if you are planning to switch over to Windows 2012 Server for your Citrix environment.

Ontrex SPA has great experience in such migration projects and is one of the leading technical App-V consulting teams in Switzerland. If you need any assistance, we are the right choice for your project!



AdminStudio 2013 now available for immediate download

We are happy to announce the immediate availability of AdminStudio 2013 for customers with an existing maintenance plan.


You can download/request your own copy of AdminStudio here:

Flexera is also providing new serial numbers for “AdminStudio for Symantec'” Customers

Original Quote:

“Special Notice for AdminStudio for Symantec Customers – This is a new Flexera Software serial number and will replace the serial number provided to you by Symantec. Please use this new serial number for fulfillment of AdminStudio 2013.'” 

We offer assistance if you are planning upgrading your AdminStudio Environment or you need any other technical advise.


SPA Team


Quick Tip: Use ProcMon to detect permission issues

Ever wondered how to use procmon to detect permission problems inside an application?

We have created a short youtube tutorial to show you how you can use procmon to pin down the locations which are requiring more permissions.

In fact we are using an old self written demonstration tool for this purpose which tries to write to “C:\Program Files (x86)\VUEE\settings.txt”. However,  we are logged in as unpriviliged user.

PS: ProcMon shows an UAC (Credentials)-Prompt which is not visible on this video.

Continue Reading

COM Components

The Component Object Model (COM) is a technology developed by Microsoft to enable Windows interprocess communication and dynamic object creation. COM Objects are language independent and can be implemented in any development language which has a compiler that can compile the approriate code, such as C++.

Typical examples of compiled code are:

  • DLL (Dynamic Linking Library)
  • OCX (ActiveX control)
  • TLB (Type Libraries)
  • EXE (Executables)

The access to the funtionality of a COM Object takes place through an interface, which allows the functions offered by the COM Object.

Using the “REGSVR32.EXE” Tool the most common binaries such as DLL and OCX can be registered. Thereby new class IDs are created in the registry database that refer to the relevant binary file. Thus, their functions can now be used on Windows and programs access the class IDs to perform required functions.

Examples registering compiled codes:

In case of DLL/OCX

To register a DLL or OCX, use regsvr32.exe as follows:

  1. Select Start -> Run
  2. In the dialog box, type the following:

Regsvr32 <full path of DLL or OCX to be registered>

For example, “regsvr32 C:\Windows\System32\msaatext.dll” would register the library named msaatext.

If successful, you’ll see the message:


Why not all DLL’s can be registered

A DLL needs to be specifically written to be used with the regsvr32 command to register.
The DLL must implement DllRegisterServer and DllUnregisterServer, which contain the logic that is necessary to add or delete the required registry entries for the COM component. RegSvr32 finds the entry point to these functions, and calls them appropriately.
If the DLL was not written to be used with regsvr32 then the conventional entry point will not be found, and you get an error message.


In case of TLB

To register a type library, use regtlib.exe.

  1. Select Start -> Run
  2. In the dialog box, type the following

Regtlib <full path to the type library>

For example, “regtlib C:\Program Files\MyApp\MyTypeLib.tlb” would register the library MyTypeLib.

If successful, a dialog box similar to the one shown for the DLL will appear.

In case of EXE

To register an EXE:

  1. Select Start -> Run
  2. In the dialog box, type the following:

<Full path of the EXE file> /RegServer

For example, “C:\Program Files\myAPP\MyEXE.exe /RegServer” will register the Executable MyExe.exe.


Different Types of registration Keys



Below you find some registry keys in relation with com components and its explanations.


A CLSID (class identifier) is a globally unique identifier that identifies a COM class object.  The CLSID is a 128-bit number, spelled in hexadecimal format, within a pair of braces.

One of the following values must exist to instruct the system where to find the component:

 HKEY_CLASSES_ROOT\CLSID\<CLSID> (default) = <human-readable class name>
 HKEY_CLASSES_ROOT\CLSID\<CLSID>\LocalServer = <full path to 16-bit file>
 HKEY_CLASSES_ROOT\CLSID\<CLSID>\LocalServer32 = <full path to 32-bit file>
 HKEY_CLASSES_ROOT\CLSID\<CLSID>\InprocServer = <full path to 16-bit file>
 HKEY_CLASSES_ROOT\CLSID\<CLSID>\InprocServer32 = <full path to 32-bit file>

On 64-bit Windows, 64- and 32-bit in-process servers uses the InprocServer32 entry.

Other optional values include:

 HKEY_CLASSES_ROOT\CLSID\<CLSID>\DefaultIcon = <path to file, icon index #>


The ProgID (programmatic identifier), is a Registry entry that can be associated with a CLSID. The format of a ProgID is <Vendor>.<Component>.<Version>, separated by periods and with no spaces, as in Word.Document.6. Like the CLSID, the ProgID identifies a class, but with less precision. The ProgID is stored under the following registry key:

 HKEY_CLASSES_ROOT\<ProgID>\(default) = <human-readable component name>

There are also version-independent program ID’s with the format <Program>.<Component>, as follows:

 HKEY_CLASSES_ROOT\<Versionless-ProgID>\CurVer = <ProgID>


COM uses the word interface in a sense different from that typically used in Visual C++ programming. A C++ interface refers to all of the functions that a class supports and that clients of an object can call to interact with it. A COM interface refers to a predefined group of related functions that a COM class implements, but a specific interface does not necessarily represent all the functions that the class supports.

If the component needs to register an interface, it requires the following syntax:

 HKEY_CLASSES_ROOT\Interface\<IID>\ProxyStubCLSID or ProxyStubCLSID32 = <CLSID>


Type libraries are files that explicitly describe some or all of the contents of components. This includes information about the methods, properties, constants, and other members exposed by the component. The following Registry keys are also set in this case:

 HKEY_CLASSES_ROOT\Interface\<IID>\TypeLib\(default) = <TypeLib>
 HKEY_CLASSES_ROOT\TypeLib\<TypeLib>\<#.#>\<#>\<Platform>\(default) = <path to .TLB file>


If your typelib isn’t locale-specific, you can specify 0 for the <LCID>.

<Platform> can be win32, win64 or win16 depending on the platform of the binary.


The AppID concept was introduced as part of the security support in COM. The AppID essentially represents a process that is shared by multiple CLSIDs. All objects in this process share the same default security settings.

DCOM provides mechanisms to externally configure security settings for objects and clients. In the current implementations of DCOM all security policies are enforced at the process level. All objects in a process share the same security policies, unless they programmatically override them. To match this process-wide security configuration, DCOM introduces the concept of an AppID.

AppIDs group the configuration options for one or more DCOM objects into one centralized location in the registry. COM objects hosted by the same executable must map into the same AppID. In-process COM objects that are run in a surrogate process can be forced into the same process by assigning the same AppID to their CLSID entries.

The AppID is a string which looks like a filename, e.g. “MYAPP.EXE”.

 HKEY_CLASSES_ROOT\AppID\<AppID>\DllSurrogate or DllSurrogateExecutable = <path to file>
 HKEY_CLASSES_ROOT\AppID\<AppID>\LocalService and ServiceParameters

Registering COM Component in a MSI

Windows Installer Best Practices does not recommend using the SelfReg and TypeLib table to register a COM Component.
Instead use the registry table to add the COM registration information.

To get the registration information use any “Registry Capturing tool” like RegShot to capture the registry keys. The captured registry keys should be imported into the registry table in the MSI.

The AdminStudio Software Packaging Tool contains a “Component Wizard” which automatically extracts the necessary informations and implements into the installation.


The Future of COM Components

The trend is increasingly towards .NET Framework.
The .NET Framework provides bi-directional interoperability with COM, which enables COM-based applications to use .NET components and .NET applications to use COM components.

Good to know that .NET relies on COM+ for its enterprise features.  At least for the time being these technologies are complimentary.  And COM is one of the core technologies that is not going away any time soon either, although from the client’s perspective, there will be more and more .NET managed APIs exposed over time, which will provide developer with a choice of interfaces.



Whats new in InstallShield 2013?

Flexera has released its newest version of their Setup Authoring Software called “InstallShield”. As a matter of fact this will be included in the next major release of  the AdminStudio Suite.


Meanwhile Flexera has published the full change/release notes of InstallShield 2013 here:

Q210472: InstallShield 2013 Release Notes

The most interesting finding so far is that you wont be able to create App-V 5.0 packages if your “building”/”development” machine is not yet running Windows 8 or Windows Server 2012.

What are your thoughts about the new version? Are you satisfied? Let us know in the comments section!



Java 7 Update 21 Control Panel Applet may crash if installed by MSI file directly


A customer which is using our DPD Version of the Java Runtime Environment (JRE) came across a few hours ago and reported the following issue:

You may receive the following error message when you try to open the Java Control Panel:


Solution / Workaround

After some investigation with Procmon it looked it turned out that a “vital” registry key/value was missing.

As it looks right now the following key will only be written using the original setup bootstrapper (= e.g jre-7u21-windows-i586.exe).

If you are installing directly using the extracted Windows Installer Database / MSI the key wont be written and this may lead into this error message.

How ever it can be easily fixed by adding the missing registry key to the registry or the installation source (e.g  MSI Transform):

32-Bit/X86 JRE on 32-Bit/X86 Windows:

Windows Registry Editor Version 5.00

32-Bit/X86 JRE on 64-Bit/X64 Windows:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Auto Update]

64-Bit/X64 JRE on 64-Bit/X64 Windows:

Windows Registry Editor Version 5.00


Our DPD packages will be updated asap to include this workaround until Oracle fixes this in their installation routine.

If you need any further information or support regarding this problem feel free to contact us.


Additional information:


new blog design/layout!

After nearly 4 years with the same blog design (we started this blog back in 2009)  we have decided to  “fresh up” the layout and the design a little. We hope you will enjoy the new design as much as we do!


SPA Team

SHIMs and APP-V 5.0

We are glad to publish our first blog post from our new APP-V 5.0 advanced techniques series. Today we will have a look onto the new possibility to execute programs & scripts and how to implement shims in that case properly.

With APP-V 4.6 you couldnt really benefit from shims because there was no Event Action where you could trigger an elevated process (All actions were in current-user-context).

There was actually an article from microsoft about it here:

However this was limited to environments where user DO have administrative priviliges, however this doesn not apply to most enterprises.

There are of course other solutions like maintaining the shims centrally or deploying them with some classic approach. however most customers really want to keep everything inside the package and prefer to use per user deployment only.

If you dont have a clue what SHIMS or ACT (Application Compatibility Toolkit) is all about, stop here and check out this comprehensive article first:

As you maybe already know Microsoft introduced the possibility to execute “actions” under the “System” Account for certain events:



Our example today is a selfmade application called AdminRequired. Yeah, its just an example application which we will use to see our SHIMs working in action!

The application basically just tries to elevate (Vista+, requireAdministrator as requested execution level) and afterwards it runs a deprecated API Call to verify if the current user has administrative priviliges.
In this example application I did actually use the IsUserAnAdmin function from the Shell32.dll (Source: As you can imagine this isn’t really a real world scenario however it will help us to demonstrate the Shim fixes.

We are glade to provide you with this application so you can actually try the tutorial for yourself.

Download: AdminRequired.msi

Lets examine our application!

As always we just start by installing this application without using the sequencer. You are asking why?

App-V is not a application compatibility framework or something similiar!

As we already know that our program will produce trouble we should fix those issues first!

I recommend to use a Windows Vista+ Machine with UAC for our demonstrating purpose. After the installation login with an unprivilged (non-admin) User and try to start the application.

The following screen will appear:


The application is requesting elevation, and because the current user does not have administrative privileges it actually proposed the local admin account.

This however can be easily fixed. To proceed with our application we simply open up a new cmd window and set the __COMPAT_LAYER Environment Variable to “RunAsInvoker” to override the original executionlevel request:



The program starts now without any UAC prompt however our API call still fails:



Lets shim it!

The only way to implement a workaround for this is now using the Application Compatibility Toolkit (Short ACT). The newest version can be obtained from the Windows Assessment and Deployment Toolkit (ADK).

Install this Tool (only the Application Compatibility Toolkit Feature is required) now on your Workstation or the virtual machine and run the Compatibility administrator, in our case 32-bit variant because our executable is a 32-bit executable.


Then we need to create our “Application Fix”. Rightclick onto “New Database” -> “Create New” -> “Application Fix…”



Fill in the information as shown on the screenshot. Lets proceed with “Next > “.


The first fix (no UAC Prompt) is applied by enabling the predefined compatbility mode “RunAsInvoker”. However for our deprecated API we still need another fix. “Next > “.


“ForceAdminAccess” shims various API Calls which are checking whetever the current user has somehow administrative priviliges. By enabling it for our application it will catch our API Call and always return true. More Information: Lets continue!



The proposed Matching information should usually be suitable your needs. Click “Finish”.

Our “Shim DB” is now finished and should look now like this:




Save this Database now with the name “AdminRequired.sdb”.

Include into our App-V Package

Now we can start with sequencing our application. This however should be easy and you may follow “common sequencing best practices” to create your package.

Open the package in the sequencer (Editing-Mode) and add your created shim database into the scripts folder:






Save the package. We are now ready to adjust the deployment config file to implement the SHIM Installation/Uninstallation upon package import.

Implement the Action

In our example we implement the required action into the deployment XML File (appvname_DeploymentConfig.xml)

Adjust the file as following:


I recommend to use an editor with XML syntax highlighting, otherwise the risk may be very high to include some typos or to miss some other vital elements. If the xml is malformed somehow it will simply fail and have no effect on the client machine.

Test / Run it App-V Streaming Server

Import the package into the console and ensure that your are overwritting the default configuration with your adjusted deployment_config.xml (this wont happen automatically).

Edit the default configuration…


and Import your customized XML File:



Test / Run it PowerShell CMDlets

Import and activate the package. Dont forget to specify the _DeploymentConfig.xml otherwise the information wont be applied!

Add-AppVClientPackage –Path c:PathToMyApp.appv -DynamicDeploymentConfiguration c:PathTo_DeploymentConfig.xml | Publish-AppVClientPackage

 You should be able to test the result for your own now 🙂

Its NOT working!

It is! Did you miss to enable script execution in/for App-V 5.0? (PackageScripts)

PowerShell CMDlet:

Set-AppVClientConfiguration –EnablePackageScripts 1


SPA Team