VDA Agent Software installation failure with either “Program cannot start, missing mfc120u.dll” or post deployment launch failure with message “Problem starting CtxLocationApi64.dll”

The MFC files are NOT available in the “Minimum” variant of the Runtime Installation.

A little background on why this issue happens.

Microsoft allows software vendors to install Microsoft VC++ (x66 / x64) Runtime libraries in either “Minimum” And / OR “Ädditional” variants for same version. Or you can say permits parallel install of both variants.

This can be checked under “Programs and Features or Appwiz.cpl”.

Note: The application vendors can also HIDE these Runtime Libarary installs by passing a argument during install, which can be checked in the Windows Registry at the following location:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall

One has to explore the random generated GUID under this Key and look for the “DisplayName”.

The Parameter “SystemComponent” with REG_DWORD 0x0 allows it to be hidden and not visible in the Programs and Features control panel applet. You can unhide by flipping the DWORD to 0x1.

VC++ Minimum Runtime by Adobe Acrobat 2015 DC

Related:

  • No Related Posts

When User Profile Manager is Enabled a Prompt Appears “How do you want to open this type of link (http) ?”

As a workaround create the initial registry FTA entries with a local policy so that the FTA choice is set when the profile is created.

1. Choose a target machine with the same OS as the VDA.

Set the file type associations as desired in control panel.

Here set HTTP and HTTPS to use Internet Explorer.

IE Default


2. Run the command Dism /Online /Export-DefaultAppAssociations:C:AppAssocAttac.xml (this will create a XML file with the configurations of default programs for different file extensions )

Create a GPO or a local policy.

3. Expand to the policy location , Computer configurationPoliciesAdministrative TemplatesWindows ComponentsFile Explorer.

4. On the right side pane select the policy “Set a default associations configuration file”

User-added image
5. Click on Enabled and then give the path of XML file in the options area.

6. Save settings and exit the policy editor enable loopback processing

7. Apply the policy to the OUs where the servers are placed.

On VDA run gpupdate /force so that changes would take effect immediately.

8. Run RSOP.msc in the servers, and make sure the policies are properly applied.

9. Launch new HDX session . Try to open the link in Outlook. There is no longer any prompt to open a http or https link whether in Outlook or Wordpad.

Related:

  • No Related Posts

7022790: “Secure Shell Server Configuration Tool has stopped working” error after clustered RSIT upgrade

Workaround:

1. In Failover Cluster Manager, expand the cluster RSIT is running under, click on Roles.

2. Select the RSIT role/Generic Service that RSIT is configured under. Take note of the IP address.

3. Right click on the same role and choose properties. Take note of the settings under both General and Failover tabs. Click OK.

4. Left pane, Storage, Disks, check if any disk(s) are currently assigned to the RSIT role.

5. Right click on the role and choose “Stop Role”.

6. Right click on role and select “Remove”.

7. On the passive server, use Control Panel to uninstall RSIT, reboot.

8. On the active server, use Control Panel to uninstall RSIT, reboot.

9. Install RSIT build 8.2.1.1100 on the passive server, reboot.

10. Verify that RSIT service is not running under Windows’ Services.

11. Install RSIT build 8.2.1.1100 on the active server, reboot.

12. Verify that RSIT service is not running under Windows’ Services.

13. In Failover Cluster Manager, expand the cluster RSIT will run under.

14. Right click on Roles and choose “Configure Role”.

15. Under “Select Role”, choose “Generic Services”. Click Next.

16. Choose “Micro Focus Reflection for Secure IT Server” from the list.

17. Enter a name for the Cluster role and the IP address it is using (Step 2).

18. When prompt to “Replicate Registry Settings”, add this HKEY_LOCAL_MACHINE key: SOFTWAREMicro FocusRSecureServer

19. Check the new RSIT role properties, match it to what was noted (step 3).

20. On the active server, ensure that the RSIT console opens.

21. Test the connect.

22. Failover to passive server, test step 20 and 21 on the new active server.

Related:

  • No Related Posts

XenApp 6.5 – Unable to install XenApp Role if TLS1.0 is disabled

1.In Control Panel, click Administrative Tools, and then double-click Local Security Policy.

2.In Local Security Settings, expand Local Policies, and then click Security Options.

3.Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Enabled.

4. Run gpupdate /force

Retry the installation.

NOTE: If it doesn’t work, please go to C:ProgramDataMicrosoftCryptoRSA and grant “Network Services” Read permission to “MachineKeys” folder. Then restart server to have a try.

Related:

  • No Related Posts

7022908: How to completely remove eDirectory 9 from Windows Server

This document (7022908) is provided subject to the disclaimer at the end of this document.

Environment

eDirectory 9

Windows Server 2012 R2

Windows Server 2016

Situation

Scenario 1: eDirectory installation failed and left a partially installed instance behind.

Scenario 2: Currently configured instance of eDirectory needs to be uninstalled.

Resolution

  1. Verify that the configured instance, if any, is stopped:

    1. Open the Services.exe Utility:

      Control Panel | Administrative Tools | Services
    2. Scroll to the bottom and look for a service named “x64 NDS Server…”
    3. If it is running, click on the item in the list and click “Stop the service”.
    4. If it fails or does not stop in a timely manner (3 minutes or less), use Windows Task Manager to end the “NetIQ eDirectory Host Environment” task.

  1. Close any open eDirectory utilites, such as ndscons.exe (NetIQ eDirectory Services) or dsrepair.
  1. If the “slpd” task is running, please end the process using Windows Task Manager.

  1. Uninstall eDirectory and NICI:
  1. Open Programs and Features:

    Control Panel | View by: Small icons | Programs and Features
  2. Select “NetIQ eDirectory 9” from the list and click “Uninstall”.
  3. Once the uninstall is complete, repeat the previous step for “NICI U.S./Worldwide”.

  1. Run the eDirectory scrub utility from TID # 3004658:
  1. Follow the instructions under the “Additional Information” section.
  2. After copying the script to a file named “edirScrub.bat”, open a command prompt AS AN ADMINISTRATOR and enter one of the following commands, depending on the directory structure of your installation:

> .edirScrub.bat C:NovellNDS

OR

> .edirScrub.bat C:NetIQeDirectory

The eDirectory removal is now complete.

Note: Although unnecessary, some administrators may opt to restart the Windows server at this point.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

Unpacks install script then deletes everything except install script and containing folders

I need a solution

(Windows Server 2003) I am currently installing Symantec Endpoint protection on a server bed.  I have installed the SEPM on the management server, then I installed SEP on the  two domain controllers.  When I try to install SEP on the SEPM server the in seems to unpack files as the progress bar fills in then once it seems to almost be done it starts deleteing the unpacked files except for some temp files and the install script and (besides the progress bar going back down to nothing then disappearing) does nothing else.  No start menu folders or icons are made and there is no program put into the control panel add/remove programs list.  When I reboot the temp files are gone and all that remains is the C:Program filesSymantecSymantec Endpoint Protection12.1.4112.4156.105Scriptsinstallscript.sis file.  How can I remembdy this situation and get the Enpoint protection manager to install properly? This happens on all remaining memeber servers.

0

Related:

  • No Related Posts

7021496: Reflection Workspace and Host Session Fails to Launch When Installed to a Network Drive

To launch Reflection, you must change the .NET Framework configuration on your workstation to grant access by following these steps:

Reflection Desktop 16, Reflection 2014, and Reflection 2011 R2 or R3 require 4.0 .NET Framework.

Reflection 2011 R1 requires 3.51 .NET Framework.

All versions of Reflection use the core functionality provided in the 2.0 .NET Framework.

  1. Obtain the .NET Framework 2.0 Software Development Kit (SDK) from http://www.microsoft.com/en-us/download/details.aspx?id=19988 and install it to your workstation.
  2. On your workstation, go to Control Panel > Administrative Tools.
  3. Select “Microsoft .NET Framework 2.0 Configuration.”
  4. Expand the tree to Runtime Security Policy > Machine > Code Groups > All_Code > LocalIntranet_Zone.
  5. In the right pane, under Tasks, click the link “Add a Child Code Group.”
  6. Enter a name for the group. Click Next.
  7. Select URL from the Condition Type drop-down list, and then click Next.
  8. In the URL field, type the path to the folder where you installed Reflection. Click Next. (For example, file://Z:/Program Files/Attachmate/Reflection2011/*)
  9. Select FullTrust from the “Use existing permission set” drop-down list.
  10. Click Next and Finish.

Workaround

To avoid this problem, install Reflection to a local drive.

Related:

  • No Related Posts

7022886: Windows 10 v1709 Reports “Failed to Get Network Providers” under Advanced Settings of Network Connections

This document (7022886) is provided subject to the disclaimer at the end of this document.

Environment

ZENworks Configuration Management

Situation

The “Provider Order” dialogue under Advanced Settings under Network Connections returns “Failed to get network providers”.
There are no other known issues associated with this issue at this time.

Resolution

Note: Only Create the ‘Devicename’ value specified below, if they keys under which it is to be created already exist.
Manually add a REG_SZ value named “DeviceName” under [HKEY_LOCAL_MACHINESystemCurrentControlSetServicesZenCredManagerNetworkProvider] and set the value to “DeviceZenCredManager”

Manually add a REG_SZ value named “DeviceName” under [HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLCredMgrNetworkProvider] and set the value to “DeviceLCredMgr”

If the FDE Spoke is installed, the following may be necessary.

Note: Only Create the ‘Devicename’ value specified below, if they keys under which it is to be created already exist.
Manually add a REG_SZ value named “DeviceName” under [HKEY_LOCAL_MACHINESystemCurrentControlSetServicesPBACredManNetworkProvider] and set the value to “DevicePBACredMan”

Cause

The “DeviceName” value is defined as an Optional Attribute for Credential Providers.
Despite still being documented as optional by Microsoft in Windows 10 1709, when it is not defined it can impact the “Change Provider Order” starting in Windows 10 1709.

Status

Reported to Engineering

Additional Information

The OES Client may also cause the issue and requires a similar update to the registry.
Note: Other Credential Providers may cause the similar issue, so if the changes above do not resolve the issue….check for other 3rd party providers that may need similar entries created.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

7021931: Automating SSH, SFTP, and SCP with Windows Scheduled Tasks

Automating SSH, SFTP, and SCP connections using the Windows Scheduled Tasks utility and the command line requires the following steps:

Note: If the Windows account that is used to run the task is a member of the Administrative group, skip both Step 3 and Step 4. There is no need to add privileges to the Administrative account. However, if your company security policy prohibits running a task with an account that is part of the Administrator’s group, follow Step 3 and Step 4 to amend the account permissions.

Step 1: Configure Public Key Authentication with a Blank Passphrase

  1. Launch the Reflection FTP client.
  2. Under “Connect to FTP Site,” click New.
  3. Enter the name of the host you will be connecting to. Click Next
  4. Under “Login Information,” click the Security button.
  5. Click the “Secure Shell” tab.
  6. If “Use Reflection Secure Shell” check box is not already checked, select it.
  7. Click Configure.
  8. On the User Keys tab, click Generate.
  9. Select the key type and length required to satisfy your corporate security policy. Select the No passphrase check box, and then click Create. Click Save. The new private key appears in the User Keys list.
  10. Verify that the new key is selected (a check mark is displayed in the Use column).
  11. Click Upload, and follow the prompts to upload the public key to the remote host. You will most likely be prompted for a password during this process.
  12. Once the upload process has completed, click OK.
  13. Click OK to close the “Security Properties” dialog box.
  14. In the Login Information dialog box, click Next.
  15. In the User name field, enter the user name that should be used for the automated transfers. Click Next.
  16. Click Finish. By default, we will try to connect to the remote SFTP server using the new key we have generated from above.

If connection is successful, key authentication is now configured for all SSH, SFTP, and SCP connections from the Windows account you are logged in with, to the specified host, using the specified host account. This includes both Windows-based clients and command line clients.

If a banner requiring user interaction is normally displayed when you connect to the host, on the General tab, change the Logging Level to Quiet. This step is not necessary if you do not have a login banner, or if you are using the command line client, as no user interaction is required in those scenarios.

Note: If public key upload was successful but public key authentication fails, it is possible that the remote SFTP server stores the user’s keys in a none default location. Please contact the remote administrator and have the key relocated to the correct folder.

Step 2: Create a Batch File with Connection Commands

Create a Windows batch (.bat) file that contains the connection commands appropriate for your task. For a complete list of SFTP, SCP, and SSH, syntax and commands, open a Windows command prompt and enter <command> -? , where command is SFTP, SCP, or SSH.

Batch file examples:

"C:Program FilesAttachmateRSecuresftp.exe" -B "C:pathbatch_file.txt" user@host

"C:Program FilesAttachmateRSecurescp.exe" user@host:file "C:pathfile"

cmd /c ""C:Program FilesAttachmateRSecuressh.exe" user@host ls > "C:pathfile.txt""

Before proceeding, run each batch file manually to ensure it works correctly.

If the batch file is not working, you can collect error and debug logging information for troubleshooting using syntax such as:

"C:Program FilesAttachmateRSecuresftp.exe" -vvv -B "C:pathbatch_file.txt" user@host 1> "C:pathdebug.txt" 2> "C:patherrors.txt"

Note the following:

  • If you prefer not to create a batch file for the required tasks, you can configure the task to run the appropriate product executable instead (sftp.exe, scp.exe, or ssh.exe). In this case, after creating the task in “Step 5: Configure Windows Schedules Tasks to Run the Batch Files,” edit the task to include the appropriate command syntax, as shown in the examples in Step 2. (This customization is done in the Run field of the Task tab.)
  • If you need to run the batch file or executable with a Windows account other than the one configured for public key authentication, you can use the –k switch to point to the .ssh directory of the configured account, which contains the required keys and configuration file (named config).

Step 3: Assign “Log on as a Batch Job” Permissions

For tasks to be run by the Task Scheduler, Windows requires that the account running the task be logged on to Windows or have “Log on as a batch job” permissions. These permissions are automatically assigned:

  • To members of the Administrator’s group.
  • In Windows XP, if you are a member of the Users group and you create a scheduled task.

Note: When a task is created, these permissions are not automatically added for members of the User’s group in Windows 7 or Windows Server 2008.

If the account you plan to use does not have “Log on as a batch job” permissions, follow the steps below to add these permissions to the account.

Warning: For security reasons, we recommend that you only grant these additional privileges to the required user or users.

  1. Login to the Windows system with an account that is part of the Administrator’s group.
  2. Click Start > Run; in the Open field, enter secpol.msc, and then click OK.
  3. Double-click Local Policies > User Rights Assignment.
  4. Double-click Log on as a batch job.
  1. Click Add User or Group, and add the user or group.
  2. Click OK to save the change and exit the properties window.

Step 4: Assign Account Permissions to the Reflection SSH Com Server

If a scheduled task is configured to run sftp.exe, scp.exe, or ssh.exe, and both of the following are true, the task will fail due to insufficient privileges:

  • The user account used to generate the public keys and to schedule the task does not belong to the Administrator’s group, and
  • The user is currently logged out of Windows.

When this occurs, the Last Results column (Last Run Results in Windows 7 and Windows Server 2008) in Scheduled Tasks displays 0x57. This code indicates that additional privileges are required to run the Reflection SSH COM server (rssh.exe) when the user is not logged in to Windows.

The privileges required to run the executable are Local Launch and Local Activation. These permissions are automatically assigned to members of the Administrator’s group. If the public key was generated by, and the scheduled task belongs to, a user who is part of the Administrative group, you can skip this section. Otherwise, follow the steps below to add these specific permissions to the user account used to generate the key and run the scheduled task.

Warning: For security reasons, we recommend that you only grant these additional privileges to the required user or users.

  1. Login to the Windows system with an account that is part of the Administrator’s group.
  2. Click Start > Run, in the Open field, enter dcomcnfg.exe, and then click OK.
  3. Double-click Component Services > Computers > My Computer and click DCOM Config.
  4. Scroll down to the object named {AA76F3C3-B544-4E32-B5CC-38F0B09CB5F}, right-click the object and click Properties. You are now in the properties of the SSH COM object.
View Full Size

Figure 1 - Access the Properties of the SSH COM Object
Figure 1 – Access the Properties of the SSH COM Object
  1. On the Security tab, in the Launch and Activation Permissions group, select Customize, and then click Edit.
  2. Click Add. Locate and add the required user(s) or group(s), and then click OK.
  3. In the “Group or user names field,” select the user or group
  4. In the Allow column, select the Local Activation check box, and verify that Local Launch is already selected. (Local Launch should be selected by default.)
Figure 2 - Configure new user (Lilly) for Local Launch and Local Activation Permissions

Figure 2 – Configure new user (Lilly) for Local Launch and Local Activation Permissions

  1. If you are configuring multiple users or groups, repeat steps 6 through 8 for all users and groups.
  2. Click OK > OK and close the Component Services dialog box.

Step 5: Configure Windows Scheduled Tasks to Run the Batch Files

Follow these steps to automate the file transfer using Scheduled Tasks.

In Windows 7 or Windows Server 2008:

  1. From the Administrative Tools menu, select Task Scheduler.
  2. Click Action > Create Basic Task.
  3. When prompted, enter a name for the task, then click Next.
  4. Under Task Trigger, select “When do you want the task to start.” Click Next and fill in the details.
  5. Under Action, select “Start a program,” click Next, and then browse to and select the batch file you created in Step 2: Create a Batch File with Connection Commands. Click Open, and then click Next.
  6. Under Finish, select “Open the Properties dialog for this task when I click Finish.”
  7. On the General tab of the Properties dialog box, under Security options verify that the user name shown under “When running the task, use the following user account” is the Windows account used to setup the public key authentication. If not, modify this setting.
  8. Select “Run whether user is logged on or not,” and then click OK.

Note: If the Windows account that is used to run the task is a member of the Administrative group, under the General tab, select the option “Run with highest privileges.”

In Windows XP:

  1. From the Control Panel, select Scheduled Tasks.
  2. In the Scheduled Task Wizard, browse to and select the batch file you created in “Step 2: Create a Batch File with Connection Commands,” and then click Open.
  3. When prompted, enter a name for the task, then set the frequency, start time and start date.
  4. Configure the task to run under the Windows account used to setup the public key authentication.
  5. Select “Open advanced properties for this task when I click Finish,” and then click Finish.
  6. Make sure that “Run only if logged on” is not selected (the default) and click OK.

At this point you should see your new task listed in the Task Scheduler (or Scheduled Tasks) window.

Test the New Task

While still logged in to Windows, right-click the new task and select Run. If the task successfully runs, the Last Result field in the Scheduled Tasks window should show 0x0. (On Windows 7 and Windows Server 2008, this “Last Run Result” field also includes the statement “The operation completed successfully.”) If you encounter problems, please refer to the following:

  • In Windows 7 and Windows Server 2008, in the Task Scheduler window, select the task, click the History tab, and see if there are any logged errors.
  • In Windows XP, in the Scheduled Tasks window, click Advanced > View Log, and see if there are any logged errors.

Additional Troubleshooting help.

Set the Final Schedule

Once you have verified that the task can be successfully run, make any additional configuration tweaks to the task schedule, and you are done. The automated SSH, SFTP, or SCP task should now run automatically.

Related:

  • No Related Posts