Forum Discussion
Stefan Georgiev
Microsoft
Dec 14, 2020MSIX app attach Azure portal integration public preview
MSIX app attach is an application layering solution that allows you to dynamically attach an application (that is an MSIX package) to a user session. Separating the application from the operating system makes it easier to create a golden virtual machine image, and you get more control with providing the right application for the right user.
Previously, you had to use PowerShell scripts to enable MSIX app attach. MSIX app attach capability is now available in public preview in the Azure portal and is integrated with Azure Resource Manager. This eliminates the need for custom scripts and makes it possible to publish your packaged applications to application groups with a few clicks.
Draft troubleshooting guide for MSIX app attach is available here.
Overview and requirements
Before you get started, make sure to fill out and submit this form to enable MSIX app attach in your subscription. If you don't have an approved request, MSIX app attach won't work. Approval of requests can take up to 24 hours during business days. You'll get an email when your request has been accepted and completed.
The following are the requirements to setup MSIX app attach in a Windows Virtual Desktop environment:
- Host pool in Windows Virtual Desktop with at least one active session host
- Host pool in the validation environment
- MSIX packaged application expanded into an MSIX image
- MSIX image is uploaded to file share
- The file share is accessible for all session hosts in the host pool
- When using a digital certificate that is not sourced from a CA please follow instructions here on each VM in the host pool
This video walks through the MSIX app attach UI.
Deploy WVD (Windows Virtual Desktop) host pool
The steps for deploying a WVD host pool are outlined here. It is mandatory to provision the session host pool in the validation environment.
MSIX application
MSIX app attach requires an application packaged as MSIX. If you do not have an MSIX application you can use the MSIX Packaging tool to repackage a Win32 application to MISX application. Instructions are available here.
Prepare MSIX image
MSIX app attach needs MSIX application to be stored in a VHD(x). Steps on how to perform the expansion are available here.
If you do not have access to an MSIX application and MSIX images feel free to use these. They are provided without any guarantees and should not be used in production environments:
Application name |
URL |
Chrome as MSIX image |
|
Chrome in an MSIX package |
|
Microsoft Edge Dev v89 as MSIX image |
|
Microsoft Edge Dev v89 as MSIX package |
|
Microsoft Edge Dev v87 as MSIX image |
|
Microsoft Edge Dev v87 as MSIX image |
|
PowerBI as MSIX image |
https://1drv.ms/u/s!Amut9BnVnw7mkOVkUdswoKXTk9dfUw?e=fGTHy5
Note: this has dependencies that need to be delivered in the master image Links available here https://1drv.ms/u/s!Amut9BnVnw7mkOQth1hkT-SRdP2__g?e=YHbice |
PowerBI as MSIX package |
|
WVDMigration as MSIX image (test different cert type) |
https://1drv.ms/u/s!Amut9BnVnw7mkOIEPLX6PYOzx96nrg?e=9qEpJc
|
WVDMigrationBAD as MSIX image (bad packaging format) |
|
Microsoft Edge Dev v87 as MSIX image (expired cert) |
https://1drv.ms/u/s!Amut9BnVnw7mkOJamDr-mrs3rOoeCg?e=43JT7E
|
Notepad++ as MSIX image (missing cert test) |
https://1drv.ms/u/s!Amut9BnVnw7mkOF-o-E-bhp_btLgJw?e=6DO9ea
|
If you are using your own application, you will need to install the certificate used to sign the MSIX package.
Install certificates
If you are using the provided MSIX applications, there are two certs:
- For Chome, Edge, and Power Bi: WVDContosoAppAttach.
- For WVDMigration*, WVDMigrationFabrikam
Configure a file share
All session hosts need access to the file share with MSIX app attach packages. This Tech Community blog covers the process.
Configure MSIX app attach via Azure portal
Open a browser, preferably in incognito mode, and load the following link: https://preview.portal.azure.com/?feature.msixapplications=true#home
In the search bar type Windows Virtual Desktop and click on the service.
Select a host pool where MSIX applications are to be delivered.
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Click + Add. This will open the Add MSIX package blade.
MSIX image path – this is UNC path pointing to the MSIX image on the file share. For example, \\storageaccount.file.core.windows.net\msixshare\appfolder\MSIXimage.vhd.
MSIX package – if a valid, resolvable, and accessible path is provided this drop-down will be populated by all the MSIX packages in the MSIX image.
Package applications – list of MSIX applications available in an MSIX package.
Display name – Optional display name to be presented in the interface.
Version – MSIX package version automatically delivered from parsing the package.
Registration type
On-demand – this is the recommended type of registration. It postpones the full registration of the MSIX application until and the user starts the application.
Log on blocking – this type of registration is executing during session logon hence adding time to session logon completion.
State – MSIX package has two states (Active and Inactive). When a package is active users can interact with it. Inactive packages are ignored by WVD and not delivered to users.
Click Save.
Publish MSIX application to an application group
In the WVD resource provider navigate to the Application groups blade.
Select an application group.
Note: During MSIX app attach preview MSIX app attach remote apps may disappear from the user feed. The remote MSIX apps can disappear from the user feed because host pools in the evaluation environment may get served by an RD Broker in a production environment (this happens when the RD broker optimizes to improve the end-user experience). Because the RD Broker in the production environment doesn't understand the date of the MSIX app attach remote apps, it won't display them.
Select the Applications blade. The Applications grid will display all currently added applications.
Click + Add to open the Add application blade.
Application source
- For desktop app groups the only source for applications is an MSIX package.
- For remote app group, there are three sources of applications.
- Start menu
- App path
- MSIX package
MSIX package – display list of packages added to the host pool.
Display name – Optional display name to be presented in the Applications interface.
Description – Short description.
Note the options below are only applicable to remote application groups.
- Icon path
- Icon index
- Show in web feed
Click Save.
Assign users to app group
Select app group.
Select Assignments
To assign individual users or user groups to the app group, select +Add Azure AD users or user groups.
Select the users you want to have access to the apps. You can select single or multiple users and user groups.
Select Save.
It will take five minutes before the user can access the application.
Change MSIX package state
Via the Applications grid
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Select one or multiple that need to have their state change and click the Change state button.
Via update package
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Click on Package name in the MSIX packages grid this will open the blade to update the package.
Toggle the State via the Inactive/Active button as desired and click Save.
Change MSIX package registration type
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Click on Package name in the MSIX packages grid this will open the blade to update the package.
Toggle the Registration type via the On-demand/Log on blocking button as desired and click Save.
Remove MSIX package
Select MSIX packages.
This will open the data grid with all MSIX packages currently added to the host pool.
Select one or multiple that need to be removed click the Remove button.
Removing MSIX application
Navigate to the host pool and select Application groups.
Select the application group from which the MSIX application is to be removed.
From the application group blade select Applications.
Select the desired application and click Remove.
- quantumRayCopper Contributor
I am getting an error while creating the vhdx file for the software like textpad or Visual studio 2013. Error: Failed to load applyacls.dll. Please confirm the dll is next to this exe. ApplyACLs should only be used for setting up a Windows Virtual Desktop. Finished unpacking packages to: F:\TPad2021 (This is for Textpad) [WARNING] The following packages from Textpad_8.8.1.0_x64__22qe32n2bs3cw.msix failed to get unpacked. Please try again: Failed with HRESULT 0x8007007e when trying to unpack Textpad_8.8.1.0_x64__22qe32n2bs3cw.msix
Similar error for VS2013 as well.
I have ensured the msixmgr.exe and ApplyACLs.dll files are on same path. C:\MSIXAppattach\
Commands below:
New-VHD -SizeBytes 4096MB -Path C:\MSIXAppAttach\Textpad2021.vhdx -Dynamic -Confirm:$false $vhdObject = Mount-VHD c:\MSIXappattach\Textpad2021.vhdx -Passthru
$disk = Initialize-Disk -Passthru -Number $vhdObject.Number
$partition = New-Partition -AssignDriveLetter -UseMaximumSize -DiskNumber $disk.Number
Format-Volume -FileSystem NTFS -Confirm:$false -DriveLetter $partition.DriveLetter -Force
.\msixmgr.exe -Unpack -packagePath Textpad_8.8.1.0_x64__22qe32n2bs3cw.msix -destination “F:\TPad2021” -applyacls
- hovakannCopper Contributor
quantumRay ; Stefan Georgiev getting the same failure
- MTuomiCopper Contributor
Hi guys! I had some serious problems with MSIX App Attach. Software never showed in start menu, even vhdx disk was mounted succesfully. After all I found this site where you can find reason why this keeps happening. I finally got this working after I created redirections.xml file Check this post! -> https://www.cloud-architect.be/2021/05/06/msix-app-attach-start-menu-fixed-in-windows-virtual-desktop/
- LukeLuckyCopper Contributor
Hi Guys,
Has anyone ever had the following problem with attaching .vhd or .cim?
There is no error and from activity log I got strange info about icons:
"properties": {
"statusCode": "InternalServerError",
"serviceRequestId": null,
"statusMessage": "{\"error\":{\"code\":\"1\",\"target\":\"ArmBaseExceptionFilter.OnException\",\"message\":\"UnknownError\",\"details\":[{\"code\":\"ArgumentException\",\"target\":\"MsixAppAttach.Public\",\"message\":\"iconImageName must not be null or blank\"}]}}",
"eventCategory": "Administrative",
"entity":
Any ideas?- AndrewTaylor140Copper ContributorI had the same error and it was a fault with the MSIX package, once I re-packaged, it added without any issues
- andyinvBrass ContributorI've re-packaged this one several times, tried CIM, VHD, VHDX - the MSIX will install fine with Add-AppXPackage so I'm assuming the MSIX is OK. I've tried using msixmgr and also manually expanding the file to VHDX. No joy in any configuration.
- andyinvBrass Contributor
LukeLucky Same as I'm getting - tho the note about missing icons is only a warning apparently...
You can see the entries as happens on the WVD host picked to scan the image with the error logs tool here: https://github.com/RMITBLOG/MSIX_APP_ATTACH/tree/master/MSIX%20Event%20Log%20tool
- Mayurdesai81Copper ContributorHi ,
I have tried msix appattach for application VLC Player and Projectwise for my customer for testing. Standalone msix packages are working fine as expected. But when I appattach I get below error for VLC player
"The application failed to launch with error 0xc0000364". I am not able to successfully get both of these application working. Has any one tried these apps?
Thanks
Mayur- Stefan Georgiev
Microsoft
Where do you get this error from VLC itself? If that is not VLC itself but a generic windows component that will indicate lack of permissions to modify something (Registry most likely) - Stefan BeckmannCopper ContributorToday I wanted to see if a new agent was available. After restarting the test environment, the version was 1.0.2866.800 instead of 1.0.2939.400. The status remains Available.
Now I wanted to continue testing. As of today, when I enter the following line in PowerShell, the application is ready. Unfortunately, these are not automatically registered. Must now find this cause.
Add-AppxPackage -Path "C:\Program Files\WindowsApps\GoogleChrome_68.46.66.0_x64__74vyvr5aw93s6\AppxManifest.xml" -DisableDevelopmentMode -Register
Does anyone have any advice on where to look next? Otherwise, I still search through the guide.
- DBR14Iron ContributorFinally resolved my issues and got it working. But has anyone app attached anything actually useful?
Adobe Reader gave me C:\ errors at startup of the app
Quickbooks doesn't work
Adobe DC doesn't work
It's all fine and dandy if I can do Notepad++ and VLC player as a POC but that serves 0 purpose in a production environment.
Winamp didn't work, and that's as simple as VLC so this whole process seems very very spotty.
Has anyone packaged a more complex program from an exe or msi to MSIX and had it work?- Jochen BernersCopper ContributorHey DBR14,
no, that’s exactly the problem with msix 😞
I would guess that the success rate of repackaging into msix is around 50%, maybe 60%?!?! 😞
That’s why nearly all of my customers where I have done a POC stepped back to SCCM or similar 😞
But...maybe I‘m wrong 😉- Jochen BernersCopper ContributorStefan Georgiev and TomHickling
can you please tell me what agent version is needed for msix app attach in the portal?
background for this question: I have a customer who is whitelisted since January, but had huuuge problems with agent version 2848, every single session hosts was in state "Needs assistance"
we turned off the validation environment, so the agent went back to 2800, and ALL session hosts went green and were available *TOP*
But...next problem...we went through the portal and attached a few msix packages, but none of them were available for a user 😞
is it because we are on 2800, or because we turned off the VE?
thanks guys
- Tim BeerCopper ContributorOne use recently was the MEMCM (sccm) console
For an environment where admins log in to wvd to perform admin tasks.
Advantages being the MEMCM console gets updated when you update your site, so instead having to update each wvd host you can just change version on msix and publish.
- Roger1175Brass ContributorHi Stefan,
Thanks for your hard work on this!
It seems that I've got this almost working but I am stuck on one issue. For some reason, the apps that are staged and registered do not show up in the start menu on the session host. I can launch the apps successfully using PowerShell with "start shell:appsFolder\<packagefamilyname>!<appid>" but that is obviously not a good solution for end-users. This happens whether I am doing the staging/registration in the portal or using the stage/register PowerShell scripts.
When I use the PowerShell scripts to on my windows 10 desktop client, the apps show up in the start menu as expected so I don't think it's an issue with the app packages. Do you know what might be causing the shortcuts to not appear on the validation pool session hosts?
Thanks! - Stefan BeckmannCopper ContributorHello Stefan
I wanted to try out the Kusto queries from the Troubleshooting Manual with Log Analytics. I admit to understanding not much of it yet. But when I look in my Log Analytics account, I can't find RDOperation. But I find WVDErrors and others with WVD...
Do I still have to configure something, or do I possibly make another mistake?
I search the root cause of why the user doesn't have the application in the start menu but the disk is mounted. Maybe the LA gives more insights ?!
Regards
Stefan - zim67Copper Contributor
Stefan Georgiev I am using the GoogleChrome MSIX package shown in these instructions but get the following error when adding the MSXI in the WVD portal:
{"code":"400","message":"ActivityId: 6baee068-b1d9-4f38-9c38-a0b6fa51d423 Error: The MSIX Application metadata expand request failed on all Session Hosts that it was sent to. Session Host: TestVM-0, Error: App contains untrusted signature."}I downloaded the CRT file listed for the Chrome app, but have no idea where/how to add it. ? !
thanks- ThogjoCopper Contributor
- ThogjoCopper Contributor
Guys, I seem to have a problem in my MSIX APP-attach enabled demo subscription.
All of a sudden i can connect to NONE of my session hosts, I had 3 separate Hostpools, one regular MS, one MSIX appatach MS and one VDI - and I am able to connect to NONE of the sessionhosts.
So i thought no big deal, i'll redeploy - deleting everything and redeploying had NO effect, i still get this error when trying to connect - tried to deploy in both WEU and NEU regions.
-------------------------------
The remote resource can't be reached. Check your connection and try again or ask your network administrator for help.
[^] Hide details [OK]
[Expanded Information]
Error code: 0x300000d
Extended error code: 0x0
Timestamp (UTC): 2021-02-12T22:41:38.064Z
Activity ID: 3d8c7e2e-a23e-48ba-9c3b-dc2b99460000Trying to connect thru browser i get....
It looks like your system administrator hasn’t set up any resources for demouser@manualize.dk yet. Please choose a different account or try again. If you believe you have received this message in error, please contact your system administrator.
But my remote desktop client says
that i do have an app.
-------------------------------------
I have had no issues in any of my other customer subscriptions that are not preview enabled.
Now i'm trying to redeploy in my MPN subscription which is not preview enabled
- AndreasRBrass Contributor
"MSIX packages" is visible in multiple Azure subscriptions without using Preview Portal. Is there an update that this can also be used without Validation Environment or are these steps still necessary?
- Stefan Georgiev
Microsoft
We removed the feature flag for the portal. Many people were getting inconsistent results as they will default to using the general portal (missing the guidance to use the preview URL and preview feature flag). This does not remove the need for the subscription to be white listed.- JochenBernersCopper Contributor
thanks guys! absolutely, that was confusing me too 😉
but...today I have seen a tenant which is not whitelisted with the menu "MSIX packages"...
- JochenBernersCopper Contributor
AndreasR Stefan Georgiev TomHickling
Yes, can confirm this...does it mean thats "GA" now? I can't really think about that 😉
And more...I can also choose West Europe and North Europa as the Metadata location without using the Preview Portal...
br
Jochen
- TomHickling
Microsoft
No this doesn't mean app attach is GA yet, we are definitely still in preview at this point. This was just an update to the portal experience