The Case of the Mysterious Open SFT Handle

  • Article

Here is another interesting one-off issue that was happening on a few machines in one of my customer’s environments. They were using App-V 4.6 with Configuration Manager 2012 managing the packages. The virtual applications were distributed fully cached to the clients (download and execute.) The problem was that the download to the cache would never be able to progress beyond 99% thus the application would never become available to the client.  This was happening on all virtual applications for the affected clients. The Configuration Manager CAS.LOG showed the following:
 
Download completed for content Content_74cfa5bd-d3981-21fc-2316-4c3e8659f7a690.1 under context System ContentAccess 12/5/2012 11:15:35 AM 4460 (0x116C)
CreateFileW failed for c:\windows\ccmcache\11\xxxxxxxx.sft ContentAccess 12/5/2012 11:15:35 AM 4460 (0x116C)
???? failed; 0x80070020 ContentAccess 12/5/2012 11:15:35 AM 4460 (0x116C)
?????t failed; 0x80070020 ContentAccess 12/5/2012 11:15:35 AM 4460 (0x116C)
????????? failed; 0x80070020 ContentAccess 12/5/2012 11:15:35 AM 4460 (0x116C)

The specific HREF error code 80070020 translates to “The process cannot access the file because it is being used by another process.”

Process Explorer to the Rescue

Using Process Explorer (found here: https://technet.microsoft.com/en-us/sysinternals/bb896653) we found that the “System” process had an open handle to all of the various SFT files in the CCM cache (C:\Windows\ccmcache\11\xxxxxxxx.sft.) Using MSConfig and disabling all 3rd-party services and startup items (as well as the Configuration Manager client service (SMS Agent Host) we still found that the system STILL had an open handle to all of these SFT files in the CCM cache. Further investigation of the stack revealed there was a mini-filter driver attaching to the SFT files. The filter was identified in Process Explorer as AppVFltrPort. This corresponded to the SFTVIEW.SYS file. This file was part of the Microsoft Application Virtualization SFT View application (that is available from https://www.microsoft.com/en-us/download/details.aspx?id=8897).  It has a mini-filter driver that attaches to SFT files even when you are not using the program.  The problem shows up as soon as something uses the file system near (one level down) to a SFT file on a client computer. 

Uninstall SFTVIEW from Clients

In the above case, the solution was to simply uninstall SFTVIEW or disengage the AppVFltrPort driver. The SFTVIEW tool was meant to be installed outside of production until you are ready for deployment onto content stores. The purpose of having this application on content stores is to provide read-only access to on-access anti-virus scanners so they can scan the contents of the SFT files. If you are looking to view content information or extract meta-data from SFT files, use the SFT Parser instead when working on clients. You can get that here: https://www.microsoft.com/en-us/download/details.aspx?id=12350. If you want anti-virus scanners to be able to scan the App-V client cache, use Service Inclusions instead. More information on Service Inclusions can be found here: https://blogs.technet.com/b/gladiatormsft/archive/2012/08/01/app-v-4-6-using-service-and-process-inclusions.aspx