Product: ProfileUnity-FlexApp
Product Version: 6.7.x+, 6.8.4 R2 GA
Expires on: 365 days from publish date.
Updated: Sept 24, 2024
Problem:
In certain secure environments it is necessary to configure the ProfileUnity client elevation process to use SHA2 (256) instead of the default Signature based method in order for the Client to work correctly. This can also happen if your on older client tools version where certificates have already expired.
Symptoms:
ProfileUnity is not running after upgrade or installation.
Possible Resolution(s):
Option A) Change certificate from Signed to SHA2 (256) Steps below in article:
Option B) Upgrade ProfileUnity Client Tools to 6.8.5 (For 685 visit our Hotfix KB for latest for 685 tools https://www.liquidware.com/support/articles/360033876051-ProfileUnity-Hot-fix-List)
-In order to help ensure a more seamless upgrade, please review our upgrade guides located at:
https://docs.liquidware.com/profileunity/en-us/profileunity.htm
Testing new versions outside of Production:
Option C) Upgrade ProfileUnity Client Tools to 6.8.6 (Downloadable form Liquidware Downloads)
-In order to help ensure a more seamless upgrade, please review our upgrade guides located at:
https://docs.liquidware.com/profileunity/en-us/profileunity.htm
Testing new versions outside of Production:
Prerequisites:
You will need the sha2 hash for the client.exe and LwL.ProfileUnity.Client.exe & vhd.exe (and lwl_profile_mgr.exe if using ProfileDisk) from the netlogon from the version of client tools your are running.
- Navigate to the ProfileUnity netlogon directory or share and copy the client.exe file to your Desktop.
- While in the ProfileUnity netlogon directory find and open the elevation.zip.
- Extract the lwl_elevation_service.xml and default.lwl_elevation_service.xml file from elevation.zip file to your Desktop. (If ProfileUnity is already installed on Parent image or endpoint, modify the default c:\Program Files\ProfileUnity\Elevation\lwl_elevation_service.xml and default.lwl_elevation_service.xml as well.) You may also have to modify the elevation.xml(s) in the elevation.zip on netlogon or share (Step 1&2) as well so it's not overwritten if LwL.ProfileUnity.Client.Startup.exe runs again.
- Using a checksum utility of your choice, or the following PowerShell script (change the folder path to match with your environment), to generate and save the SHA2 hash for:
- C:\Program Files\ProfileUnity\client.exe
- C:\Program Files\ProfileUnity\Client.Net\LwL.ProfileUnity.Client.exe
- C:\Program Files\ProfileUnity\FlexApp\vhd.exe
-
C:\Program Files\ProfileUnity\FlexApp\lwl_profile_mgr.exe (if using ProfileDisks).
Get-ChildItem -Path "C:\Program Files\ProfileUnity" -Recurse -Filter *.exe | Get-FileHash -Algorithm SHA256 | Format-Table -AutoSize
- Edit the lwl_elevation_service.xml and default.lwl_elevation_service.xml located the section called <whitelist>
- Insert both of the SHA2 hashes generated in Step 6 directly beneath <white>, so that your xml now looks similar to this example below:
Example:
- Save and exit out the lwl_elevation_service.xml and default.lwl_elevation_service.xmls
- Open the elevation.zip file from the ProfileUnity netlogon directory and replace the lwl_elevation_service.xml & default.lwl_elevation_service.xmls
- with the one you have modified.
- (May be optional) Replace the vhd.exe (attached, unless already on 684R2 - See Matrix) and place it in flexapp.zip on network and on base image C:\Program Files\ProfileUnity\FlexApp folder.
- The elevation folder contents will be updated on the clients when the LwL.ProfileUnity.Client.Startup.exe is ran either via GPO (recompose) or the parent is updated.
- For more information on prepping your gold image see ProfileUnity in Gold Image & Upgrading Client Tools