Detailed Change Log

Last Modified: Sep 13, 2018 @ 8:05 am

This post lists all minor and major changes made to carlstalhood.com.

Citrix Provisioning Master Device – Convert to vDisk

Last Modified: Sep 3, 2018 @ 1:57 pm

Navigation

This article applies to all 7.x versions of Citrix Provisioning, including Current Release 1808, 7.15.3 (7.15 LTSR 2), and 7.6.6 LTSR.

💡 = Recently Updated

Change Log

PXE Tester

If you will use PXE, download CTX217122 PXEChecker to the master machine.

The TFTP portion won’t work unless the client-side firewall is disabled.

To verify functioning PXE, run PXEChecker, and Run Test in Legacy BIOS mode. Or you can do a BDM Test (see the article for details).

Convert to vDisk – Imaging Wizard Method

The Imaging Wizard connects to a Citrix Provisioning server to create a vDisk (.vhdx file) and a device (database entry with device’s MAC address). Once that’s done, the machine reboots and the conversion process begins. You can also do all of these steps manually.

  1. In the Citrix Provisioning Console, create a Store to hold the new vDisk.
  2. In the Citrix Provisioning Console, create a Device Collection to hold the new Target Device. This could be a Device Collection for Updater machines.
  3. The Imaging Wizard will ask you to enter a new machine name. You can’t use the existing machine name because Citrix Provisioning needs to create a new Active Directory account so Citrix Provisioning will know the new machine’s computer password.
  4. If the Imaging Wizard is not already running, launch it from the Start Menu.
  5. In the Welcome to the Imaging Wizard page, click Next.
  6. In the Connect to Citrix Provisioning Site page, enter the name of a Citrix Provisioning server, and click Next.
  7. In the Imaging Options page, click Next to create a new vDisk. Alternatively, you can select Create an image file.
  8. In the Add Target Device page, enter a new unique name for the new Target Device.
  9. Select a Collection name and click Next.
  10. In the New vDisk page:
    1. Enter a name for the vDisk.
    2. Select an existing Store name.
    3. Leave vDisk type set to Dynamic and VHDX.
  11. Click Next
  12. In the Microsoft Volume Licensing page, select None, and click Next. We’ll configure this later when switching to Standard Image mode.
  13. In the What to Image page, leave it set to Image entire boot disk, and click Next.
  14. In the Optimize Hard Disk for Citrix Provisioning page, click Next.

    • Shown below are the optimizations it performs.
  15. In the Summary page, click Create.
  16. In the Restart Needed page, click Continue.
  17. When asked to reboot, click No.
  18. Then click Yes to shut down the machine. This gives you time to reconfigure the machine to boot from the network or ISO. The vDisk conversion process cannot continue until you are booted from Citrix Provisioning.
  19. If you look in the Citrix Provisioning console, in the Store, you will see a new vDisk in Private Image mode. Currently there is nothing in this vDisk. The new vDisk is sized the same as the machine you ran Imaging Wizard from. You might have to Refresh the display to see the new vDisk.
  20. In the chosen Device Collection, you will see a new Target Device record that is configured to boot from Hard Disk, and is assigned to the new vDisk. You might have to Refresh the display to see the new Device.

Boot from Network or ISO

  1. Power off the Target Device.
  2. If PXE, make sure the target device is on the same network as the Provisioning Server. Or configure DHCP options 66 & 67.
  3. For vSphere Client, edit the settings of the virtual machine.
  4. Switch to the VM Options tab.
  5. In the Boot Options section, check the box to Force BIOS Setup.
  6. If vSphere and booting from an ISO:
    1. Switch to the Virtual Hardware tab.
    2. Expand CD/DVD drive 1 and connect the virtual machine’s CD to the Datastore ISO File named PvSBoot.iso.
    3. Make you check Connect At Power On.
    4. Make sure the CD-ROM is IDE, and not SATA.
    5. Also, remove any SATA controller.
    6. Click OK to close the virtual machine settings.
  7. If Hyper-V:
    1. In VMM, edit the virtual machine properties
    2. Switch to the Hardware Configuration page.
    3. If booting from ISO, in the Virtual DVD drive page, assign the ISO from the library.
    4. Switch to the Hardware Configuration > Firmware page
    5. Move PXE Boot or IDE Hard Drive to the top.
    6. Click OK to close the virtual machine properties.
  8. Power on the virtual machine.
  9. If vSphere:
    1. In the Virtual Machine’s console, on the Boot tab, move Network boot or CD-ROM Drive to the top.

    2. Press F10 to close the BIOS Setup Utility.
  10. You should see the virtual machine boot from a Citrix Provisioning server and find the vDisk.
  11. Once the machine has booted, login. If you see a Format Disk message, just ignore it, or click Cancel. The Imaging Wizard will format it for you.
  12. The conversion wizard will commence. It will take several minutes to copy the files from C: drive (local hypervisor disk) to vDisk (Citrix Provisioning disk) so be patient.

    1. If the Imaging Wizard does not successfully copy the local drives to the vDisk, first make sure the vDisk is mounted by opening the systray icon.

    2. Then you can manually start the conversion by running C:\Program Files\Citrix\Provisioning Services\P2PVS.exe.

  13. When done, click Done. It might prompt you to reboot. Reboot it, log in, and then shut it down.

Master Target Device – Join to Domain

Citrix Provisioning must learn the password of the Target Device’s Active Directory computer account. To achieve this, use the Citrix Provisioning Console to create or reset the computer account.

Do not use Active Directory Users & Computers to manage the Target Device computer account passwords. Creating, Resetting, and Deleting Target Device Active Directory computer objects must be done from inside the Citrix Provisioning Console so Citrix Provisioning will know the computer’s password. Citrix Provisioning will automatically handle periodic (default 7 days) changing of the computer passwords.

  1. In the Citrix Provisioning Console, right-click the new Target Device, expand Active Directory, and click Create Machine Account.
  2. Select the correct OU in which the Active Directory computer object will be placed, and click Create Account.
  3. Then click Close.

Boot from vDisk

  1. In the Citrix Provisioning Console, go to the Device Collection.
  2. Right-click the new device, and click Properties.
  3. On the General tab, set Boot from to vDisk.
  4. Restart the Target Device.
  5. At this point it should be booting from the vDisk. To confirm, in the systray by your clock is an icon that looks like a disk. Double-click it.
  6. The General tab shows it Boot from = vDisk, and the Mode = Read/Write.

vDisk – Save Clean Image

If you have not yet installed applications on this image, you can copy the VHDX file and keep it as a clean base image for future vDisks.

  1. If this vDisk is in Private Image mode, first power off any Target Devices that are accessing it.
  2. Then you can simply copy the VHDX file and store it in a different location.

If you later need to create a new vDisk, here’s how to start from the clean base image:

  1. Copy the clean base image VHDX file to a new folder.
  2. Rename the file to match your new Image name.
  3. In the Citrix Provisioning Console, create a new Store, and point it to the new folder.
  4. Give the new Store a name.
  5. On the Servers tab, select all Provisioning servers.
  6. On the Paths tab, enter the path to the new folder. Click OK.
  7. Click OK when asked to create the default write cache.
  8. Right-click the new store and click Add or Import Existing vDisk.
  9. Click Search.
  10. Click OK if prompted that a new property file will be created with default values.
  11. Click Add, click OK, and then click Close.

  12. You can now assign the new vDisk to an Updater Target Device and install applications.

KMS

Skip this section if you are using Active Directory-based Activation instead of KMS Server.

This only needs to be done once. More information at CTX128276 Configuring KMS Licensing for Windows and Office.

  1. Make sure the Citrix Provisioning services are running as an account that is a local administrator on the Provisioning Servers. Citrix Provisioning needs to mount the vDisk but only local administrators can mount VHDX files.
  2. In the Citrix Provisioning Console, right-click on the virtual disk, and select Properties.
  3. Click on the Microsoft Volume Licensing tab, and set the licensing option to None. Click OK.
  4. Boot an Updater device from the vDisk in Private Image mode.
  5. Login to Windows and rearm the system for both Windows and Office, one after the other.
    1. For Windows Vista, 7, 2008, and 2008R2: Run cscript.exe slmgr.vbs -rearm
    2. For Office (for 64-bit client): C:\Program Files(x86)\Common Files\Microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE
    3. For Office (for 32-bit client): C:\Program Files\Common Files\Microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE
  6. A message is displayed to reboot the system, DO NOT REBOOT- Instead, run sealing tasks and then shut down the Target Device.
  7. In the Citrix Provisioning Console, right-click on the virtual disk, and select Properties.
  8. Click on the Microsoft Volume Licensing tab, and set the licensing option to Key Management Services (KMS). Click OK.

Note: After streaming the vDisk to multiple Target Devices, Administrators can validate that the KMS configuration was successful by verifying that the CMID for each device is unique.

  • For Windows Vista, 7, 2008, and 2008R2: Run cscript.exe slmgr.vbs –dlv
  • For Office: Run C:\Program Files\Microsoft Office\Office14\cscript ospp.vbs /dcmid

Also see Citrix Blog Post Demystifying KMS and Provisioning Services

And Ingmar Verheij Citrix PVS: Enabling KMS licensing on a vDisk

vDisk – Seal

Do the following sealing steps every time you switch from Private Image mode to Standard Image mode, or promote a Maintenance Image to Test or Production.

  1. Run antivirus sealing tasks.
  2. Citrix Blog Post Sealing Steps After Updating a vDisk contains a list of commands to seal an image for Citrix Provisioning.
  3. Citrix Blog Post PVS Target Devices & the “Blue Screen of Death!” Rest Easy. We Can Fix That has a reg file to clear out DHCP configuration.
  4. Shut down the target device.
  5. Note: Login Base Image Script Framework (BIS-F) automates many sealing tasks. The script is configurable using Group Policy.

Defrag the vDisk

In the Citrix Blog Post Size Matters: PVS RAM Cache Overflow Sizing, Citrix recommends defragmenting the vDisk.

If the vDisk was created by App Layering ELM, then Gunther Anderson at Performance considarations? at Citrix Discussions says there’s no point in doing a defrag.

  1. While still in Private Image mode, right-click the vDisk, and click Mount vDisk.
  2. In File Explorer, find the mounted disk, right-click it, and click Properties.
  3. On the Tools tab, click Optimize.
  4. Highlight the mounted drive and click Optimize.
  5. When done, back in Citrix Provisioning Console, right-click the vDisk, and click Unmount vDisk.

Standard Image Mode

  1. In the Citrix Provisioning Console, go to the vDisk store, right-click the vDisk, and click Properties.
  2. On the General tab:
    1. Change the Access Mode to Standard Image.
    2. Set the Cache Type to Cache in device RAM with overflow on hard disk. Don’t leave it set to the default cache type or you will have performance problems. Also, every time you change the vDisk from Standard Image to Private Image and back again, you’ll have to select Cache in device RAM with overflow on hard disk.
    3. Change the Maximum RAM size to a higher value. For virtual desktops, set it to 512 MB or larger. For Remote Desktop Session Hosts, set it to 4096 MB or lager. Make sure your Target Devices have extra RAM to accommodate the write cache.
    4. On the bottom of the General tab is a new checkbox to disable cleanup of cached secrets. By default, Citrix Provisioning 7.12 and newer will delete any cached credentials. This behavior can be disabled by checking the box.
  3. Click OK when done.

For more information about KMS and Citrix Provisioning , see Ingmar Verheij Citrix PVS: Enabling KMS licensing on a vDisk

vDisk – High Availability

  1. Magnar Johnsen – Citrix PVS – DFS replication configuration script
  2. In the Citrix Provisioning Console, right-click the vDisk, and click Load Balancing.
  3. Ensure Use the load balancing algorithm is selected. Check the box next to Rebalance Enabled. Click OK.
  4. Go to the physical vDisk store location (e.g. D:\Win2016Common) and copy the .vhd and .pvp vDisk files for the new vDisk. Do not copy the .lok file.
  5. Go to the same path on the other Provisioning Server and paste the files. You must keep both Provisioning Servers synchronized.
  6. Another method of copying the vDisk files is by using Robocopy:
    Robocopy D:\vDisks \\pvs02\d$\vDisks *.vhd *.avhd *.pvp /b /mir /xf *.lok /xd WriteCache /xo
  7. Citrix Blog Post vDisk Replicator Utility has a GUI utility script that can replicate vDisks between Citrix Provisioning Sites and between Citrix Provisioning Farms.

  8. In the Citrix Provisioning Console, right-click the vDisk, and click Replication Status.
  9. Blue indicates that the vDisk is identical on all servers. If they’re not identical then you probably need to restart the Citrix PVS Stream Service and the Citrix PVS SOAP Service. Click Done when done.

Cache Disk – vSphere

Here are instructions to remove the original C: drive from the Master Target Device, and instead add a blank cache disk.

  1. In vSphere Client, right-click the Master Target Device, and click Edit Settings.
  2. Select Hard disk 1, and click the x icon. Click OK.
  3. Edit the Settings of the virtual machine again.
  4. On the top right, click Add New device, and select Hard Disk.
  5. This is your cache overflow disk. Size is based on the type of VDA.
    • 40 GB is probably a good size for session hosts.
    • For virtual desktops this can be a smaller disk (e.g. 5 GB).
    • Note: the pagefile must be smaller than the cache disk.
  6. Expand the newly added disk, and set Disk Provisioning to Thin provision if desired. Click OK when done.
  7. Configure group policy to place the Event Logs on the cache disk.
  8. Boot the Target Device and Verify the Write Cache Location.

Cache Disk – Hyper-V

Remove the original C: drive from the Target Device and instead add a cache disk.

  1. Edit the settings of your Citrix Provisioning master virtual machine and remove the existing VHD.
  2. Make a choice regarding deletion of the file.
  3. Create a new Disk.
  4. This is your cache overflow disk. 15-20 GB is probably a good size for session hosts. For virtual desktops this can be a smaller disk (e.g. 5 GB). Note: the pagefile must be smaller than the cache disk. Click OK when done.
  5. Configure group policy to place the Event Logs on the cache disk.

Verify Write Cache Location

  1. Boot the target device virtual machine.
  2. Open the Virtual Disk Status window by clicking the Citrix Provisioning disk icon in the system tray by the clock.
  3. Make sure Mode is set to Read Only and Cache type is set to  device RAM with overflow on local hard drive.
  4. If Cache type says server, then follow the next steps:

    1. For the cache disk, only MBR is supported. GPT will not work.
    2. The cache disk must be a Basic disk, not Dynamic.
    3. Format the cache disk with NTFS.
    4. Make sure the pagefile is smaller than the cache disk. If not it will fail back to server caching.
  5. After fixing the problem and rebooting, the Cache Type should be device RAM with overflow on local hard drive.
  6. To view the files on the cache disk, go to Folder Options, and deselect Hide protected operating system files.
  7. On the cache disk, you’ll see the pagefile, and the vdiskdiff.vhdx file, which is the overflow cache file.

Related Pages

PvS Master Device – Preparation

Last Modified: Sep 7, 2018 @ 2:55 pm

Navigation

This article applies to all 7.x versions of Citrix Provisioning, including Current Release 1808, 7.15.3 (7.15 LTSR 2), and 7.6.6 LTSR.

💡 = Recently Updated

Change Log

General Preparation

Citrix CTX131611 – Known Hardware Related Provisioning Services Issues

  1. Build the VDA like normal.
  2. Update VMware Tools.
  3. Join the machine to the domain.
  4. Citrix CTX128058 Recommended Operating System Patches for Provisioned Windows Targets contains a list of recommended hotfixes for Windows 2008 R2 and Windows 7. Or just install the Convenience Rollup.
  5. Chrome – CTX212545 PVS 7.6 CU1: Write cache getting filled up automatically recommends disabling Google Chrome automatic updates.

Pagefile

Ensure the pagefile is smaller than the cache disk. For example, if you allocate 20 GB of RAM to your Remote Desktop Session Host, and if the cache disk is only 15 GB, then Windows will have a default pagefile size of 20 GB and Citrix Provisioning will be unable to move it to the cache disk. This causes Citrix Provisioning to cache to server instead of caching to your local cache disk (or RAM).

The cache disk size for a session host is typically 15-20 GB. The cache disk size for a virtual desktop is typically 5 GB.

  1. Open System. In 2012 R2 and newer, you can right-click the Start button, and click System.
  2. For older versions of Windows, you can click Start, right-click the Computer icon, and click Properties. Or find System in the Control Panel.
  3. Click Advanced system settings.
  4. On the Advanced tab, click the top Settings button.
  5. On the Advanced tab, click Change.
  6. Either turn off the pagefile or set the pagefile to be smaller than the cache disk. Don’t leave it set to System managed size. Don’t forget to click the Set button. Click OK several times.

VMware ESXi/vSphere

VMXNET3

E1000 is not supported – For VMware virtual machine, make sure the NIC is VMXNET3. E1000 is not supported and will affect performance.

PCI.sys hotfix – If your Target Device is Windows 7 or Windows Server 2008 R2 with VMXNET3 NIC, install Microsoft hotfix http://support.microsoft.com/kb/2550978. If you forget to install it then the Provisioning Target Device Software will remind you. This hotfix is included in the Convenience Rollup.

After the hotfix is installed, view hidden adapters in Device Manager and delete any lingering (ghost) VMXNET3 NICs.

  1. At the command prompt, type the following lines, pressing ENTER after each line
    set devmgr_show_nonpresent_devices=1
    start devmgmt.msc
    
  2. Open the View menu, and click Show hidden devices.
  3. Expand Network adapters, and look for ghost NICs (grayed out). If you see any, remove them.

SATA Controller

Citrix Provisioning does not support the SATA Controller that became available in hardware Version 10. Change the CD/DVD Drive to IDE instead of SATA.

Then remove the SATA Controller.

NTP

Ensure that the ESXi hosts have NTP enabled.

DHCP

After creating the vDisk, follow the instructions at Provisioning Services 6 Black Screen Issue to clear any DHCP address in the vDisk.

Slow Boot Times

Citrix Provisioning Target Devices in VMware ESX boot slow intermittently after upgrading the ESX hosts from 5.0 to 5.1.

Citrix CTX139498 Provisioning Services Target Devices Boot Slow in ESX 5.x: Use the following command to disable the NetQueue feature on the ESX hosts:

esxcli system settings kernel set -s netNetqueueEnabled -v FALSE

Hyper-V

  1. Generation 2 support is available in Citrix Provisioning 7.8 and newer.
  2. If Generation 1, each Hyper-V Citrix Provisioning Target Device must have a Legacy network adapter. Legacy NIC supports Network Boot, while the Synthetic NIC does not.
  3. Give the Legacy Network Adapter a Static MAC address. If you leave it set to all zeros then VMM will generate one once the VM is deployed.
  4. When you reopen the virtual machine properties there will be a Static MAC address.
  5. Set the Action to take when the virtualization server stops to Turn off virtual machine. This prevents Hyper-V from creating a BIN file for each virtual machine.
  6. To set a VLAN, either create a Logical Network and Network Site.
  7. Or use Hyper-V Manager to set the VLAN on each virtual machine NIC.

Antivirus Best Practices

Citrix’s Recommended Antivirus Exclusions

Citrix Blog Post Citrix Recommended Antivirus Exclusions: the goal here is to provide you with a consolidated list of recommended antivirus exclusions for your Citrix virtualization environment focused on the key processes, folders, and files that we have seen cause issues in the field:

  • Set real-time scanning to scan local drives only and not network drives
  • Disable scan on boot
  • Remove any unnecessary antivirus related entries from the Run key
  • Exclude the pagefile(s) from being scanned
  • Exclude Windows event logs from being scanned
  • Exclude IIS log files from being scanned

See the Blog Post for exclusions for each Citrix component/product including: StoreFront, VDA, Controller, and Provisioning. The Blog Post also has links to additional KB articles on antivirus.

Symantec Endpoint Protection

http://blogs.citrix.com/2012/06/04/how-to-prepare-a-citrix-provisioning-services-target-device-for-symantec-endpoint-protection/.

Sophos

Sophos Anti-Virus for Windows 2000+: incorporating current versions in a disk image, including for use with cloned virtual machines: This procedure will make sure that the produced target/cloned computers:

  • Get their distinct identity with Enterprise Console, under which they can be subsequently managed.
  • Have the desired version of Sophos Anti-Virus already installed and configured on the created image.

Kaspersky

CTX217997 BSOD Error: “STOP 0x0000007E CVhdMp.sys with Kaspersky antivirus: install Kaspersky Light Agent using the /pINSTALLONPVS=1 switch.

Boot ISO

You can create a Citrix Provisioning boot ISO for your Target Devices. This is an alternative to PXE.

  1. On the Provisioning server, run Citrix Provisioning Boot Device Manager.
  2. In the Specify the Login Server page, add the IP addresses of up to four Provisioning servers. Click Next.
  3. In the Set Options page, check the box next to Verbose Mode, and click Next.
  4. In the Burn the Boot Device page, do not click Burn. If you do, then you will have a very bad day. Instead, look in the Boot Device section, and change it to Citrix ISO Image Recorder. Then you can click Burn.
  5. Save the iso and upload it to a datastore or VMM library.
  6. You can now configure your Target Devices to boot from this ISO file.

Disable Network Offload

Set the following registry key on the Target Device:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\
    • DisableTaskOffload (DWORD) = 1

Also see Ingmar Verheij Citrix Provisioning: Optimize endpoint with PowerShell: The script applies a number of best practices to optimize the performance of the Provisioning endpoint.

Target Device Software 1808 Installation

The Target Device Software version must be the same or older than the Provisioning server version.

Do the following on the master VDA you intend to convert to a vDisk. Try not to install this while connected using RDP or ICA since the installer will disconnect the NIC.

  1. Your Target Device might have ghost NICs. This is very likely to occur on Windows 7 and Windows 2008 R2 VMs when using VMXNet3. Follow CTX133188 Event ID 7026 – The following boot-start or system-start driver(s) failed to load: Bnistack to view hidden devices and remove ghost NICs.
  2. For Windows 10 1709, there are two known issues: (source = CTX229052 Windows 10 Fall Creators Update (v1709) – Citrix Known Issues)
    • Target Device uninstall hangs on Windows 10 v1709. Perform in-place upgrade of Target Device, rather than uninstalling.
    • Windows 10 x86 v1709 (not x64) cannot boot from vDisk in private mode. There is no solution or work around at this time.
  3. Go to the downloaded Citrix Provisioning, and run PVS_Device_x64.exe.
  4. Click Install to install CDF 64-bit.
  5. In the Welcome to the Installation Wizard for Citrix Provisioning Target Device x64 page, click Next.
  6. In the License Agreement page, select I accept, and click Next.
  7. In the Customer Information page, click Next.
  8. In the Destination Folder page, click Next.
  9. In the Ready to Install the Program page, click Install.
  10. In the Installation Wizard Completed page click Finish.
  11. The Imaging Wizard launches. First review the following tweaks. Then proceed to converting the Master Image to a vDisk.

Target Device Software Tweaks

Asynchronous I/O

Citrix Provisioning 1808 and newer supports Asynchronous I/O to improve performance. It’s disabled by default because it uses more memory. For details, see Improved performance with asynchronous I/O streaming at What’s New at Citrix Docs. The registry value is configured inside the vDisk.  💡

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVhdMp\Parameters
    • DWORD AsyncIO = 1

Prevent Drive for Write Cache

From Carl Fallis at Move writecache file to arbitary drive at Citrix Discussions: the driver that determines which partition to place the local cache searches for a file named: {9E9023A4-7674-41be-8D71-B6C9158313EF}.VDESK.VOL.GUID in the root directory. If the file is found it will not place the write cache on that disk.

Excessive Retries

If VMware vSphere, make sure the NIC is VMXNET3.

From Carl Fallis at Citrix Discussions and CTX200952 High Amount of Retries Shown when Using Private Mode or Maintenance Version in PVS 7.6: Creating an image with 4 vCPU takes hours. With 2 vCPU’s, it’s completed in a few minutes.

The workaround for excessive retries in Citrix Provisioning 7.6 is to add the following registry key in the target device to reduce the number of threads used:

  • HKLM\SYSTEM\CurrentControlSet\Services\Bnistack\Parameters
    • IosRequestThreads (DWORD) = try 2, and if the retries persist, try 1

This has to be added while in private mode and you must reboot for this is take effect.

Computer Name

From Citrix Discussions: what happens is if the name cannot be retrieved from the bootstrap then the name defaults to the mac address.  You can force the target to ask again for the target’s machine name by setting the following registry key in the registry.

  • HKLM\System\CurrentControlSet\services\bnistack\Parameters  (you may have to create the Parameters key if it is not already created)
    • EnableGetComputerName (DWORD) = 1  (default is 0 or disabled)

Even if you are not getting the Mac address for the target name and getting something different I would use this key to enable the extra processing on the target to get the targets name. You are correct, this should be turned on by default.  I will get it changed in the next release.

From http://discussions.citrix.com/topic/349911-pvs-71-device-name-in-pvs-console-in-uppercase-booted-vm-is-lowercase/#entry1806121: So by default we set all names to lower case, I have no idea why, it is historical for some unexplained reason.  If you want the name to be left alone use the following registry key:

From the target machine, open the registry Editor and browse to the following key while in Private mode or on a maintenance device:

  • HKLM\System\CurrentControlSet\Services\Bnistack\Parameters (Create a new key called ‘Parameters’ if doesn’t already exist)
    • TcpipHostnameNoConversion (DWORD) = 1

Cache Disk Initialization Timeout

From http://discussions.citrix.com/topic/347399-pvs-61-caching-on-server-instead-of-a-client-hard-drive and Citrix Knowledgebase article – Write Cache Set to Provisioning Services Target Device Falls Back to Server: we have seen that it may take longer for the drives to initialize and by increasing the time and the number of retries the local hard drive can be accessed.  You can increase this by using the following registry keys:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bnistack\parameters
    • WcHDInitRetryNumber (DWORD) = 50-200 default is 150 I would set this to 200
    • WcHDInitRetryIntervalMs (DWORD) = 50-500 default 100 number of ms to wait between retries, I would bump this one up to 300-500

Target Device Time Zone

CTX200188 Citrix Provisioning Services 6.1.21 and Citrix Provisioning Service 7.1.3 Target Time Zone Changes: the target devices request the time zone information from the Citrix Provisioning Server at boot time and set the time zone to the connected Citrix Provisioning server. If the time zone has a successful process, they execute the following command:
w32tm /resync /nowait

To disable the target device from using the time zone of the Citrix Provisioning server, set the following registry key in the vDisk image. The values must be modified in the registry of the master image to take effect during boot time.

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndevice\Parameters
    • DisableTimeZone (DWORD) = 1

Hide Citrix Provisioning Icon

From http://danielruiz.org/2013/11/11/xenapp-6-5-full-desktop-hide-pvs-system-tray/:

From Jack Cobben Hide Virtual Disk Tray Icon: Add the reg value below:

  • HKLM\Software\Citrix\ProvisioningServices\StatusTray
    • ShowIcon (DWORD) = 0

This however will disable to all users, even Admins. Solution: Apply the HKCU key below based on Group membership (Group Policy Preferences > Item Level Targeting):

  • HKEY_CURRENT_USER\SOFTWARE\Citrix\ProvisioningServices\StatusTray
    • ShowIcon (DWORD) = 0

Once that is in place the icon will go away.

Related Pages

Citrix Provisioning Console Configuration

Last Modified: Sep 7, 2018 @ 2:53 pm

Navigation

This article applies to all 7.x versions of Citrix Provisioning, including Current Release 1808, 7.15.3 (7.15 LTSR 2), and 7.6.6 LTSR.

Change Log

Launch the Provisioning Console

  1. Launch the Citrix Provisioning Console.
  2. Right-click the top-left node, and click Connect to Farm.
  3. Enter localhost, and click Connect.
  4. In large multi-domain environments, or when older domains are still configured but are unreachable, if you see Server communication timeout, then see CTX231194 PVS Console Errors: “Critical Error: Server communication timeout” for a registry key to skip forest level trusts, a registry key to increase the console timeout, and a .json file to blacklist domains.

Farm Properties

  1. Right-click the farm name, and click Properties.
  2. On the Groups tab, add the Citrix Admins group.
  3. On the Security tab, add the Citrix Administrators group to grant it full permission to the entire Provisioning farm. You can also assign permissions in various nodes in the Provisioning console.
  4. On the Options tab, check the boxes next to Enable Auditing, and Enable offline database support.
  5. In Provisioning 7.9 and newer, notice the new Send anonymous statistics and usage information checkbox, which enables Customer Experience Improvement Program (CEIP).
  6. See http://www.carlstalhood.com/delivery-controller-7-15-ltsr-and-licensing/#ceip for additional places where CEIP is enabled.
  7. In the Problem Report tab, you can enter MyCitrix credentials.
  8. Click OK to close Farm Properties.
  9. Click OK when prompted that a restart of the service is required.

Server Properties

From Citrix Blog Posts Updated Guidance on PVS Ports and Threads and PVS Secrets (Part 3) – Ports & Threads:

Q: What is the optimum number of ports for the Stream Service?

A: The best Stream Process performance is attained when the threads per port is not greater than the number of cores available on the Provisioning Server. For best performance, use the following formula:

# of ports x # of threads/port = max clients

  1. Expand the Provisioning Site and click Servers.
  2. For each Provisioning Server, right-click it, and click Configure Bootstrap.
  3. Click Read Servers from Database. This should cause both servers to appear in the list.
  4. From Carl Fallis at PVS HA at Citrix Discussions: when stopping the stream service through the console the Provisioning server will send a message to the targets to reconnect to another server before the stream service shuts down. The target then uses the list of login servers (Bootstrap servers) and reconnects to another server, this is almost instantaneous failover and can’t really be detect . In the case of the Provisioning server failing the target detects it and reconnects, slightly different mechanism and the target may hang for a short time. Check out the following article for more information https://www.citrix.com/blogs/2014/10/16/provisioning-services-failover-myth-busted for the Provisioning server failure case.
  5. On the Options tab, check the box next to Verbose mode.
  6. Right-click the server, and click Properties.
  7. On the General tab, check the box next to Log events to the server’s Windows Event Log.
  8. Click Advanced.
  9. Increase the threads per port. The number of threads per port should match the number of vCPUs assigned to the server.
  10. On the same tab are concurrent I/O limits. Note that these throttle connections to local (drive letter) or remote (UNC path) storage. Setting them to 0 turns off the throttling. Only testing will determine the optimal number. See http://blogs.citrix.com/2011/02/23/optimizing-pvs/ for more details.
  11. Click OK to close Advanced Server Properties.
  12. On the Network tab, change the Last port to 6968.
    • Note: port 6969 is used by the Provisioning two-stage boot component.
    • According to Citrix Blog Post Updated Guidance on PVS Ports and Threads, you can set the First port to 7000 to avoid port 6969 and get more ports.
  13. Click OK when done.
  14. Click Yes if prompted to restart the stream service.
  15. If you get an error message about the stream service then you’ll need to restart it manually.

  16. From Carl Fallis at PVS HA at Citrix Discussions: when stopping the stream service through the console the Provisioning server will send a message to the targets to reconnect to another server before the stream service shuts down. The target then uses the list of login servers and reconnects to another server, this is almost instantaneous failover and can’t really be detect . In the case of the Provisioning server failing the target detects it and reconnects, slightly different mechanism and the target may hang for a short time. Check out the following article for more information https://www.citrix.com/blogs/2014/10/16/provisioning-services-failover-myth-busted for the Provisioning server failure case.
  17. Repeat for the other servers. You can copy the Server Properties from the first server, and paste them to additional servers.



Create vDisk Stores

To create additional vDisk stores (one per vDisk / Delivery Group / Image), do the following:

  1. On the Provisioning servers, using Explorer, go to the local disk containing the vDisk folders and create a new folder. The folder name usually matches the vDisk name. Do this on both Provisioning servers.
  2. In the Provisioning Console, right-click Stores, and click Create Store.
  3. Enter the name for the vDisk store, and select an existing site.
  4. Switch to the Servers tab. Check the boxes next to the Provisioning Servers.
  5. On the Paths tab, enter the path for the Delivery Group’s vDisk files. Shared SMB paths are supported as described at Citrix Blog Post PVS Internals #4: vDisk Stores and SMB3.  💡
  6. Click Validate.
  7. Click Close and then click OK.
  8. Click Yes when asked for the location of write caches.

Create Device Collections

  1. Expand the site, right-click Device Collections, and click Create Device Collection.
  2. Name the collection in some fashion related to the name of the Delivery Group, and click OK.

If you are migrating from one Provisioning farm to another, see Kyle Wise How To Migrate PVS Target Devices.

Prevent “No vDisk Found” PXE Message

If PXE is enabled on your Provisioning servers, and if you PXE boot a machine that is not added as a device in the Provisioning console, then the machine will pause booting with a “No vDisk Found” message at the BIOS boot screen. Do the following to prevent this.

  1. Enable the Auto-Add feature in the farm Properties on the Options tab.

  2. Create a small dummy vDisk (e.g. 100 MB).

  3. Create a dummy Device Collection.

  4. Create a dummy device.
  5. Set it to boot from Hard Disk
  6. Assign the dummy vDisk and click OK.
  7. Set the dummy device as the Template.

  8. Right-click the site, and click Properties.
  9. On the Options tab, point the Auto-Add feature to Dummy collection, and click OK.

Related Topics

Citrix Provisioning 1808 – Server Install

Last Modified: Sep 7, 2018 @ 2:12 pm

Navigation

This article applies to all 7.x versions of Citrix Provisioning, including Current Release 1808, 7.15.3 (7.15 LTSR 2), and 7.6.6 LTSR.

💡 = Recently Updated

Change Log

Planning and Versions

CTX220651 Best Practices for deploying PVS in multi-geo environments: ensure that Provisioning farms do not span data centers with a network latency that can affect communications between the Provisioning Servers and the SQL database

Citrix Provisioning Firewall Rules

The most recent Current Release version of Citrix Provisioning is 1808. Current Release is only supported for 6 months from release date, and you are expected to upgrade it every 3-6 months.  💡

For a longer support term, deploy 7.15.3 (7.15 LTSR Update 2) instead. 7.15.3 is the version included in XenApp/XenDesktop LTSR 7.15 Cumulative Update 2. Yes, it’s confusing.

If you are running XenApp/XenDesktop 7.6 LTSR, then you’ll want Provisioning Services 7.6.6 instead of Provisioning Services 7.15 LTSR. The install instructions are essentially the same.

Citrix License Server Version

Make sure the Citrix Licensing server is 11.15.0.0 build 25000 or newer.

Upgrade

If you are upgrading from an older version of Citrix Provisioning, do the following:

  1. In-place upgrade the Citrix License Server.
  2. In-place upgrade the Provisioning Console.
    1. Re-register the Citrix.PVS.snapin.dll snap-in:
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" "c:\program files\citrix\provisioning services console\Citrix.PVS.snapin.dll"
  3. In-place upgrade the Provisioning Server. If you have two or more Provisioning servers, upgrade one, and then the other. If High Availability is configured correctly, then the Target Devices should move to a different Provisioning Server while a Provisioning server is being upgraded.
    1. After the first Provisioning server is upgraded, run the Configuration Wizard. You can generally just click Next through the wizard. At the end, you’ll be prompted to upgrade the database. Then upgrade the remaining Provisioning servers, and run the Config Wizard on each of them too.
  4. Upgrade the Target Device Software inside each vDisk. Don’t do this until the Provisioning servers are upgraded (Target Device Software must be same version or older than the Provisioning Servers).
    1. If your Target Devices are 7.6.1 or newer, you can create a Maintenance version, boot an Updater Target Device, and in-place upgrade the Target Device Software.
    2. If your Target Devices are older, then you must reverse image.

vDisk Storage

Do the following on both Provisioning Servers. The vDisks will be stored locally on both servers. You must synchronize the files on the two servers: either manually (e.g. Robocopy), or automatically (e.g. DFS Replication).

Create D: Drive

  1. In the vSphere Web Client, edit the settings for each of the Provisioning server virtual machines.
  2. On the bottom, use the drop-down list to select New Hard Disk, and click Add.
  3. Expand the New Hard disk by clicking the arrow next to it.
  4. Change the disk size to 500 GB or higher. It needs to be large enough to store the vDisks. Each full vDisk is 40 GB plus a chain of snapshots. Additional space is needed to merge the chain.
  5. Feel free to select Thin provision, if desired. Click OK when done.
  6. Login to the session host. Right-click the Start Button, and click Disk Management.
  7. In the Action menu, click Rescan Disks.
  8. On the bottom right, right-click the CD-ROM partition, and click Change Drive Letters and Paths.

  9. Click Change.
  10. Change the drive letter to E:, and click OK.
  11. Click Yes when asked to continue.
  12. Right-click Disk 1 and click Online.
  13. Right-click Disk 1 and click Initialize Disk.
  14. Click OK to initialize the disk.
  15. Right-click the Unallocated space, and click New Simple Volume.
  16. In the Welcome to the New Simple Volume Wizard page, click Next.
  17. In the Specify Volume Size page, click Next.
  18. In the Assign Drive Letter or Path page, select D: and click Next.
  19. In the Format Partition page, change the Volume label to vDisks and click Next.
  20. In the Completing the New Simple Volume Wizard page, click Finish.
  21. If you see a pop-up asking you to format the disk, click Cancel since Disk Management is already doing that.

vDisk Folders

On the new D: partition, create one folder per Delivery Group. For example, create one called Win10Common, and create another folder called Win10SAP. Each vDisk is composed of several files, so its best to place each vDisk in a separate folder. Each Delivery Group is usually a different vDisk.

Robocopy Script

Here is a sample robocopy statement to copy vDisk files from one Provisioning server to another. It excludes .lok files and excludes the WriteCache folders.

REM Robocopy from PVS01 to PVS02
REM Deletes files from other server if not present on local server
Robocopy D:\vDisks \\pvs02\d$\vDisks *.vhd *.vhdx *.avhd *.avhdx *.pvp /b /mir /xf *.lok /xd WriteCache /xo

Citrix Blog Post vDisk Replicator Utility has a GUI utility script that can replicate vDisks between Provisioning Sites and between Provisioning Farms.

Service Account

Provisioning Services should run as a domain account that is in the local administrators group on both Provisioning servers. This is required for KMS Licensing.

From Considerations: Provisioning Services for Personal vDisk at Citrix Docs: The Provisioning Services Soap Service account must be added to the Administrator node of Citrix Studio and must have the Machine Administrator or higher role. This ensures that the PvD desktops are put into the Preparing state when the Provisioning vDisk is promoted to production.

.NET Framework 3.5 SP1 & 4.5 – 2008 R2 Only

Provisioning Server on Windows Server 2008 R2 requires .NET Framework 3.5 SP1 to be installed prior to installing Provisioning Server.

  1. On each Provisioning Server, in Server Manager, right-click Features and click Add Features.
  2. In the Select Features page, check the box next to .NET Framework 3.5.1 and click Next.
  3. In the Confirm Installation Selections page, click Install.
  4. In the Installation Results page, click Close.

.NET Framework 4.0 has bug. Upgrade to 4.5. More information at All the target devices are not selected when using shift select within the PVS console to select a number of target devices.

.NET Framework 4.5.1 can be installed from Windows Update or you can download it from Microsoft.

Provisioning Console 1808 Install/Upgrade

The installation and administration of Citrix Provisioning 1808 and older (including LTSR versions 7.15.3 and 7.6.6) are essentially identical.

If you want to automate the installation and configuration of Citrix Provisioning, see Dennis Span Citrix Provisioning Server unattended installation.

Dennis Smith at Citrix Provisioning Services automated/unattended installation guide also details how to script the installation and configuration of Microsoft DHCP Server.

To manually install Provisioning Console, or in-place upgrade to Provisioning Console 1808:

  1. Go to the downloaded Citrix Provisioning, and in the Console folder, run PVS_Console_x64.exe.
  2. Click Install.

    1. If upgrading, and if you get an error about a newer version of Citrix Diagnostics Facility is already installed…
    2. Then you might have to uninstall the existing Citrix Diagnostics Facility installation, and try the upgrade again.
  3. In the .NET Framework 4.7.1 Setup page, check the box next to I have read and accept the license terms, and click Install.
  4. In the Installation Is Complete page, click Finish.
  5. Click Restart Now.
  6. Restart the PVS_Console_x64.exe installer.
  7. Click Install.
  8. In the Welcome to the InstallShield Wizard for Citrix Provisioning Console x64 page, click Next.
  9. In the License Agreement page, select I accept the terms, and click Next.
  10. In the Customer Information page, click Next.
  11. In the Destination Folder page, click Next.
  12. In the Ready to Install the Program page, click Install.
  13. In the InstallShield Wizard Completed page, click Finish.

After upgrading the Console, re-register the PowerShell snap-in. This is required for the Citrix App Layering Agent.

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" "c:\program files\citrix\provisioning services console\Citrix.PVS.snapin.dll"

Provisioning Server 1808 – Install/Upgrade

The installation and administration of Citrix Provisioning 1808, 7.15.3, 7.6.6 and other 7.x versions are essentially identical.

You can in-place upgrade Provisioning Server. The Servers must be upgraded before the vDisks are upgraded. While upgrading one Provisioning Server, all Target Devices are moved to the other Provisioning Server.

To install/upgrade Provisioning server:

  1. If vSphere, make sure the Provisioning server virtual machine Network Adapter Type is VMXNET 3.
  2. Go to the downloaded Provisioning ISO, and in the Server folder, run PVS_Server_x64.exe.
  3. Click Install when asked to install prerequisites.
  4. Note: there’s a long delay before the next screen appears.
  5. In the Welcome to the Installation Wizard for Citrix Provisioning Server x64 page, click Next.
  6. In the License Agreement page, select I accept the terms, and click Next.
  7. In the Customer Information page, select Anyone who users this computer, and click Next.
  8. In the Destination Folder page, click Next.
  9. In the Ready to Install the Program page, click Install.
  10. In the Installation Wizard Completed page, click Finish.

Database Script

By default, the Citrix Provisioning Configuration Wizard will try to create the database using the credentials of the person that is running the Wizard. This isn’t always feasible. An alternative is to create a script that a DBA can run on the SQL server.

  1. Go to C:\Program Files\Citrix\Provisioning Services, and run DBScript.exe.
  2. Change the selection to New database for 2012 or higher.
  3. Enter a path to save the script file.
  4. Fill in the other fields.
  5. Select an Active Directory group containing your Citrix administrators, and click OK.
  6. In SQL Server Management Studio, open the SQL script.

  7. Execute the script to create the database.

  8. The person that runs the Citrix Provisioning Configuration Wizard will need db_owner permission to the new Citrix Provisioning database.
  9. Provision a Windows service account that will run the services on the Provisioning server. This account must have a SQL login on the SQL server containing the Provisioning database. The Provisioning Configuration Wizard will grant this account the correct permissions in the database.

Configuration Wizard – New Farm

  1. If you used DBScript.exe to pre-create the database, skip to Configuration Wizard – Join Farm.
  2. For SQL AlwaysOn Availability Group, see CTX201203 SQL Server AlwaysOn Configuration for PVS 7.6. In summary: Use the wizard to create the database instance. In SQL, create the Availability Group. Then reconfigure Provisioning Server to point to the SQL AlwaysOn listener.
  3. The Citrix Provisioning Configuration Wizard launches automatically. If the database wasn’t pre-created, then the person running the wizard must have dbcreator and securityadmin roles on the SQL Server. If true, click Next. If not true, then cancel the wizard and launch it as somebody that does have those roles.

  4. The DHCP Services page appears. DHCP is typically hosted on a different server so select The service that runs on another computer. It is also possible to install DHCP on the Provisioning Servers. Click Next.
  5. In the PXE Services page, if you intend to use Boot Device Manager (BDM or ISO) instead of PXE, then change the selection to The service that runs on another computer, which disables the PXE service.
  6. If your Target Devices and Provisioning Servers are on the same broadcast network, then change the selection to Citrix Provisioning PXE service on this computer.
  7. Click Next.

  8. In the Farm Configuration page, choose Create Farm, and click Next.
  9. In the Database Server page, enter the name of the SQL server. Provisioning 7.11 has a new option for MultiSubnetFailover. Click Next.
  10. In the New Farm page, enter the following:
    • Enter a descriptive Database name. Put the word Citrix in the database name so the DBA knows what it is for.
    • Enter a descriptive Farm name.
    • Enter a descriptive Site name.
    • Enter a descriptive Collection name. All of these names can be changed later.
    • Select the Active Directory group that will have administrator permissions to Citrix Provisioning, and click Next. If you don’t see your group here, select any group you belong to, and you can fix it later in the console.
  11. In the New Store page, browse to one of the vDisk folders, and give the store a name. Then click Next.
  12. In the License Server page, enter the name of your Citrix license server, check the box next to Validate license server communication, and click Next.
  13. In the User account page, notice it defaults to Network service account. This won’t work with KMS licensing so change it to Specified user account. Enter credentials for an account that is a local administrator on all Provisioning servers, and click Next. Note: Provisioning 7.16 and newer support Group Managed Service Accounts.

  14. In the Active Directory Computer Account Password page, check the box, and click Next.
  15. In the Network Communications page, click Next.
  16. In the TFTP Option and Bootstrap Location page, check the box, and click Next.
  17. In the Stream Servers Boot List page, click Advanced.
  18. Check the box next to Verbose mode, click OK, and then click Next.
  19. If Provisioning 7.12 or newer, in the Soap SSL Configuration page, click Next.
  20. If Provisioning 7.11 or newer, in the Problem Report Configuration page, enter your MyCitrix credentials, and click Next.
  21. In the Finish page, click Finish.
  22. If you are upgrading, then you might be asked to upgrade the database. Click Yes.
  23. Click OK if you see the firewall message.
  24. In the Finish page, click Done.

From Running the Configuration Wizard silently at Citrix Docs: Now that you have a configured server, you can run "C:\Program Files\Citrix\Provisioning Services\ConfigWizard.exe" /s to produce an .ans file at "C:\ProgramData\Citrix\Provisioning Services\ConfigWizard.ans". This .ans file can be modified and copied to additional Provisioning servers. "C:\Program Files\Citrix\Provisioning Services\ConfigWizard.exe" /a reads the .ans file and applies the configuration silently.

Configuration Wizard – Join Farm

  1. The Configuration Wizard launches automatically.
  2. There are two methods of handling SQL permissions:
    1. The person running the wizard must have db_owner on the database and securityadmin role on the SQL Server. This allows the wizard to add the service account to SQL logins and grant it access to the database.
    2. Or the person running the wizard can be limited to just db_owner permission to the database. The service account must be added manually to SQL logins by a DBA.
  3. The DHCP Services page appears. DHCP is typically hosted on a different server so select The service that runs on another computer. It is also possible to install DHCP on the Provisioning Servers. Click Next.
  4. In the PXE Services page, if you intend to use Boot Device Manager (BDM or ISO) instead of PXE, then change the selection to The service that runs on another computer, which disables the PXE service.
  5. If your Target Devices and Provisioning Servers are on the same broadcast network, then change the selection to Citrix Provisioning PXE service on this computer.
  6. Click Next.

  7. In the Farm Configuration page, click Join existing farm.
  8. In the Database Server page, enter the name of the SQL server, and click Next.
  9. In the Existing Farm page, select the database, and click Next.
  10. In the Site page, select an existing site, and click Next.
  11. If you used the script to create the database, then there probably are no stores defined. Do so now.
  12. Otherwise, in the New Store page, select the existing store, and click Next.
  13. In the License Server page, click Next.
  14. In the User account page, notice it defaults to Network service account. This won’t work with KMS licensing so change it to Specified user account. Enter credentials for an account that is a local administrator on all Provisioning servers, and click Next. Note: Provisioning 7.16 and newer support Group Managed Service Accounts.
  15. In the Active Directory Computer Account Password page, check the box, and click Next.
  16. In the Network Communications page, click Next.
  17. In the TFTP Option and Bootstrap Location page, check the box, and click Next.
  18. In the Stream Servers Boot List page, click Advanced.
  19. Check the box next to Verbose mode, click OK, and then click Next.
  20. If Provisioning 7.12 or newer, in the Soap SSL Configuration page, click Next.
  21. If Provisioning 7.11 or newer, in the Problem Report Configuration page, enter your MyCitrix credentials, and click Next.
  22. In the Finish page, click Finish.
  23. Click OK if you see the firewall message.
  24. In the Finish page, click Done.

Troubleshooting – Networking Services Don’t Work After Reboot

If your PXE service or TFTP service does not work after a reboot of the Provisioning server, do the following:

  1. One option is to set the Citrix PVS PXE Service, Citrix PVS TFTP Service, and Citrix PVS Two-stage boot Service to Automatic (Delayed Start).
  2. The TFTP and Two-stage Boot services can be delayed by setting registry keys. From Carl Fallis at Citrix Discussions:
    • Keys = HKLM\System\CurrentControlSet\services\BNTFTP (and PVSTSB)\Parameters
    • Value = InitTimeoutSec (DWORD). 1 – 4 seconds. Default is 1.
    • Value = MaxBindRetry (DWORD). 5 – 20 retries. Default is 5.

Disable Firewall

The Windows firewall must be disabled to allow communication to all Provisioning Server ports.

  1. In Server Manager, click Tools, and click Windows Firewall with Advanced Security.
  2. Click Windows Firewall Properties.
  3. On the Domain Profile tab, change the Firewall state to Off.

Disable BIOS Boot Menu

The versioning process in Citrix Provisioning will present a boot menu when booting any version except Production.

  1. To avoid this, create the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipBootMenu on both Provisioning Servers and set it to 1. Note: the location of this key changed in Provisioning Services 7.0 and newer.
  2. Then restart the Citrix PVS Stream Service.

Private Mode vDisk – No Servers Available for vDisk

Citrix CTX200233 – Error: “No servers available for disk”: When you set a vDisk to Private Image mode (or new Maintenance version), if the Target Device is not connected to the server that contains the vDisk then you might see a message saying “No Servers Available for vDisk”.

  1. To avoid this, create the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipRIMSForPrivate on both Provisioning Servers and set it to 1. Note: the location of this key changed in Provisioning Services 7.0.
  2. Then restart the Citrix PVS Stream Service.

Multi-Homed Provisioning Server

From slide 20 of http://www.slideshare.net/davidmcg/implementing-and-troubleshooting-pvs:, Multi-homed Provisioning server is not recommended but if you insist, and if running Provisioning 6.1 or older, configure the following. Provisioning 7.7 configuration wizard should have asked you for the management NIC.

  • HKLM\Software\Citrix\ProvisioningServices\IPC
    • New Reg_Sz (string) named IPv4Address with the IP of the NIC for IPC
  • HKLM\Software\Citrix\ProvisioningServices\Manager
    • New Reg_Sz (string) named GeneralInetAddr with the IP of the NIC and port
    • e.g. 10.1.1.2:6909

Citrix 133877 Timeout Error 4002 in Provisioning Server Console after Clicking “Show Connected Devices: when there are multiple streaming NICs assigned to the Provisioning Server, when Show Connected Devices was clicked in the Provisioning console, the following symptoms might be experienced: Server timeout error 4002, unusual delay of 3 to 4 minutes to list the connected devices, or Provisioning console stops responding. Complete the following to resolve the issue:

  1. On the Provisioning Server machine, under HKLM\software\citrix\provisioningServices\Manager key, create registry DWORD RelayedRequestReplyTimeoutMilliseconds, and set it to 50 ms (Decimal).
  2. Create a DWORD RelayedRequestTryTimes, and set it to 1.
  3. Open the Provisioning Server console and test by selecting the Show Connected Devices command.

Antivirus Exclusions

Citrix’s Recommended Antivirus Exclusions

Citrix Blog Post Citrix Recommended Antivirus Exclusions: the goal here is to provide you with a consolidated list of recommended antivirus exclusions for your Citrix virtualization environment focused on the key processes, folders, and files that we have seen cause issues in the field:

  • Set real-time scanning to scan local drives only and not network drives
  • Disable scan on boot
  • Remove any unnecessary antivirus related entries from the Run key
  • Exclude the pagefile(s) from being scanned
  • Exclude Windows event logs from being scanned
  • Exclude IIS log files from being scanned

See the Blog Post for exclusions for each Citrix component/product including: StoreFront, VDA, Controller, and Provisioning. The Blog Post also has links to additional KB articles on antivirus.

 

Microsoft’s virus scanning recommendations (e.g. exclude group policy files) – http://support.microsoft.com/kb/822158.

TFTP High Availability

If your Target Devices are not on the same VLAN as the Provisioning Servers, you will need to load balance TFTP.

NetScaler 10.1 and newer has native support for TFTP protocol. Older versions of NetScaler are more difficult to configure.

DHCP Failover

The DHCP infrastructure must be highly available. And session hosts should be configured with DHCP Reservations. With multiple DHCP servers, any reservation should be created on all DHCP servers hosting the same DHCP scope. The easiest way to accomplish this is with the new DHCP Failover feature in Windows Server 2012.

  1. Build two DHCP servers on Windows Server 2012 or newer.
  2. Create a scope for the Provisioning Target Devices.
  3. Right-click the existing scope, and click Configure Failover.
  4. In the Introduction to DHCP Failover page, click Next.
  5. In the Specify the partner server to use for failover page, enter the name of the other DHCP server, and click Next.
  6. In the Create a new failover relationship page, enter a Shared Secret, and click Next.
  7. Click Finish.
  8. Click Close.

Health Check

Sacha T. – Citrix PVS HealthCheck: PowerShell script to view the health/status of the Provisioning environment. Emails an HTML Report. For Provisioning 7.7, see http://blog.appcloud.ch/happy-new-script-pvs-7-7-healthcheck/. For Provisioning 7.6, http://blog.sachathomet.ch/happy-new-script-pvs-7-7-healthcheck/.

Related Pages

Citrix Provisioning – Create Devices

Last Modified: Sep 7, 2018 @ 1:33 pm

Navigation

This article applies to all 7.x versions of Citrix Provisioning, including Current Release 1808, 7.15.3 (7.15 LTSR 2), and 7.6.6 LTSR.

💡  = Recently Updated

Change Log

Target Device Template – vSphere

The hardware of the additional target devices must match the original virtual machine so the drivers contained in the vDisk continue to function. The easiest way to preserve the hardware configuration is to clone the original virtual machine.

  1. Shut down the original virtual machine.
  2. Edit the Settings of the virtual machine and make sure there is a blank, formatted cache disk.
  3. In the vSphere Client, right-click the original virtual machine, expand Clone, and click Clone to Template. The new machine must be a Template and not a regular virtual machine.
  4. In the Select a name and folder page, enter a name for the template, and click Next.
  5. In the Select a compute resource page, select the cluster and click Next.
  6. In the Select storage page, select a datastore for the template and click Next. Note: if you use the Citrix Provisioning wizards to create Target Devices, the new machines will be created on the same datastore as this template.
  7. In the Ready to complete page, click Finish.

Target Device Template – Hyper-V

If you store the template in the library then you might see the issue described in CTX128750 Hyper-V Synthetic Network Interface Card Reinitializes on New Target Devices. The article recommends cloning a real VM instead of a template VM but this might not work for Citrix Provisioning Citrix Virtual Desktops Setup Wizard.

  1. Edit the Properties of the original virtual machine and make sure there is a blank, formatted cache disk.
  2. Right-click the original virtual machine, expand Create and click Create VM Template.
  3. Click Yes to acknowledge that the source virtual machine will be destroyed.
  4. In the VM Template Identity page, give the template a name and click Next.
  5. In the Configure Hardware page, click Next.
  6. In the Configure Operating System page, select None – customization not required, and click Next. There is no need to run SysPrep.
  7. In the Select Library Server page, select a library server, and click Next.
  8. In the Select Path page, click Browse to select a share, and click Next.
  9. In the Summary page, click Create.

Citrix Virtual Desktops (aka XenDesktop) Setup Wizard

The easiest way to create a bunch of Target Devices is to use the Citrix Virtual Desktops Setup Wizard that is built into the Citrix Provisioning Console. This wizard used to be named XenDesktop Setup Wizard.

From Considerations: Citrix Provisioning for Personal vDisk at Citrix Docs:

  • The Citrix Provisioning Soap Service account must be added to the Administrator node of Studio and must have the Machine Administrator or higher role. This ensures that the PvD desktops are put into the Preparing state when the Citrix Provisioning vDisk is promoted to production.
  • The Citrix Provisioning versioning feature must be used to update the personal vDisk. When the version is promoted to production, the Soap Service puts the PvD desktops into the Preparing state.
  • The personal vDisk size should always be larger than the Citrix Provisioning write cache disk (otherwise, Citrix Provisioning might erroneously select the personal vDisk for use as its write cache).
  • After you create a Delivery Group, you can monitor the personal vDisk using the PvD Image Update Monitoring Tool or the Resize and poolstats scripts (personal-vdisk-poolstats.ps1).

If you prefer to script much of this wizard, see:

Do the following to launch the wizard:

  1. The Citrix Virtual Desktops Setup Wizard uses the Hosting Resources defined in Citrix Studio, so configure Citrix Studio > Configuration > Hosting with destination datastores and networks for the new Target Devices. For maximum control over datastore placement, create a separate Hosting Resource per datastore.

    • If vSphere, XenApp / XenDesktop 7.6 has a bug. To workaround this, in the Hosting Resource, configure the option Use different storage for Personal vDisks. You can select the same storage for both the linked clones and the Personal vDisks. Configure this even if you’re not using Personal vDisks.
  2. Make sure the Template Target Device is on the same datastore that you want the new Target Devices to be stored on.
  3. If Hyper-V, make sure the VMM Console is installed on the same machine as the Citrix Provisioning Console.
  4. In the Citrix Provisioning Console, right-click the site, and click Citrix Virtual Desktops Setup Wizard.
  5. In the Welcome to Citrix Virtual Desktops page, click Next.
  6. In the Citrix Virtual Desktops Controller page, enter the name of a Delivery Controller, and click Next.
  7. In the Citrix Virtual Desktops Host Resources page, select a hosting resource. This list comes from the Hosting Resources created inside Studio. Click Next.
  8. Use a service account to login to vCenter or SCVMM when prompted. Citrix Provisioning might use these credentials later to power manage the target devices.
  9. If you see a message about no available templates, then you need to move your virtual machine template to this datastore.
  10. In the Template page, select the Target Device template, and click Next.
  11. In the vDisk page, select the Standard Image vDisk and click Next.
  12. In the Catalog page, enter a name for a new catalog, and click Next. Or you can add machines to an existing catalog.
  13. In the Operating System page, make your selection, and click Next.
  14. If you selected Windows Desktop Operating System, then in the User Experience page, select random or static, and click Next.
  15. In the Virtual machines page:
    1. Enter the number of machines you want to create.
    2. Enter the number of vCPUs for each new virtual machine. For RDSH, you usually add between 4 and 8 vCPUs.
    3. Enter the amount of Memory for each new virtual machine.
      1. To accommodate the Citrix Provisioning vDisk memory cache, add 256 MB (virtual desktop) or 4 GB of RAM (Remote Desktop Session Host) to the Memory. See Citrix Blog Post Size Matters: PVS RAM Cache Overflow Sizing for more information.
    4. Specify the size of the cache disk: 20-40 GB for session hosts, or 5-10 GB for virtual desktops.
      1. Any disks attached to the template will be ignored/discarded. To keep the disk in the template, see CTX237313 PVS XDSW retain template disks.
    5. Select BDM disk or PXE boot.
      1. For PXE boot, the Target Devices must be on the same VLAN as the Provisioning servers.
      2. BDM disk burns the boot image into the new virtual machine’s disk. BDM Disk supports target devices on a different subnet than the Provisioning servers. Make sure the Target Device VM template does not have any Boot ISOs configured.
  16. Click Next.
  17. In the Active Directory page, click Next.
  18. In the Active Directory accounts and location page
    1. Select an OU.
    2. Enter a naming pattern for the new machines. Use ## to represent numbering.
  19. Click Next.
  20. In the Summary page, click Finish to start creating the machines. The wizard will power on the machines so it can format the cache disk.
  21. Then click Done.
  22. In Citrix Provisioning Console, if you go to Farm > Sites > mySite > Hosts, you’ll see the Hosting Resource used by the Wizard. If you open the Properties of the Hosting Resource…
  23. On the Credentials tab, you can see the credentials you used when running the wizard. You will probably want to change these to a service account.
  24. In Citrix Studio, you’ll see a new machine catalog.
  25. The Citrix Provisioning Citrix Virtual Desktops Setup Wizard seems to ignore zones (XenApp/XenDesktop 7.7 or newer) so you’ll have to move it to the correct zone manually.
  26. Create a new Delivery Group, or add the machines to an existing Delivery Group.

Target Device Power Operation

If you used the Citrix Virtual Desktops Setup Wizard to create Target Devices, then the Target Devices are linked to a hosting connection, and can be powered on from the Citrix Provisioning Console by right-clicking the device, and clicking Boot.

Target Devices created by the Citrix Virtual Desktops Setup Wizard have a VirtualHostingPoolId, which corresponds to the hosting connection listed under Sites > MySite > Hosts. When powering on the VM, Citrix Provisioning searches for a VM with the same name as the Target Device.

Boot Disk Manager (BDM) Partition Update

During Citrix Provisioning Citrix Virtual Desktops Setup Wizard, you can configure the Target Devices to use a BDM Partition to boot from Citrix Provisioning servers. This partition contains the IP addresses of the Citrix Provisioning servers. Prior to Citrix Provisioning 7.9, it was not possible to change the BDM Partition configuration.

In Citrix Provisioning 7.9 and newer, it is now possible to update the BDM Partition with the latest bootstrap info:

  1. In Citrix Provisioning Console, go to MyFarm > Sites > MySite > Servers, right-click each Citrix Provisioning server, and click Configure Bootstrap. Update the list of Citrix Provisioning servers.
  2. Make sure the Target Devices are powered off.
  3. Go to MyFarm > Sites > MySite > Device Collections, right-click a collection created by the Citrix Virtual Desktops Setup Wizard, expand Target Device, and click Update BDM Partitions.
  4. Click Update Devices.
  5. Click Close when done.

Citrix Studio Catalog of Citrix Provisioning Machines

The easiest method to create Citrix Provisioning machines is with the Citrix Virtual Desktops Setup Wizard. If you’re not able to do that for any reason, then you can create Citrix Provisioning machines using more manual techniques, or using the Streamed VM Setup Wizard. Once the machines are created in the Citrix Provisioning Console, you need to add them to a Machine Catalog in Citrix Studio.

  1. In Citrix Provisioning Console, create a Device Collection with Citrix Provisioning machines.
  2. In Citrix Studio, create a new Catalog.
  3. On the Introduction page, click Next.
  4. In the Operating System page, make a selection that matches the vDisk, and click Next.
  5. In the Machine Management page, change the Deploy machines using selection to Citrix Provisioning, and click Next.
  6. In the Device Collection page, enter the Provisioning server name, and click Connect.
  7. Select the Citrix Provisioning Device Collection, and click Next.
  8. In the Devices page, review the list of machines that will be added to the catalog, and click Next.
  9. In the Summary page, give the Catalog a name, and click Finish. You can now add these machines to a Delivery Group.
  10. You can later add more machines to the Device Collection in the Citrix Provisioning Console.
  11. To add the new machines to Citrix Studio, right-click the existing Catalog, and click Add Machines.
  12. In the Device Collection page, click Connect.
  13. Select the Device Collection containing new machines, and click Next.
  14. In the Devices page, review the list of new machines, and click Next.
  15. In the Summary page, click Finish. You can now add these new machines to a Delivery Group.

Write Cache Disk

Write Cache Drive Letter

If the Write Cache disk is not mounting with the correct drive letter, see CTX133476 Explaining and Troubleshooting WriteCache Disk Drive Letter Assignment

Write Cache File Name

From Carl Fallis at .vdiskcache at Citrix Discussions. Citrix Provisioning has had three different cache names:

  • .vdiskCache is Legacy Ardence format (5 .x and before not supported anymore, you can delete this if your target software is running latest, this cache was optimized for size)
  • .vdiskdif.vhd is legacy hard drive cache (6.0 and above local hard drive cache, used standard 1mb sector size and is larger than the legacy cache but worked better with storage and was incrementally faster than Legacy Ardence format)
  • vdiskdiff.vhdx is Ram cache with overflow (7.1.4 and above RAM cache with overflow, 2 mb sectors larger than vhd but much faster and more compatible with storage)

Write Cache Filling Up Cache Disk

From Carl Fallis at .vdiskcache filling up drive at Citrix Discussions: The vdisk cache is basically a difference disk and only contains the blocks that are written to the system drive so you cannot mount it or read the file, it is just block data.  What you need to do is use a tool like Process Monitor from Microsoft (used to be sysinternals) and monitor the system drive. Any write to the system drive is redirected by the Citrix Provisioning software to the cache file.  You should make sure that any software that is installed on the target image does not have an auto update feature enabled, redirect all user data to a network share and educate your users to make sure they are not doing something that will fill up the cache like downloading a video to the local system drive.

Be aware that the RAM cache with overflow to hard drive can use more space on your local drive, it is important even in the older cache that you perform regular maintenance on your vdisks some recommendations:

  • Merge to a new base disk when you have created 5 or more versions
  • After every merge to the base disk, mount the new base disk and defrag the disk, this is important to reduce sectors used in the local cache, it is very important with the new RAM cache with overflow to local disk but it can have a very positive impact with the legacy local cache. Refer to http://blogs.citrix.com/2015/01/19/size-matters-pvs-ram-cache-overflow-sizing for more information.

Write Cache Size Monitoring

To view the size of Write Cache in RAM with overflow to disk, look in Task Manager for Nonpaged pool.

Matthew Nichols Monitor Citrix Pvs ‘Cache In Ram’ Size Using Powershell has a PowerShell script that uses WMI to poll a remote device for the size of the Nonpaged pool.

Andrew Morgan Accurately checking the Citrix PVS “cache in Ram, Overflow to disk” RAM cache size details how to use poolmon to view the actual RAM allocation for the write cache. And there’s a PowerShell script to extract the information from poolmon.

Citrix Blog Post Digging into PVS with PoolMon and WPA details how to use Windows Performance Analyzer to view Citrix Provisioning RAM cache and overflow.

Related Topics

Citrix Provisioning – Update vDisk

Last Modified: Sep 7, 2018 @ 2:16 pm

Navigation

This article applies to all 7.x versions of Citrix Provisioning, including Current Release 1808, 7.15.3 (7.15 LTSR 2), and 7.6.6 LTSR.

💡 = Recently Updated

Change Log

Updater Device

  1. Create a new Updater Target Device that is only used when you need to update a vDisk. You can create the Updater device manually or you can use the Citrix Virtual Desktops Setup Wizard.
  2. Put the Updater device in a new Device Collection. This is to avoid assigning the device to a Catalog in Studio. Users must not connect to an Updater device while it is powered on.
  3. Set the Updater device to boot from the Maintenance Type. This is used by the Versioning method of updating a vDisk.
  4. When adding the Updater device to Active Directory, be mindful of group policies. Sometimes it is helpful to apply the group policies to the Updater device so they are stored in the vDisk you are updating.
  5. An Updater device can only boot from one vDisk at a time but it can boot from any vDisk. If you need to do updates to multiple vDisks simultaneously, create more Updater devices.
  6. If you are using Enterprise Software Deployment tools (e.g. System Center Configuration Manager) to maintain a vDisk, keep the Updater device constantly booted to a Maintenance version so the ESD tool can push updates to it. This basically requires a separate Updater device for each vDisk.

Update a vDisk – Versioning Method

  1. In the Citrix Provisioning Console, right-click a Standard Mode vDisk, and click Versions.
  2. In the vDisk Versions window, click New.
  3. Notice that the Access is set to Maintenance. Click Done.
  4. If you look at the physical location where the vDisks are stored, you’ll see a new .avhdx file.
  5. Go to the properties of an Updater Target Device, and change the Type to Maintenance. You’ll use this Target Device to update the vDisk. Make sure this Target Device you are using for vDisk Updating is not in any Delivery Group so that users don’t accidentally connect to it when it is powered on.
  6. Of course this Target Device will need to be configured to use the vDisk you are updating.
  7. Power on the Updater Target Device.
  8. If you did not configure the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipBootMenu to 1 on the Provisioning Servers, then you’ll see a boot menu.
  9. Login to your Updater Target Device. The Virtual Disk Status icon by the clock should indicate that the vDisk Mode is now Read/Write.
  10. Make any desired changes.
  11. The Citrix Provisioning Image Optimization tool disables Windows Update. To install Windows Updates, use the following script to enable Windows Update, install updates, then disable Windows Update – http://www.xenappblog.com/2013/prepare-a-provisioning-services-vdisk-for-standard-mode/
  12. Before powering off the target device, run your sealing tasks. Run antivirus sealing tasks.
  13. Citrix Blog Post Sealing Steps After Updating a vDisk contains a list of commands to seal an image for Citrix Provisioning.
  14. Login Base Image Script Framework (BIS-F) automates many sealing tasks. The script is configurable using Group Policy.
  15. Power off the target device so the vDisk is no longer being used.
  16. Go back to the Versions window for the vDisk.
  17. Highlight the version you just updated, and click Promote.
  18. Best practice is to promote it to Test first. Or you can go directly to Production if you’re confident that your updates won’t cause any problems. Note: if you select Immediate, it won’t take effect until the Target Devices are rebooted. For scheduled promotion, the Target Devices must be rebooted after the scheduled date and time.
  19. The Replication icon should have a warning icon on it indicating that you need to copy the files to the other Provisioning server.
  20. Only copy the .avhdx and .pvp files. Do not copy the .lok file.

  21. Another method of copying the vDisk files is by using Robocopy:
    Robocopy D:\vDisks \\pvs02\d$\vDisks *.vhd *.avhd *.pvp /b /mir /xf *.lok /xd WriteCache /xo
  22. Citrix Blog Post vDisk Replicator Utility has a GUI utility script that can replicate vDisks between Citrix Provisioning Sites and between Citrix Provisioning Farms.

  23. Then click the Refresh button, and the warning icon should go away.
  24. Configure a Target Device to boot the Test vDisk Type. Then boot it.
  25. Once testing is complete, promote the vDisk version again.
  26. Immediate means it will take effect only after Target Devices are rebooted, whether immediately or later. Scheduled means the Target Device has to be rebooted after the scheduled date and time before it takes effect; if the Target Device has been rebooted before the scheduled date, then the older version is still in effect. Click OK.
  27. If you need to Revert, you can use the Revert button, or the drop-down on top of the window.

Merge Versions

  1. Citrix recommends no more than five .avhd files in the snapshot chain. To collapse the chain of .avhd files, you can Merge the versions. Don’t Merge until the files on both Provisioning servers are replicated.
  2. You can merge (Merged Updates) multiple .avhdx files into a single new .avhdx file that is linked to the original base file. Or you can merge (Merged Base) the original base, plus all of the .avhdx files into a new base .vhdx file, without any linked .avhdx files.
  3. The Merged Base process creates a whole new .vhdx file that is the same size or larger than the original base. After merging, replicate the merged file to both Provisioning Servers.

  4. Make sure there is no warning icon on the Replication button.
  5. If your merged version is currently in Test mode, then you can promote it to Production.
  6. After merging, you can delete older versions if you don’t need to revert to them.

Citrix CTX207112 Managing Provisioning Services VDisk Versions with VhdUtil Tool: CLI tool that can do the following outside of Citrix Provisioning Console:

  • dump header/footer
  • merge chain
  • rename chain

Expand vDisk VHD

To expand a vDisk file, create a Merged Base. Then use normal VHD expansion tools/methods.

One method is described by Trevor Svienson at How do I expand pvs vdisk with versions? at Citrix Discussions. Steps are: (Commands in fixed width font)

  1. Open cmd or powershell as administrator
  2. diskpart
  3. select vdisk file=“<path to your visk>” (e.g. V:\store\my.vhd)
  4. list vdisk (you should now see your vdisk and the path)
  5. expand vdisk maximum=60000 (This is the size in megabytes of the size you want to extend, so 60000 is 60Gb)
  6. attach vdisk
  7. list disk
  8. list volume (take note of the Volume number of the your vdisk, you should see the old size)
  9. select volume 5 (or whatever volume number from list volume command)
  10. extend
  11. list volume (you should now see the size you want for your disk. This should also be seen in the Citrix Provisioning console)
  12. detach vdisk
  13. exit

Reverse Image – BCDEDIT Method

If you want to upgrade the Citrix Provisioning Target Device Software on a vDisk, and if your current Target Devices Software installation is 7.6 Update 1 or newer then you can simply install the new Target Device Software. No special steps required. However, if your Target Device software is 7.6 or older then you’ll need to Reverse Image as detailed in this section.

If you want to update the NIC driver (e.g. VMware Tools) then you can’t use the normal vDisk versioning process since NIC interruptions will break the connection between Target Device and vDisk. Instead you must reverse image, which essentially disconnects the vDisk from Citrix Provisioning.

The traditional method of reverse imaging is to use Citrix Provisioning Imaging (P2PVS.exe), or similar, to copy a vDisk to a local disk, boot from the local disk, make changes, and then run the Imaging Wizard again to copy the local disk back to a new vDisk. Select Volume to Volume. On the next page, select C: as source, and local disk as Destination. If you don’t see the C: drive as an option, then make sure your vDisk is in read/write mode (Private Image or Maintenance Version).

A faster process is to skip Citrix Provisioning Imaging, and instead boot directly from the vDisk VHD. Windows 7/2008 R2 and newer can boot directly from VHD files. Windows 8/2012 and newer can boot from VHDX files. All you need to do is copy the vDisk VHD/VHDX to a Windows machine’s local C: drive, run bcdedit to configure booting to the VHD/VHDX, reboot into the VHD/VHDX, make your changes, reboot back into the original Windows OS, copy the VHD/VHDX back to Citrix Provisioning and import it. Details below:

Note: For Windows 7 vDisks, Enterprise Edition is required in the bootable VHD.

Alternative methods of performing Reverse Image:

To boot from vDisk VHD (Microsoft TechNet To add a native-boot VHD to an existing Windows 7 boot menu):

  1. In Citrix Provisioning Console, if using versioning, create a merged base.
  2. Copy the merged based vDisk (VHD file) to any Windows 7, Windows 2008 R2, or newer virtual machine. If VHDX, you’ll need Windows 8, Windows 2012, or newer. Note: the C: drive of the virtual machine must be large enough to contain a fully expanded VHDX file.
  3. Run the following command to export the current BCD configuration:
    bcdedit /export c:\bcdbackup

  4. Run the following command to copy the default BCD entry to a new entry. This outputs a GUID that you will need later.
    bcdedit /copy {default} /d "vhd boot (locate)"

  5. Run the following commands to set the new BCD entry to boot from the VHD file. Replace {guid} with the GUID outputted from the previous command. Include the braces.
    bcdedit /set {guid} device vhd=[locate]\MyvDisk.vhd
    bcdedit /set {guid} osdevice vhd=[locate]\MyvDisk.vhd
    

  6. Make sure you are connected to the console of the virtual machine.
  7. Restart the virtual machine.
  8. When the boot menu appears, select the VHD option. Note: if you see a blue screen, then you might have to enlarge your C: drive so the VHD file can be unpacked.
  9. Login to the virtual machine.
  10. Perform updates:
    1. Uninstall the Citrix Provisioning Target Device software.
    2. Upgrade VMware Tools.
    3. Reinstall Citrix Provisioning Target Device software. The Target Device software must be installed after VMware Tools is updated.
  11. When you are done making changes, reboot back into the regular operating system.

  12. Rename the updated VHD file to make it unique.
  13. Copy the updated VHD file to your Citrix Provisioning Store.
  14. Copy an existing .pvp file and paste it with the same name as your newly updated VHD.

  15. In the Citrix Provisioning Console, right-click the store, and click Add or Import Existing vDisk.
  16. Click Search.
  17. It should find the new vDisk. Click Add. Click OK.

  18. You can now assign the newly updated vDisk to your Target Devices.

Automatic Scheduled vDisk Update – SCCM

You can use the vDisk Update Management node (and Hosts node) in Citrix Provisioning Console to schedule an updater machine to power on, receive updates from System Center Configuration Manager, and power off. The new vDisk version can then be automatically promoted to Production, or you can leave it in Maintenance or Test mode and promote it manually.

See the following Citrix links for instructions:

Related Topics

NetScaler Firewall Rules

Last Modified: Sep 13, 2018 @ 7:08 am

Navigation

See CTX101810 Communication Ports Used by Citrix Technologies

💡 = Recently Updated

Change Log

NetScaler Firewall Rules

From To Protocol / Port Purpose
Administrator machines NSIPs (and/or SNIPs) TCP 22
TCP 80
TCP 443
TCP 3010
TCP 3008
SSH and HTTP/SSL access to NetScaler configuration GUI. TCP 3008/3010 is Java and 3008 is used if traffic is encrypted. Java not needed in 10.5 build 57 and newer.
Administrator machines NetScaler SDX SVM, XenServer TCP 22
TCP 80
TCP 443
To administer NetScaler SDX
Administrator machines NetScaler Lights Out Module TCP 443
TCP 623
TCP 5900
CTX200367
NSIP
SNIP
DNS servers Ping
UDP 53
TCP 53
Ping is used for monitoring. Can be turned off by load balancing on the same appliance.
NSIPs
SNIP
NetScaler MAS TCP 27000
TCP 7279
Pooled Licensing  💡
NSIPs
SNIP
NTP servers UDP 123 NTP
NSIPs
SNIP (NS 11+)
Syslog server UDP 514 Syslog
NSIPs callhome.citrix.com
cis.citrix.com
taas.citrix.com
TCP 443 Call Home
NSIPs (default)
SNIP
LDAP Servers(Domain Controllers) TCP 389 (Start TLS)
TCP 636 (Secure LDAP)
Secure LDAP requires certificates on the Domain Controllers. Secure LDAP enables password changes when they expire.SNIP if Load Balanced on same appliance
NSIPs LDAP Servers TCP 389
TCP 636
Monitor Domain Controllers
NSIPs (default)
SNIP
RADIUS servers UDP 1812 RADIUS is used for two-factor authentication. SNIP if Load Balanced on same appliance
SNIP RADIUS servers UDP 1812
Ping
Monitor RADIUS servers
NetScaler SDX Service virtual machine NSIPs Ping
TCP 22
TCP 80
TCP 443
Only if NetScaler VPX runs as a virtual machine on top of NetScaler SDX
Local GSLB Site IP
SNIP
GSLB Site IP (public IP) in other datacenter TCP 3009
TCP 3011
GSLB Metric Exchange Protocol between appliance pairs
NSIPs GSLB Site IP (public IP) in other datacenter TCP 22
TCP 3008
TCP 3010
GSLB Configuration Sync
Local GSLB Site IP
SNIP
All Internet Ping
UDP 53
TCP (high ports)
RTT to DNS Servers for Dynamic Proximity determination
SNIP StoreFront Load Balancing VIP TCP 443 NetScaler Gateway communicates with StoreFront
SNIP StoreFront servers TCP 80
TCP 443
TCP 808
StoreFront Load Balancing
NSIPs StoreFront servers TCP 80
TCP 443
Monitor StoreFront servers
StoreFront servers NetScaler Gateway VIP (DMZ IP) TCP 443 Authentication callback from StoreFront server to NetScaler Gateway.
SNIP Each individual Controller in every datacenter TCP 80
TCP 443
Secure Ticket Authorities.This cannot be load balanced.
TCP 443 only if certificates are installed on the Delivery Controllers.
SNIP All internal virtual desktops and session hosts (subnet rule?) TCP 1494
TCP 2598
UDP 1494
UDP 2598
UDP 16500-16509
UDP 3224-3324
HDX ICA
Enlightened Data Transport
Session Reliability
UDP Audio
Framehawk
All Internet
All internal users
NetScaler Gateway VIP (public IP) TCP 80
TCP 443
UDP 443
Connections from browsers and native Receivers
DTLS for UDP Audio
All Internet
All internal DNS servers
SNIP (public IP) UDP 53 ADNS(for GSLB)
Web logging server NSIPs TCP 3010 Web logging polls the NetScalers.
NSIPs NetScaler MAS or other SNMP Trap Destination UDP 161
UDP 162
SNMP Traps
NSIPs NetScaler MAS or other AppFlow Collector UDP 4739
TCP 5557
AppFlow
  • Authentication traffic uses NSIPs by default. This can be changed by creating a local Load Balancing Virtual Server on the same appliance and sending authentication traffic through the load balancer.
  • If a NetScaler will load balance, a monitor is required to determine if the service is up or not. Several of the monitors run as Perl scripts, which require connectivity from the NSIPs. But actual load balancing traffic can use SNIP as the source IP.
  • DNS uses ping for monitoring. This can be disabled by creating a local Load Balancing Virtual Server on the same appliance and sending DNS traffic through the load balancer. 
  • In a NetScaler with a dedicated mgmt network and default route is on a different data network, for traffic that is normally sourced by NSIP, if NetScaler can’t find a route on the NSIP network then NetScaler will use SNIP instead. To revert to NSIP as source, add a static route on the NSIP network.

NetScaler MAS Firewall Rules

NetScaler Management and Analytics System (NetScaler MAS) is a combination of Command Center and Insight Center.

From To Protocol / Port Purpose
NetScaler MAS
MAS Floating IP
MAS Agent
NSIPs Ping
TCP 22
TCP 80
TCP 443
Discovery and configuration of NetScaler devices
MAS (Primary, Secondary) NSIPs UDP 161 SNMP
NSIPs NetScaler MAS
MAS Floating IP
MAS Agent
UDP 4739 AppFlow
NSIPs
SNIP
NetScaler MAS
MAS Floating IP
MAS Agent
TCP 5557 Logstream (ULFD)
NSIPs NetScaler MAS
MAS Floating IP
MAS Agent
UDP 161
UDP 162
SNMP Traps
NSIPs NetScaler MAS
MAS Floating IP
MAS Agent
UDP 514 Syslog
CPX NSIPs
VPX NSIPs
NetScaler MAS
MAS Floating IP
MAS Agent
TCP 27000
TCP 7279
Pooled Licensing
Administrator Machines NetScaler MAS
MAS Floating IP
MAS Agent
TCP 22
TCP 80
TCP 443
Web-based GUI
Director Servers NetScaler MAS
MAS Floating IP
TCP 80
TCP 443
Insight Integration with Director
NetScaler MAS LDAP(S)
LDAP(S) VIP
TCP 389
TCP 636
LDAP authentication
NetScaler MAS Mail Server TCP 25 Email alerts
NetScaler MAS NTP Server UDP 123 NTP
NetScaler MAS Syslog Server UDP 514 Syslog

Command Center Firewall Rules

From To Protocol / Port Purpose
NSIPs Citrix Command Center / NMAS UDP 161
UDP 162
SNMP Traps
Citrix Command Center SQL Server TCP 1433
UDP 1434
Other static port
SQL database
Citrix Command Center / NMAS NSIPs TCP 22
UDP 161
UDP 162
SSH to configure the appliance.SNMP to poll the appliance.
SNMP ping.
Citrix Command Center / NMAS Mail server TCP 25 SMTP
Citrix Command Center / NMAS Domain Controllers TCP 389
TCP 636
LDAP
LDAPS
Administrator Machines Citrix Command Center TCP 8443
TCP 3389
Web-based GUI
RDP

Insight Center Firewall Rules

From To Protocol / Port Purpose
Insight Center NSIPs Ping
TCP 22
TCP 80
TCP 443
Configures NetScaler to send AppFlow to Insight Center
NSIPs Insight Center UDP 4739 AppFlow
NSIPs
SNIP
Insight Center TCP 5557 Logstream (ULFD)
Administrator Machines Insight Center TCP 80
TCP 443
Web-based GUI
Director Servers Insight Center TCP 80
TCP 443
Insight Integration with Director
Insight Center LDAP(S)
LDAP(S) VIP
TCP 389
TCP 636
LDAP authentication to Insight Center
Insight Center Mail Server TCP 25 Email alerts
Insight Center NTP Server UDP 123 NTP
Insight Center Syslog Server UDP 514 Syslog

XenApp/XenDesktop Firewall Rules

From To Protocol / Port Purpose
Administrator machines Controllers TCP 80/443
TCP 3389
PowerShell
RDP
Controllers SQL Server TCP 1433
UDP 1434
Other static port
SQL database
Controllers vCenter TCP 443 vCenter
Controllers SCVMM TCP 8100 SCVMM
Controllers Citrix Licensing TCP 27000
TCP 7279
TCP 8082-8083
TCP 80
Citrix Licensing
StoreFront servers Citrix Delivery Controllers TCP 80
TCP 443
XML
Secure Ticket Authority
StoreFront servers StoreFront servers TCP 808 Subscription Replication
StoreFront servers Domain Controllers in Trusted Domains TCP 88
TCP 135
TCP 445
TCP 389/636
TCP 49151-65535
RPC
Discussions  💡
Administrator machines StoreFront servers TCP 3389 RDP
Administrator machines Citrix Licensing TCP 8082-8083
TCP 80
TCP 3389
Web-based administration GUI
RDP
Controllers All VDAs TCP 80 Brokering
All VDAs Controllers TCP 80 Registration
All VDAs Global Catalogs
(Domain Controllers)
TCP 3268 Registration
All Receivers
(Internal)
StoreFront SSL Load Balancing VIP TCP 80
TCP 443
Internal access to StoreFront
All Receivers NetScaler Gateway VIP TCP 80
TCP 443
External (or internal) access to NetScaler Gateway
All Receivers
(Internal)
All VDAs TCP 1494
TCP 2598
UDP 16500-16509
UDP 3224-3324
ICA/HDX
Session Reliability
UDP Audio
Framehawk
Administrator machines Director TCP 3389 RDP
Administrator machines
Help Desk machines
Director TCP 80
TCP 443
Web-based GUI
Director Controllers TCP 80
TCP 443
Director
Administrator machines
Help Desk machines
All VDAs TCP 135
TCP 3389
Remote Assistance

Also see Microsoft Technet Which ports are used by a RDS 2012 deployment?

Provisioning Services Firewall Rules

From To Protocol / Port Purpose
Provisioning Servers SQL Server TCP 1433
UDP 1434
Other static port
SQL database for Provisioning Services
Provisioning Servers Provisioning Servers SMB File copy of vDisk files
Provisioning Servers Provisioning Servers UDP 6890-6909 Inter-server communication
Provisioning Servers Citrix Licensing TCP 27000
TCP 7279
TCP 8082-8083
TCP 80
Citrix Licensing
Provisioning Servers Controllers TCP 80
TCP 443
Setup Wizards to create machines
Provisioning Servers vCenter TCP 443 Setup Wizards to create machines
Provisioning Servers Target Devices UDP 6901
UDP 6902
UDP 6905
Provisioning Services Console Target Device power actions (e.g. Restart)
Administrator machines Provisioning Servers TCP 3389
TCP 54321
TCP 54322
TCP 54323
RDP
SOAP
Controllers Provisioning Servers TCP 54321
TCP 54322
TCP 54323
Add machines to Catalog
Target Devices DHCP Servers UDP 67 DHCP
Target Devices KMS Server TCP 1688 KMS Licensing
Target Devices Provisioning Servers UDP 69
UDP 67/4011
UDP 6910-6969
TFTP
PXE
Streaming (expanded port range)
Target Devices Provisioning Servers UDP 6969
UDP 2071
Two-stage boot (BDM)
Target Devices Provisioning Servers TCP 54321
TCP 54322
TCP 54323
Imaging Wizard to SOAP Service