Provisioning Services – Server Install

Last Modified: Dec 14, 2016 @ 6:23 pm

Navigation

đź’ˇ = Recently Updated

Planning

Provisioning Services Planning – Reference List – http://support.citrix.com/article/CTX137199

PvS Firewall Rules

Download Provisioning Services 7.11.

Citrix License Server Version

Make sure the Citrix Licensing server is 11.14.0.1 build 18001 or newer.

vDisk Storage

Do the following on both PvS Servers. The vDisks will be stored locally on both servers. You must synchronize the files on the two servers: either manually (e.g. Robocopy), or automatically (e.g. DFS Replication).

Create D: Drive

  1. In the vSphere Web Client, edit the settings for each of the Provisioning Services server virtual machines.
  2. On the bottom, use the drop-down list to select New Hard Disk and click Add.
  3. Expand the New Hard disk by clicking the arrow next to it.
  4. Change the disk size to 500 GB or higher. It needs to be large enough to store the vDisks. Each full vDisk is 40 GB plus a chain of snapshots. Additional space is needed to merge the chain.
  5. Feel free to select Thin provision, if desired. Click OK when done.
  6. Login to the session host. Right-click the Start Button, and click Disk Management.
  7. In the Action menu, click Rescan Disks.
  8. On the bottom right, right-click the CD-ROM partition, and click Change Drive Letters and Paths.

  9. Click Change.
  10. Change the drive letter to E:, and click OK.
  11. Click Yes when asked to continue.
  12. Right-click Disk 1 and click Online.
  13. Right-click Disk 1 and click Initialize Disk.
  14. Click OK to initialize the disk.
  15. Right-click the Unallocated space, and click New Simple Volume.
  16. In the Welcome to the New Simple Volume Wizard page, click Next.
  17. In the Specify Volume Size page, click Next.
  18. In the Assign Drive Letter or Path page, select D: and click Next.
  19. In the Format Partition page, change the Volume label to vDisks and click Next.
  20. In the Completing the New Simple Volume Wizard page, click Finish.
  21. If you see a pop-up asking you to format the disk, click Cancel since Disk Management is already doing that.

vDisk Folders

On the new D: partition, create one folder per Delivery Group. For example create one called Win10Common and create another folder called Win10SAP. Each vDisk is composed of several files so its best to place each vDisk in a separate folder. Each Delivery Group is usually a different vDisk.

Robocopy Script

Here is a sample robocopy statement to copy vDisk files from one Provisioning Services server to another. It excludes .lok files and excludes the WriteCache folders.

REM Robocopy from PVS01 to PVS02
REM Deletes files from other server if not present on local server
Robocopy D:\vDisks \\pvs02\d$\vDisks *.vhd *.vhdx *.avhd *.avhdx *.pvp /b /mir /xf *.lok /xd WriteCache /xo

Service Account

Provisioning Services should run as a domain account that is in the local administrators group on both Provisioning Services servers. This is required for KMS Licensing.

From Considerations: Provisioning Services for Personal vDisk at Citrix Docs: The Provisioning Services Soap Service account must be added to the Administrator node of Citrix Studio and must have the Machine Administrator or higher role. This ensures that the PvD desktops are put into the Preparing state when the Provisioning Services (PVS) vDisk is promoted to production.

.NET Framework 3.5 SP1 & 4.5 – 2008 R2 Only

Provisioning Server on Windows Server 2008 R2 requires .NET Framework 3.5 SP1 to be installed prior to installing Provisioning Server.

  1. On each Provisioning Server, in Server Manager, right-click Features and click Add Features.
  2. In the Select Features page, check the box next to .NET Framework 3.5.1 and click Next.
  3. In the Confirm Installation Selections page, click Install.
  4. In the Installation Results page, click Close.

.NET Framework 4.0 has bug. Upgrade to 4.5. More information at All the target devices are not selected when using shift select within the PVS console to select a number of target devices.

.NET Framework 4.5.1 can be installed from Windows Update or you can download it from Microsoft.

Provisioning Services Console 7.12

The installation and administration of Provisioning Services 7.8, 7.9, 7.11, and 7.12 are essentially identical.

You can in-place upgrade to Provisioning Services Console 7.12.

  1. Go to the downloaded Provisioning Services 7.12, and in the Console folder run PVS_Console_x64.exe.
  2. Click Install.
  3. In the Welcome to the InstallShield Wizard for Citrix Provisioning Services Console x64 page, click Next.
  4. In the License Agreement page, select I accept the terms, and click Next.
  5. In the Customer Information page, click Next.
  6. In the Destination Folder page, click Next.
  7. In the Ready to Install the Program page, click Install.
  8. In the InstallShield Wizard Completed page, click Finish.

Provisioning Server 7.12 – Server Install

The installation and administration of Provisioning Services 7.8, 7.9, 7.11, and 7.12 are essentially identical.

You can in-place upgrade to Provisioning Services Server 7.12. The Servers must be upgraded before the vDisks are upgraded. While upgrading one Provisioning Services Server, all Target Devices are moved to the other Provisioning Services Server.

  1. If vSphere, make sure the Provisioning Services server virtual machine Network Adapter Type is VMXNET 3.
  2. Go to the downloaded Provisioning Services 7.12, and in the Server folder, run PVS_Server_x64.exe.
  3. Click Install when asked to install SQL2012nclx64 and/or Telemetry Service. Note: you might need a newer version of SQL Native Client as indicated by Daniele Tosatto at PVS 7.11 & SQL 2014 SP2 – Unsupported? at Citrix Discussions.
  4. In the Welcome to the Installation Wizard for Citrix Provisioning Services x64 page, click Next.
  5. In the License Agreement page, select I accept the terms, and click Next.
  6. In the Customer Information page, select Anyone who users this computer, and click Next.
  7. In the Destination Folder page, click Next.
  8. In the Ready to Install the Program page, click Install.
  9. In the Installation Wizard Completed page, click Finish.

Database Script

By default, the Provisioning Services Configuration Wizard will try to create the database using the credentials of the person that is running the Wizard. This isn’t always feasible. An alternative is to create a script that a DBA can run on the SQL server.

  1. Go to C:\Program Files\Citrix\Provisioning Services and run DBScript.exe.
  2. Change the selection to New database for 2012 or higher.
  3. Enter a path to save the script file.
  4. Fill in the other fields.
  5. Select an Active Directory group containing your Citrix administrators, and click OK.
  6. In SQL Server Management Studio, open the SQL script.

  7. Execute the script to create the database.

  8. The person that runs the Provisioning Services Configuration Wizard will need db_owner permission to the new Provisioning Services database.
  9. Provision a Windows service account that will run the services on the Provisioning Services server. This account must have a SQL login on the SQL server containing the PvS database. The Provisioning Services Configuration Wizard will grant this account the correct permissions in the database.

Configuration Wizard – New Farm

  1. If you used DBScript.exe to pre-create the database, skip to Configuration Wizard – Join Farm.
  2. For SQL AlwaysOn Availability Group, see CTX201203 SQL Server AlwaysOn Configuration for PVS 7.6. In summary: Use the wizard to create the database instance. In SQL, create the Availability Group. Then reconfigure Provisioning Services to point to the SQL AlwaysOn listener.
  3. The Configuration Wizard launches automatically. If the database wasn’t pre-created, then the person running the wizard must have dbcreator and securityadmin roles on the SQL Server. If true, click Next. If not true, then cancel the wizard and launch it as somebody that does have those roles.
  4. The DHCP Services page appears. DHCP is typically hosted on a different server so select The service that runs on another computer. It is also possible to install DHCP on the PvS Servers. Click Next.
  5. In the PXE Services page, if you intend to use Boot Device Manager (BDM or ISO) instead of PXE, then change the selection to The service that runs on another computer, which disables the PXE service. Click Next.
  6. In the Farm Configuration page, click Create Farm.
  7. In the Database Server page, enter the name of the SQL server. PvS 7.11 has a new option for MultiSubnetFailover. Click Next.
  8. In the New Farm page enter the following:
    • Enter a descriptive Database name. Put the word Citrix in the database name so the DBA knows what it is for.
    • Enter a descriptive Farm name.
    • Enter a descriptive Site name.
    • Enter a descriptive Collection name. All of these names can be changed later.
    • Select the Active Directory group that will have administrator permissions to Provisioning Services, and click Next. If you don’t see your group here, select any group you belong to, and you can fix it later in the console.
  9. In the New Store page, browse to one of the vDisk folders, and give the store a name. Then click Next.
  10. In the License Server page, enter the name of your Citrix license server, check the box next to Validate license server, and click Next.
  11. In the User account page, notice it defaults to Network service account. This won’t work with KMS licensing so change it to Specified user account. Enter credentials for an account that is a local administrator on all Provisioning Services servers, and click Next.
  12. In the Active Directory Computer Account Password page, check the box, and click Next.
  13. In the Network Communications page, click Next.
  14. In the TFTP Option and Bootstrap Location page, check the box, and click Next.
  15. In the Stream Servers Boot List page, click Advanced.
  16. Check the box next to Verbose mode, click OK, and then click Next.
  17. If PvS 7.12 or newer, in the Soap SSL Configuration page, click Next.
  18. If PvS 7.11 or newer, in the Problem Report Configuration page, enter your MyCitrix credentials, and click Next.
  19. In the Finish page, click Finish.
  20. If you are upgrading then you might be asked to upgrade the database. Click Yes.
  21. Click OK if you see the firewall message.
  22. In the Finish page, click Done.

Configuration Wizard – Join Farm

  1. The Configuration Wizard launches automatically.
  2. There are two methods of handling SQL permissions:
    1. The person running the wizard must have db_owner on the database and securityadmin role on the SQL Server. This allows the wizard to add the service account to SQL logins and grant it access to the database.
    2. Or the person running the wizard can be limited to just db_owner permission to the database. The service account must be added manually to SQL logins by a DBA.
  3. The DHCP Services page appears. DHCP is typically hosted on a different server so select The service that runs on another computer. It is also possible to install DHCP on the PvS Servers. Click Next.
  4. In the PXE Services page, if using BDM or ISO, select The service that runs on another computer, and click Next.
  5. In the Farm Configuration page, click Join existing farm.
  6. In the Database Server page, enter the name of the SQL server, and click Next.
  7. In the Existing Farm page, select the database, and click Next.
  8. In the Site page, select an existing site, and click Next.
  9. If you used the script to create the database, then there probably are no stores defined. Do so now.
  10. Otherwise, in the New Store page, select the existing store and click Next.
  11. In the License Server page, click Next.
  12. In the User account page, notice it defaults to Network service account. Change it to a service account that is local administrator on both Provisioning Services servers. Click Next.
  13. In the Active Directory Computer Account Password page, check the box, and click Next.
  14. In the Network Communications page, click Next.
  15. In the TFTP Option and Bootstrap Location page, check the box, and click Next.
  16. In the Stream Servers Boot List page, click Advanced.
  17. Check the box next to Verbose mode, click OK, and then click Next.
  18. If PvS 7.12 or newer, in the Soap SSL Configuration page, click Next.
  19. If PvS 7.11 or newer, in the Problem Report Configuration page, enter your MyCitrix credentials, and click Next.
  20. In the Finish page, click Finish.
  21. Click OK if you see the firewall message.
  22. In the Finish page, click Done.

Troubleshooting – Networking Services Don’t Work After Reboot

If your PXE service or TFTP service does not work after a reboot of the Provisioning Services server, do the following:

  1. One option is to set the Citrix PVS PXE Service, Citrix PVS TFTP Service, and Citrix PVS Two-stage boot Service to Automatic (Delayed Start).
  2. The TFTP and Two-stage Boot services can be delayed by setting registry keys. From Carl Fallis at Citrix Discussions:
    • Keys = HKLM\System\CurrentControlSet\services\BNTFTP (and PVSTSB)\Parameters
    • Value = InitTimeoutSec (DWORD). 1 – 4 seconds. Default is 1.
    • Value = MaxBindRetry (DWORD). 5 – 20 retries. Default is 5.

Disable Firewall

The Windows firewall must be disabled to allow communication on all Provisioning Server ports.

  1. In Server Manager, click Tools and run Windows Firewall with Advanced Security.
  2. Click Windows Firewall Properties.
  3. On the Domain Profile tab, change the Firewall state to Off.

Disable BIOS Boot Menu

The versioning process in Provisioning Services will present a boot menu when booting any version except Production.

  1. To avoid this, create the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipBootMenu on both Provisioning Servers and set it to 1. Note: the location of this key changed in Provisioning Services 7.0 and newer.
  2. Then restart the Citrix PVS Stream Service.

Private Mode vDisk – No Servers Available for vDisk

Citrix CTX200233 – Error: “No servers available for disk”: When you set a vDisk to Private Image mode (or new Maintenance version), if the Target Device is not connected to the server that contains the vDisk then you might see a message saying “No Servers Available for vDisk”.

  1. To avoid this, create the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipRIMSForPrivate on both Provisioning Servers and set it to 1. Note: the location of this key changed in Provisioning Services 7.0.
  2. Then restart the Citrix PVS Stream Service.

Multi-Homed Provisioning Server

From slide 20 of http://www.slideshare.net/davidmcg/implementing-and-troubleshooting-pvs:, Multi-homed Provisioning Services server is not recommended but if you insist, and if running Provisioning Services 6.1 or older, configure the following. Provisioning Services 7.7 configuration wizard should have asked you for the management NIC.

  • HKLM\Software\Citrix\ProvisioningServices\IPC
    • New Reg_Sz (string) named IPv4Address with the IP of the NIC for IPC
  • HKLM\Software\Citrix\ProvisioningServices\Manager
    • New Reg_Sz (string) named GeneralInetAddr with the IP of the NIC and port
    • e.g. 10.1.1.2:6909

Citrix 133877 Timeout Error 4002 in Provisioning Server Console after Clicking “Show Connected Devices: when there are multiple streaming NICs assigned to the PVS Server, when Show Connected Devices was clicked in the PVS console, the following symptoms might be experienced: Server timeout error 4002, unusual delay of 3 to 4 minutes to list the connected devices, or PVS console stops responding. Complete the following to resolve the issue:

  1. On the PVS Server machine, under HKLM\software\citrix\provisioningServices\Manager key, create registry DWORD RelayedRequestReplyTimeoutMilliseconds, and set it to 50 ms (Decimal).
  2. Create a DWORD RelayedRequestTryTimes, and set it to 1.
  3. Open the PVS Server console and test by selecting the Show Connected Devices command.

Antivirus Exclusions

Citrix’s Recommended Antivirus Exclusions

Citrix Blog Post Citrix Recommended Antivirus Exclusions: the goal here is to provide you with a consolidated list of recommended antivirus exclusions for your Citrix virtualization environment focused on the key processes, folders, and files that we have seen cause issues in the field:  💡

  • Set real-time scanning to scan local drives only and not network drives
  • Disable scan on boot
  • Remove any unnecessary antivirus related entries from the Run key
  • Exclude the pagefile(s) from being scanned
  • Exclude Windows event logs from being scanned
  • Exclude IIS log files from being scanned

See the Blog Post for exclusions for each Citrix component/product including: StoreFront, VDA, Controller, and Provisioning Services. The Blog Post also has links to additional KB articles on antivirus.

 

Microsoft’s virus scanning recommendations (e.g. exclude group policy files) – http://support.microsoft.com/kb/822158.

TFTP High Availability

If your Target Devices are not on the same VLAN as the Provisioning Servers, you will need to load balance TFTP.

NetScaler 10.1 and newer has native support for TFTP protocol. Older versions of NetScaler are more difficult to configure.

DHCP Failover

The DHCP infrastructure must be highly available. And session hosts should be configured with DHCP Reservations. With multiple DHCP servers, any reservation should be created on all DHCP servers hosting the same DHCP scope. The easiest way to accomplish this is with the new DHCP Failover feature in Windows Server 2012.

  1. Build two DHCP servers on Windows Server 2012 or newer.
  2. Create a scope for the Provisioning Services Target Devices.
  3. Right-click the existing scope, and click Configure Failover.
  4. In the Introduction to DHCP Failover page, click Next.
  5. In the Specify the partner server to use for failover page, enter the name of the other DHCP server, and click Next.
  6. In the Create a new failover relationship page, enter a Shared Secret, and click Next.
  7. Click Finish.
  8. Click Close.

Health Check

Sacha T. – Citrix PVS HealthCheck: PowerShell script to view the health/status of the Provisioning Services environment. Emails an HTML Report. For PvS 7.7, see http://blog.appcloud.ch/happy-new-script-pvs-7-7-healthcheck/. For PvS 7.6, http://blog.appcloud.ch/citrix-pvs-healthcheck/.

Related Pages

53 thoughts on “Provisioning Services – Server Install”

    1. BDM connects to PvS server two-stage boot service, which is another TFTP service on port 6969. Not sure if disabling TFTP also disables two-stage boot.

    1. If using the console, PvS uses the permissions of whoever is running the console.

      During normal vDisk operations, PvS instructs the Target Device to update its own password.

      Thus, PvS Services Account does not talk to AD directly.

  1. Hi Carl ,
    Is it possible to have only one vDisk storage location shared between 2 PVS servers , eliminating the need to robocopy vDisks versions between them ? How would the servers handle their .lok file in that scenario ?
    Thanks

  2. Hi Carl,

    My goal is to move from PVS to MCS, i am thinking to create VM from vdisk and covert that vm from hyper-v to VMware VM so that i can use Citrix MCS with a new converted VM .

    Thanks in advance,

    Basem

  3. Dear Carl,

    I have an environment which includes PVS installation with a master Image.

    Is there any way to transform that environment to Citrix MCS ? is there any challenges to acheive that transformation ?

    Thank you in advance,

    Mvh
    Basem

          1. Hi Carl,

            What i am thinking to do is to create VM on hyper-v for the VHDX disk and convert that VM using VMware convertor? is there any to do that ?

            Thank you in advance.

            Basem

  4. Carl, during an upgrade, after I upgrade the first device are the targets able to fail back over to the newly upgraded server so that I can upgrade the rest of the streaming servers? I am upgrading from 7.1.3 to 7.11.

  5. Carl mabay you can add some comments to the following section
    ◦Configuration Wizard – New Farm
    While when the SQL server initial db size is more then 20MB the Provisioning Services Configuration Wizzard failed!
    on the configuring Services
    And in the eventlog you found the following error message
    DbAccess error: (in ServerGetByNameFromDb() called from SSProtocolModule.cpp:291)

    As soon the SQL Admin changed the initial size to 19MB, the wizard runs without an issue!
    If you like it I can provide you an screenshot with the error!

  6. Thanks, Carl. Question…Once I upgrade all of my servers from 7.1 to 7.9, will my target devices (that still have the 7.1 target software installed) still work in the upgraded pvs farm?

      1. Thanks for the fast response, Carl. May I ask what the downside is if I don’t upgrade the target device software immediately after upgrading the PVS farm (besides missing all the new features)? I was thinking of upgrading all of my servers in my PVS farm first to 7.9, and upgrade my 7.1 target device software within a week or two. Do you think that will be ok? Thanks, Carl!

        1. That should be fine. If you call support with 7.1 connecting to 7.9, they will probably ask you to upgrade to 7.9 before providing support.

  7. Thanks for the great information, Carl.
    Is it possible to automate the versioning process? I’d like to push MS patches every month using SCCM to our master image, from there I’d like to automate all of the PVS work…from creating a new version, setting it to production, pointing all of the PVS clones to the new version, etc.
    Have you ever seen this done? Is it possible?

  8. Hi Carl, when upgrading PVS to a newer version (7.6 to 7.62) do you recommend doing it after hours when no users using it? I know the upgrade does a db upgrade, & most likely with stop streaming services, etc. so am wondering if the upgrade would break current vdisk streaming or prevent any new attempts?

    1. When you upgrade one, it moves the targets to the other server. Most have no problems upgrading during the day. But it depends on your risk tolerance.

  9. Great article Carl. I upgraded 7.6 to 7.9 recently. Noticed the target devices don’t show the correct status. VM’s are ON users are connected, but PVS shows target device is down. I have logged a case with Citrix but waiting…

  10. Thanks again Carl,
    Do you have any tips and best practice on (multi site) high availability..
    How can you provide the same vDisks to devices at different sites?

    1. I typically copy the vDisk to different PvS servers in each site. Yes, targets in each site can boot from the same vDisk. However, you might have to use GPO to adjust the ListOfDDCs registry key so the VDAs register with the correct Controllers.

  11. Hi Carl. we also get the no servers for disk. just 1 out of 50 servers or so. then the server needs to be reset 1-10 times before it Works (hyper-v). Its both maintanance and standard image.
    Do you have ANY idea ?
    /anker

    1. You might have to call Citrix Support. Or post to Citrix forums, where the Product Manager usually replies.

  12. hi Carl,

    I Got the message suddenly
    No servers available for disk, when i put the vdisk in Private mode, it used to work suddenlijk it doesnt work any more, i already added the registry entry, restart streaming service, nothing seems to work

    What else can i do to get this work ?

    Thanks
    rolf

  13. Carl,

    This rule is mentioned double in the anti virus exclusions:

    C:\Program Files\Citrix\Provisioning Services\MgmtDaemon.exe
    C:\Program Files\Citrix\Provisioning Services\Inventory.exe
    C:\Program Files\Citrix\Provisioning Services\MgmtDaemon.exe

  14. Question: regarding service account or to use PVS servers Computer Accounts? For my PVS installations I use the Computer accounts, then I don´t need to care about password expries for the service account. Do you Carl see any downsides with using Computer Accounts? except the KMS part ?

    1. Make sure NETWORK SERVICE is added as a local administrator. Also, can’t do PvD with local account since the account needs to log into Citrix Studio. And probably can’t do Scale Out File Share with VHDX files.

      1. For the Active Directory OU where the computer accounts is situated, doesn´t the PVS serviceaccount or the PVS servers computer account need higher rights there like: update computer accounts?
        It used to be that way..

        1. Nope. It should use the AD permissions of the person running the console.

          For AD password changes, PvS asks the TD to do it so no extra permissions are needed.

          1. I asked you this on Twitter as well. So are you saying the stream/soap service account DOES NOT require any AD permissions on the OU? I’m getting mixed information on this.

          2. I’m pretty sure it’s not required. You could always test it. It should use the credentials of the person running the console.

          3. I know the console user would be able to manage, but what about the automated password management of the computer objects? You said the TDs handle that but I’m unsure how that works. I’m definitely going to test though. Nothing definitively says the stream service needs ad permissions anywhere.

  15. You are fantastic Carl. One of the clearest PVS articles I have seen. This will definitely be a help when we do our POC for XenApp 7.6. Thanks again.

Leave a Reply