Navigation
This article applies to all 7.x versions of Citrix Provisioning, including 2411, 2402 LTSR, and 2203 LTSR.
- Change Log
- Planning and Versions
- Citrix License Server Version
- Upgrade
- vDisk Storage
- Installs/Upgrades
- Database Configuration
- Troubleshooting – Networking Services Don’t Work After Reboot
- Firewall
- Disable BIOS Boot Menu
- Private Mode vDisk – No Servers Available for vDisk
- Multi-homed Provisioning Server
- Antivirus Exclusions
- TFTP High Availability
- DHCP Failover
- Health Check
💡 = Recently Updated
Change Log
- 2025 March 7 – updated Versions section with Citrix Provisioning 2402 LTSR CU2
- 2025 Jan 9 – updated Versions section with Citrix Provisioning 2203 LTSR CU6
- 2024 Dec 4 – updated Versions section and Install sections with Citrix Provisioning 2411
- 2024 April 30 – updated Versions section with Citrix Provisioning 1912 LTSR CU9
- 2023 Mar 20 – updated Versions section and Install sections with Citrix Provisioning 2303
- Join PVS Farm to Citrix Cloud
 
- 2022 July 29 – updated Versions section with PVS 7.15.45 (from LTSR 7.15 Cumulative Update 9)
Planning and Versions
CTX220651 Best Practices for deploying PVS in multi-geo environments: ensure that Provisioning farms do not span data centers with a network latency that can affect communications between the Provisioning Servers and the SQL database
SQL 2019 is supported with Citrix Provisioning 2003 and newer.
Citrix Provisioning Firewall Rules
The most recent Current Release version of Citrix Provisioning is 2411.

For LTSR CVAD, deploy the Citrix Provisioning version that matches your CVAD version:
- For Citrix Virtual Apps and Desktops (CVAD) 2402 LTSR, deploy Citrix Provisioning 2402 LTSR CU2
 
- For Citrix Virtual Apps and Desktops (CVAD) 2203 LTSR, deploy Citrix Provisioning 2203 LTSR CU6.
 
- For Citrix Virtual Apps and Desktops (CVAD) 1912 LTSR, deploy Citrix Provisioning 1912 LTSR Cumulative Update 9 (CU9).
  
- For XenApp and XenDesktop 7.15 LTSR, deploy 7.15.45 (7.15 LTSR Update 9). 7.15.45 is the version included in XenApp/XenDesktop LTSR 7.15 Cumulative Update 9. Yes, it’s confusing.
   
Citrix License Server Version
Upgrade the Citrix Licensing server to the latest version. Citrix now requires the latest License Server version and is configured to upload license telemetry data.

Upgrade
Windows Server 2022 is supported with Citrix Provisioning 2203 and newer.
VMware ESXi 8.0 is supported with Citrix Provisioning 2212 and newer.
SCVMM 2022 is supported with Citrix Provisioning 2203 and newer.
If you are upgrading from an older version of Citrix Provisioning, do the following:
- In-place upgrade the Citrix License Server.
- In-place upgrade the Provisioning Console.
- Re-register the Citrix.PVS.snapin.dll snap-in:
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" "c:\program files\citrix\provisioning services console\Citrix.PVS.snapin.dll" 
- If upgrading from 7.15.3000 to 7.15.4000, then manually upgrade the snap-ins. See CTX256773 Powershell SnapIns are not upgraded from PVS 7.15 LTSR CU3 to 7.15 LTSR CU4 after the upgrade is complete
  
 
- Re-register the Citrix.PVS.snapin.dll snap-in:
- In-place upgrade the Provisioning Server. If you have two or more Provisioning servers, upgrade one, and then the other. If High Availability is configured correctly, then the Target Devices should move to a different Provisioning server while a Provisioning server is being upgraded.
- After the first Provisioning server is upgraded, run the Configuration Wizard. You can generally just click Next through the wizard. At the end, you’ll be prompted to upgrade the database. Then upgrade the remaining Provisioning servers and run the Config Wizard on each of them too.
  
 
- After the first Provisioning server is upgraded, run the Configuration Wizard. You can generally just click Next through the wizard. At the end, you’ll be prompted to upgrade the database. Then upgrade the remaining Provisioning servers and run the Config Wizard on each of them too.
- Upgrade the Target Device Software inside each vDisk. Don’t do this until the Provisioning servers are upgraded (Target Device Software must be same version or older than the Provisioning Servers).
- If your Target Devices are 7.6.1 or newer, you can create a Maintenance version, boot an Updater Target Device, and in-place upgrade the Target Device Software.
- If your Target Devices are older, then you must reverse image.
 
vDisk Storage
Do the following on both Provisioning Servers. The vDisks will be stored locally on both servers. You must synchronize the files on the two servers: either manually (e.g. Robocopy), or automatically (e.g. DFS Replication).
Create D: Drive
- In the vSphere Web Client, edit the settings for each of the Provisioning server virtual machines.
- On the bottom, use the drop-down list to select New Hard Disk, and click Add.
  
- Expand the New Hard disk by clicking the arrow next to it.
- Change the disk size to 500 GB or higher. It needs to be large enough to store the vDisks. Each full vDisk is 40 GB plus a chain of snapshots. Additional space is needed to merge the chain.
- Feel free to select Thin provision, if desired. Click OK when done.
  
- Login to the session host. Right-click the Start Button, and click Disk Management.
  
- In the Action menu, click Rescan Disks.
  
- On the bottom right, right-click the CD-ROM partition, and click Change Drive Letters and Paths.
  
 
- Click Change.
  
- Change the drive letter to E:, and click OK.
  
- Click Yes when asked to continue.
  
- Right-click Disk 1 and click Online.
  
- Right-click Disk 1 and click Initialize Disk.
  
- Click OK to initialize the disk.
  
- Right-click the Unallocated space, and click New Simple Volume.
  
- In the Welcome to the New Simple Volume Wizard page, click Next.
- In the Specify Volume Size page, click Next.
- In the Assign Drive Letter or Path page, select D: and click Next.
- In the Format Partition page, change the Volume label to vDisks and click Next.
  
- In the Completing the New Simple Volume Wizard page, click Finish.
- If you see a pop-up asking you to format the disk, click Cancel since Disk Management is already doing that.
vDisk Folders
On the new D: partition, create one folder per Delivery Group. For example, create one called Win10Common, and create another folder called Win10SAP. Each vDisk is composed of several files, so its best to place each vDisk in a separate folder. Each Delivery Group is usually a different vDisk.

Robocopy Script
Here is a sample robocopy statement to copy vDisk files from one Provisioning server to another. It excludes .lok files and excludes the WriteCache folders.
REM Robocopy from PVS01 to PVS02 REM Deletes files from other server if not present on local server Robocopy D:\vDisks \\pvs02\d$\vDisks *.vhd *.vhdx *.avhd *.avhdx *.pvp /b /mir /xf *.lok /xd WriteCache /xo
Citrix Blog Post vDisk Replicator Utility has a GUI utility script that can replicate vDisks between Provisioning Sites and between Provisioning Farms.


Service Account
Provisioning Services should run as a domain account that is in the local administrators group on both Provisioning servers. This is required for KMS Licensing.

Provisioning Console Install/Upgrade
The installation and administration of Citrix Provisioning 2411 and older (including LTSR versions 2203 and 1912) are essentially identical.
Operating System – Windows Server 2022 is supported with Citrix Provisioning 2203 and newer.
Hypervisor – VMware ESXi 8.0 is supported with Citrix Provisioning 2212 and newer. VMware VSAN 8 is supported with Citrix Provisioning 2311 and newer.
- SCVMM 2022 is supported with Citrix Provisioning 2203 and newer. See CTX131239 Supported Hypervisors for Citrix Virtual Apps and Desktops and Provisioning (Provisioning Services).
BIOS – Citrix Provisioning 2311 and newer no longer support BIOS. See Converting BIOS vDisks to UEFI at Citrix Docs.
If you want to automate the installation and configuration of Citrix Provisioning, see Dennis Span Citrix Provisioning Server unattended installation.

To manually install Provisioning Console, or in-place upgrade the Provisioning Console:
- Go to the downloaded Citrix Provisioning, and in the Console folder, run PVS_Console_x64.exe.
  
- Click Install.
  
- If you see the .NET Framework Setup page:
- Check the box next to I have read and accept the license terms, and click Install.
  
- In the Installation Is Complete page, click Finish.
  
- Click Restart Now.
  
- Restart the PVS_Console_x64.exe installer.
  
- Click Install.
 
- Check the box next to I have read and accept the license terms, and click Install.
- Click Yes to reboot when prompted. Then restart the installation.
  
- In the Welcome to the InstallShield Wizard for Citrix Provisioning Console x64 page, click Next.
  
- In the License Agreement page, select I accept the terms, and click Next.
  
- In the Customer Information page, click Next.
  
- In the Destination Folder page, click Next.
  
- In the Ready to Install the Program page, click Install.
  
- In the InstallShield Wizard Completed page, click Finish.
  
- Click Yes if you are prompted to restart.
  
After upgrading the Console, re-register the PowerShell snap-in. This is required for the Citrix App Layering Agent.
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" "c:\program files\citrix\provisioning services console\Citrix.PVS.snapin.dll"

Provisioning Server – Install/Upgrade
The installation and administration of Citrix Provisioning 2411, 1912 LTSR CU9, 7.15.45, 7.6.9 and other 7.x versions are essentially identical.
Operating System – Windows Server 2022 is supported with Citrix Provisioning 2203 and newer.
Hypervisor – VMware ESXi 8.0 is supported with Citrix Provisioning 2212 and newer. VMware VSAN 8 is supported with Citrix Provisioning 2311 and newer.
- SCVMM 2022 is supported with Citrix Provisioning 2203 and newer. See CTX131239 Supported Hypervisors for Citrix Virtual Apps and Desktops and Provisioning (Provisioning Services).
BIOS – Citrix Provisioning 2311 and newer no longer support BIOS. See Converting BIOS vDisks to UEFI at Citrix Docs.
You can in-place upgrade Provisioning Server. The Provisioning Servers must be upgraded before the vDisks’ Target Device Software are upgraded. While upgrading one Provisioning Server, all Target Devices are moved to the other Provisioning Server assuming that vDisk High Availability is properly configured.
To install/upgrade Provisioning server:
- If vSphere, make sure the Provisioning server virtual machine Network Adapter Type is VMXNET 3.
  
- Go to the downloaded Provisioning ISO, and in the Server folder, run PVS_Server_x64.exe.
  
- Click Install when asked to install prerequisites.
  
- Click Yes to reboot. After the restart, relaunch the installer.
  
- Note: there’s a long delay before the installation wizard appears.
- In the Welcome to the Installation Wizard for Citrix Provisioning Server x64 page, click Next.
  
- In the License Agreement page, select I accept the terms, and click Next.
  
- In Citrix Provisioning 1811 and newer, you’ll see a Default Firewall Ports page. You can optionally select Automatically open all Citrix Provisioning ports in Windows Firewall. If you later use the Citrix Provisioning Console to change the ports, then the Windows Firewall rules need to be adjusted manually since the Citrix Provisioning Console won’t do it for you.
  
- In the Customer Information page, select Anyone who users this computer, and click Next.
  
- In the Destination Folder page, click Next.
  
- In the Ready to Install the Program page, click Install.
  
- In the Installation Wizard Completed page, click Finish.
  
Database Script
By default, the Citrix Provisioning Configuration Wizard will try to create the database using the credentials of the person that is running the Wizard. This isn’t always feasible. An alternative is to create a script that a DBA can run on the SQL server.
- Go to C:\Program Files\Citrix\Provisioning Services and run DBScript.exe.
  
- Change the selection to New database for 2012 or higher.
- Enter a path to save the script file.
- Fill in the other fields.
- Select an Active Directory group containing your Citrix administrators, and click OK.
  
- In SQL Server Management Studio, open the SQL script.
  
  
- Execute the script to create the database.
  
  
- The person that runs the Citrix Provisioning Configuration Wizard will need db_owner permission to the new Citrix Provisioning database.
  
- Create a Windows service account that will run the services on the Citrix Provisioning server. This account must have a SQL login on the SQL server containing the Citrix Provisioning database. The Citrix Provisioning Configuration Wizard will grant this account the correct permissions in the database.
  
Configuration Wizard – New Farm
- If you used DBScript.exe to pre-create the database, skip to Configuration Wizard – Join Farm.
- Certificate – Joining PVS to CVAD site requires a valid certificate on the PVS server.
  
- For SQL AlwaysOn Availability Group, see CTX201203 SQL Server AlwaysOn Configuration for PVS 7.6. In summary: Use the wizard to create the database instance. In SQL, create the Availability Group. Then reconfigure Citrix Provisioning Server to point to the SQL AlwaysOn listener.
- The Citrix Provisioning Configuration Wizard launches automatically. If the database wasn’t pre-created, then the person running the wizard must have dbcreator and securityadmin roles on the SQL Server. If true, click Next. If not true, then cancel the wizard and launch it as somebody that does have those roles.
  
  
- The DHCP Services page appears. DHCP is typically hosted on a different server so select The service that runs on another computer. It is also possible to install DHCP on the Provisioning Servers. Click Next.
  
- In the PXE Services page, if you intend to use Boot Device Manager (BDM or ISO) instead of PXE, then change the selection to The service that runs on another computer, which disables the PXE service.
- If your Target Devices and Provisioning Servers are on the same broadcast network, then change the selection to Citrix Provisioning PXE service on this computer.
- Click Next.
  
  
- In the Farm Configuration page, choose Create Farm, and click Next.
  
- In the Database Server page, enter the name of the SQL server. Citrix Provisioning 2203 and newer has an option for specifying credentials to the SQL server.
   - In Citrix Provisioning 2203 and newer, click the Connection Options button and there’s an option for Enable MultiSubnetFailover for SQL Always On. There’s also an Optional TCP port field. Click OK and then click Next.
  
- Older versions of Provisioning have an option for MultiSubnetFailover on the Database Server page. Click Next.
  
 
- In Citrix Provisioning 2203 and newer, click the Connection Options button and there’s an option for Enable MultiSubnetFailover for SQL Always On. There’s also an Optional TCP port field. Click OK and then click Next.
- In the New Farm page, enter the following:
- Enter a descriptive Database name. Put the word Citrix in the database name so the DBA knows what it is for.
- Enter a descriptive Farm name.
- Enter a descriptive Site name.
- Enter a descriptive Collection name. All of these names can be changed later.
- Select the Active Directory group that will have administrator permissions to Citrix Provisioning, and click Next. If you don’t see your group here, select any group you belong to, and you can fix it later in the console.
  
 
- In the New Store page, browse to one of the vDisk folders, and give the store a name. Then click Next.
  
- You can optionally join the Provisioning Farm to CVAD or Citrix Cloud so that you can use Web Studio to provision Targets. The CVAD option is available in Citrix Provisioning 2311 and newer.
   - Click Yes to join the farm to a CVAD Site.
  
- In the Citrix Virtual Desktops Controller page, click Next.
  
- Later in the wizard, an SSL certificate is required on the PVS server.
  
- The Registration tab in Provisioning Console > Farm Properties shows the status of CVAD Site registration.
  
 
- Click Yes to join the farm to a CVAD Site.
- In the License Server page, enter the name of your Citrix license server, check the box next to Validate license server communication, and click Next.
  
- Click Yes to trust the license server certificate.
  
- In the User account page, notice it defaults to Network service account. This won’t work with KMS licensing so change it to Specified user account. Enter credentials for an account that is a local administrator on all Provisioning servers, and click Next. Note: Provisioning 7.16 and newer support Group Managed Service Accounts.
  
  
- In the Active Directory Computer Account Password page, check the box, and click Next.
  
- In the Network Communications page, click Next.
  
- In the TFTP Option and Bootstrap Location page, check the box, and click Next.
  
- In the Stream Servers Boot List page, click Advanced.
  
- Check the box next to Verbose mode, click OK, and then click Next.
  
- If Provisioning 7.12 or newer, in the SSL Configuration page, click Next.
  
- If you see the Problem Report Configuration page, enter your MyCitrix credentials and click Next.
  
- In the Finish page, click Finish.
  
- If you are upgrading, then you might be asked to upgrade the database. Click Yes.
  
- Click OK if you see the firewall message.
  
- In the Finish page, click Done.
  
From Running the Configuration Wizard silently at Citrix Docs: Now that you have a configured server, you can run "C:\Program Files\Citrix\Provisioning Services\ConfigWizard.exe" /s to produce an .ans file at "C:\ProgramData\Citrix\Provisioning Services\ConfigWizard.ans". This .ans file can be modified and copied to additional Provisioning servers. "C:\Program Files\Citrix\Provisioning Services\ConfigWizard.exe" /a reads the .ans file and applies the configuration silently.
Configuration Wizard – Join Farm
- The Configuration Wizard launches automatically.
- There are two methods of handling SQL permissions:
- The person running the wizard must have db_owner on the database and securityadmin role on the SQL Server. This allows the wizard to add the service account to SQL logins and grant it access to the database.
- Or the person running the wizard can be limited to just db_owner permission to the database. The service account must be added manually to SQL logins by a DBA.
  
 
- The DHCP Services page appears. DHCP is typically hosted on a different server so select The service that runs on another computer. It is also possible to install DHCP on the Provisioning Servers. Click Next.
  
- In the PXE Services page, if you intend to use Boot Device Manager (BDM or ISO) instead of PXE, then change the selection to The service that runs on another computer, which disables the PXE service.
- If your Target Devices and Provisioning Servers are on the same broadcast network, then change the selection to Citrix Provisioning PXE service on this computer.
- Click Next.
  
  
- In the Farm Configuration page, click Join existing farm.
  
- In the Database Server page, enter the name of the SQL server. Citrix Provisioning 2203 and newer has an option for specifying credentials to the SQL server.
   - In Citrix Provisioning 2203 and newer, click the Connection Options button and there’s an option for Enable MultiSubnetFailover for SQL Always On. There’s also an Optional TCP port field. Click OK and then click Next.
  
- Older versions of Provisioning have an option for MultiSubnetFailover on the Database Server page. Click Next.
  
 
- In Citrix Provisioning 2203 and newer, click the Connection Options button and there’s an option for Enable MultiSubnetFailover for SQL Always On. There’s also an Optional TCP port field. Click OK and then click Next.
- In the Existing Farm page, select the database, and click Next.
  
- In the Site page, select an existing site, and click Next.
  
- If you used the script to create the database, then there probably are no stores defined. Do so now.
  
- Otherwise, in the New Store page, select the existing store, and click Next.
  
- In the License Server page, click Next.
  
- In the User account page, notice it defaults to Network service account. This won’t work with KMS licensing so change it to Specified user account. Enter credentials for an account that is a local administrator on all Provisioning servers, and click Next. Note: Provisioning 7.16 and newer support Group Managed Service Accounts.
  
  
- In the Active Directory Computer Account Password page, check the box, and click Next.
  
- In the Network Communications page, click Next.
  
- In the TFTP Option and Bootstrap Location page, check the box, and click Next.
  
- In the Stream Servers Boot List page, click Advanced.
  
- Check the box next to Verbose mode, click OK, and then click Next.
  
- If Provisioning 7.12 or newer, in the Soap SSL Configuration page, click Next.
  
- If Provisioning 7.11 or newer, in the Problem Report Configuration page, enter your MyCitrix credentials, and click Next. 
- In the Finish page, click Finish.
  
- Click OK if you see the firewall message.
  
- In the Finish page, click Done.
  
Troubleshooting – Networking Services Don’t Work After Reboot
If your PXE service or TFTP service does not work after a reboot of the Provisioning server, do the following:
- One option is to set the Citrix PVS PXE Service, Citrix PVS TFTP Service, and Citrix PVS Two-stage boot Service to Automatic (Delayed Start).
- The TFTP and Two-stage Boot services can be delayed by setting registry keys.
- Keys = HKLM\System\CurrentControlSet\services\BNTFTP (and PVSTSB)\Parameters
- Value = InitTimeoutSec (DWORD). 1 – 4 seconds. Default is 1.
- Value = MaxBindRetry (DWORD). 5 – 20 retries. Default is 5.
 
Disable Firewall
Disable the Windows Firewall to allow communication to all Citrix Provisioning Server ports. Or, see Citrix Provisioning Firewall Rules and manually open all required ports. If you change the ports in the Citrix Provisioning Console, then you’ll need to adjust the Windows Firewall rules accordingly.
- In Server Manager, click Tools, and click Windows Firewall with Advanced Security.
  
- Click Windows Firewall Properties.
  
- On the Domain Profile tab, change the Firewall state to Off.
  
Disable BIOS Boot Menu
The versioning process in Citrix Provisioning will present a boot menu when booting any version except Production.

- To avoid this, create the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipBootMenu on both Provisioning Servers and set it to 1. Note: the location of this key changed in Provisioning Services 7.0 and newer.
  
- Then restart the Citrix PVS Stream Service.
  
Private Mode vDisk – No Servers Available for vDisk
Citrix CTX200233 – Error: “No servers available for disk”: When you set a vDisk to Private Image mode (or new Maintenance version), if the Target Device is not connected to the server that contains the vDisk then you might see a message saying “No Servers Available for vDisk”.
- To avoid this, create the DWORD registry value HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipRIMSForPrivate on both Provisioning Servers and set it to 1. Note: the location of this key changed in Provisioning Services 7.0.
  
- Then restart the Citrix PVS Stream Service.
  
Multi-Homed Provisioning Server
From slide 20 of http://www.slideshare.net/davidmcg/implementing-and-troubleshooting-pvs:, Multi-homed Provisioning server is not recommended but if you insist, and if running Provisioning 6.1 or older, configure the following. Provisioning 7.7 configuration wizard should have asked you for the management NIC.
- HKLM\Software\Citrix\ProvisioningServices\IPC
- New Reg_Sz (string) named IPv4Address with the IP of the NIC for IPC
 
- HKLM\Software\Citrix\ProvisioningServices\Manager
- New Reg_Sz (string) named GeneralInetAddr with the IP of the NIC and port
- e.g. 10.1.1.2:6909
 
Citrix 133877 Timeout Error 4002 in Provisioning Server Console after Clicking “Show Connected Devices“: when there are multiple streaming NICs assigned to the Provisioning Server, when Show Connected Devices was clicked in the Provisioning console, the following symptoms might be experienced: Server timeout error 4002, unusual delay of 3 to 4 minutes to list the connected devices, or Provisioning console stops responding. Complete the following to resolve the issue:
- On the Provisioning Server machine, under HKLM\software\citrix\provisioningServices\Manager key, create registry DWORD RelayedRequestReplyTimeoutMilliseconds, and set it to 50 ms (Decimal).
- Create a DWORD RelayedRequestTryTimes, and set it to 1.
- Open the Provisioning Server console and test by selecting the Show Connected Devices command.
Antivirus Exclusions
Citrix’s Recommended Antivirus Exclusions
Endpoint Security, Antivirus, and Antimalware Best Practices at Citrix Docs TechZone contains a list of recommended exclusions for Citrix Provisioning.
Citrix Blog Post Citrix Recommended Antivirus Exclusions: the goal here is to provide you with a consolidated list of recommended antivirus exclusions for your Citrix virtualization environment focused on the key processes, folders, and files that we have seen cause issues in the field:
- Set real-time scanning to scan local drives only and not network drives
- Disable scan on boot
- Remove any unnecessary antivirus related entries from the Run key
- Exclude the pagefile(s) from being scanned
- Exclude Windows event logs from being scanned
- Exclude IIS log files from being scanned
See the Blog Post for exclusions for each Citrix component/product including: StoreFront, VDA, Controller, and Provisioning. The Blog Post also has links to additional KB articles on antivirus.
Microsoft’s virus scanning recommendations
(e.g. exclude group policy files) – http://support.microsoft.com/kb/822158.
TFTP High Availability
BIOS machines have multiple methods of booting into PVS:
- PXE (network boot) on same subnet as Citrix Provisioning Servers.
- PXE (network boot) on different subnet as Citrix Provisioning Servers. DHCP Scope Options 66 and 67 required.
- Boot ISO created by Citrix Provisioning Boot Device Manager.
- Boot partition created by the Citrix Provisioning Virtual Desktops Setup Wizard.
EFI/UEFI machines have two methods of booting into PVS:
- PXE (network boot) on same subnet as Citrix Provisioning Servers. DHCP Scope Option 11 required.
- PXE (network boot) on different subnet as Citrix Provisioning Servers. DHCP Scope Options 66, 67, and 11 required.
If PXE booting on same subnet as Provisioning Servers, then make sure the PXE service is running on the Citrix Provisioning Servers. When your target device boots, it will broadcast a PXE Request message to the entire subnet. One of the Provisioning Servers PXE services will reply with the IP address of the TFTP service on the local Provisioning Server.
- If EFI/UEFI, the bootstrap file cannot be modified to contain the Provisioning Server addresses so you must instead configure DHCP Scope Option 11 with those addresses. See CTX208519 Configuring PVS for High Availability with UEFI Booting and PXE service.
If your Target Devices are not on the same VLAN/subnet as the Provisioning Servers, then use Boot ISO or Boot Partition.
HA for DHCP Scope Options:
- DHCP Scope Option 66 (TFTP Server address) only supports a single address. For High Availability, either DNS Round Robin your TFTP servers, or configure Citrix ADC to load balance TFTP. TFTP service runs on the Citrix Provisioning Servers.
- Citrix CTX131954 Implementation Guide – High Availability for TFTP
- NetScaler has native load balancing support for TFTP protocol.
  
- For EFI/UEFI, for DHCP Scope Option 67, see Unified Extensible Firmware Interface (UEFI) pre-boot environments at Citrix Docs for the correct file name.
DHCP Failover
The DHCP infrastructure must be highly available. And session hosts should be configured with DHCP Reservations. With multiple DHCP servers, any reservation should be created on all DHCP servers hosting the same DHCP scope. The easiest way to accomplish this is with the DHCP Failover feature in Windows Server 2012 and newer.
- Build two DHCP servers on Windows Server 2012 or newer.
- Create a scope for the Provisioning Target Devices.
- Right-click the existing scope, and click Configure Failover.
  
- In the Introduction to DHCP Failover page, click Next.
  
- In the Specify the partner server to use for failover page, enter the name of the other DHCP server, and click Next.
  
- In the Create a new failover relationship page, enter a Shared Secret, and click Next.
  
- Click Finish.
  
- Click Close.
  
Health Check
CTP Sacha Thomet’s PowerShell script to view the health/status of the Provisioning environment. Emails an HTML Report. For Provisioning 7.7 and newer, see https://blog.sachathomet.ch/2015/12/29/happy-new-script-pvs-7-7-healthcheck/.

Carl, curious if you have heard of or seen any boot issues after upgrading from 7.6 LTSR to 7.15. I’ve had scheduled reboots for various target devices for over a year and never had a problem. After upgrading to 7.15 I’m having a pretty good failure rate on devices coming back up after a reboot. They basically freeze at the black screen with the windows logo (no spinning dots). Happens with both 7.6 and 7.15 target device software. I have a ticket open but haven’t been able to actually put in any good troubleshooting. As always, thanks in advance!
hello, when i try to use the pvs robocopy, it says that the pvp file is in use? what can i do?
I’m trying to figure out what version (enterprise, plat.,etc…) of Citrix we need to have to use MCSIO (MCS IO acceleration), with MCS. Does enterprise allow the use of MCSIO? This link doesn’t say anything about MCSIO, https://www.citrix.com/products/xenapp-xendesktop/feature-matrix.html
I’m not aware of any licensing limitation. Should work in all editions.
Thanks Carl.
Hi Carl, thanks for those great guides!
I struggle with “SQL Server ID and Password” after my upgrade from 7.14 to 7.15
What is meant with the Server ID? The cluster name? A service user? I’m confused 🙁
Thank you in advance!
Where are you seeing this?
At the Provisioning Services Configuration Wizard after selecting “Microsoft DHCP on this computer”. The prompt says:
The login failed for the SQL Server. Enter a valid ID and password to use for perfoming the action on the SQL Server.
I really don’t know that the “ID” should be. It’s neither the SQL cluster name nor my database user.
Okay, now it works! I had to run the wizard as a different user (service account) and then it worked 🙂
thanks!
Hi Carl,
Thanks for your very detailed article . I have a problem in my infra . Boot time is 18 Sec , no retries . However over the day long session retries are going very high . Can you please provide me with few paths to travel through the issue .
As of now verified the following
offload parameters
AV exclusions
Hi Carl,
Do you have any guidance for me on this issue
Hi Carl,
I’ve just upgraded our PVS-Servers to 7.14.
When I start a target there is shown during the boot process : Citrix Provisioning Services 7.11.0.4
Do you know why? If I look under installed Software there is the correct version (7.14.0.15) shown.
How are they booting? From an ISO? From a BDM partition?
from vdisks via tftp
Is it your own TFTP server? Or is it the TFTP server that’s built into the PvS Servers?
The machines are doing NIC BIOS PXE? No boot ISO? No boot partition?
Or is it the local installed version of the target device software shown there??
Hi, I’m finalising Tech Brief for our new XenApp7.13 environment which will include PVS – currently customer only wants infrastructure included for PVS in the Production environment (prod domain)nothing for our test environment (test domain). I originally advised that PVS servers etc needed to be included in the Test environment – otherwise our test environment is a bit irrelevant if not deploying apps/VDA’s in the same manner.
Just checking can I use the PVS servers in my Production environment to provision servers on another domain and configure it to connect to the Delivery controllers in both domains? (Our VMWare farm delivers test/prod/dev VM’s)
Are the domains trusted? When you right-click a Device and join it to Active Directory, are both domains listed?
Many thanks Carl for speedy response – I checked and no only the prod domain is listed – had a meeting earlier and they have agreed to approve separate PVS servers servers for the test environment – wanted them anyway as am new to PVS so need to be able to play around with them and test updates etc without impacting Production.
Hi Carl
I am trying to use Netscaler to load balance the TFTP. I have configured it accordingly and all seems to be green, however my clients seem not able to download the necessary boot loader.
When this command “tftp -h get ” is used to test each PVS server individually, it works fine for both. I was able to download the necessary file from each PVS-Server.
However when used with the NetScaler-VIP of the TFTP configuration, I get “Timeout occurred. Connect request failed”
What changes should I make on the NetScaler?
Thanks
What method did you use to configure the load balancing? You used the TFTP protocol for the LB vServer? What build of NetScaler?
Yes, the configuration is as below:
Port-69, Protocol-TFTP, Persistence-SOURCEIP
I’m on NS11.0, Build 70.12.nc
Is the VIP in the same subnet as the loadbalanced serves?
Hello Carl
Has “Citrix PVS Soap Server” service in 7.13 depreciated. I do see this service on my 7.11 installation, but it is missing on the 7.13. I’m wondering if something is wrong with my installation.
Thanks
You’re looking at an actual PvS server? I have “Citrix PVS Soap Server” on my 7.13 server. It’s how the console communicates with PvS Server.
Sorry Carl, I actually meant “Citrix PVS Ramdisk Server” service.
Hello Carl, great document as usual. Is it not necessary to reconfigure the TCPIP offload parameters any longer with PVS?
I always do it on the Target Devices. I’ve seen performance problems if I don’t. However, some have argued that it’s no longer necessary, which contradicts my own experiences. I’m not sure it’s needed on the PvS server side.
Hi Carl, thanks for the prompt reply and clarification. I have always done it on the PVS and Target devices based on past experience with issues. It could not be necessary now as some have argued. Below are the basic parameters that I set. Do you configure any of the other offload settings on the target devices? Also, will you be at Synergy this year?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters]
“EnableOffload”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters]
“DisableTaskOffload”=dword:00000001
That’s all I do.
As a CTP, I’m basically required to go to Synergy 🙂
Hi Carl, can you please advise whether the below approach is workable ?
Production : Citrix XenDesktop 5.5 and PVS 5.5
Staging : Citrix XenDesktop 7.12 and PVS 7.12
1. Copy the vDisk from Production to Staging
2. Update the copied vDisk’s Provisioning Services Target Device Software via Reverse Image in Staging
3. Upgrade Production Citrix XenDesktop and PVS to 7.12
4. Copy the updated vDisk in (2) to updated Production
Question : Will the updated vDisk boot up successfully in the upgraded Production farm ?
Reason for this approach is that i would like to prepare the vDisk upfront so that it could save me some time during Production Citrix infrastructure upgrade later.
Thanks
Regards
Jason
Hi,
We are working on Linux VDA, but we are confused if streaming is only supported on PVS or does it also works with MCS in XenDesktop 7.13, how viable is the technology ?
Thank you so much Carl for you hard work and effort that you provide to us first class materials to make our our lives a bit easier.
Hi Carl
I am trying to use NetScaler 11.1 to configure LB for PVS. While going through the “citrix whitepaper” on the subject, I realized difference in versions.
So in my configuration, I used “TFTP” under protocol instead of “ANY” indicated in the paper . In the Port-field, I used 69 instead of *.
Would this be appropriate?
Thanks
Yep. TFTP load balancing was added in more recent versions of NetScaler.
I didn’t see any configuration in respect of “Monitoring” on the “Whitepaper”, so I thought I could create one. However, there is no “TFTP” or “UDP” within the available type lists. Since tftp use UDP, which of these should be used: UDP-ECV, SIP-UDP. or is there any more appropriate type I should use?
Thanks
What version of NetScaler do you have? I see TFTP for both vServer and services.
I have NS11.0 Build 70.12.nc. Actually I have “NetScaler VPX Express” installed and configured.
Yes, TFTP is available on vServer and services. I actually configured ServiceGroup and it is visible there as well.
But under “Monitoring” I only have UDP-ECV and SIP-UDP relating to UDP protocol. I guess I have to use UDP-ECV to monitor the “TFTP” ServiceGroup.
I found out, that the setting “Automate computer account password updates” is not enabled in our environment. Would it be a problem to activate it on the fly, when all targets are online? (24/7 business)
Does it let you enable it when the vDisk is being used? But yes, PvS needs to manage the AD computer accounts.
It is enabled for the vDisk, but the Server-Setting is not enabled. I think I would be able to set it, but don’t know if it would be harmful to running targets …
Many thanks again Carl,
When upgrading to XD LTSR 7.6 CU3 and PvS 7.6.4, should the “vDisk” PVS target device be upgraded first vefore upgrading the XD VDA version, does the order matter?
PvS and XD are unrelated to each other. The only exception is XenDesktop Setup Wizard, which requires them to be the same version.
Thanks,
Citrix mentioned this hence 2nd opinion
“Caution: If you are upgrading a Provisioning Services vDisk within a XenDesktop deployment, upgrade the Provisioning Services master target device software before upgrading the XenDesktop VDA software.
http://docs.citrix.com/en-us/provisioning/7-7/pvs-upgrade.html?_ga=1.44127588.1773765399.1470667945
Hi Carl, I’m curious to know the “why” behind what you mentioned above here?
“If you are running XenApp/XenDesktop 7.6 LTSR, then you’ll want Provisioning Services 7.6.4 instead of Provisioning Services 7.13”
If at 7.6.4, can I then jump to 7.13 or is it not recommended if the VDA’s are still at 7.6 CU3?
Thanks,
Steve
The LTSR version of PvS is 7.6.4. If you go to 7.13, then the only way to get hotfixes is to upgrade to 7.14.
On which machine is the registry key “DisableTaskOffload” to be applied? On the PVS-Server, TargetDevice or both?
Target Device.
I had logged a support call today regarding PVS 7.15 (unrelated to this discussion), but while I had the Tech on the line I asked him about “DisableTaskOffload”. He stated it is still best practice to set the value in the registry on BOTH the target and Server. I haven’t proven this out, but that is what he suggested.
Hi Carl , Do you have a minimum required privileges for PVS User to handle HyperV enviroment ? I have found a relevant for VMWare but i cant see any for HyperV
Any ideas ?
Hi Carl,
Is it possible to add database mirror failover partner later to the pvs farm?
If yes,How to do that?
You should be able to run the Configuration Wizard again and reconfigure the database connection.
Hello Carl, do you have any recommended articles for configuring BDM? My company wants to move away from boot ISO and PXE is not an option. Thanks.
You mean burning the Boot image into the virtual machine’s disk? It’s not much different than Boot ISO. The XenDesktop Setup Wizard has an option for creating the BDM disk. https://www.carlstalhood.com/pvs-create-devices/#wizard
I just went trough it in a new installation. I lost a few hours because I didn’t read properly this part “The hardware of the additional target devices must match the original virtual machine. This is so the drivers contained in the vDisk continue to function. The easiest way to preserve the hardware configuration is to clone the original virtual machine.”
I cant stress enough to ask that you apply this recommendation.
Carl,
I am using netscaler 7.11, If I want to load balance TFTP can I use netscaler built in TFTP protocol? I ask because it looks like by default PVS 7.12 uses 6910 for its TFTP and the default netscaler protocol uses port 69.
Thanks for all your help your blog is always very helpful!
There are two TFTP listeners on PvS. One is 69 (for regular PXE boot) and the other is 6969 (for Two-stage BDM boot).
Yes, NetScaler can load balance TFTP.
Hi Carl,
do we need the key with PVS 7.12?
DisableTaskOffload Registry Key
Yes. I’ve seen performance problems without it. But you’re welcome to try both ways.
Carl,
we have xenapp 6.5 environment with pvs 7.8 on 2 standard alone servers. Due to the citrix security vulnerability, we want to build 2 virtual 7.12 pvs server. can I migrate the current master image to the new pvs?
Thanks.
Of course. You’d probably want to upgrade the TD Software inside the vDisk. And whatever boot method your using should point to the 7.12 servers instead of the 7.8 servers.
Hi Carl, Looking for some advice please. Currently planning new XenApp 7.12/ PVS 7.12 environment (VMware) as we have recently uplifted our Licenses to Platinum. New environment will lead to decommission of 6 legacy farms (ps4 – xa6)
Looking for guidance on a few areas
1. As this is a fresh start would it make sense to request a new VLAN so entire citrix infrastructure on same vlan/subnet? as will also simplify Netscaler connectivity too rather than configuring multiple subnets etc
2. Originally planning on storing vdisks on SAN but lot of docs suggest storing locally on PVS servers & syncing, unsure which way to go – think customer would prefer SAN but want best solution
3. My original design is over 12mths old and now with v12.7 AppDisk is now an option but very mixed reviews out there on it – just wondering should I still go with apps on vdisks (keeping as few as possible) and wait for AppDisk to settle a bit and look at it down the line?
Any advice would be much appreciated
1. I do put VDAs on their own VLAN, especially if you have several hundred or more. If PvS, then separate VLAN makes PXE less risky to other VMs.
2. Do you mean SMB share? If so, SMB shares are usually slower than local disk. Or do you mean local disk attached to a SAN? Or do you mean a local disk that’s local on the hypervisor host? I wouldn’t do the last option because you lose vMotion/HA.
3. Now that Citrix owns Unidesk, AppDisk is probably going away.
Thanks Carl, any idea where I can find upgrade instructions (for Server and clients) to PVS 7.6.4?
It should be the normal PvS upgrade process. I think the server side can be done in-place (upgrade console, upgrade server). For Target Device, if you’re starting from 7.6.1, then you can upgrade it while booted to PvS. If upgrading from older, you have to reverse image.
On the “PXE Services” is the possibility to choose between using TFTP or not. Since all is not yet ready in respect of our DHCP and LoadBalancer, so I am opting for “The service that runs on another computer (BDM or ISO)” for now.
Since all Services are actually installed irrespective of the option chosen, would it be enough just to enable the “Citrix PVS TFTP Service” and “Citrix PVS PXE Service” once we want to change to TFTP, or I would have to reconfigure the farm?
Thanks
You can run the wizard as many times as you want. If the database is already configured, it lets you skip it, but you can still configure the services.
Thanks
When using two PVS for Load-balance, would it be appropriate to configure both to access common “CIFS-Share” as vDisks-Storage, or each PVS-Server must have its own LocalDisk.
SMB is certainly easier. But make sure you test performance before you configure it. Local disk has the advantage of always having duplicate copies of vDisk files, and high performance.
Carl,
Do i have to enable ardbp32.bin in PVS join farm wizard even i use BDM iso?
BDM connects to PvS server two-stage boot service, which is another TFTP service on port 6969. Not sure if disabling TFTP also disables two-stage boot.
Nice article as always.
I need an information on permissions within active Directory for service account (with with streaming service runs), this is for Active Directory password management?
Below article from Citrix says that , PVS updates the password in AD, but how? I guess we need RESET ACCOUNT permission in AD for the service account
http://docs.citrix.com/en-us/provisioning/7-12/active-directory-management/pvs-ad-passwords-manage.html
If using the console, PvS uses the permissions of whoever is running the console.
During normal vDisk operations, PvS instructs the Target Device to update its own password.
Thus, PvS Services Account does not talk to AD directly.
Hi Carl ,
Is it possible to have only one vDisk storage location shared between 2 PVS servers , eliminating the need to robocopy vDisks versions between them ? How would the servers handle their .lok file in that scenario ?
Thanks
Yes, you can use a SMB share. However, my experience is that it doesn’t perform as well as local storage, especially for Private Mode / Maintenance vDisks. The Stream service account needs Modify permission. http://docs.citrix.com/en-us/provisioning/7-12/network-components/pvs-network-unc-names-using.html
Hi Carl,
My goal is to move from PVS to MCS, i am thinking to create VM from vdisk and covert that vm from hyper-v to VMware VM so that i can use Citrix MCS with a new converted VM .
Thanks in advance,
Basem
VMware Converter is one method of performing a reverse image.
Dear Carl,
I have an environment which includes PVS installation with a master Image.
Is there any way to transform that environment to Citrix MCS ? is there any challenges to acheive that transformation ?
Thank you in advance,
Mvh
Basem
You can reverse image your vDisk to a regular VM.
Thank you for reply, how can i reverse it back to regular VM ?
Here’s one method – https://www.carlstalhood.com/pvs-update-vdisk/#reverseimagebcdedit
Thank you Carl.
Hi Carl,
What i am thinking to do is to create VM on hyper-v for the VHDX disk and convert that VM using VMware convertor? is there any to do that ?
Thank you in advance.
Basem
You want to convert a VM from Hyper-V to VMware? VMware Converter can certainly do that.
Carl, during an upgrade, after I upgrade the first device are the targets able to fail back over to the newly upgraded server so that I can upgrade the rest of the streaming servers? I am upgrading from 7.1.3 to 7.11.
Yes. You can stop the streaming service and they should fail over.
Carl mabay you can add some comments to the following section
◦Configuration Wizard – New Farm
While when the SQL server initial db size is more then 20MB the Provisioning Services Configuration Wizzard failed!
on the configuring Services
And in the eventlog you found the following error message
DbAccess error: (in ServerGetByNameFromDb() called from SSProtocolModule.cpp:291)
As soon the SQL Admin changed the initial size to 19MB, the wizard runs without an issue!
If you like it I can provide you an screenshot with the error!
Thanks, Carl. Question…Once I upgrade all of my servers from 7.1 to 7.9, will my target devices (that still have the 7.1 target software installed) still work in the upgraded pvs farm?
Yes. But you’ll want to upgrade them shortly afterwards.
Thanks for the fast response, Carl. May I ask what the downside is if I don’t upgrade the target device software immediately after upgrading the PVS farm (besides missing all the new features)? I was thinking of upgrading all of my servers in my PVS farm first to 7.9, and upgrade my 7.1 target device software within a week or two. Do you think that will be ok? Thanks, Carl!
That should be fine. If you call support with 7.1 connecting to 7.9, they will probably ask you to upgrade to 7.9 before providing support.
Thanks for the great information, Carl.
Is it possible to automate the versioning process? I’d like to push MS patches every month using SCCM to our master image, from there I’d like to automate all of the PVS work…from creating a new version, setting it to production, pointing all of the PVS clones to the new version, etc.
Have you ever seen this done? Is it possible?
Maybe this – http://support.citrix.com/article/CTX205394
Hi Carl, when upgrading PVS to a newer version (7.6 to 7.62) do you recommend doing it after hours when no users using it? I know the upgrade does a db upgrade, & most likely with stop streaming services, etc. so am wondering if the upgrade would break current vdisk streaming or prevent any new attempts?
When you upgrade one, it moves the targets to the other server. Most have no problems upgrading during the day. But it depends on your risk tolerance.
Great article Carl. I upgraded 7.6 to 7.9 recently. Noticed the target devices don’t show the correct status. VM’s are ON users are connected, but PVS shows target device is down. I have logged a case with Citrix but waiting…
Thanks again Carl,
Do you have any tips and best practice on (multi site) high availability..
How can you provide the same vDisks to devices at different sites?
I typically copy the vDisk to different PvS servers in each site. Yes, targets in each site can boot from the same vDisk. However, you might have to use GPO to adjust the ListOfDDCs registry key so the VDAs register with the correct Controllers.
awesome
Hi Carl. we also get the no servers for disk. just 1 out of 50 servers or so. then the server needs to be reset 1-10 times before it Works (hyper-v). Its both maintanance and standard image.
Do you have ANY idea ?
/anker
You might have to call Citrix Support. Or post to Citrix forums, where the Product Manager usually replies.
Hi Carl
Great guide! 🙂
*.vhdx needs to be added to the PVS RoboCopy script 🙂
Hopefully it’s fixed now. Thanks for noticing.
hi Carl,
I Got the message suddenly
No servers available for disk, when i put the vdisk in Private mode, it used to work suddenlijk it doesnt work any more, i already added the registry entry, restart streaming service, nothing seems to work
What else can i do to get this work ?
Thanks
rolf
Maybe copy it to the other PvS server?
Make sure load balancing is not enabled on the vDisk.
Hi.. Could you please provide the core difference between PVS 5.6 6.1 and 7.6.
Are you asking for the list of new features? http://docs.citrix.com/en-us/provisioning/7-6/pvs-readme-7.html
The biggest one is Cache to Device RAM with overflow to Disk.
Is there a SA date for licenses? Iike it is for Xendesktop 7.8 ?
Yep. See http://support.citrix.com/article/CTX111618
Carl,
This rule is mentioned double in the anti virus exclusions:
C:\Program Files\Citrix\Provisioning Services\MgmtDaemon.exe
C:\Program Files\Citrix\Provisioning Services\Inventory.exe
C:\Program Files\Citrix\Provisioning Services\MgmtDaemon.exe
Fixed. Thanks for noticing.
Very well written Carl. Thanks Very Much
Question: regarding service account or to use PVS servers Computer Accounts? For my PVS installations I use the Computer accounts, then I don´t need to care about password expries for the service account. Do you Carl see any downsides with using Computer Accounts? except the KMS part ?
Make sure NETWORK SERVICE is added as a local administrator. Also, can’t do PvD with local account since the account needs to log into Citrix Studio. And probably can’t do Scale Out File Share with VHDX files.
For the Active Directory OU where the computer accounts is situated, doesn´t the PVS serviceaccount or the PVS servers computer account need higher rights there like: update computer accounts?
It used to be that way..
Nope. It should use the AD permissions of the person running the console.
For AD password changes, PvS asks the TD to do it so no extra permissions are needed.
I asked you this on Twitter as well. So are you saying the stream/soap service account DOES NOT require any AD permissions on the OU? I’m getting mixed information on this.
I’m pretty sure it’s not required. You could always test it. It should use the credentials of the person running the console.
I know the console user would be able to manage, but what about the automated password management of the computer objects? You said the TDs handle that but I’m unsure how that works. I’m definitely going to test though. Nothing definitively says the stream service needs ad permissions anywhere.
You are fantastic Carl. One of the clearest PVS articles I have seen. This will definitely be a help when we do our POC for XenApp 7.6. Thanks again.
Carl you saved my day! Thanks for your work…..
very nice Carl, thanks for the info