Installing patch for PVS vulnerability–Step-by-step guide

As you could read in this post Citrix has released a patch/update for all of its Provisioning Services versions.

This post is written with PVS 6.1 in mind and is only the PVS server side. The target device update will be posted on a different post.

Prerequisites:

The user must have administrative rights to the server.

• The server install consists of the console and server installation programs

• You must uninstall before using any of the installations included in hotfix

• Included with the target installation programs are the binaries so that they can be used to replace the present binaries without reimaging the target device.

To install this hotfix:

1. Download the hotfix package from the Hotfixes and Service Packs page of the Citrix Web site at http://www.citrix.com.

2. Copy the hotfix package to an empty folder on the hard drive of the server you want to install the hotfix from and unzip the file.

Steps to install the hotfix:

INSTALLATION

The hotfix folder includes the following subfolders:

  • Console
  • Device
  • Target32
  • Target64
  • Server

Each of these directories include the installation application for the Provisioning Services console, target device software and Provisioning Services server respectively for 32 and 64 bit operation systems, x64 in the file names signifies 64 bit operating system… Please check your Provisioning Services installation for system type and select the correct installation to apply the hotfix following the procedure described below.

Step by step installation guide

For this step-by-step guide I’ve used a server which has all components installed locally (DHCP/SQL Express/ PXE)

  1. Make sure that the Provisioning Services Console and Provisioning Services Configuration Wizard are closed.
  2. Uninstall Provisioning Services console and Provisioning Services server installation.
    1. This guide installs the software in the following sequence:
      1. PVS Server
      2. PVS Configuration Wizard
      3. PVS Console

  3. Select the version which is correct for your system type. Select “Next” to start the installation of the PVS server.
    PVS61_P1_Upgrade03
  4. Accept the EULA and select “Next” to continue
    PVS61_P1_Upgrade04
  5. Enter the user name and organization name and choose for which user the installation is visible and select “Next” to continue
    PVS61_P1_Upgrade05
  6. Select the folder where the installation of the PVS server should be installed and select “Next” to continue
    PVS61_P1_Upgrade06
  7. Choose whether you want to do a complete install or a custom install (I choose “Complete”) and click “Next” to continue
    PVS61_P1_Upgrade07
  8. Click “Install” to start the installation
    PVS61_P1_Upgrade08
  9. Click “Finish” after the installation is completed.
    PVS61_P1_Upgrade10
  10. This warning shows when you don’t have the PVS console installed yet.
    PVS61_P1_Upgrade11
  11. After the message about the PVS console the Configuration Wizard installation starts automatically. Select “Next” to start the installation
    PVS61_P1_Upgrade12
  12. Select where your DHCP scope options are stored. For this guide I choose that the DHCP service runs on the same computer as PVS is installed. For POC or test environments this is a possibility. For production environments this is not recommended. Click “Next” to continue
    PVS61_P1_Upgrade13
  13. Choose which PXE service you use. For this guide I choose DHCP running on the same server. Click “Next” to continue
    PVS61_P1_Upgrade14
  14. Select the option that the farm is already configured (which is true as this is an update). Click “Next” to continue
    PVS61_P1_Upgrade15
  15. Select the correct user account credentials for the network service account. Click “Next” to continue
    PVS61_P1_Upgrade16
  16. Answer “Yes” at the question to check the account for the database
    PVS61_P1_Upgrade17
  17. Enter the AD computer account reset days. Recommended is setting this value under the default value of the AD policy (30 days). Default in the Citrix PVS installation is 7 days. Click “Next” to continue
    PVS61_P1_Upgrade18
  18. Choose which NIC is used for streaming the vDisk to the clients (if applicable) and which ports to be used for communication. Click “Next” to continue
    PVS61_P1_Upgrade19
  19. Enter if you want to use the TFTP option and select the boot file. Click “Next” to continue
    PVS61_P1_Upgrade20
  20. Check the network settings and alter if needed. Click “Next” to continue
    PVS61_P1_Upgrade21
  21. Review the settings and click “Finish” to start the installation.
    PVS61_P1_Upgrade22
  22. This screen is shown during the installation and starting of the services. Click “Done” when the installation is complete and the services have started.
    PVS61_P1_Upgrade23
  23. After the installation of the Configuration Wizard is complete go to the installation directory and select the correct version of the PVS console.
    PVS61_P1_Upgrade24
  24. Click “Next” to start the installation of the console
    PVS61_P1_Upgrade25
  25. Accept the EULA and click “Next” to continue
    PVS61_P1_Upgrade26
  26. Enter the user and organization name and click “Next” to continue
    PVS61_P1_Upgrade27
  27. Select the installation path and click “Next” to continue
    PVS61_P1_Upgrade28
  28. Choose whether you want to use the complete or custom install. Click “Next” to continue
    PVS61_P1_Upgrade29
  29. Select “Install” to start the installation of the PVS console.
    PVS61_P1_Upgrade30
  30. Click “Finish” to complete the installation of the PVS console.
    PVS61_P1_Upgrade31

The second part of this upgrade / installation of the patch will soon follow.

2 thoughts on “Installing patch for PVS vulnerability–Step-by-step guide”

  1. Jack … Thanks a lot for your great work… with out this article i would have never be able to complete this .. Thanks again for the excellent step by step guide !!!

    Thanks
    Ahmad

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.