Hotfix for Citrix Provisioning Services 6.1

Citrix released hotfix 10 for it’s Provisioning Services 6.1 product.

Issue(s) Resolved in this Hotfix

This hotfix addresses the following issue reported against Citrix Provisioning Services 6.1 release:

BUG0324878 Streamprocess randomly crashes when handling targets login

Replaces: Hotfix CPVS61E009 – For Citrix Provisioning Services 6.1. CTX133998

Installing and Uninstalling this Hotfix

Notes:

• The user must have administrative rights to the server.

• Pre-requirement: Hotfix CPVS61E003 – For Citrix Provisioning Services 6.1 (CTX133349), must be applied before installing this hotfix.

To install this hotfix:

1. Download the hotfix package from the Hotfixes and Service Packs page of the Citrix Web site here.

2. Copy the hotfix package to an empty folder on the hard drive of the server you want to install the hotfix from and unzip the file.

Steps to install the hotfix:

INSTALLATION

The hotfix folder includes the following two subfolders:

server32bit (32bit Windows installation)

server64bit (64bit Windows installation)

Please check your Provisioning Services server for system type and select the correct subfolder to apply the hotfix following the procedure described below.

1. From the Provisioning Services server machine, stop “Citrix PVS Soap Server” and “Citrix PVS Stream Service” from the Computer Management’s “Services” control panel.

2. From the Provisioning Services installation directory (Default is C:Program FilesCitrixProvisioning Services), backup the following file:

StreamProcess.exe

3. Copy the following files included in the selected hotfix subfolder to the Provisioning Services installation directory, make sure you copy from the appropriate subfolder (“server32bit” or “server64bit”) for your server machine type:

StreamProcess.exe

PVS6.1_hf324878_x_manifest.md5

where “x” is 32bit or 64bit depending on the system.

4. Restart the “Citrix PVS Soap Server” and “Citrix PVS Stream Service”.

To uninstall this hotfix:

Follow the same procedure for installation replacing the new files with the original files backed up.

Provisioning Services Error: Management Interface: vDisk properties were lost

Creating a vDisk from the target device fails before completion with the following error message: “Management Interface: vDisk properties were lost.”

Cause

Multiple server farms with incorrect vDisk settings for Load Balancing. In this example, the error was produced in a simple 2-server Provisioning Server farm configured with local storage as displayed: Continue reading “Provisioning Services Error: Management Interface: vDisk properties were lost”

3 new hotfixes for Citrix Provisioning Services 6.1

Citrix has released 3 new hotfixes for it’s Provisioning Services version 6.1. They also released a new hotfix for version 6.0 which can be found here.

The 3 hotfixes are:

  • CPVS61E002
  • CPVS61E004
  • CPVS61E005

Here’s described what issues were resolved in the different hotfixes.

CPVS61E002:

Issue(s) Resolved in this Hotfix

Continue reading “3 new hotfixes for Citrix Provisioning Services 6.1”

PVS – Keeping you data persistent

Martin Zugec wrote a great blog on the Citrix blogs about keeping your data persistent with PVS (Provisioning Services). Here’s the beginning of his blog and at the end is a link to the entire post.

When to use persistent store

In theory, this is perfect solution – one to many, you’ve to manage only single image, all issues can be easily solved just by rebooting the machine. But what if you run into some showstoppers – for example one of your mission critical applications requires persistent data and doesn’t work in read-only mode?

When do you want to make your data persistent?

  • Applications that requires persistent storage – typically applications that will automatically generate machine-specific ID somewhere in configuration files – SCCM, antivirus…
  • Historical data that you want to keep for auditing andor troubleshooting – typically various log files
  • Improving overall performance – sometimes, keeping data persistent can improve your performance –for example redirection of page file and any frequently updates files (especially if they don’t use delta updates)
  • Special requirements – one of examples can be the license grace period or application streaming cache. Or applications with first run penalty
  • Security – there is a potential gap in security when you reset your computer to default state before it will download all updatescheck all requirements – similar to boot time protection of Windows Firewall, you may want to keep such data persistent

How to enable it

When you select “Cache on Target Device Hard Drive” option, new drive is automatically mapped for each provisioned machine. On this drive, you can find two important parts – write cache file itself and the rest of the drive. On reboot, only write cache file (.vdiskcache) is reset to default state, while the rest of the drive is persistent.

Read more here.

TechEdge 2012

Here’s an overview of a few TechEdge videos (and links to the powerpoint presentations). Each video takes between 38 and 45 minutes each so sit back and enjoy.

Successfully Deploying and Upgrading PVS

PPT Continue reading “TechEdge 2012”

Citrix PVS 6.1 HF1 (CPVS61E001) upgrade path

If you haven’t installed the latest hotfix for Citrix Provisioning Services 6.1 yet (be ashamed ). But not to worry when you are working with version 5.6 (or lower, again be ashamed…) you can upgrade your PVS server directly to PVS 6.1 with HF1. You do not need to install PVS 6.1 and then install HF1 over this installation. As the HF1 is a complete installation of your PVS software you can directly upgrade to this version.

For the target side you can install the target device software and copy a few files manually (when having the vDisk in maintenance mode) and your done.

You can read more about the patch here or see the installation step-by-step guide here.

Is Isolating the PVS Streaming Traffic Really a Best Practice?

Nicholas Rintalan has written a blog post on the Citrix blogs about the need of seperating the PVS stream to a separate LAN segment.

Here’s a grab of his post:

Similar to what I did in my last article where I discussed fixed versus dynamic vDisks for PVS, let’s first examine what our public documentation says about this so-called best practice.  Our oldest technote on this matter was written in 2008 and it pretty much states that it’s a best practice for “several reasons” including “performance, growth and troubleshooting”.  Fair enough…let’s come back to that in a minute and dissect each of those reasons one by one.  Another article authored in 2011 details how to set up a multi-homed VM to separate ICA traffic from PVS and other traffic.  But it never goes into WHY one might want to do so or if it’s a best practice.  Maybe our latest and greatest XA+XD best practices whitepaper will provide us with all the answers (and this whitepaper is quite excellent by the way…if you haven’t read it already, you better get on it!).  At the bottom of page 50 we state: “Separate the PVS streaming traffic onto a dedicated network for large deployments or in situations where the network is saturated”. OK, that makes a little more sense.  But I still don’t understand why everyone seems to think they fall into this category or that this should always be done.  In fact, I contend that isolating or segmenting the PVS streaming traffic onto it’s own network is more trouble than it’s worth and should only be done in special situations. There I said it – it’s not a best practice in my opinion and the rule should be to consolidate and keep it simple…the exception should be to isolate the streaming traffic! Why?

You can read the complete post here.

Installing patch for PVS vulnerability–Step-by-step guide

As you could read in this post Citrix has released a patch/update for all of its Provisioning Services versions.

This post is written with PVS 6.1 in mind and is only the PVS server side. The target device update will be posted on a different post.

Prerequisites:

The user must have administrative rights to the server.

• The server install consists of the console and server installation programs

• You must uninstall before using any of the installations included in hotfix

• Included with the target installation programs are the binaries so that they can be used to replace the present binaries without reimaging the target device.

Continue reading “Installing patch for PVS vulnerability–Step-by-step guide”

Vulnerability in Citrix Provisioning Services could result in arbitrary code execution

Severity: High

Description of Problem

A vulnerability has been identified in Citrix Provisioning Services that could result in arbitrary code execution. This vulnerability can be triggered by an attacker sending a specially crafted packet to the Provisioning Services server.

This vulnerability is present in all supported versions of Citrix Provisioning Services up to and including version 6.1.

Mitigating Factors

In a typical deployment, the vulnerable component will not be accessible from the Internet.

What Customers Should Do

This vulnerability has been addressed in a series of hotfixes for affected versions of Citrix Provisioning Services. Citrix strongly recommends that customers apply the required hotfix for their Provisioning Services deployments. These hotfixes can be found at the following locations: Continue reading “Vulnerability in Citrix Provisioning Services could result in arbitrary code execution”

PVS console error when standard mode vDisk is prepared for KMS activation

When changing a virtual disk (vDisk) in private mode to KMS activation and then changing the mode to standard image mode OR changing the activation procedure to KMS for a vDisk in standard image mode, the following error message appears, which can be seen in the console.log (when in debug level) or in the console popup: “Failed to map vDisk, no Driver”

Cause

This happens only when the SOAPServer.exe or Citrix SOAP Service is running with NT AUTHORITYNetwork Service account. The console passes a request to prepare the vDisk for KMS, which requires the SOAP service to update the vDisk file system and registry entries. This update needs the vDisk to be mounted. The Network Service account does not have SE_MANAGE_VOLUME_NAME privilege which causes an “access is denied” error when it tries to mount the vDisk. Continue reading “PVS console error when standard mode vDisk is prepared for KMS activation”