Recommended Hotfixes for XenServer 7.x

This hotfix also includes the following previously released hotfixes:

• CTX239128 – Hotfix XS76E001 – For XenServer 7.6
• CTX239437 – Hotfix XS76E002 – For XenServer 7.6

This hotfix also includes the following previously released hotfixes:

• CTX235135 – Hotfix XS75E001 – For XenServer 7.5
• CTX236153 – Hotfix XS75E002 – For XenServer 7.5
• CTX237085 – Hotfix XS75E004 – For XenServer 7.5
• CTX239127 – Hotfix XS75E006 – For XenServer 7.5
• CTX239436 – Hotfix XS75E007 – For XenServer 7.5

This hotfix also includes the following previously released hotfixes:

• CTX234440 – Hotfix XS74E001 – For XenServer 7.4
• CTX235133 – Hotfix XS74E002 – For XenServer 7.4
• CTX235175 – Hotfix XS74E003 – For XenServer 7.4
• CTX236152 – Hotfix XS74E004 – For XenServer 7.4

This release of XenCenter is for customers who use XenCenter as the management console for XenServer 7.1 LTSR. XenCenter 7.1 CU2 is released as part of XenServer 7.1 Cumulative Update 2 and is available only to customers on the Customer Success Services program.

We recommend that you install this version of XenCenter before using XenCenter to update XenServer 7.1 CU1 hosts to XenServer 7.1 CU2.

XenServer 7.1 Cumulative Update 2 (XS71ECU2) must be installed by customers running XenServer 7.1 LTSR CU1. It includes all previously released XenServer 7.1 CU1 hotfixes. Installation of XS71ECU2 is required for all future functional hotfixes for XenServer 7.1 LTSR.

XenServer 7.1 Cumulative Update 2 and its subsequent hotfixes are available only to customers on the Customer Success Services program.

Citrix will continue to provide security updates to the base XenServer 7.1 CU1 product for a period of three months from the release date of the XenServer 7.1 Cumulative Update 2 (until March 12, 2019). After this three month period elapses, any new hotfixes released will only support XenServer 7.1 with CU2 applied.

For more information about XenServer 7.1 CU2, see the Citrix XenServer 7.1 Cumulative Update 2 Release Notes.

This hotfix resolves the following issue:

• The XenServer host can experience a memory leak in dom0. This memory leak is triggered by invalid responses to FLOGI messages from connected FCoE equipment.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

• On some systems, the XenServer host fails to boot when 4096 MB or more memory is assigned to dom0.
• When starting a VM with more than 16 PCI devices assigned, the VM fails to start and the following error appears in the logs: “Error: hit limit of 16 RMRR devices for domain”.
• If you have not rebooted your XenServer 7.1 host after applying Cumulative Update 2 and you try to start, reboot, or resume a suspended VM on the host, the operation fails. You might also notice coredump files in any server status reports you collect in this state.

This hotfix resolves the following issues:

• Depending on the guest OS and device, devices passed through to a guest might not function correctly due to missed interrupts.

This hotfix resolves the following issues:

• If you attempt to reboot a Windows VM from XenServer at the same time as you attempt to reboot the Windows VM from within the VM, the reboot can fail with the following error: “You attempted an operation on a VM that needed to be in state ‘Running but was in state ‘Halted’.
• Scheduled metadata backups can fail intermittently when the pool backup metadata VDI gets full. The default size of the pool backup metadata VDI has been increased to 500MiB.
• A VM taking more than 30 seconds to shut down no longer leads to “Domain stuck in dying state after 30s.”
• While applying a hotfix to a pool, if XAPI restarts on a pool member, it detaches the hotfix update from all hosts in the pool as part of clean-up operations. This can cause the hotfix to fail to apply to other pool members.

This release of XenCenter is for customers who use XenCenter as the management console for XenServer 7.1.

XenCenter 7.1.2 is available on the Citrix downloads site as a restricted download. You must sign in to the site and have active membership of the Customer Success Services (CSS) program to access these downloads.

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issue:

• If SNMP configuration is modified to request interface statistics Object Identifiers (OIDs) and when SNMP service happens to start before Openvswitch service, all further statistics requests to SNMP returns incorrect data.

This hotfix addresses following issues:

Customers using Active Directory (AD) with XenCenter are unable to log on to XenCenter, or get disconnected intermittently. In some cases, XenCenter displays incorrect AD group membership details. This hotfix resolves this issue.

This hotfix resolves the following issues:

• A race condition in XenBus can cause pauses in Windows VM operation, which lead to Timeout Detection and Recovery (TDR) events. The TDR can cause the VM to crash.
• Under low resource situations, Xennet can consume all of the RAM on a Windows VM. This causes the VM to crash.
• XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.

This hotfix also includes the following previously released hotfixes:

• CTX229904 – Hotfix XS71ECU1002 – For XenServer 7.1 Cumulative Update 1

This hotfix also includes the following previously released hotfixes:

• CTX227235 – Hotfix XS71ECU1001 – For XenServer 7.1 Cumulative Update 1
• CTX228721 – Hotfix XS71ECU1003 – For XenServer 7.1 Cumulative Update 1
• CTX229066 – Hotfix XS71ECU1004 – For XenServer 7.1 Cumulative Update 1
• CTX230160 – Hotfix XS71ECU1008 – For XenServer 7.1 Cumulative Update 1
• CTX230788 SUPERSEDED – Hotfix XS71ECU1009 – For XenServer 7.1 Cumulative Update 1
• CTX231719 – Hotfix XS71ECU1010 – For XenServer 7.1 Cumulative Update 1
• CTX233365 – Hotfix XS71ECU1012 – For XenServer 7.1 Cumulative Update 1
• CTX234437 – Hotfix XS71ECU1016 – For XenServer 7.1 Cumulative Update 1
• CTX235131 – Hotfix XS71ECU1017 – For XenServer 7.1 Cumulative Update 1
• CTX235957 – Hotfix XS71ECU1022 – For XenServer 7.1 Cumulative Update 1
• CTX236150 – Hotfix XS71ECU1023 – For XenServer 7.1 Cumulative Update 1

This hotfix resolves the following issues:

• After rebooting, a XenServer host can fail to connect to iSCSI targets on Compellent arrays.
• When you attempt to migrate a VM between resource pools, the migration can fail with the following error: Storage_interface.Internal_error(“Jsonrpc.Parse_error(_)”). This migration failure can cause some versions of XenCenter to fail.
• If you cancel an ongoing Storage XenMotion, the next attempt to migrate the VM using Storage XenMotion fails with the VDI Mirroring Cannot be performed error. However, any subsequent attempts to migrate the VM will succeed.
• After taking a disk-only snapshot for a VM running in the pool, users randomly fail to access the Virtual Hard Disk (VHD) when trying to unpause the VM, and the VM stops responding. This is caused by time racing in Linux Logical Volume Manager (LVM).
• In addition, this hotfix includes minor performance improvements when performing a large number of VM I/O operations.

This hotfix also includes the following previously released hotfixes:

• CTX231725 – Hotfix XS71ECU1005 – For XenServer 7.1 Cumulative Update 1
• CTX233698 – Hotfix XS71ECU1014 – For XenServer 7.1 Cumulative Update 1

This hotfix resolves the following issues:

• An incorrect setting in the I/O scheduler for all blktap devices can cause poor I/O performance in certain scenarios, depending on the server hardware, server configuration, VM configuration, and workload. This hotfix includes the correct setting.
• Due to incorrect maximum sector size used by Dom0 kernel, users failed to copy VDIs to/from SR targets on certain iSCSI disks.
• For XenServer pools that use certain storage targets, a race condition in the iSCSI module can cause hosts in the pool to crash.
• It is not possible to attach storage provided by iSCSI target Server on Windows Server 2016 VMs.

This hotfix also includes the following previously released hotfixes:

• CTX230236 – Hotfix XS71ECU1007 – For XenServer 7.1 Cumulative Update 1
• CTX237089 – Hotfix XS71ECU1027 – For XenServer 7.1 Cumulative Update 1

This hotfix resolves the following issues:

• If customers upgrade a host with legacy disk partition from XenServer 6.x to XenServer 7.1 CU1, and then attempt to apply a subsequent Cumulative Update as an update, they may receive an insufficient space error. This hotfix includes a fix to reduce the calculated space required to apply the update. You must apply this hotfix to XenServer 7.1 CU1 before attempting to update to a subsequent Cumulative Update. This hotfix should not be necessary on hosts that have the new host disk partition layout introduced in XenServer 7.0.
• When customers are attempting to use Jumbo Frames, a VM without PV drivers installed would cause the MTU to drop to 1500 as the MTU was only being set for the paravirtualised VIF device and not for the fully emulated TAP device.

This hotfix also includes the following previously released hotfixes:

• CTX232564 – Hotfix XS71ECU1011 – For XenServer 7.1 Cumulative Update 1
• CTX236478 – Hotfix XS71ECU1018 – For XenServer 7.1 Cumulative Update 1
• CTX236908 – Hotfix XS71ECU1024 – For XenServer 7.1 Cumulative Update 1

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above. In addition, it resolves the following issues:

• On some systems, the XenServer host fails to boot when 4096 MB or more memory is assigned to dom0.
• When starting a VM with more than 16 PCI devices assigned, the VM fails to start and the following error appears in the logs: ” Error: hit limit of 16 RMRR devices for domain”.

This hotfix also includes the following previously released hotfixes:

• CTX227235 – Hotfix XS71ECU1001 – For XenServer 7.1 Cumulative Update 1
• CTX228721 – Hotfix XS71ECU1003 – For XenServer 7.1 Cumulative Update 1
• CTX229066 – Hotfix XS71ECU1004 – For XenServer 7.1 Cumulative Update 1
• CTX230160 – Hotfix XS71ECU1008 – For XenServer 7.1 Cumulative Update 1
• CTX230788 SUPERSEDED – Hotfix XS71ECU1009 – For XenServer 7.1 Cumulative Update 1
• CTX231719 – Hotfix XS71ECU1010 – For XenServer 7.1 Cumulative Update 1
• CTX233365 – Hotfix XS71ECU1012 – For XenServer 7.1 Cumulative Update 1
• CTX234437 – Hotfix XS71ECU1016 – For XenServer 7.1 Cumulative Update 1
• CTX235131 – Hotfix XS71ECU1017 – For XenServer 7.1 Cumulative Update 1
• CTX235957 – Hotfix XS71ECU1022 – For XenServer 7.1 Cumulative Update 1
• CTX236150 – Hotfix XS71ECU1023 – For XenServer 7.1 Cumulative Update 1
• CTX237088 – Hotfix XS71ECU1026 – For XenServer 7.1 Cumulative Update 1
• CTX239126 – Hotfix XS71ECU1031 – For XenServer 7.1 Cumulative Update 1
• CTX239435 – Hotfix XS71ECU1032 – For XenServer 7.1 Cumulative Update 1

This hotfix resolves the following issue:

• In rare circumstances when a XenServer host is enabling HA, or during a host reboot with HA enabled, the host can fail to establish HA communication with the other hosts. This is due to another process on the host using the listening port required by the HA software.

• Installation of Management Agent can fail after installing newer I/O drivers through Windows Update.
• Failure to reboot a Windows VM after installing XenServer Tools can result in excessive log entries being written to xensource.log and xenstored-access.log until the VM is rebooted. If customers do not reboot the VM, or delay the reboot, excess logs can fill up the XenServer host log partition.
• The Management Agent can crash and respawn on systems without a terminal services Windows Management Instrumentation (WMI) object causing high CPU usage and excessive logging in /var/log/daemon.
• If the Management Agent auto update is enabled after installing XenServer Tools, and a new update is available, the initial auto-update can fail due to a race condition that can cause multiple update attempts to occur simultaneously.

• The default behavior of the Management Agent has been improved to enable customers to configure whether any I/O driver updates included in the Management Agent should be applied automatically. For more information, see section 4.3.1 Installing XenServer Tools in the XenServer 7.0 Virtual Machine User’s Guide.
• This version (v7.1.844) of the Management Agent includes new versions of the I/O drivers that are compatible with Microsoft Windows Server 2016. These drivers have been released previously through the Microsoft Windows Server Update Service. For more information, see Update XS70EU002 – Windows I/O Drivers for XenServer 7.0.

• This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX219378: Citrix XenServer Multiple Security Updates should install this hotfix.
• This hotfix supports the improvements to XenServer’s Direct Inspect APIs.

• When booting a vGPU provisioned Virtual Machine (VM) from network, an interaction between VGA BIOS and VGA emulation code in the vGPU device model can result in the corruption of the VM console in XenCenter.

• When Installing XenServer or upgrading XenServer to a newer version, PBIS services get enabled (even when Role-based access control (RBAC) is not used) and display a lot of error messages. Also, this issue consumes a lot of control domain (dom0) resources.

• Oracle Linux 6.8
• Red Hat Enterprise Linux 6.8
• CentOS 6.8
• NeoKylin Linux Advanced Server 6.5 ( only 64 bit )
• NeoKylin Linux Advanced Server 7.2 ( Only 64 bit )
• SUSE Linux Enterprise Server 11 SP4

This hotfix addresses the following issue:

• When attempting to use XenServer Conversion Manager (XCM) Console to connect to an XCM Virtual Appliance that runs on a slave host, the connection fails and the following message is displayed by the console: “There was a failure communicating with the plugin.” This hotfix ensures that the XCM Console can connect to a XCM Virtual Appliance that runs on any XenServer host.

This hotfix resolves the following issue:

• When using SSH to connect to XenServer, a user might experience a memory leak in systemd on XenServer.

This hotfix also includes the following previously released hotfixes:

• CTX218287 – Hotfix XS70E015 – For XenServer 7.0
• CTX218900 – Hotfix XS70E020 – For XenServer 7.0
• CTX219203 – Hotfix XS70E022 – For XenServer 7.0
• CTX220760 – Hotfix XS70E029 – For XenServer 7.0
• CTX221571 – Hotfix XS70E031 – For XenServer 7.0

This is a hotfix for customers running XenServer 7.0.

All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix resolves the following issues:

• Virtual machines (VMs) configured with in-guest software RAID may fail to cleanly shut down or restart.
• After taking a disk-only snapshot for a VM running in the pool, users randomly fail to access the Virtual Hard Disk (VHD) when trying to unpause the VM, and the VM stops responding. This is caused by time racing in Linux Logical Volume Manager (LVM).
• After rebooting, a XenServer host can fail to connect to iSCSI targets on Compellent arrays.
• When Intellicache mirroring fails due to ENOSPC on shared storage, the VBD image list gets truncated to point to itself. This causes an infinite loop and can lead to the I/O datapath stopping and subsequently VMs freezing.
• When a pool master node executes multi-step plugins on the pool member nodes after important events such as coalesce, the plugin continues to execute through all its steps even if one of the previous ones have failed. This can lead to complications such that the other VDI operations are permanently blocked with OTHER_OPERATION_IN_PROGRESS.
• After deleting a snapshot on a pool member that is not the pool master, a coalesce operation may not succeed. In such cases, the coalesce process can constantly retry to complete the operation, resulting in the creation of multiple RefCounts that can consume a lot of space on the pool member.
• The storage cleanup process initiated after a VDI destroy can conflict with ongoing VDI copy processes (including Storage XenMotion), causing subsequent operations on the SR to fail.

This hotfix also includes the following previously released hotfixes:

• CTX215416 – Hotfix XS70E005 – For XenServer 7.0
• CTX223825 – Hotfix XS70E030 – For XenServer 7.0

This hotfix resolves the following issues:

• High Availability (HA) enabled VMs can take longer to restart after a HA failover.
• In rare cases, when a XenServer host in a pool is restarted, it may not be able to rejoin the pool.
• In rare cases, attempts to shut down a XenServer host in a pool may not succeed.
• On HA-enabled pools, when a task is initiated after a XenServer host has failed, VMs running on the host can take longer (about 10 minutes) to restart. This issue occurs when a task is assigned to the host after it has failed, but before XAPI is aware of the host failure. In such cases, the task doesn’t get cancelled even when XAPI is notified about the failure, causing delays in restarting the VMs.
• When migrating VMs that have Dynamic Memory Control (DMC) enabled, the VMs shutdown operation can unexpectedly fail. This is caused by reducing memory allocation before shutdown and this operation taking longer than expected.
• On Nutanix hosts, the host’s memory-overhead is miscalculated after first boot. This is because XAPI calculates the available host RAM on startup assuming no domains other than the XenServer Control Domain are running. On first boot this is true but on subsequent boots, the Nutanix Controller VM (CVM) is started before XAPI.

This hotfix also includes the following previously released hotfixes:

• CTX215415 – Hotfix XS70E006 – For XenServer 7.0
• CTX215899 – Hotfix XS70E010 – For XenServer 7.0
• CTX218673 – Hotfix XS70E017 – For XenServer 7.0
• CTX218902 – Hotfix XS70E021 – For XenServer 7.0
• CTX220244 – Hotfix XS70E025 – For XenServer 7.0
• CTX224481 – Hotfix XS70E033 – For XenServer 7.0
• CTX229290 – Hotfix XS70E045 – For XenServer 7.0
• CTX234341 – Hotfix XS70E053 – For XenServer 7.0

This hotfix resolves the following issues:

• A race condition caused Windows VMs to hang repeatedly and give an error with Event ID 129: “StorPort detected a SRB timeout, and issued a reset”.
• XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.
• If a restart is performed without clicking on the Yes or No buttons of the restart to complete installation dialog box, the dialog box continues to appear even after restarting the VM.

This hotfix also includes the following previously released hotfixes:

• CTX217114 – Hotfix XS70E011 – For XenServer 7.0
• CTX219284 – Hotfix XS70E013 – For XenServer 7.0
• CTX228552 – Hotfix XS70E042 – For XenServer 7.0

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.

This hotfix also includes the following previously released hotfixes:

• CTX214992 – Hotfix XS70E008 – For XenServer 7.0
• CTX216463 – Hotfix XS70E012 – For XenServer 7.0
• CTX217644 – Hotfix XS70E014 – For XenServer 7.0
• CTX218899 – Hotfix XS70E019 – For XenServer 7.0
• CTX219498 – Hotfix XS70E023 – For XenServer 7.0
• CTX222423 – Hotfix XS70E032 – For XenServer 7.0
• CTX223289 – Hotfix XS70E034 – For XenServer 7.0
• CTX224690 – Hotfix XS70E035 – For XenServer 7.0
• CTX226374 – Hotfix XS70E039 – For XenServer 7.0
• CTX227587 – Hotfix XS70E043 – For XenServer 7.0
• CTX227233 – Hotfix XS70E044 – For XenServer 7.0
• CTX228719 – Hotfix XS70E046 – For XenServer 7.0
• CTX229064 – Hotfix XS70E047 – For XenServer 7.0
• CTX229544 – Hotfix XS70E049 – For XenServer 7.0
• CTX230787 – Hotfix XS70E050 – For XenServer 7.0
• CTX233364 – Hotfix XS70E051 – For XenServer 7.0
• CTX234436 – Hotfix XS70E055 – For XenServer 7.0
• CTX235130 – Hotfix XS70E057 – For XenServer 7.0
• CTX235958 – Hotfix XS70E058 – For XenServer 7.0
• CTX236149 – Hotfix XS70E059 – For XenServer 7.0
• CTX237090 – Hotfix XS70E060 – For XenServer 7.0
• CTX239434 – Hotfix XS70E064 – For XenServer 7.0