Recommended Hotfixes for XenServer 7.x

This hotfix also includes the following previously released hotfixes:

• CTX239128 – Hotfix XS76E001 – For XenServer 7.6
• CTX239437 – Hotfix XS76E002 – For XenServer 7.6

This hotfix also includes the following previously released hotfixes:

• CTX235135 – Hotfix XS75E001 – For XenServer 7.5
• CTX236153 – Hotfix XS75E002 – For XenServer 7.5
• CTX237085 – Hotfix XS75E004 – For XenServer 7.5
• CTX239127 – Hotfix XS75E006 – For XenServer 7.5
• CTX239436 – Hotfix XS75E007 – For XenServer 7.5

This release of XenCenter is for customers who use XenCenter as the management console for XenServer 7.1 LTSR. XenCenter 7.1 CU2 is released as part of XenServer 7.1 Cumulative Update 2 and is available only to customers on the Customer Success Services program.

We recommend that you install this version of XenCenter before using XenCenter to update XenServer 7.1 CU1 hosts to XenServer 7.1 CU2.

XenServer 7.1 Cumulative Update 2 (XS71ECU2) must be installed by customers running XenServer 7.1 LTSR CU1. It includes all previously released XenServer 7.1 CU1 hotfixes. Installation of XS71ECU2 is required for all future functional hotfixes for XenServer 7.1 LTSR.

XenServer 7.1 Cumulative Update 2 and its subsequent hotfixes are available only to customers on the Customer Success Services program.

Citrix will continue to provide security updates to the base XenServer 7.1 CU1 product for a period of three months from the release date of the XenServer 7.1 Cumulative Update 2 (until March 12, 2019). After this three month period elapses, any new hotfixes released will only support XenServer 7.1 with CU2 applied.

For more information about XenServer 7.1 CU2, see the Citrix XenServer 7.1 Cumulative Update 2 Release Notes.

This hotfix resolves the following issue:

• The XenServer host can experience a memory leak in dom0. This memory leak is triggered by invalid responses to FLOGI messages from connected FCoE equipment.

This hotfix resolves the following issues:

• Depending on the guest OS and device, devices passed through to a guest might not function correctly due to missed interrupts.

This hotfix resolves the following issues:

• If you attempt to reboot a Windows VM from XenServer at the same time as you attempt to reboot the Windows VM from within the VM, the reboot can fail with the following error: “You attempted an operation on a VM that needed to be in state ‘Running but was in state ‘Halted’.
• Scheduled metadata backups can fail intermittently when the pool backup metadata VDI gets full. The default size of the pool backup metadata VDI has been increased to 500MiB.
• A VM taking more than 30 seconds to shut down no longer leads to “Domain stuck in dying state after 30s.”
• While applying a hotfix to a pool, if XAPI restarts on a pool member, it detaches the hotfix update from all hosts in the pool as part of clean-up operations. This can cause the hotfix to fail to apply to other pool members.

This hotfix resolves the following issues:

• Improvements to VM performance and stability.
• A race condition in XenBus can cause pauses in Windows VM operation, which lead to Timeout Detection and Recovery (TDR) events. The TDR can cause the VM to crash.
• Under low resource situations, Xennet can consume all of the RAM on a Windows VM. This causes the VM to crash.
• Windows VMs with the XenVBD driver installed can experience a high number of system interrupts when performing storage operations, especially if you are using fast storage and transferring large amounts of data.

This hotfix also includes the drivers required to support Windows Server 2019 VMs on XenServer 7.1 CU2.

This hotfix also includes the following previously released hotfixes:

• CTX246443 – Hotfix XS71ECU2002 – For XenServer 7.1 Cumulative Update 2

This hotfix resolves the following issue:

• In rare circumstances when a XenServer host is enabling HA, or during a host reboot with HA enabled, the host can fail to establish HA communication with the other hosts. This is due to another process on the host using the listening port required by the HA software.

• Installation of Management Agent can fail after installing newer I/O drivers through Windows Update.
• Failure to reboot a Windows VM after installing XenServer Tools can result in excessive log entries being written to xensource.log and xenstored-access.log until the VM is rebooted. If customers do not reboot the VM, or delay the reboot, excess logs can fill up the XenServer host log partition.
• The Management Agent can crash and respawn on systems without a terminal services Windows Management Instrumentation (WMI) object causing high CPU usage and excessive logging in /var/log/daemon.
• If the Management Agent auto update is enabled after installing XenServer Tools, and a new update is available, the initial auto-update can fail due to a race condition that can cause multiple update attempts to occur simultaneously.

• The default behavior of the Management Agent has been improved to enable customers to configure whether any I/O driver updates included in the Management Agent should be applied automatically. For more information, see section 4.3.1 Installing XenServer Tools in the XenServer 7.0 Virtual Machine User’s Guide.
• This version (v7.1.844) of the Management Agent includes new versions of the I/O drivers that are compatible with Microsoft Windows Server 2016. These drivers have been released previously through the Microsoft Windows Server Update Service. For more information, see Update XS70EU002 – Windows I/O Drivers for XenServer 7.0.

• This is a hotfix for customers running XenServer 7.0. All customers who are affected by the issues described in CTX219378: Citrix XenServer Multiple Security Updates should install this hotfix.
• This hotfix supports the improvements to XenServer’s Direct Inspect APIs.

• When booting a vGPU provisioned Virtual Machine (VM) from network, an interaction between VGA BIOS and VGA emulation code in the vGPU device model can result in the corruption of the VM console in XenCenter.

• When Installing XenServer or upgrading XenServer to a newer version, PBIS services get enabled (even when Role-based access control (RBAC) is not used) and display a lot of error messages. Also, this issue consumes a lot of control domain (dom0) resources.

• Oracle Linux 6.8
• Red Hat Enterprise Linux 6.8
• CentOS 6.8
• NeoKylin Linux Advanced Server 6.5 ( only 64 bit )
• NeoKylin Linux Advanced Server 7.2 ( Only 64 bit )
• SUSE Linux Enterprise Server 11 SP4

This hotfix addresses the following issue:

• When attempting to use XenServer Conversion Manager (XCM) Console to connect to an XCM Virtual Appliance that runs on a slave host, the connection fails and the following message is displayed by the console: “There was a failure communicating with the plugin.” This hotfix ensures that the XCM Console can connect to a XCM Virtual Appliance that runs on any XenServer host.

This hotfix resolves the following issue:

• When using SSH to connect to XenServer, a user might experience a memory leak in systemd on XenServer.

This hotfix also includes the following previously released hotfixes:

• CTX218287 – Hotfix XS70E015 – For XenServer 7.0
• CTX218900 – Hotfix XS70E020 – For XenServer 7.0
• CTX219203 – Hotfix XS70E022 – For XenServer 7.0
• CTX220760 – Hotfix XS70E029 – For XenServer 7.0
• CTX221571 – Hotfix XS70E031 – For XenServer 7.0

This is a hotfix for customers running XenServer 7.0.

All customers who are affected by the issues described in CTX236548 – Citrix XenServer Multiple Security Updates should install this hotfix.

This hotfix resolves the following issues:

• Virtual machines (VMs) configured with in-guest software RAID may fail to cleanly shut down or restart.
• After taking a disk-only snapshot for a VM running in the pool, users randomly fail to access the Virtual Hard Disk (VHD) when trying to unpause the VM, and the VM stops responding. This is caused by time racing in Linux Logical Volume Manager (LVM).
• After rebooting, a XenServer host can fail to connect to iSCSI targets on Compellent arrays.
• When Intellicache mirroring fails due to ENOSPC on shared storage, the VBD image list gets truncated to point to itself. This causes an infinite loop and can lead to the I/O datapath stopping and subsequently VMs freezing.
• When a pool master node executes multi-step plugins on the pool member nodes after important events such as coalesce, the plugin continues to execute through all its steps even if one of the previous ones have failed. This can lead to complications such that the other VDI operations are permanently blocked with OTHER_OPERATION_IN_PROGRESS.
• After deleting a snapshot on a pool member that is not the pool master, a coalesce operation may not succeed. In such cases, the coalesce process can constantly retry to complete the operation, resulting in the creation of multiple RefCounts that can consume a lot of space on the pool member.
• The storage cleanup process initiated after a VDI destroy can conflict with ongoing VDI copy processes (including Storage XenMotion), causing subsequent operations on the SR to fail.

This hotfix also includes the following previously released hotfixes:

• CTX215416 – Hotfix XS70E005 – For XenServer 7.0
• CTX223825 – Hotfix XS70E030 – For XenServer 7.0

This hotfix resolves the following issues:

• High Availability (HA) enabled VMs can take longer to restart after a HA failover.
• In rare cases, when a XenServer host in a pool is restarted, it may not be able to rejoin the pool.
• In rare cases, attempts to shut down a XenServer host in a pool may not succeed.
• On HA-enabled pools, when a task is initiated after a XenServer host has failed, VMs running on the host can take longer (about 10 minutes) to restart. This issue occurs when a task is assigned to the host after it has failed, but before XAPI is aware of the host failure. In such cases, the task doesn’t get cancelled even when XAPI is notified about the failure, causing delays in restarting the VMs.
• When migrating VMs that have Dynamic Memory Control (DMC) enabled, the VMs shutdown operation can unexpectedly fail. This is caused by reducing memory allocation before shutdown and this operation taking longer than expected.
• On Nutanix hosts, the host’s memory-overhead is miscalculated after first boot. This is because XAPI calculates the available host RAM on startup assuming no domains other than the XenServer Control Domain are running. On first boot this is true but on subsequent boots, the Nutanix Controller VM (CVM) is started before XAPI.

This hotfix also includes the following previously released hotfixes:

• CTX215415 – Hotfix XS70E006 – For XenServer 7.0
• CTX215899 – Hotfix XS70E010 – For XenServer 7.0
• CTX218673 – Hotfix XS70E017 – For XenServer 7.0
• CTX218902 – Hotfix XS70E021 – For XenServer 7.0
• CTX220244 – Hotfix XS70E025 – For XenServer 7.0
• CTX224481 – Hotfix XS70E033 – For XenServer 7.0
• CTX229290 – Hotfix XS70E045 – For XenServer 7.0
• CTX234341 – Hotfix XS70E053 – For XenServer 7.0

This hotfix resolves the following issues:

• A race condition caused Windows VMs to hang repeatedly and give an error with Event ID 129: “StorPort detected a SRB timeout, and issued a reset”.
• XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.
• If a restart is performed without clicking on the Yes or No buttons of the restart to complete installation dialog box, the dialog box continues to appear even after restarting the VM.

This hotfix also includes the following previously released hotfixes:

• CTX217114 – Hotfix XS70E011 – For XenServer 7.0
• CTX219284 – Hotfix XS70E013 – For XenServer 7.0
• CTX228552 – Hotfix XS70E042 – For XenServer 7.0

This security hotfix addresses the vulnerabilities as described in the Security Bulletin above.

This hotfix also includes the following previously released hotfixes:

• CTX214992 – Hotfix XS70E008 – For XenServer 7.0
• CTX216463 – Hotfix XS70E012 – For XenServer 7.0
• CTX217644 – Hotfix XS70E014 – For XenServer 7.0
• CTX218899 – Hotfix XS70E019 – For XenServer 7.0
• CTX219498 – Hotfix XS70E023 – For XenServer 7.0
• CTX222423 – Hotfix XS70E032 – For XenServer 7.0
• CTX223289 – Hotfix XS70E034 – For XenServer 7.0
• CTX224690 – Hotfix XS70E035 – For XenServer 7.0
• CTX226374 – Hotfix XS70E039 – For XenServer 7.0
• CTX227587 – Hotfix XS70E043 – For XenServer 7.0
• CTX227233 – Hotfix XS70E044 – For XenServer 7.0
• CTX228719 – Hotfix XS70E046 – For XenServer 7.0
• CTX229064 – Hotfix XS70E047 – For XenServer 7.0
• CTX229544 – Hotfix XS70E049 – For XenServer 7.0
• CTX230787 – Hotfix XS70E050 – For XenServer 7.0
• CTX233364 – Hotfix XS70E051 – For XenServer 7.0
• CTX234436 – Hotfix XS70E055 – For XenServer 7.0
• CTX235130 – Hotfix XS70E057 – For XenServer 7.0
• CTX235958 – Hotfix XS70E058 – For XenServer 7.0
• CTX236149 – Hotfix XS70E059 – For XenServer 7.0
• CTX237090 – Hotfix XS70E060 – For XenServer 7.0
• CTX239434 – Hotfix XS70E064 – For XenServer 7.0