Recommended Hotfixes for XenServer 7.x

This article contains the minimum set of hotfixes to install to get your XenServer 7.0 or XenServer 7.1 Cumulative Update 2 installation up to date. If you use the Automated Updates feature of XenCenter, this is the set of hotfixes that are installed.

Note: Before installing any hotfixes, ensure that you are using the latest version of XenCenter. For more information, see the Citrix Hypervisor product downloads page.

Citrix XenServer 7.1 LTSR CU2 Citrix XenServer 7.0.0

Some hotfixes remain listed in this table even though they are rolled up by subsequent hotfixes. These hotfixes are pre-requisites for hotfixes to other components.

Note: These hotfixes are available only to customers on the Customer Success Services program.

Hotfix Notes Prerequisite hotfixes Live patchable?
Hotfix XS71ECU2002 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: Security fixes to Xen

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

  • On some systems, the XenServer host fails to boot when 4096 MB or more memory is assigned to dom0.
  • When starting a VM with more than 16 PCI devices assigned, the VM fails to start and the following error appears in the logs: “Error: hit limit of 16 RMRR devices for domain”.
  • If you have not rebooted your XenServer 7.1 host after applying Cumulative Update 2 and you try to start, reboot, or resume a suspended VM on the host, the operation fails. You might also notice coredump files in any server status reports you collect in this state.
None No
Hotfix XS71ECU2013 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to OVS

This hotfix resolves the following issues:

  • A reboot of one switch in an MC-LAG bond makes all bond links to go down, causing a total connectivity loss for 3 seconds.
None No
Hotfix XS71ECU2016 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to xenserver-release

This hotfix resolves the following issues:

  • If you have configured your logging to use the legacy logrotate mechanism, you can only retain two files per log. All other log files are removed.
  • On XenServer startup, FCoE services start on bonded devices. This is not a supported state.
None No
Hotfix XS71ECU2017 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Dom0 libraries

This hotfix contains the following improvements:

Additionally, this hotfix resolves the following issues:

  • Logrotate can fail to run if an unexpected file exists. This unexpected file can be left behind if the logrotate operation was previously interrupted.
  • On a Linux guest that has multiple vCPUs, the throughput can be much lower than expected. This issue is caused by interrupts for the VIF queues not being correctly distributed across vCPUs.

None No
Hotfix XS71ECU2028 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Authentication

This hotfix resolves the following issues:

  • When attempting to enable Active Directory authentication, you might see the following error in XenCenter: “Could not enable external authentication. The Active Directory Plug-in could not complete the command. Additional information on the logs”. The domainjoin-cli.log file includes the following message: “Failed to write records. Error code [2]”.
None No
Hotfix XS71ECU2029 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Transfer VM

This hotfix resolves the following issues:

  • In a pool with shared storage that has two or more physical block devices connected to the Transfer VM template, the uninstall of the Transfer VM template can fail.
  • If you attempt to import or export an OVA or OVF file, it might fail with the following error: “InvalidIPError: The supplied IP address x.x.x.x is invalid.” This failure occurs when any of the octets in the IP address have a value of 255.
None No
Hotfix XS71ECU2032 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to XenCenter

This hotfix contains the following improvements:

  • The version of putty included within XenCenter is updated to v0.73.
  • XenCenter now alerts you when the version of your managed XenServer hosts is approaching end of life or reaches end of life.
  • XenCenter also alerts you when a Cumulative Update is approaching or has passed a date when there will be no further hotfixes issued for that release.

None No
Hotfix XS71ECU2033 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: Security fix for OpenSSH

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

None No
Hotfix XS71ECU2035 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Windows and Linux Guest Tools

This hotfix contains the following improvements:

  • New Windows I/O drivers (9.x.x.x) with improved performance are provided for the following operating systems: Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server Core 2016, Windows Server 2019, Windows Server Core 2019.
  • Improved Windows timekeeping through periodic synchronization with the real-time clock.

This hotfix resolves the following issues:

  • On Windows VMs with the xeniface 8.2.1.123 driver installed, the time service can become unsynchronized.
  • If you have Management Agent version 9.0.0.14 installed, you might see a memory leak in the Management Agent process.
  • If you have the Management Agent installed on your Windows VM, attempting to copy more than 1 MB of text to the clipboard can cause your VM to become unresponsive.
  • On your Linux VMs, if you upgrade the version of Citrix VM Tools from the version provided with XenServer 7.1 or earlier to the version provided with XenServer 7.1 CU 1 or later, you cannot use some of the xenstore utilities. This might break tools or scripts that use these utilities.

This hotfix also includes the following previously released hotfix:

None No
Hotfix XS71ECU2036 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: Support for RHEL8.0 CentOS8.0 and SLES 15 SP1

  • XS71ECU2035
No
Hotfix XS71ECU2041 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Dom0 kernel

This hotfix contains the following improvements:

  • Improvements to boot time, memory accounting and stability of Citrix Hypervisor on systems with large amount of RAM. To get the full benefits of this improvement you must also install Hotfix XS71ECU2042 after this hotfix.

This hotfix also includes the following previously released hotfixes:

None No
Hotfix XS71ECU2043 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Storage Manager.

This hotfix resolves the following issues:

  • When Intellicache is enabled on your Citrix Hypervisor server and you attempt to start a VM, the action might fail with the message “VDI not available”. This occurs when the cache SR is out of space, but caching is not disabled.
  • A race condition in leaf coalesce can occasionally cause toolstack operation on a VM to fail.
  • If installation of a hotfix interrupts garbage collection on the storage manager and the hotfix requires a restart, some VMs might fail to resume after the restart.

This hotfix also includes the following previously released hotfixes:

None No
Hotfix XS71ECU2044 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: Security fixes to Xen Device model

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

  • VMs might fail to correctly migrate after hot-unplugging a VIF. VMs might fail to resume after suspending if a VIF had been hot-unplugged.

This hotfix also includes the following previously released hotfixes:

  • XS71ECU2002
No
Hotfix XS71ECU2052 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: Security fixes to Xen

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

  • XS71ECU2041
No
Hotfix XS71ECU2055 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Windows and Linux Guest Tools

This hotfix contains the following improvements:

  • In Citrix VM Tools for Windows, an update to the xenbus driver takes advantage of the new Autoreboot registry key. This registry setting specifies the maximum number of reboots that are automatically completed when using Windows Update to update your drivers. Ensuring that all reboots are completed can prevent temporary loss of static network settings during driver update.

    Set this registry key before updating to the latest version of the Citrix VM Tools for Windows. For more information, see Setting automatic reboots when updating the Citrix VM Tools for Windows.

This hotfix resolves the following issues:

  • If you attempt to install the Citrix VM Tools for Linux on a fully up to date CentOS 8 system, you see the error: Fatal Error: Failed to determine Linux distribution and version. This is caused by changes in that CentOS 8 updates release on Dec 08, 2020.

Note:To create CentOS 8 VMs on XenServer 7.1 Cumulative Update 2, you must also install Hotfix XS71ECU2036 – For XenServer 7.1 Cumulative Update 2

This hotfix also includes the following previously released hotfixes:

None No
Hotfix XS71ECU2056 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: fixes to Toolstack

This hotfix resolves the following issues:

  • If you create a backup of a XenServer host that has UEFI boot enabled and then attempt to use the “Restore from backup” capability of the installation media, the restore operation can fail with the error: “No existing bootloader configuration found”.
  • If you have enabled external Active Directory authentication, XenCenter might show the following error message after you reboot a XenServer host: “The authentication request could not be handled.” In this case, XenServer prevents you from logging in with an authorized Active Directory domain account for up to half an hour after reboot.
  • If, during the shutdown of a VM, you trigger a forced reboot, this can cause the VM to get into a bad power state.
  • While restarting XAPI on the pool master, a VM shutdown on a pool member can fail with “Object […] does not exists in xenopsd”, resulting in an incorrect VM power-state.

This hotfix also includes the following previously released hotfixes:

None No
Hotfix XS71ECU2058 – For Citrix XenServer 7.1 LTSR CU2

Public Availability: Security fixes to Dom0 kernel

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

  • On systems with a large number of CPUs, VMs can fail during live migration. This issue occurs when the VM consumes more than the available number of grant pages. This fix decreases the number of grant pages that are assigned to a VM by default.
  • Fixes a networking performance regression introduced in security hotfix XS71ECU2049 for CVE-2020-27673.

This hotfix also includes the following previously released hotfixes:

None No

Some hotfixes remain listed in this table even though they are rolled up by subsequent hotfixes. These hotfixes are pre-requisites for hotfixes to other components.

Note: These hotfixes are available only to customers on the Customer Success Services program.

Hotfix Notes Prerequisite hotfixes Live patchable?
Hotfix XS70E004 – For Citrix XenServer 7.0.0

Public Availability: Xapi fix for storage data corruption

This hotfix resolves a potential data corruption issue affecting all types of storage repository on XenServer 7.0. For exact details of the issue, please see CTX214768.

None No
Hotfix XS70E009 – For Citrix XenServer 7.0.0

Public Availability: fix for High Availability

This hotfix resolves the following issue:

  • In rare circumstances when a XenServer host is enabling HA, or during a host reboot with HA enabled, the host can fail to establish HA communication with the other hosts. This is due to another process on the host using the listening port required by the HA software.
  • XS70E004
No
Hotfix XS70E018 – For Citrix XenServer 7.0.0

Public Availability: security fixes to NTP

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

  • XS70E004
No
Hotfix XS70E024 – For Citrix XenServer 7.0.0

Public Availability: fixes to vGPU

This hotfix resolves the following issue:

  • When booting a vGPU provisioned Virtual Machine (VM) from network, an interaction between VGA BIOS and VGA emulation code in the vGPU device model can result in the corruption of the VM console in XenCenter.
  • XS70E004
No
Hotfix XS70E027 – For Citrix XenServer 7.0.0

Public Availability: Fixes for user authentication

This hotfix resolves the following issue:

  • When Installing XenServer or upgrading XenServer to a newer version, PBIS services get enabled (even when Role-based access control (RBAC) is not used) and display a lot of error messages. Also, this issue consumes a lot of control domain (dom0) resources.

This hotfix includes the following previously released hotfix:

  • XS70E004
No
Hotfix XS70E028 – For Citrix XenServer 7.0.0

Public Availability: Support for new Guest Operating Systems

This hotfix supports the following new guest operating systems for Long Term Support (LTS):

  • XS70E004
No
Hotfix XS70E037 – For Citrix XenServer 7.0.0

Public Availability: Conversion manager Xapi plug-in fix

This hotfix addresses the following issue:

  • When attempting to use XenServer Conversion Manager (XCM) Console to connect to an XCM Virtual Appliance that runs on a slave host, the connection fails and the following message is displayed by the console: “There was a failure communicating with the plugin.” This hotfix ensures that the XCM Console can connect to a XCM Virtual Appliance that runs on any XenServer host.
  • XS70E004
No
Hotfix XS70E041 – For Citrix XenServer 7.0.0

Public Availability: fixes to systemd

This hotfix resolves the following issue:

  • When using SSH to connect to XenServer, a user might experience a memory leak in systemd on XenServer.
  • XS70E004
No
Hotfix XS70E052 – For Citrix XenServer 7.0.0

Public Availability: Security fixes to Open vSwitch

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

  • XS70E004
No
Hotfix XS70E056 – For Citrix XenServer 7.0.0

Public Availability: updates to openSSL

This hotfix updates the OpenSSL version to v1.0.2.

This hotfix also includes the following previously released hotfix:

  • XS70E004
No
Hotfix XS70E065 – For Citrix XenServer 7.0.0

Public Availability: XenTools fixes

This hotfix resolves the following issues:

  • A race condition caused Windows VMs to hang repeatedly and give an error with Event ID 129: “StorPort detected a SRB timeout, and issued a reset”.
  • XenVBD can consume 100% of a vCPU and can block other processes from using that vCPU.
  • If a restart is performed without clicking on the Yes or No buttons of the restart to complete installation dialog box, the dialog box continues to appear even after restarting the VM.

This hotfix also includes the following previously released hotfixes:

  • XS70E004
No
Hotfix XS70E069 – For Citrix XenServer 7.0.0

Public Availability: fixes to Storage

This hotfix resolves the following issue:

  • If you cancel an ongoing Storage XenMotion, the next attempt to migrate the VM using Storage XenMotion fails with the “VDI Mirroring Cannot be performed” error. However, any subsequent attempts to migrate the VM succeed.

This hotfix also includes the following previously released hotfixes:

  • XS70E004
No
Hotfix XS70E081 – For Citrix XenServer 7.0.0

Public Availability: Security fixes to Xen Device Model

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin. In addition, it resolves the following issues:

  • VMs might fail to correctly migrate after hot-unplugging a VIF. VMs might fail to resume after suspending if a VIF had been hot-unplugged.

This hotfix also includes the following previously released hotfixes:

  • XS70E004
No
Hotfix XS70E088 – For Citrix XenServer 7.0.0

Public Availability: Security fixes to Xen

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

  • XS70E004
No
Hotfix XS70E089 – For Citrix XenServer 7.0.0

Public Availability: Security fixes to Toolstack

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

  • XS70E004
No
Hotfix XS70E092 – For Citrix XenServer 7.0.0

Public Availability: Security fixes to Dom0 kernel

This security hotfix addresses the vulnerabilities as described in the linked Security Bulletin.

This hotfix also includes the following previously released hotfixes:

  • XS70E004
No

    Related:

    Leave a Reply