Question regarding the windows registry key value after installing VDA- HKLMsystemcurrentcontrolsetcontrolsession manager the name of the key is “Global Flag


Why does the value of “Global Flag” under “HKLM/System/CurrentControlSet/Control/Session Manager” change to 400 after Citrix Virtual Desktop agent is installed?


The value 400 for Global Flag inside HKLM/System/CurrentControlSet/Control/Session Manager is enabling pool tagging which is used for debugging and tracking memory usage.

We can track a memory block with this tag, the tag is set when we allocate memory, so it is built into the code to do this.

We can turn it on/off with gflags values, however if there is ever a problem then we will have to turn it on to get the memory usage tracked in a dump or other diagnostic tool. It is not something to worry about.

It is more of a debugging convince for us in the event that memory gets stomped on, we will have a better idea of where the memory came from.

we can also locate memory leaks easier with it.


Debugging options for Encryption Management Server Logs

I need a solution


I have a ticket open with Symantec Technical Support.  My issue is that my primary SEMS server constantly reports the secondary cluster server as “unreachable” before flipping back to “normal.”  Basically, it’s flipping back and forth all the time.

The “Cluster” log clearly shows that the link is being established, followed by an EOF and the link being dropped.  This repeats itself every few seconds.

The tech I’m working with at Symantec isn’t frankly, the greatest.  He asked me to turn on debugging, and sent me a KB article (…) on how to do that by editing the debug.xml log.  The KB says to turn on the debugging options I need, and I kept asking him which ones those are, but he just told me to turn them all on, and leave it for a day (which I have no intention of doing for fear my server will crash sometime in the middle of the night.)

I’m looking at the console, and I see debug logs being created in the “Client,” “Groups,” and “Mail” logs.  However, I DON’T see any debugs being created in the “Cluster” log.

Does anyone know if turning on debugging in this way will actually help with the cluster service?  Or is this tech just wasting my time?

Thank you,

– Steve



SEP 14.2 Agent not receiving definition updates from SEPM.

I need a solution

I currently have an issue were one of our servers is not receiving the avaliable AV defintions from our SEPM. It was discovered that the agent had stopped receiving updates on 31st January and at first it was believed that this was due to the agent requiring a restart due to a pending upgrade.

However after rebooting the server the agent continued to not receive AV definition updates from the SEPM. I performed a repair of the agent but the issue has continued to occur.

Looking at the CVE-Actions.log and the last GetContentItem event occurred on 31st January matching up to what was seen initially from the agent before the reboot, after this date all I seem is GetContentInfo events. However I have enabled debugging and can see that it knowns there is content on the SEPM it needs but this never seems to come down to the agent. These match up to the times the GetContentInfo events are reported in the CVE-Actions. I have been keeping the agent up-to-date by using the intelligent updater.

[2019-Apr-24 15:26:54.356361] [INFO ] SEP::SmcContentProvider::GetTargets: {151387BE-8D1C-467D-8B7A-AC215B16A144} – Content update needed
[2019-Apr-24 15:26:54.356361] [INFO ] SEP::SmcContentProvider::GetTargets: {535CB6A4-441F-4e8a-A897-804CD859100E} – Unsupported
[2019-Apr-24 15:26:54.356361] [INFO ] SEP::SmcContentProvider::GetTargets: {4F6D9685-BCD6-43C4-A109-7399795F5D97} – Unsupported
[2019-Apr-24 15:26:54.575070] [INFO ] SEP::SmcContentProvider::GetTargets: {810D5A61-809F-49c2-BD75-177F0647D2BA} – Content update needed
[2019-Apr-24 15:26:54.575070] [INFO ] SEP::SmcContentProvider::GetTargets: {6040605B-DC27-4B91-8A7A-8671C606FF54} – Unsupported
[2019-Apr-24 15:26:54.575070] [INFO ] SEP::SmcContentProvider::GetTargets: {1A79EE79-891B-4CB6-9A00-8D07FC6BF1FF} – Unsupported
[2019-Apr-24 15:26:54.575070] [INFO ] SEP::SmcContentProvider::GetTargets: {07B590B3-9282-482f-BBAA-6D515D385869} – Unsupported
[2019-Apr-24 15:26:54.575070] [INFO ] SEP::SmcContentProvider::GetTargets: {38B770CC-A70B-43D0-92AF-24F6CB39114B} – Unsupported
[2019-Apr-24 15:26:54.575070] [INFO ] SEP::SmcContentProvider::GetTargets: {7C177419-4112-42B6-8CEF-094385474554} – Unsupported
[2019-Apr-24 15:26:54.621935] [INFO ] SEP::SmcContentProvider::GetTargets: {EDBD3BD0-8395-4d4d-BAC9-19DD32EF4758} – Content update needed
[2019-Apr-24 15:26:54.684429] [INFO ] SEP::SmcContentProvider::GetTargets: {E8827B4A-4F58-4dea-8C93-07B32A63D1C5} – Content update needed
[2019-Apr-24 15:26:54.684429] [INFO ] SEP::SmcContentProvider::GetTargets: {0D03AEA1-B630-43F8-828E-F10E80A68B99} – Unsupported
[2019-Apr-24 15:26:54.684429] [INFO ] SEP::SmcContentProvider::GetTargets: {55DE35DC-862A-44c9-8A2B-3EF451665D0A} – Unsupported
[2019-Apr-24 15:26:54.934401] [INFO ] SEP::SmcContentProvider::GetTargets: {D6AEBC07-D833-485f-9723-6C908D37F806} – Content update needed
[2019-Apr-24 15:26:55.199971] [INFO ] SEP::SmcContentProvider::GetTargets: {88F5AA7A-AD7C-426A-8F25-465D3D43B1F1} – Content update needed
[2019-Apr-24 15:26:55.231221] [INFO ] SEP::SmcContentProvider::GetTargets: {A78E095A-8FED-4937-9D5C-0B6C20EA696C} – Content update needed
[2019-Apr-24 15:26:55.293707] [INFO ] SEP::SmcContentProvider::GetTargets: {0580D57D-0AD3-2299-2F3A-6A29762D60F1} – Content update needed
[2019-Apr-24 15:26:55.293707] [INFO ] SEP::SmcContentProvider::GetTargets: {0BC61544-F94C-4315-A824-11BE14216E9D} – Unsupported
[2019-Apr-24 15:26:55.324951] [INFO ] SEP::SmcContentProvider::GetTargets: {B6DC6C8F-46FA-40c7-A806-B669BE1D2D19} – Up-to-date
[2019-Apr-24 15:26:55.340573] [INFO ] SEP::SmcContentProvider::GetTargets: {8EC79BE5-0A4B-0378-008D-E760EE4D9D2F} – Unsupported
[2019-Apr-24 15:26:55.559289] [INFO ] SEP::SmcContentProvider::GetTargets: {075551EC-66BD-4487-9E2E-40645AF6F8B0} – Up-to-date
[2019-Apr-24 15:26:55.590534] [INFO ] SEP::SmcContentProvider::GetTargets: {263395A0-D3D8-4be4-80B5-202C94EF4AA0} – Up-to-date
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {FDDBF0FB-0A93-1B05-74DA-0710C2E8441D} – Up-to-date
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {03485132-6B4C-4075-8B19-3BE002B2AE80} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {5A7367E1-D1F6-43b5-BD94-4AFFA896D724} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {50B092DE-40D5-4724-971B-D3D90E9EE987} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {51C81AF7-5A45-4BEF-9CA4-38AF3C891F46} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {7ADF5254-6017-4769-89B1-9F9CD03FA8C5} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {74BC74C3-493B-46DA-B3B6-6C9C86F29B89} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {BA569190-E525-4101-A87A-775EF73FDD26} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {C1D5327B-2BA6-43FA-AFE7-8E6C8360EE2D} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {8020CBD2-0BA5-4FFD-BB3E-57CB42C6513C} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {0F3370CC-CB7C-4976-9315-22E436B26137} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {C7BD822B-ADCD-4490-90AA-83E2F7FCFB84} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {FE0C7385-92CD-4877-B26F-EE9FFB3C34E0} – Unsupported
[2019-Apr-24 15:26:55.731229] [INFO ] SEP::SmcContentProvider::GetTargets: {40B738FB-AC2A-462D-ACA0-432CED4F187B} – Unsupported

I have ran the SymDiag but it finds no issues and I would like to avoid a cleanwipe and re-installation of the agent.

Any advise or guidance would be appreciated.



XenApp/XenDesktop 7.15 LTSR CU2 and CU3: VDA Intermittently Blue Screens With BugCheck Code 0x50

VDA intermittently blue Screens With BugCheck Code 0x50.

Memory Dump Analysis shows:

Process ID [0]

Thread ID [0]

IDENTITY: NonPrimaryClient/NoIdentity.

Executing Processor Architecture is x64.

Debuggee is in Kernel Mode.

Debuggee is a kernel mode dump file.

Event Type: Exception.

Exception Faulting Address: 0xffffe002fa182a3e.

BugCheck Code: 0x50.

Exception Code: 0xC0000005.

Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005).

Exception Sub-Type: Write Access Violation.

Exception Hash (Major/Minor)

Hash Usage : Stack Trace:

Excluded : nt!KeBugCheckEx+0x0

Excluded : nt!MiSystemFault+0x10b2

Excluded : nt!MmAccessFault+0x219

Excluded : nt!KiPageFault+0x317

Major+Minor : wdica!MakeOnePacket+0x424

Major+Minor : wdica!SendSomeData+0xfe

Major+Minor : wdica!FlushManagement+0xf1

Major+Minor : wdica!TerminalChannelWrite+0xb2a

Major+Minor : wdica!WdChannelWrite+0xe

Minor : picadd!_IcaCallSd+0x2ba

Minor : picadd!IcaCallDriver+0x28b

Minor : picadd!IcaWriteChannel+0x724

Minor : PICAVC!PicaWriteVC+0x4a5

Minor : picadm!FileWriteStreamEx+0x43a

Minor : picadm!FileWriteStream+0x17f

Minor : picadm!FileWrite+0x3dc

Minor : picadm!PdmFsdWrite+0x3ce

Minor : picadm!OwWriteFsd+0x1c2

Minor : picadm!WriteMaximumIoSizeChunks+0x5b

Minor : picadm!NonCachedWrite+0x1ef

Minor : picadm!OwCommonWrite+0xada

Minor : picadm!OwFsdWrite+0x264

Minor : mup!MupiBypassMupAndCallUncProviderDirectly+0x36

Minor : mup!MupFsdIrpPassThrough+0xdb

Minor : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x25a

Minor : fltmgr!FltpDispatch+0xb2

Minor : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x25a

Minor : fltmgr!FltpDispatch+0xb2

Excluded : nt!IopSynchronousServiceTail+0x32b

Excluded : nt!NtWriteFile+0x694

Excluded : nt!KiSystemServiceCopyEnd+0x13

Unknown : 0x0000000077e22352


  • No Related Posts

How to Generate NSPPE Core Dump on NetScaler

This article describes how to generate NSPPE core dump on NetScaler.


When NetScaler, whether standalone or HA pair, has a problem that requires you to reboot, it is advisable to generate a NSPPE core dump in order to save any evidence of the problem for later analysis by technical support. This triggers the device to restart while dumping the core which would help us with the RCA for high memory usage.


XenServer 7.1 Cumulative Update 1

Who Should Install This Cumulative Update?

XenServer 7.1 Cumulative Update 1 (XS71ECU1) should be installed by customers running XenServer 7.1. It includes all previously released XenServer 7.1 hotfixes. Installation of XS71ECU1 is required for all future functional hotfixes for XenServer 7.1 LTSR.

XenServer 7.1 Cumulative Update 1 and its subsequent hotfixes are available only to customers on the Customer Success Services program.

Citrix will continue to provide security updates to the base XenServer 7.1 product for a period of three months from the release date of the XenServer 7.1 Cumulative Update 1 (until December 11, 2017). After this three month period elapses, any new hotfixes released will only support XenServer 7.1 with CU1 applied.

For more information about XenServer 7.1 CU1, see the Citrix XenServer 7.1 Cumulative Update 1 Release Notes.

Information About this Cumulative Update

Component Details
  • XenServer 7.1

  • Licensed customer with Customer Success Service

Post-update tasks Restart Host
Content live patchable* No
Revision History Published on September 11, 2017
* Available to Enterprise Customers.

Included in this Cumulative Update

This cumulative update includes the following previously released hotfixes.

  1. CTX222368 – Hotfix XS71E001 – For XenServer 7.1
  2. CTX224279 – Hotfix XS71E002 – For XenServer 7.1
  3. CTX223285 – Hotfix XS71E003 – For XenServer 7.1
  4. CTX222843 – Hotfix XS71E004 – For XenServer 7.1
  5. CTX221590 – Hotfix XS71E005 – For XenServer 7.1
  6. CTX222424 – Hotfix XS71E006 – For XenServer 7.1
  7. CTX223290 – Hotfix XS71E007 – For XenServer 7.1
  8. CTX223858 – Hotfix XS71E008 – For XenServer 7.1
  9. CTX225676 – Hotfix XS71E009 – For XenServer 7.1
  10. CTX224899 – Hotfix XS71E010 – For XenServer 7.1
  11. CTX224691 – Hotfix XS71E011 – For XenServer 7.1
  12. CTX224697 – Hotfix XS71E012 – For XenServer 7.1
  13. CTX226298 – Hotfix XS71E013 – For XenServer 7.1
  14. CTX226299 – Hotfix XS71E014 – For XenServer 7.1

This cumulative update also includes additional fixes. For a list of the issues resolved by XenServer 7.1 CU1, see the Citrix XenServer 7.1 Cumulative Update 1 Release Notes.

Installing the Cumulative Update

Customers should use either XenCenter or the XenServer Command Line Interface (CLI) to apply this cumulative update. When the installation is complete, see the Post-update tasks in the table Information About this Cumulative Update for information about any post-update tasks you should perform for the update to take effect. As with any software update, back up your data before applying this update. Citrix recommends updating all hosts within a pool sequentially. Upgrading of hosts should be scheduled to minimize the amount of time the pool runs in a “mixed state” where some hosts are upgraded and some are not. Running a mixed pool of updated and non-updated hosts for general operation is not supported.

Note: The attachment to this article is a zip file. It contains the cumulative update update package only. Click the following link to download the source code for any modified open source components XS71ECU1-sources.iso. The source code is not necessary for cumulative update installation: it is provided to fulfill licensing obligations.

Installing the Cumulative Update by using XenCenter

Before installing this cumulative update, we recommend that you update your version of XenCenter to the latest available version for XenServer 7.1 CU 1.

Choose an Installation Mechanism

There are three mechanisms to install a cumulative update:

  1. Automated Updates
  2. Download update from Citrix
  3. Select update or Supplemental pack from disk

The Automated Updates feature is available for XenServer Enterprise Edition customers, or to those who have access to XenServer through their XenApp/XenDesktop entitlement. For information about installing a cumulative update using the Automated Updates feature, see the section Applying Automated Updates in the XenServer 7.1 Cumulative Update 1 Installation Guide.

For information about installing a cumulative update using the Download update from Citrix option, see the section Applying an Update to a Pool in the XenServer 7.1 Cumulative Update 1 Installation Guide.

The following section contains instructions on option (3) installing a cumulative update that you have downloaded to disk:

  1. Download the cumulative update to a known location on a computer that has XenCenter installed.
  2. Unzip the cumulative update zip file and extract the .iso file
  3. In XenCenter, on the Tools menu, select Install Update. This displays the Install Update wizard.
  4. Read the information displayed on the Before You Start page and click Next to start the wizard.
  5. Click Browse to locate the iso file, select XS71ECU1.iso and then click Open.
  6. Click Next.
  7. Select the pool or hosts you wish to apply the cumulative update to, and then click Next.
  8. The Install Update wizard performs a number of update prechecks, including the space available on the hosts, to ensure that the pool is in a valid configuration state. The wizard also checks whether the hosts need to be rebooted after the update is applied and displays the result.
  9. In addition, the Install Update wizard checks whether a live patch (this is an Enterprise Edition feature) is available for the cumulative update and if the live patch can be successfully applied to the hosts. For more information, see Live Patching in XenServer in XenServer 7.1 Installation Guide.

    Follow the on-screen recommendations to resolve any update prechecks that have failed. If you want XenCenter to automatically resolve all failed prechecks, click Resolve All. When the prechecks have been resolved, click Next.

  10. Choose the Update Mode. Review the information displayed on the screen and select an appropriate mode. If the update contains a live patch that can be successfully applied to the hosts, it displays No action required on the Tasks to be performed screen.
  11. Note: If you click Cancel at this stage, the Install Update wizard reverts the changes and removes the update file from the host.

  12. Click Install update to proceed with the installation. The Install Update wizard shows the progress of the update, displaying the major operations that XenCenter performs while updating each host in the pool.
  13. When the update is applied, click Finish to close the wizard.
  14. If you chose to carry out the post-update tasks, do so now.

Installing the Cumulative Update by using the xe Command Line Interface

  1. Download the cumulative update file to a known location.
  2. Extract the .iso file from the zip.
  3. Upload the .iso file to the Pool Master by entering the following commands:

    (Where -s is the Pool Master’s IP address or DNS name.)

    xe -s <server> -u <username> -pw <password> update-upload file-name=<filename>XS71ECU1.iso

    XenServer assigns the update file a UUID which this command prints. Note the UUID.


  4. Apply the update to all hosts in the pool, specifying the UUID of the update:

    xe update-pool-apply uuid=<UUID_of_file>

    Alternatively, if you want to update and restart hosts in a rolling manner, you can apply the update file to an individual host by running the following:

    xe upload-apply host-uuid=<UUID_of_host> uuid=<UUID_of_file>

  5. Verify that the update was applied by using the update-list command.

    xe update-list -s <server> -u root -pw <password> name-label=XS71ECU1

    If the update is successful, the hosts field contains the UUIDs of the hosts to which this cumulative update was successfully applied. This should be a complete list of all hosts in the pool.

  6. If the cumulative update is applied successfully, carry out any specified post-update task on each host, starting with the master.


Hotfix File

Component Details
Hotfix Filename XS71ECU1.iso
Hotfix File sha256 66a75cbddde0d6fb5712fa726c3e8e4505a9bde4a660618c247425aaddfa634b
Hotfix Source Filename XS71ECU1-sources.iso
Hotfix Source File sha256 6af223f7811cbea27c496c017bbf8940e022f98e5ea29125df40b2613b33eec0
Hotfix Zip Filename
Hotfix Zip File sha256 03c6765b1454176339a17373b35a682e191d2d103b0e5b14d9d94c9d069a6b90
Size of the Zip file 253 MB

Files Updated


More Information

For more information see, the XenServer 7.1 Documentation.

If you experience any difficulties, contact Citrix Technical Support.


7023547: How to run GDB to debug a process in SMG

Step 2: Shutdown the module to be tested

This step is crucial to save the headache of dealing with modules trying to automatically reload.

If possible, shut down the program either with the modules UI page, or by sending a kill command to the module from a terminal window. If the kill command is used, it MUST NOT be used with the -9 switch, as this will not allow the module to stay down.

If shutting down the module is not possible, typically due to a crash/restart loop, disable the server setting for ‘Module auto-recovery’ under the Manage Servers UI page. With this setting disabled, the program will not come back up by itself. It is important to remember to re-enable this option when the back trace has been obtained.

Step 3: Ensure gdb is installed

To get the debug information, gdb is required, but it not installed by default.

Type ‘gdb –help’ at the terminal prompt to check that it is installed.

If the help page is not displayed, install gdb by typing ‘apt install gdb’.

Step 4: Run the module in debug mode

Using the startup command determined in step 1, we can now prepare to start the application. Using the examples from step 1, and assuming the module we are investigating is gwvsmtp, enter the following commands, noting the additional switch that has been added to the end of the line:

cd /opt/gwava/assets/bin/linux/x64

gdb --args /opt/gwava/assets/bin/linux/x64/gwvsmtp "/root=/opt/gwava/" /ServerId=1 /ModuleId=1 /ConsoleLog

After typing these commands you should be placed into the gdb program at a (gdb) prompt which is ready to run the application. Type ‘r’ to start the program.

Step 5: Watch and wait

Now that the program is running, it is simply a matter of waiting for the crash to occur. The /ConsoleLog switch that was included on the command line will be echoing to the terminal display. This is the same log information that is stored in the application logs. By emitting it during the debug session, we are able to capture the end of the log along with the debug information which saves on the effort of matching log files to the information we are after.

Leave the program running until it stops. This will be evident when the log stops scrolling and you are given a prompt to type at.

Step 6: Obtain the backtrace

Once the program fails, type ‘bt’ at the prompt. This will provide a set of lines that include the information that’s useful to engineering.

Scroll back up through the information to where the logging information ends. Copy the text from approximately one screenful of logging information down to the end of the backtrace information. Pay attention to what’s in the log information and if it seems that more may be useful, copy as much as seems necessary. It is better to capture more information than less if you are unsure of what you are reading. Using the time on the log can also be a useful way to determine what might be necessary. If there are four pages of log data within the same second, chances are that’s all going to be related.

The information should look something like this:

Step 7: Clean up

To exit gdb, enter ‘q’. This will return you to the terminal prompt.

If Module auto-recovery was disabled, re-enable it on the Manage Servers page.

Restart the programs using the appropriate method for the system you are working on.

Step 8: Provide the information to engineering

Self explanatory. Add the information to the bug ticket, or via email to the engineer that requested the information.