The Provisioning Server either cannot be found or shows as **down** in the Provisioning Services Console.

To resolve this issue, perform the following tasks:

1. Launch the Provisioning Services Console and verify the Provisioning Server appears as “down.” If so, verify that the Citrix PVS Stream Service is running on the Provisioning Server. For more information, see Starting, stopping, or restarting Provisioning Services

2. From the Provisioning Services Console, verify the Provisioning Server appears when the Servers node is selected. If no Provisioning Server appears, verify the database server’s IP address or FQDN is specified correctly in the Console.

3. Verify the database server is powered on and can be reached from another machine in your environment.

4. Verify that the Provisioning Server’s configuration is complete using the Provisioning Services Configuration Wizard.

Related:

  • No Related Posts

Duplicate McAfee Agent EPO in PVS – EPO Console

Consider the following when using Provisioning Services with the McAfee ePolicy Agent:

Guidelines

A: Delete the Agent GUID for McAfee EPO agent; otherwise all machines deployed came up in EPO server as the same computer. So, if you are going to use the Provisioning Services image in Shared Image mode, Citrix recommends stopping the McAfee framework service and deleting the following registry key, just before your create your Provisioning Services image.

Stop the McAfee Framework service (but leave on Automatic start up) and delete the AgentGUID registry value:

HKEY_LOCAL_MACHINESOFTWARENetwork AssociatesePolicy OrchestratorAgent

Additional registry keys may need to be cleared or deleted before rolling out an image in Standard Image mode. To run McAfee 8.5i and EPO on a vDisk in Standard Image mode, the values for the following registry keys must be deleted before imaging the Master Target Device (this could also be done after building the image by putting the image back into Private Image Mode):

HKLMSOFTWARENetwork AssociatesePolicy OrchestratorAgentAgentGUID

HKLMSOFTWARENetwork AssociatesePolicy OrchestratorAgentMACADDRESS

HKLMSystemCurrentControlSetServicesFireTDIEnum (if using Host Intrusion)

Make sure there is not a policy applied to this PC on EPO that restarts the framework service after X seconds. (Otherwise this key might be recreated before you start the Provisioning Services image creation process).

The problem here is that each time a PC restarts in Shared Image Mode, a different GUID is recreated. It might be necessary to set EPO to delete stale entries from its Asset database. The results might also not provide a true reflection in reports of a particular PCs infection history, as it has a new record in the EPO database each time a reboot occurs. This is preferable over having lots of PCs with only one of them having updated antivirus at a time.

Related:

  • No Related Posts

Re: Dual ESRS/VE Centralized Gateway setup

Hi

We are planning to deploy the ESRS/VE setup. In the same site we have unity & powermax arrays and planning to have 2 different VM dedicated for ESRS centralized setup. So this is called as Dual ESRS HA ?

So my understanding is for ESRS/VE we will be getting a OVA/OVF appliance. On first VM, I will have to import this OVA/OVF file and configure and supply the parameters like IP Addr, DNS, Gateway IP and will need to do the complete ESRS configuration, provisioning etc. Once this is done all the sites and arrays of the customer will be visible in First instance of VM – First ESRS.

For 2nd VM – 2nd ESRS – Do I need to repeat the same entire process that i did or I need to do until ESRS services gets started on the VM and can I skip the ESRS configuration and provisioning part fully ? —> as this is 2nd instance of ESRS.

I read somewhere that while deploying 2nd instance of ESRS, that instance should not be managing any devices at all. In this scenario, how the site id’s and arrays will be pulled or visible in to 2nd instance of ESRS – Will the ESRS Backend infra server that belongs to EMC will do the synchronization of all assets from 1st VM instance to 2nd VM instance ? Please assist

Related:

  • No Related Posts

Dual ESRS/VE Centralized Gateway setup

Hi

We are planning to deploy the ESRS/VE setup. In the same site we have unity & powermax arrays and planning to have 2 different VM dedicated for ESRS centralized setup. So this is called as Dual ESRS HA ?

So my understanding is for ESRS/VE we will be getting a OVA/OVF appliance. On first VM, I will have to import this OVA/OVF file and configure and supply the parameters like IP Addr, DNS, Gateway IP and will need to do the complete ESRS configuration, provisioning etc. Once this is done all the sites and arrays of the customer will be visible in First instance of VM – First ESRS.

For 2nd VM – 2nd ESRS – Do I need to repeat the same entire process that i did or I need to do until ESRS services gets started on the VM and can I skip the ESRS configuration and provisioning part fully ? —> as this is 2nd instance of ESRS.

I read somewhere that while deploying 2nd instance of ESRS, that instance should not be managing any devices at all. In this scenario, how the site id’s and arrays will be pulled or visible in to 2nd instance of ESRS – Will the ESRS Backend infra server that belongs to EMC will do the synchronization of all assets from 1st VM instance to 2nd VM instance ? Please assist

Related:

  • No Related Posts

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
 
The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-dos

Security Impact Rating: High

CVE: CVE-2018-0443

Related:

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
 
The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak

Security Impact Rating: High

CVE: CVE-2018-0442

Related:

Error: “The system was not configured correctly”” Appears when Provisioning Services Console Fails to Connect to Farm

The Provisioning Services Console fails to connect to the farm and displays one of the following error messages:

“The system setup is not correct.” or “The system was not configured correctly”

User-added image

User-added image

The Event logs register a series of Event 11 with StreamProcess as the source:

“Cannot establish a connection to the database because the server cannot be found. Please check your database connection settings in the registry and the network path to your server”

The communication between the Provisioning Services Server and the SQL Server was correct, antivirus and firewalls were disabled. The user was assigned to the Domain Administrators group.

NOTE: If FIPS policy is configured in environment , Users may also report Provisioning Services Console getting crashed.

Related:

How to Update Machine Catalog to propagate changes applied to the Master Image

Citrix recommends that you save copies or snapshots of master images before you update the machines in the catalog. The database keeps an historical record of the master images used with each machine catalog. You can roll back (revert) machines in a catalog to use the previous version of the master image if users encounter problems with updates you deployed to their desktops, thereby minimizing user downtime. Do not delete, move, or rename master images; otherwise, you will not be able to revert a catalog to use them.

For catalogs that use Provisioning Services, you must publish a new vDisk to apply changes to the catalog. For details, see the Provisioning Services documentation.

After a machine is updated, it restarts automatically.

Related:

Provisioning Services 7.6.7

Overview

7.6.7 is the Provisioning Services version for Cumulative Update 6 of the Long Term Service Release (LTSR) program. Provisioning Services 7.6.7 can also be used by non-LTSR customers to upgrade 7.6 base environments.

The benefits of upgrading to 7.6.7 includes several fixes:

Console

When you log on to the Provisioning Services Console using a different domain account, you might not be able to access the farm. This error message appears:

“The domain/user does not have access to the Farm.”

[#LC8150]

The Provisioning Services Console and Configuration wizard might be slow when running in a complex Active Directory environment. As a result, the Provisioning Services Console times out. By using this enhancement, instead of searching for all groups in all domains, you can search in preferred domains. You can then stop the search if you find the correct group. The following registry can be set to use different search options:

HKEY_LOCAL_MACHINESOFTWARECitrixProvisioningServices

Name: DomainSelectOption

Type: DWORD

Value: Set the following values (in decimal) for different search approach

0 = Approach-0 (default) Search in user domain and PVS Admin groups’ domains (and other whitelisted domains if configured).

1 = Approach-1. Search with Approach-0, followed by other trusted domains of the user’s domain.

2 = Obsolete

3 = Search with Approach-0, the groups found are further enumerated over the parent domains. Used for a special Active Directory environment.

4 = Search with Approach-1, the groups found are further enumerated over the parent domains. Used for a special Active Directory environment.

5 = Approach-2. “One-step” search using “User” attribute in user domain and PVS Admin groups’ domains (and other whitelisted domains if configured). Used for a special Active Directory environment.

6 = Search with Approach-2, followed by other trusted domains of the user’s domain.

[#LC9065]

The default Active Directory search option might not be able to find the Provisioning Services administrator membership for certain users in a special Active Directory environment. This issue is related to how the group membership is associated through groups over the parent and child domains.

[#LC9800]

Server

When you log on to the Provisioning Services Console using a different domain account, you might not be able to access the farm. This error message appears:

“The domain/user does not have access to the Farm.”

[#LC8150]

The Provisioning Services Console and Configuration wizard might be slow when running in a complex Active Directory environment. As a result, the Provisioning Services Console times out. By using this enhancement, instead of searching for all groups in all domains, you can search in preferred domains. You can then stop the search if you find the correct group. The following registry can be set to use different search options:

HKEY_LOCAL_MACHINESOFTWARECitrixProvisioningServices

Name: DomainSelectOption

Type: DWORD

Value: Set the following values (in decimal) for different search approach

0 = Approach-0 (default) Search in user domain and PVS Admin groups’ domains (and other whitelisted domains if configured).

1 = Approach-1. Search with Approach-0, followed by other trusted domains of the user’s domain.

2 = Obsolete

3 = Search with Approach-0, the groups found are further enumerated over the parent domains. Used for a special Active Directory environment.

4 = Search with Approach-1, the groups found are further enumerated over the parent domains. Used for a special Active Directory environment.

5 = Approach-2. “One-step” search using “User” attribute in user domain and PVS Admin groups’ domains (and other whitelisted domains if configured). Used for a special Active Directory environment.

6 = Search with Approach-2, followed by other trusted domains of the user’s domain.

[#LC9065]

When you merge two or more vDisks at the same time, the MgmtDaemon.exe process might exit unexpectedly.

[#LC9123]

The default Active Directory search option might not be able to find the Provisioning Services administrator membership for certain users in a special Active Directory environment. This issue is related to how the group membership is associated through groups over the parent and child domains.

[#LC9800]

TargetDevice

Target devices might become unresponsive.

[#8897]

Related:

  • No Related Posts