Any official doc to address duplicate computer caused by Citrix "Citrix Provisioning Services"?

ageorgiev 2022-08-05 06:20:06 UTC #41

Well, can I suggest a potential security measure? Maybe additional advanced system settings that not only enables/configures this level of ClientIdentityMatch functionality but also allows you to configure the approved subnets from which to accept such registration requests. For example:

ClientIdentityMatch=200
ClientIdentityMatchCriteria=UUID,hostname,IP Address,MAC Address
ClientIdentityMatchCIDR=1.2.3.0/24,2.3.4.0/24,3.4.5.0/24

This way, it only allows the level 200 on requests coming from those subnets and for all others it treats it as ClientIdentityMatch=100

mbartosh 2022-08-08 23:02:54 UTC #42

@JasonWalker - I used a tool called CredentialsFileView to view the credentials on my test PVS server. The credentials did not change after a restart. If you would like to work with me on my test environment, that would be great.

I performed several restarts on the PVS server yesterday and the Bigfix client ID did not change. I have no idea why I am not getting a new ID now.

MatthiasW 2022-12-09 06:30:26 UTC #43

As we are facing similar issue it would interesting to know if there is any progress on this topic?

JasonWalker 2022-12-09 14:41:56 UTC #44

Yes, on the endpoint there’s a Citrix service that actually does restore the machine identity correctly, but BESClient was starting before that restore was complete. Adding a startup delay to the BES Client of several minutes (I think they used 15 minutes in that case) appears to resolve it.

MatthiasW 2022-12-09 18:21:12 UTC #45

Thanks, Sounds good. We will give it a try.

ageorgiev 2022-12-12 13:50:07 UTC #46

We are still working to get it tested (just internal resource prioritization thing) but same was officially posted as KB article.