Citrix PVS Creating New Client ID

mbartosh 2022-04-05 22:21:21 UTC #1

We have a Citrix PVS (provisioning services) environment. In this environment, the servers are restarted every night, and when they are restart a new image is applied. We have defined what is called a write cache drive which is supposed to be persistent and does not get affected by the nightly reimage. We put the Bigfix agent on the write cache drive which we call the W: drive. This was supposed to prevent the Bigfix agent from getting a new client ID every night, but it is not working. We are still getting a new ID every night. I notice that all of the client logs are in place so the entire client is not being removed and re-added. However, the KeyStorage folder is getting a new date every night.

Getting a new client ID every night causes BFI capacity scan to not work correctly. We end up with a lot of machines with no scan data because of the new ID.

Installing BigFix onto Citrix Desktop

JasonWalker 2022-04-05 22:26:11 UTC #2

This is the scenario that Client identity match should handle. See https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Installation/t_preserving_bundling_when_clientreinstalled.html

I’d start by just setting ClientIdentityMatch=100 via BESAdmin and see whether that’s enough, given your write cache drive scenario. If that’s not enough to resolve, you may have to go through the rest of the steps to preserve the client ID.

mbartosh 2022-04-05 23:14:52 UTC #3

We are already using the ClientIdentityMatch=100. As far as the rest of it, that seems like a lot of work to go through every night. I guess it could be scripted, but it seems like Citrix would have a better answers since they have the persistent drive. I think we are missing something on the Citrix side.

ageorgiev 2022-04-06 08:54:16 UTC #4

I have been discussing this topic with PMs for a few years now and potential solution that we were seeking is to add another level of ClientIdentityMatch (let’s say 500) where the only attributes that need to be matched between machines on registration are just the basics (Machine name, IP address, UUID, etc). ClientIdentityMatch = 100 only works if reg keys are retained; it needs the old cert file to be retained and even with those in place I still couldn’t get it scripted to work… This kind on-demand provisioning services are not new or unique to Citrix and in my view, BigFix ought to have/offer solution for them and unfortunately it doesn’t at the moment!

The worst thing about it though is not just the fact they report with new Client ID (you can work around it if that was the only issue by creating aggressive BES Client Remover schedule based on let’s say “IP Address” or “Computer Name” depends on your environment of course and what would be an unique way to identify duplicates post PVS reset) but instead it creates downstream problems on BigFix Compliance, BigFix Inventory, etc! I had a case with BFI team going back and forth for an year before eventually being classified as “Platform problem” where I couldn’t get the VM Managers data mapped to the client data for those devices just because the BFI upload data is stamped by ComputerID and things do not match up!

mbartosh 2022-04-06 14:35:50 UTC #5

Our Citrix provisioning services (PVS) team created a persistent drive on each Citrix server, also know as a write cache drive. Then they added commands to save and restore the Bigfix registry hive. Below are the command used. This procedure seems to have worked the same client ID has remained the same for 7 days.

Restart Commands

Net stop besclient
sc config besclient start=demand
reg export “HKLM\SOFTWARE\WOW6432Node\Bigfix” “w:\temp\Bigfix.reg” /Y The backup, Bigfix.reg, has to be saved on the W: drive.

Startup Commands

reg import "c:\temp\Bigfix.reg"
sc config besclient start=auto
net start besclient