Product documentation
Citrix Provisioning
Current Release 2305 2303 2212 2209 2206 2203 LTSR 2112 2109 2106 1912 LTSR 7.15
View PDF

Farm

August 4, 2023
Contributed by:
C J

Use the information in this section to configure a farm using the Citrix Provisioning console. This section includes information about the following elements:

The tables that follow identify and describe properties on each tab of theFarm Propertiesdialog.

General tab

Field Description
Name Enter or edit the name of this farm.
Description Enter or edit a description for this farm.

Security tab

Field Description
Add ClickAddto apply farm administrator privileges to a group. Select each box next to the groups to which you want to apply farm administrator read-only privileges.
Remove 希利ct the groups that you want to remove from the administrator role. ClickRemoveto remove the selected groups.

Groups tab

Field Description
Add button Click theAddbutton to open theAdd System Groupsdialog. To display all security groups, leave the text box set to the default*。To display groups, type part of the name using wildcards*。For example, if you want to seeMY_DOMAIN\Builtin\Users, type:User*,Users, orser。However, if you typeMY_DOMAIN\Builtin\*, you get all groups, not just those groups in the MY_DOMAIN\Builtin path. Select the check boxes next to each group included in this farm.Note:Filtering on groups was introduced in 5.0 SP2 for efficiency purposes.
Remove button Click theRemovebutton to remove existing groups from this farm. Highlight the groups to which privileges do not apply.

Licensing tab

Field Description
License server name Type the name of the Citrix License Server in this textbox.
License server port Type the port number that the license server uses or accept the default, which is 27000.

Options tab

Field Description
Auto add When using this feature, select the site used by new target devices. If theNo default siteis chosen, the site of that Citrix Provisioning server that logs in the target device is used. Use theNo default sitesetting if your farm has site scoped PXE/TFTP servers.Important:当添加新的目标设备启用这个特性。Enabling this feature results in computers being added without the approval of a farm administrator.
Auditing Enable or disable the auditing feature for this farm.
Offline database support Enable or disable the offline database support option. This option allows servers within this farm to use a snapshot of the database in case the connection is lost.

Note:

TheSend anonymous statistics and usage informationcheckbox, which enables the Customer Experience Improvement Program (CEIP), is no longer available.

Virtual disk version tab

Field Description
Alert if number of versions from base image exceeds: Set an alert if the number of versions from the base image is exceeded.
Default access mode for new merge versions 希利ct the access mode for the virtual disk version after a merge completes. Options include; Maintenance, Test (default), or Production.Note:If the access mode is set toProductionand a test version exists, the state of the resulting auto-merged version is automatically set toMaintenanceorTest。If a Maintenance version exists, an automatic merge is not performed.
Merge after automated virtual disk update, if over alert threshold Enable automatic merge. Enable the automatic merge feature if the number or virtual disk versions exceeds the alert threshold. Minimum value is 3 and maximum value is 100.

Status tab

Field Description
Status of the farm Provides database status information and information on group access rights being used.

Registration tab

Field Description
State Provides information on joining status of farm to Citrix Cloud and customer ID and name.
Unregistered servers Lists the servers in the farm that are not yet registered to Citrix Cloud. The farm cannot be joined to Citrix Cloud until all the servers in the farm are registered to Citrix Cloud.

Encryption tab

The tab is available only after you choose to join your farm to Citrix Cloud. Using this tab, you can:

  • Monitor the status of the database key rotation
  • See the list of Citrix Provisioning servers that are waiting on key distribution
  • Rotate the encryption key

Key rotation distributes a new database encryption key to all the Citrix Provisioning servers in the farm. After the distribution is complete, the database is re-encrypted with this new key. This process ensures enhanced database security.

Field Description
State States of the encryption that are Distributing keys, Re-encrypting Database, and Idle.
Offline servers Lists the servers in the farm that are offline.

The description of the states of the encryption are as follows:

Distributing Keys: This is the first state of key rotation. In this state, the new database encryption key is being synchronized with all the Citrix Provisioning servers. The farm remains in the Distributing Keys state until all the servers have the latest encryption key. To retrieve the new encryption key, a Citrix Provisioning server:

  • must be active (that is, must not be offline) till it gets the new encryption key. You can turn off the server once it gets the new encryption key
  • can communicate with the Citrix Cloud to get the encryption key

Re-encrypting Database: This is the next state afterDistributing Keys。In this state, after all the Citrix Provisioning servers in the farm get the new encryption key, the encrypted fields in the database are re-encrypted with this new encryption key.

Idle: This is the next state after re-encrypting the database. This state implies that the key rotation process is complete. TheRotate Encryption Keybutton is enabled when the encryption status isIdle。After you clickRotate Encryption Key, the state changes toDistributing Keys

Note:

  • Each encryption key cycling job takes a minimum of 5 to 10 minutes to move to the next state. However, the process is delayed if there are offline Citrix Provisioning servers.
  • You might see a Citrix Provisioning server that initiated the key rotation in the list of servers that are waiting on key distribution even after the server in the farm gets the new encryption key immediately. Wait for approximately 5 minutes for that server to finish its key rotation process, after which it moves out of the list.
  • You cannot add new Citrix Provisioning servers in the farm when the state isDistributing KeysorRe-encrypting Database

Using PowerShell and MCLI commands to rotate encryption key

You can now use PowerShell and MCLI commands to rotate encryption keys. Before using the commands, make sure that:

  • All Citrix Provisioning servers in the farm are registered with the Citrix Cloud
  • Encryption status isIdle

Using PvsPsSnapIn:

  1. Open thePowerShellwindow.
  2. Install the PowerShell Snap-In. The path where theCitrix.PVS.SnapIn.dllis installed is:C:\Program Files\Citrix\Provisioning Services Console\Citrix.PVS.SnapIn.dll

  3. RunStart-PvsRotateEncryptionKeysto start the key rotation process. After you run the command, the key rotation status changes toDistributing Keys

    Note:

    If you run the commandStart-PvsRotateEncryptionKeyswhen the key rotation status isDistributing KeysorRe-encrypting Database, you get an error because the key rotation is in process and keys can be rotated only when the key rotation status isIdle

  4. RunGet-PvsKeyRotationPendingServerscommand to get the list of servers in the farm that are waiting on key distribution and servers that are offline.

    Note:

    • When the key rotation status is:
      • Distributing Keys, you get the list of servers that are waiting on key distribution.
      • Re-encrypting DatabaseorIdle, you get the list of servers that are offline.
    • You might see a Citrix Provisioning server that initiated the key rotation in the list of servers that are waiting on key distribution even after the server in the farm gets the new encryption key immediately. Wait for approximately 5 minutes for that server to finish its key rotation process, after which it moves out of the list.
  5. Turn on the servers that are offline. Ensure that the servers in the farm can communicate with the Citrix Cloud to get the encryption key.

  6. After the key rotation process is complete, the status of the key rotation must change toIdle。Run the commandGet-PvsFarmto verify the key rotation status. The values of the propertyEncryptionStatus:

    • 0: Idle state
    • 1: Distributing Keys
    • 2: Re-encrypting Database

Note:

Each encryption key cycling job takes a minimum of 5 to 10 minutes to move to the next status. However, the process is delayed if there are offline Citrix Provisioning servers and servers waiting on key distribution.

Using MCLI.exe:

  1. Open thePowerShellwindow.

  2. Run。\MCLI.exe Run CycleEncryptionKeysto start the key rotation process. After you run the command, the key rotation status changes toDistributing Keys

    Note:

    If you run the command。\MCLI.exe Run CycleEncryptionKeyswhen the key rotation status isDistributing KeysorRe-encrypting Database, you get an error because the key rotation is in process and keys can be rotated only when the key rotation status isIdle

  3. Run。\MCLI.exe Get PendingServerscommand to get the list of servers in the farm that are waiting on key distribution and servers that are offline.

    Note:

    • When the key rotation status is:
      • Distributing Keys, you get the list of servers that are waiting on key distribution.
      • Re-encrypting DatabaseorIdle, you get the list of servers that are offline.
    • You might see a Citrix Provisioning server that initiated the key rotation in the list of servers that are waiting on key distribution even after the server in the farm gets the new encryption key immediately. Wait for approximately 5 minutes for that server to finish its key rotation process, after which it moves out of the list.
  4. Turn on the servers that are offline. Ensure that the servers in the farm can communicate with the Citrix Cloud to get the encryption key.

  5. After the key rotation process is complete, the status of the key rotation must change toIdle。Run the command。\MCLI.exe Get Farm -fto verify the key rotation status. The values of the propertyEncryptionStatus:

    • 0: Idle state
    • 1: Distributing Keys
    • 2: Re-encrypting Database

Note:

Each encryption key cycling job takes a minimum of 5 to 10 minutes to move to the next status. However, the process is delayed if there are offline Citrix Provisioning servers and servers waiting on key distribution.

Using McliPsSnapIn:

  1. Open thePowerShellwindow.
  2. Install thePowerShell Snap-In。The path where theCitrix.PVS.SnapIn.dllis installed is:Import-Module "C:\Program Files\Citrix\Provisioning Services Console\McliPSSnapIn.dll"

  3. RunMcli-Run CycleEncryptionKeysto start the key rotation process. After you run the command, the key rotation status changes toDistributing Keys

    Note:

    If you run the commandMcli-Run CycleEncryptionKeyswhen the key rotation status isDistributing KeysorRe-encrypting Database, you get an error because the key rotation is in process and keys can be rotated only when the key rotation status isIdle

  4. RunMcli-Get PendingServersto get the list of servers in the farm that are waiting on key distribution and servers that are offline.

    Note:

    • When the key rotation status is:
      • Distributing Keys, you get the list of servers that are waiting on key distribution.
      • Re-encrypting DatabaseorIdle, you get the list of servers that are offline.
    • You might see a Citrix Provisioning server that initiated the key rotation in the list of servers that are waiting on key distribution even after the server in the farm gets the new encryption key immediately. Wait for approximately 5 minutes for that server to finish its key rotation process, after which it moves out of the list.
  5. Turn on the servers that are offline. Ensure that the servers in the farm can communicate with the Citrix Cloud to get the encryption key.

  6. After the key rotation process is complete, the status of the key rotation must change toIdle。Run the commandMcli-Get Farmto verify the key rotation status. The values of the propertyEncryptionStatus:

    • 0: Idle state
    • 1: Distributing Keys
    • 2: Re-encrypting Database

Note:

Each encryption key cycling job takes a minimum of 5 to 10 minutes to move to the next status. However, the process is delayed if there are offline Citrix Provisioning servers and servers waiting on key distribution.

Using the console to configure a farm

Run the Configuration Wizard on a provisioning server when creating a farm, adding new provisioning servers to an existing farm, or reconfiguring an existing provisioning server.

If all provisioning servers in the farm share configuration settings such as site and store information, considerRunning the Configuration Wizard Silently

Starting the configuration wizard

The Configuration Wizard starts automatically after Citrix Provisioning software is installed. The wizard can also be started by selectingStart > All Programs > Citrix > Citrix Provisioning > Citrix Provisioning Configuration Wizard

Configuration wizard settings

Before running the Configuration Wizard, be prepared to make the following selections:

Note:

如果在处理过程中发生错误,日志是命令ten to a ConfigWizard.log file, which is at C:\ProgramData\Citrix\Citrix Provisioning.

Tip:

The Configuration Wizard was modified at release 7.12 to include support for Linux streaming. See the installation article for information about theLinux streaming component

Network topology

Complete the network configuration steps that follow.

  1. 希利ct the network service to provide IP addresses

    Note:Use existing network services if possible. If existing network services cannot be used, choose to install the network services that are made available during the installation process.

    To provide IP addresses to target devices, select from the following network service options:

    • If the Dynamic Host Configuration Protocol (DHCP) service is on this server, select the radio button next to one of the following network services to use, then clickNext:
      • Microsoft DHCP
      • Citrix Provisioning BOOTP service
      • Other BOOTP or DHCP service
    • If the DHCP service is not on this server, select the radio button next toThe service is running on another computer, then clickNext

  2. 希利ct the network service to provide PXE boot information

    Each target device downloads a boot file from a TFTP server.

    希利ct the network service to provide target devices with PXE boot information:

    • If you use Citrix Provisioning to deliver PXE boot information, selectThe service that runs on this computer。Then select from either of the following options, then clickNext:
      • Microsoft DHCP (options 66 and 67)
      • Citrix Provisioning PXE Service
    • If Citrix Provisioning does not deliver PXE boot information, selectThe information is provided by a service on another deviceoption, then clickNext

Identify the farm

  1. 希利ct from the following farm options:

    • Farm is already configured

      1. On theFarm Configurationdialog, select the optionFarm is already configured, and clickNext。This option appears only if a farm has been previously configured on this server.

      2. Enter database administrator credentials in the pop-up dialog. SelectActive Directory Integratedauthentication if you want to use the current login. ClickOk

        Database administrator credential

      3. Continue to theConfigure user account settingsprocedure.

    • Create the farm

      1. On theFarm Configurationdialog, select the optionCreate a Farm, and clickNext
      2. On theDatabse Serverdialog,

        1. Use theBrowsebutton to browse for existing SQL databases and instances in the network, or type the database server name and instance.

          Database Server Dialog on-premises

          Note:

          The combination of the database name and farm name must not exceed 54 characters. In such cases, the farm name displays as a truncated entry in the现有的农场screen.

        2. To enable multi-subnet failover for SQL server, specify a database mirror failover partner, or enter a TCP port number, clickConnection Options …
        3. 希利ctActive Directory Integratedauthentication if you want to use the services’ user account. Enter the database credentials that the Stream and SOAP services will use.
        4. ClickNext

      3. Enter database administrator credentials in the pop-up dialog. SelectActive Directory Integratedauthentication if you want to use the current login. ClickOk

        Database administrator credential

      4. 希利ct the database location.

    • Join an existing farm

      1. On theFarm Configurationdialog, select the optionJoin Existing Farmto add this provisioning server to an existing farm, then clickNext
      2. On theDatabse Serverdialog:

        1. Use theBrowsebutton to browse for the appropriate SQL database and instance within the network.Database Server Dialog on-premises

        2. 希利ct the farm name that displays by default, or scroll to select the farm to join. Note: More than one farm can exist on a single server. This configuration is common in test implementations.
        3. To enable multi-subnet failover for SQL server, specify a database mirror failover partner, or enter a TCP port number, clickConnection Options …
        4. 希利ctActive Directory Integratedauthentication if you want to use the services’ user account. Enter the database credentials that the Stream and SOAP services will use.
        5. ClickNext

      3. Enter database administrator credentials in the pop-up dialog. SelectActive Directory Integratedauthentication if you want to use the current login. ClickOk

        Database administrator credential

      4. 希利ct from the following site options, then clickNext:
        • Existing Site: Select the site from the menu to join an existing site.
        • New Site: Create a site by typing the name of the new site and a collection.
      5. Continue on to configure the user account settings.

Identify the database

Only one database exists within a farm. To identify the database:

  1. If the database server location and instance have not yet been selected, complete the following procedure.

    1. On theDatabase Serverdialog, clickBrowseto open theSQL Serversdialog.
    2. From the list of SQL Servers, select the name of the server where this database exists. Specify the instance to use (to use the default instance, SQLEXPRESS, leave the instance name blank). In a test environment, this configuration can be a staged database.Note:Rerunning the Configuration Wizard to add extra provisioning server database entries, populates the服务器NameandInstance Nametext boxes. By default, SQL Server Express installs as an instance namedSQLEXPRESS
    3. 希利ctActive Directory Integratedauthentication if you want to use the services’ user account. Enter the database credentials that the Stream and SOAP services will use.
    4. ClickNext。If this database is a new farm, continue on to theDefining a Farmprocedure.

  2. To change the database to a new database

    1. On the old database server, perform a backup of the database to a file.
    2. On the new database server, restore the database from the backup file.
    3. Run the Configuration Wizard on each Citrix Provisioning server.
    4. 希利ctJoin existing farmon theFarm Configurationdialog.
    5. Enter the new database server and instance on theDatabase Serverdialog.
    6. 希利ctActive Directory Integratedauthentication if you want to use the services’ user account. Enter the database credentials that the Stream and SOAP services will use.
    7. 希利ct the restored database on theExisting Farmdialog.
    8. 希利ct the site that the provisioning server was previously a member of on theSitedialog.
    9. ClickNextuntil the Configuration Wizard finishes.

  3. Define a farm. Select the security group to use:

    • Use Active Directory groups for securityNote:When selecting the Active Directory group to act as the farm administrator from the menu, choices include any group the current user belongs to. This list includes Built in groups, which are local to the current machine. Avoid using these groups as administrators, except for test environments. Some group names might be misleading and appear to bedomain groups, but arelocal domain groups。For example,ForestA.local/Builtin/Administrators
    • Use Windows groups for security

  4. ClickNext

    Continue on to select the license server.

Create a store for a new farm

A new store can be created and assigned to the Citrix Provisioning server being configured:

Note:The Configuration Wizard only allows a server to create or join an existing store if it is new to the database. If a server exists in the database and it rejoins a farm, the Configuration Wizard might prompt the user to join a store or create a store. During this process, the selection is ignored.

  1. On theNew Storepage, name the new Store.
  2. Browse or enter the default path (for example: C:\PVSStore) to use to access this store, then clickNext。If an invalid path is selected, an error message appears. Reenter a valid path, then continue. The default write cache location for the store is located under the store path for example: C:\PVSStore\WriteCache.

Identify the site

当加入一个现有的农场,确定网站where this provisioning server is a member. Identify a site by either creating a site or selecting an existing site within the farm. When a site is created, a default target device collection is automatically created for that site.

Join Citrix Cloud

You can choose to join your farm with Citrix Cloud. When you join, you must register all the servers in the farm with Citrix Cloud.

Note:

  • Citrix云page appears when the farm is not joined to Citrix Cloud. If you select to join your farm to Citrix Cloud, you will not see this page again.
  • If you want to revert to a non-cloud joined farm, you have to recreate the farm.

On theCitrix Cloudpage,

  1. 希利ctJoin Citrix Cloudand clickNext
  2. ClickYeson the pop-up message to confirm your action.

Register with Citrix Cloud

This page appears if you need to register the Citrix Provisioning server to Citrix Cloud.

  1. Review theCloud Registrationpage. If this is the first server to register, the page must indicate that no customer has been established for the farm yet. Otherwise, you can see the customer ID on the page.
  2. ClickNextto start the registration with Citrix Cloud. A message appears indicating that the Configuration Wizard is registering.

Note:

If the registration is not successful or the registration has become invalid, you are returned to this page and prompted to register the Citrix Provisioning servers again.

Confirm the Citrix Cloud registration

  1. Follow the instructions provided in the Confirm the Citrix Cloud Registration page.

    Note:

    If this is not the first server to be registered, ensure to log in with the same customer account as the first server.

  2. After the registration is confirmed, the page automatically closes after you confirm the registration.

Note:

If you delete an unregistered Citrix Provisioning server when all the other servers are registered, the process of registering all servers to Citrix Cloud is not complete, and the farm’s state remains partially joined. To resolve the issue, run the Configuration Wizard on any of the Citrix Provisioning servers that is joined to Citrix Cloud. Select the optionFarm is already configured

希利ct the license server

  1. Enter the name (or IP address) and port number of the license server (default is 27000). The provisioning server must be able to communicate with the license server to get the appropriate product licenses.
  2. Optionally, select the check boxValidate license server version and communication。This option verifies that the license server can communicate with this server and that the appropriate version of the license server is used. If the server is not able to communicate with the license server, or the wrong version of the license server is being used, an error message appears. You cannot proceed.
  3. ClickNextto continue on to configure user account settings.

Configure user account settings

The Stream and Soap services run under a user account. Configure data reader and data writer database roles automatically using the Configuration Wizard to provide database access privileges to a user account.

  1. On theUser Accountdialog, select the user account that the Stream and Soap services run under:
    • Network service account (minimum privilege local account that authenticates on the network as computers domain machine account).
    • Specified user account (required when using a WindowsShare; workgroup or domain user account). Type the user name, domain, and password information in the appropriate text boxes.
  2. ClickNext, then continue on to selecting network cards for the Stream Service.

Group managed service accounts

Citrix配置支持组管理服务Accounts (gMSA). These accounts are managed domain accounts providing automatic password management and simplified SPN management over multiple servers.

Group managed service accounts

Creating self-signed certificates for Linux streaming

When streaming Linux desktops, the Linux target devices must be linked to the provisioning Soap server via an SSL connection. The self-signed certificate must be present on the provisioning server.

Using the Citrix Provisioning Configuration Wizard, you can choose to add the proper certificate from the provisioning Soap container, specifically for Linux desktops.

Creating self-signed certificates with PoSH

Use the following PowerShell command (as an administrator) to create a self-signed certificate that is placed into the provisioning Soap container:

$PVS_SERVER_FQDN = "PVS-01.fqdn" $CERT_FILE = "C:\ProgramData\Citrix\Provisioning Services\cert.cer"

1. Create a self-signed certificate:

$cert = New-SelfSignedCertificate -DnsName $PVS_SERVER_FQDN -CertStoreLocation cert:\LocalMachine\My $cert_thumbprint = $cert.Thumbprint

2. Export the certificate to the .cer file without its private key:

Export-Certificate -Cert $cert -FilePath $CERT_FILE

3. Import the certificate from the .cer file into root store of the local machine:

$file = ( Get-ChildItem -Path $CERT_FILE ) $file | Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root

Soap SSL configuration

Tip:

When theSoap SSL Configurationpage first loads, the certificate is highlighted which gives the appearance that it is selected. Ensure that the certificate is selected, it appears as a blue item in the table.

希利ct network cards for the stream service

  1. 希利ct the check box next to each of the network cards that the Stream Service can use.
  2. Enter the base port number that is used for network communications in the First communications port: text box.

    Note:

    A minimum of 20 ports are required within the range. All provisioning servers within a farm must use the same port assignments.

  3. 希利ct the Soap Server port (default is 54321) to use for Console access, then clickNext

Continue on to select the bootstrap server.

Configure the bootstrap server

  1. 希利ct the bootstrap server. To use the TFTP service on this provisioning server:

    1. 希利ct the Use the TFTP Service option, then enter or browse for the boot file. The default location is: C:\Documents and Settings\All Users\ProgramData\Citrix\Provisioning Services\Tftpboot

      If a previous version of Citrix Provisioning was installed on this server, and the default location is:

      C:\Program Files\Citrix\Provisioning Services\TftpBoot

      run the Configuration Wizard to change the default location to:

      C:\Documents and Settings\All Users\ProgramData or ApplicationData\Citrix\Provisioning Services\Tftpboot

      If the default is not changed, the bootstrap file cannot be configured from the Citrix Provisioning console and target devices fail to boot. The message ‘Missing TFTP’ appears.

    2. ClickNext

  2. 希利ctProvisioning Serversto use for the boot process:

    1. Use theAddbutton to add more provisioning servers to the list. TheEditbutton to edit existing information, or to remove the server from the list. Use theMove uporMove downbuttons to change the server boot preference order. The maximum length for the server name is 15 characters. Do not enter theFQDNfor the server name. In a high availability implementation, at least two provisioning servers must be selected as boot servers.

    2. Optionally, highlight the IP address of the provisioning server that target devices boot from, then clickAdvanced。TheAdvanced Stream Servers Boot Listappears.

      The following list describes advanced settings that you can choose from. After making your selections, clickOKto exit the dialog, then clickNextto continue.

    • Verbose mode:希利ct the Verbose Mode option if you want to monitor the boot process on the target device (optional) or view system messages.
    • Interrupt safe mode:希利ctInterrupt Safe Modeif you are having trouble with your target device failing early in the boot process. This option enables debugging of target device drivers that exhibit timing or boot behavior problems.
    • Advanced memory support:This setting enables the bootstrap to support newer Windows OS versions and is enabled by default. Disable this setting on Windows Server OS 32 bit versions that do not support PXE. Or if your target device is hanging or behaving erratically in early boot phase.
    • Network recovery method:
      • Restore Network Connections:希利cting this option results in the target device attempting indefinitely to restore its connection to the provisioning server.

        Note:

        Because theSecondsfield does not apply, it becomes inactive when selecting theRestore Network Connectionsoption.

      • Reboot to Hard Drive:(A hard drive must exist on the target device). Selecting this option instructs the target device to perform a hardware reset to force a reboot after failing to re-establish communications for a defined number of seconds. The user determines the number of seconds to wait before rebooting. Assuming the network connection cannot be established, PXE fails, and the system reboots to the local hard drive. The default number of seconds is 50, to be compatible with high availability configurations.
    • Logon polling timeout:Enter the time in milliseconds between retries when polling for provisioning servers. Each server is sent a login request packet in sequence. The first responding server is used. In non-HA configurations, this time-out simply defines how often to retry the single available server with the initial login request. This time-out defines how quickly the round-robin routine switches from one server to the next in trying to find an active server. The valid range is from 1,000 milliseconds to 60,000 milliseconds.
    • Log in general timeout:输入的所有登录超时以毫秒为单位ssociated packets, except the initial login polling time-out. The time-out is longer than the polling time-out because the server needs time to contact all associated servers, some of which are unreachable. Unreachable servers require retries and time-outs from the provisioning server to the other provisioning servers to determine if they online. The valid range is from 1,000 milliseconds to 60,000 milliseconds.
  3. Verify that all configuration settings are correct, then clickFinish

Bootstrap configurations can be reconfigured by selecting theConfigure Bootstrapoption from theProvisioning Services Actionmenu in the console.

Finish the configuration

On theFinishpage, additional data about server registration is presented in theSummarysection.

  1. Run the Configuration Wizard to configure all the servers in the farm.
  2. ClickDoneon the Finish page after configuration is complete.

Verify Citrix Provisioning server registration

To verify the Citrix Provisioning server registration:

  1. Log in to.cloud.com
  2. Go toIdentity and Access Management > API Access > Product Registrations。You can see the current registrations.

Restore database

You can restore the database from a backup when using enhanced database encryption if you rotate the keys between taking the backup and restoring the database.

Note:

  • The enhanced encryption is available only after you join a farm to the Citrix Cloud.
  • The database encryption key is synchronized between Citrix Cloud, Citrix Provisioning Server’s registry, and database every 24 hours.

To restore the database when using enhanced encryption:

  1. Take a backup of the database usingSQL Server Management Studiowhen the key rotation state isIdle

  2. Restore the database.

    1. Wait for the key rotation state to beIdleif a key rotation is in progress.
    2. Stop all Citrix Provisioning Services on all Citrix Provisioning Servers in the farm - SOAP, stream process, and Citrix Provisioning API. This action ensures that all active connections to the database are closed.
    3. Restore the database usingSQL Server Management Studio

  3. Get the Citrix Provisioning Servers online.

    1. Run the Configuration Wizard on all the servers in the farm. After you clickFinish, the system displays a prompt to indicate that the database has been restored and key rotation is required. ClickOK

  4. Rotate the key using one of the following:

    • Go to theCitrix Provisioning Console > Farm > Properties > Encryptiontab. For more information, seeEncryption tab

      Note:

      After you launch the Citrix Provisioning Console, the farm icon is replaced with a warning icon. TheGeneral,Encryption, andStatustabs ofFarm > Propertiesalso display a warning message to indicate that the database has been restored and key rotation is required. The warning icon and the message disappear after you rotate the key.

    • Use the PowerShell commandStart-PvsRotateEncryptionKeys。有关更多信息,请参见Using PowerShell and MCLI commands to rotate encryption key

Farm
August 4, 2023
Contributed by:
C J
August 4, 2023
Contributed by:
C J

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.