Jump to content
Welcome to our new Citrix community!
  • 0

Migrating existing PVS Site to new PVS Site - AD Machine account passwords sync


Lance Winter1709156016

Question

I'm in the process of migrating a 7.15 LTSR PVS site to a new parallel 1912 LTSR site. We have about 6000 targets, many of which are Win10 VDI that are constantly rebooting as users sign out.


I've exported the device collections and vDisks and imported into the new site. The problem I'm seeing is when I boot some of the targets in the new site, the AD machine account password isn't synced between sites, so I'm getting the "Trust relationship error".


I'm trying to figure out if it's possible to export the AD machine account information from the existing site and import into the new site, so that the account passwords will all be in sync. The plan was going to be to flip over to the new site by changing our DHCP options to point to the new TFTP VIP, simply allowing targets to reboot on their own and boot up to the new site seamlessly. But if every single target is going to need to have it's machine account PW reset, I can't picture how it will be possible to do it seamlessly like planned.


We're a 24/7 shop, so shutting down target devices to reset the passwords isn't really an option - especially for the Win10 VDI machines. We could probably babysit the Server OS targets, catching them as they do their staggered reboot each day to reset the accounts, but the Win10 machines are constantly rebooting at random so I don't know how we'd manage that pool. As soon as we change the TFTP VIP, we'll have hundreds of those Win10s attempting to boot to the new site. We also don't have the capacity to spin up all new target VMs in parallel.


Any ideas on how to make this work?

Link to comment

3 answers to this question

Recommended Posts

  • 0

I do not know for certain what get's exported/imported for device collections, but I would not expect the AD Computer password to be one of those things. It is surprising where you indicate "when I boot some of the targets". So some of the exported/imported start fine and others do not?

 

We have seen in a larger pool of PVS TDS that if a TDS has not started within a configured period of time then the AD Computer password stored in the PVS database becomes old/expired as AD updates it, but PVS does not get the update. My memory is rusty, but I recall having to ensure the password reset timer in PVS to be shorter than what was in GP.

Link to comment
  • 0
6 minutes ago, Darryl Sakach said:

I do not know for certain what get's exported/imported for device collections, but I would not expect the AD Computer password to be one of those things. It is surprising where you indicate "when I boot some of the targets". So some of the exported/imported start fine and others do not?

 

I've just hand picked a few targets and attached a BDM iso that points to the 1912 site.   None of them work due to the machine account password issue.  Based on what I've heard back from Citrix so far, there's no hope of importing the passwords.   I'll just have to find a workaround, or do an in-place upgrade instead of the parallel build I've been planning.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...