Jump to content
Welcome to our new Citrix community!
  • 1

PVS Services crash after updates

Dennis van der Velde


Hello all,


Since installing microsoft updates KB5009546 and KB5008877 on our provisioning 2109 machines, the Citrix PVS soap server service doesn't start anymore, when trying to start this service it crashes right away, when this happens the Citrix PVS API service also stops working.


Has anyone else seen this behaviour or know any workaround/fix? We have created a citrix case and are currently uninstalling the updates to see if that works.

Link to comment

18 answers to this question

Recommended Posts

  • 8

We have just started to see this at a number of customer sites,  to work around this issue please set the following register key on the PVS server and reboot or restart the soap server:


HKLM\Software\Citrix\Provisioning services. Value Name: SkipForestLevelTrusts (DWORD) Value: 1


You can also recreate the issue by using Powershell  (thanks  to Citrix Support for being on top of this issue): 

$forestName = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Forest.Name
[System.DirectoryServices.ActiveDirectory.Forest]::GetForest((New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext -Args @([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Forest, $forestName)))
$Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()


This will cause an unhandled exception.   We are still investigating the issue.

  • Like 9
Link to comment
  • 1

Microsoft had documented couple of issues in the 'known issue in update' section and stated as being investigated.


E.g. issue:


- After installing this update, IP Security (IPSEC) connections that contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.


- After installing this update on domain controllers (DCs), affected versions of Windows Servers might restart unexpectedly.

Note: On Windows Server 2016 and later, you are more likely to be affected when DCs are using Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments with Privileged Identity Management (PIM).

Now, they have released non security optional updates that resolve these issues

  • Like 1
Link to comment
  • 0
52 minutes ago, Patrick Dyke said:

We did not install this months patches on any PVS servers yet (1912 CU4) but all of our DCs were updated, and we encountered this issue. The registry key above resolved the issue.

Thanks Patrick we thought this was the case after some recent testing but this just helps us verify it!   


So this issue was reproduced in your environment with just the DCs updated with the MS Patch! 

Link to comment
  • 0

We updated half of our PVS servers and encountered the issue. The DC's were updated with the out of band patch and it still had the problem. So we applied the registry key.


Note to others the registry key needs the space between provisioning and services removed. Or just paste the below.

REG ADD "HKLM\Software\Citrix\Provisioningservices" /v "SkipForestLevelTrusts" /d 1 /t reg_dword /f



Link to comment
  • 0

Not only Server 2016 is affected! This happens also when these updates are installed on 2012 R2 Domain Controllers. and 2012R2 PVS-Servers!
DC and PVS Server: KB5009624 (2022-01 Rollup Win2012R2) and KB5010794 (2022-01 Out-Of Band Update Win2012R2)

On PVS-Server only: KB5009721 (2022-01 Net Rollup 2012R2)
Installing these 3 Updates on PVS Server only does not cause this problem! They started fine after applying the updates as long as the DC are not updated.

After we updated the domain Controllers with KB5009624 and KB5010794 the Citrix PVS soap server service and Citrix PVS API service do not start when rebooting server. Event 1000 and .net event 1026 come up. Registry entry solves it.

Link to comment
  • 0

Same here. As soon as our Domain Controllers (2012R2) got patched with KB5010794 and KB5009713 and rebooted, soon after half the provisioning servers (W2016) pool where patched en rebooted. Those PVS servers got the issue with soapserver and PvsApi.

Carls solution worked for us, thank you.


Link to comment
  • 0

We had the original issue last week when our domain controllers were patched. The suggested reg key fixed it. Today we had another stack of pvs servers where we couldn't start the soap service after they rebooted. The reg key no longer worked. Fixed it this time using the json file mentioned here:


Don't include  "Context:" in the file. I think that's supposed to read "Contents:"


Link to comment
  • 0

Some of our domain controllers have had the Microsoft patch which has caused the issue with our non-production PVS servers and the workaround allowed the SOAP/API services to start again.


However we have noticed that we cannot see any of our 'Forest type' trusted domains when attempting to carry out tasks such as creating a machine account. We can still see our 'External type' trusted domains.


Unfortunately we cannot reverse the workaround to see if this has caused the loss of the trusted domains because the service would not start meaning no console.

It does seem like it might be caused by the workaround given its name 'SkipForestLevelTrusts' but Citrix do not provide any information on what this actually does or what affect this might have on PVS environments which provide targets on multiple domains.


Is anyone else experiencing this?


We have raised a call with Citrix as we are assuming this will soon affect our Production environment.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...