Jump to content
Welcome to our new Citrix community!
  • 1

Citrix Policies not applying if changed anything


Alexander Röser

Question

Currently we have a problem that if we change anything within the citrix policies (I mean ANYTHING, either change a value inside a existing policy, change targeting or create a new policy), all vms go immediatly to an unregistered state and in Director you see failing session connects with Error "Configuration Set Error". On the DDC you can see Event 1060 with Message: Exception 'Rejected' of type 'SetResult'.

To get back to a working state, we have to revert the change and reboot all vms. If VMs are not rebooted, logon is possible, but no policies are applied at all. 

You see an empty hklm:\software\polices\citrix\grahpicspolicies hive, and that's all. 

We're using DDC-Policies only (not AD-integrated). 

Provisioning: MCS

VDA: 2203 LTS CU1

OS: Server 2016 (Updated Oktober 2022)

DDC are on Server 2016 Updated November 2022

 

Tickets are open, but has anyone experienced something similiar ever?

 

 

 

Link to comment

22 answers to this question

Recommended Posts

  • 0

From Bitdefender :

Quote

The smartdb_volume should allow Bitdefender's On-Access scanning to scan only new or changed files which should take some resource load off of the machine.

The location of creation is hard-coded.

To disable smartdb usage, you should disable the "Only new or changed files" box in the On-access scanning Settings before proceeding with deleting that file.

 

I'll try that in the weekend and let you know the outcome.

  • Like 1
Link to comment
  • 0

We're having the exact same issues in our environment and also having a ticket open. Done a lot of troubleshooting but it's still not clear what the issue is. We're using AD policies at the moment as a work-around but we where only using Studio policies op to the time the issue occured.

 

The issue indeed pops up when you make a change in any policy via Citrix Studio. It does not matter wether the policy applies to the users\delivery group or not. Right after applying a policy change servers get randomly unregistered, random users can't log on and random users even get disconnected or logged off. The whole environment settles down after about an hour and then everything works normal again.....except the studio policies. These are not applied anymore to the user sessions.

 

For us it started after upgrading vda's to version 2209. At that point other 2109 servers seem to be not affected. After upgrading the whole environment everything is affected.

 

MCS, VDA 2209 (OS 2019), DDC's 2209

Link to comment
  • 0

Some events that occur on the CDC right after the change:

 

Eventid 1060

The Citrix Broker Service failed to apply settings on the virtual machine 'VDA'. 
 
Check that the virtual machine can be contacted from the controller and that any firewall on the virtual machine allows connections from the controller. See Citrix Knowledge Base article CTX126992. 
 
Error details: 
Exception 'Rejected' of type 'SetResult'.

 

EventID 1115

The Citrix Broker Service failed to broker a connection for user 'User' to resource 'Delivery group'. An error occurred when applying policy settings to virtual machine 'VDA'. 
 
If the problem persists, please restart the virtual machine, but note that unsaved data may be lost.

 

EventID 0

The Citrix servers reported an unspecified error from the XML Service at address http://storefront/scripts/wpnbr.dll [NFuseProtocol.TRequestAddress].

 

EventID 4003

All the Citrix XML Services configured for farm XenApp failed to respond to this XML Service transaction.

 

EventID 28

Failed to launch the resource 'XenApp. xxxx' using the Citrix XML Service at address 'http://storefront/scripts/wpnbr.dll'. The XML service returned error: 'unspecified'.

 

Then EventID 1063 and 1110 pop-up suppressing most of the above events.

EventID 0, 4003 and 28 keep popping up for about an hour and then it stops.

Link to comment
  • 0
8 minutes ago, Alexander Röser said:

Currently our Ticket is still under investigation (#81563990).

at the moment citrix suspects that the identity disk is filling up, which should not happen.

image.thumb.png.534dc2d21de6a2e104d16016415404e3.png

 

It seems our AV-Software is generating some index files per Drive which shouldn't be there. 

 

Indeed I've saw that, our identity disks are full too:

image.thumb.png.b055fc37614a3a1d9d5c6c90a1aa9eb5.png

Quote

Amount of free disk space "C:\Program Files\Citrix\PvsVm\Service\PersistedData\" (0.0%) is below a defined threshold (5.0%). Current free disk space is 0.00 GB

 

 

I tried to inspect the content of the disk using this tutorial https://support.citrix.com/article/CTX232143/error-the-citrix-desktop-service-was-refused-a-connection-to-the-delivery-controller-ip-address-xxxxxxxxxxxx but didn't find anything specific.

I'll take another look

 

Our AV is Bitdefender, what is yours ?

Link to comment
  • 0

Not sure how is it supposed to look but here is our disk content

 

 Le volume dans le lecteur C n’a pas de nom.
 Le numéro de série du volume est 3223-F020

 Répertoire de C:\Program Files\Citrix\PvsVm\Service\PersistedData

15.12.2022  09:56    <DIR>          BrokerAgentInfo
               0 fichier(s)                0 octets

 Répertoire de C:\Program Files\Citrix\PvsVm\Service\PersistedData\BrokerAgentInfo

15.12.2022  09:56    <DIR>          .
15.12.2022  09:56    <DIR>          ..
15.11.2022  17:39                 0 3c0b4750-5f09-4c5c-aa56-007d40cba625.gpf
15.11.2022  17:46                 0 4649292e-d555-4223-a62b-7fb865df8afe.gpf
11.11.2022  10:28                 0 4bc26574-d4ed-4573-b3f6-8842988d2806.gpf
15.11.2022  17:24                 0 69ce8502-6a2e-4d5b-a7dd-3d6028593afd.gpf
22.11.2022  13:13                 0 fdcd366f-c01d-42cf-8931-d17d3bd670c9.gpf
21.11.2022  16:35                 0 84a623a8-e85b-4786-868f-8637c363c8a2.gpf
15.11.2022  17:09                 0 86216224-949b-4278-b817-28a6af15c119.gpf
14.12.2022  11:45                 0 9dc9fc1f-dcce-4e46-b28d-a80e5883b8fc.gpf
15.12.2022  09:58                 0 aa6c6a7f-1471-4950-8038-cd499fa47373.gpf
15.11.2022  17:29                 0 adc67b76-4dfe-49ba-a36f-2ef0ed2e52fa.gpf
11.11.2022  09:35                 0 e8360d22-8025-4656-8821-edf07dd969d7.gpf
15.11.2022  17:33                 0 cdd991db-9742-48b9-8ed4-f99604b486e4.gpf
11.12.2022  00:57               805 GroupPolicyValues.xml
11.12.2022  00:57             1 297 SavedListOfDdcsSids.xml
11.12.2022  00:57            26 296 75a18cf1-4d21-4d3b-8fe6-d3b6c02abeb3.gpf
11.12.2022  00:57            31 108 c4624b5b-f68c-40c6-aa34-b43fe7e4b538.gpf
              16 fichier(s)           59 506 octets

 Répertoire de C:\Program Files\Citrix\PvsVm\Service\PersistedData\PvsVm

15.12.2022  09:58               858 VdaState.ini
               1 fichier(s)              858 octets

 Répertoire de C:\Program Files\Citrix\PvsVm\Service\PersistedData\System Volume Information

11.12.2022  00:56                32 smartdb_Volume{589e6702-0000-0000-0000-010000000000}.sdb-wal
11.12.2022  00:55         1 048 576 smartdb_Volume{589e6702-0000-0000-0000-010000000000}.sdb
               2 fichier(s)        1 048 608 octets

     Total des fichiers listés :
              19 fichier(s)        1 108 972 octets
               3 Rép(s)               0 octets libres

 

Link to comment
  • 0
On 12/15/2022 at 11:16 AM, Alexander Röser said:

We have also Bitdefender and the Output looks exactly equal. 

We've opened a Ticket with Bitdefender if it's possible to avoid generating these sdb-files. 

Hi Alexander,

Do let us know the outcome because indeed I'm seeing the same .sdb files in the PersistantData volume. Also the volume shows 0% free space.

I will also create a call with Bitdefender and hopefully it will speed up things to fix this.

Link to comment
  • 0

Disabling the "Only new or changed files" didn't do the trick for me.

smartdb_Volume files are still created and volume will eventually fill up.

I've manually extended the identity disks to 32MB to circumvent the issue while waiting further helps from my Citrix or Bitdefender case.

Link to comment
  • 0
2 hours ago, Renaud said:

Disabling the "Only new or changed files" didn't do the trick for me.

smartdb_Volume files are still created and volume will eventually fill up.

I've manually extended the identity disks to 32MB to circumvent the issue while waiting further helps from my Citrix or Bitdefender case.

Hi Renaud, Thanks for the update and keep us posted if any news.

Link to comment
  • 0

I was with Citrix support this morning and we agreed to wait until we can completely exclude the identity disk in Bitdefender.

 

It seems that the case has been escalated on Bitdefender side, their response when I asked another solution to exclude the disk entirely :

Quote

We're currently investigating the matter with our development team for a proper resolution.

 

Link to comment
  • 0
On 12/20/2022 at 1:44 PM, Renaud said:

I was with Citrix support this morning and we agreed to wait until we can completely exclude the identity disk in Bitdefender.

 

It seems that the case has been escalated on Bitdefender side, their response when I asked another solution to exclude the disk entirely :

 

Same here\answer with my case with Bitdefender. 

I've also asked Citrix if it was possible to have the disk created somewhat larger as a work around (not manualy).

Link to comment
  • 0

Confirmed we have the same issue with our VDI VM's goes unregistered and the Identity Disk is full.  We use BitDefender as well so clear is the issue filling the Identity Disk.

 

What mitigations have people put in so far?  Seems we cannot exclude the Identity Disk in BitDefender and no setting in there really helps.

 

Currently the only solution is to increase the Identity Disk, is that until BitDefender come back?

Link to comment
  • 0
10 hours ago, Nick Mahlitz said:

Confirmed we have the same issue with our VDI VM's goes unregistered and the Identity Disk is full.  We use BitDefender as well so clear is the issue filling the Identity Disk.

 

What mitigations have people put in so far?  Seems we cannot exclude the Identity Disk in BitDefender and no setting in there really helps.

 

Currently the only solution is to increase the Identity Disk, is that until BitDefender come back?

 

Yes, surviving here with Identity Disks extended to 32MB until Bitdefender provide a fix.

Yesterday I asked for an update about my case with Bitdefender :

Quote

For the time being our colleagues are still investigating this matter.
These type of cases although they might appear simplistic, are very complex and time is necessary to reach a favorable conclusion, time which includes, investigating, finding a solution or workaround, testing it against multiple scenarios, etc. to make sure that when it is delivered, it will work as intended.
We do wish to apologies for the delay in our answer and I assure you that as soon as an update is available, we will reply with our findings. 

 

Link to comment
  • 0

Bitdefender Case ID 00727908 Update from yesterday:

(Translated from german):

Quote

We have received a response from the development team that the issue is indeed getting closer to a solution and we are already working on a release.
There is no exact date yet, but we assure you that we will inform you as soon as we receive an update.
Thank you for your patience!

 

Bitdefender is currently, shall we say, a bit overzealous. We're actually considering kicking Bitdefender out of our Citrix farm, as that's not the only problem we have with BD at the moment. Until last August/September is ran over year without problems... too bad. 

Link to comment
  • 0

Fix is available from Bitdefender

Quote

Thank you for all your patience in this matter.

I would like to inform you that the fix is available into Fast ring for now. It is totally your choice to decide if you want to fix now via the Fast ring release or wait for the Slow ring general availability.

 

I'll personally wait until it reaches the slow ring

Link to comment
  • 0

We where on the fast ring but I struggled to notice any difference in behaviour. We are now on Bitdefender BEST version 7.8.2.254. After updating MCS servers from an updated (Bitdefender agent) base image it seems now that the sdb-files are not created anymore. It could well be that the issue is now resolved.

 

I will keep monitoring and will update here later...

 

Behaviour seems a bit unclear. I have many servers that do not show the sdb files but I also have servers that do show them after a reboot (from Citrix Studio). I have to figure out why but are going on holiday so it has to wait for week. I will try an uninstall/install of the Bitdefender agent in the base image next week.

Link to comment
  • 0

The Issue is solved from Version 7.8.3.259 

https://www.bitdefender.com/business/support/en/77212-77540-windows-agent.html#UUID-288382f0-87fa-fc68-1047-aecf22d3f3a3

Antimalware

Removed the unused caching database files on partitions smaller than 1GB.

Antimalware

Removed the unused caching database files on partitions smaller than 1GB.

But there's still no date for slow-ring. Hopefully it will be published asap. 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...