Jump to content
Welcome to our new Citrix community!
  • 0

Duplicate, Triplicate Non Persistent VDIs appear in SCCM


Question

Hi Folks, 

 

I'm working in a new environment and seeing a strange issue. 

 

I have 1000 Non persistent VDIs created using MCS.

 

These NP VDIs have the SCCM Agent installed and SMSAgent Host service is running (neither is what I would recommend for NP VDIs but I'm working with what's in front of me).

 

What I am seeing in SCCM is that every time one of these NP VDIs reboots, a copy of that VDI is created in SCCM.  So, as you can imagine, I have lots of duplicate, triplicate and quadrouple copies of the same VDI Host name appearing in SCCM.

 

I have seen similar issues in places I have worked in the past and the issues have been caused by incorrect "DePersonalization" of the SCCM components on the Golden Image prior to shutdown and Snapshot.  I have always been able to resolve this type of issue until now...

 

The steps I am taking to "DePersonalize" the Golden Image is as follows - Run Citrix Optimizer which includes a script which does the following - 

 

net stop ccmexec

del c:\windows\smscfg.ini

Remove-Item -Path HKLM:\Software\Microsoft\SystemCertificates\SMS\Certificates\* -Force

wmic /namespace:\\root\ccm\invagt path inventoryActionStatus where InventoryActionID="{00000000-0000-0000-0000-000000000001}" DELETE /NOINTERACTIVE

 

I can confirm each step has worked as expected then Shutdown and Snapshot.

 

I then use that Snap to update the relevant Machine Catalogs.

 

There is a GPO which restarts the SMSAgentHost (ccmexec) on the NP VDIs which I dont agree with but Im not sure that alone would cause my issue.

 

So, my question is, What am I missing in terms of "Sealing" the Golden Image machine.  I really thought it was as simple as deleting the SMS Certs and ensuring the SMSCFG.ini didnt exist prior to shutdown of  the GI.

 

 

Many Thanks in advance.

 

 

 

Link to comment

6 answers to this question

Recommended Posts

  • 0
20 hours ago, Jeff Riechers1709152667 said:

Do you need SCCM running on the non-persistent machines?  On most all my deployments I disable the SCCM agent service as part of sealing.  Then I use a script on my maintenance machine to fire up that agent and check in for updates.

Thanks for the reply.

 

I agree, I would much rather not have SCCM in the equation on NP VDIs, this is what I am used to.  But, in this environment, SCCM is used for App V as there are no Publishing servers.

 

Link to comment
  • 0
5 hours ago, James Kindon said:

Thanks for this.

 

I have actually been looking at this and do see some improvement.

 

When I use the latest version of BISF to seal my GI, The NP VDIs do not create duplicates in SCCM when rebooted as part of user log off process but, if I make a change to my GI, re run the BISF then update the machine catalog , I see duplicate VDIs when the MC update process is complete.

 

I am also striving to rebuild my GI when it needs an update rather than editing the existing machine and rerunning BISF.  I expect this may help matters.

 

I will keep testing with BISF as its not something I am too familiar with and find the online documentation not that great.

Link to comment
  • 0
8 hours ago, David Begbie1709163777 said:

I agree, I would much rather not have SCCM in the equation on NP VDIs, this is what I am used to.  But, in this environment, SCCM is used for App V as there are no Publishing servers.

Do yourself and your customer a favor - go and get AppVentix - you won't regret it, one of the best tools on the planet and THE best tool for this scenario https://appventix.com/

 

8 hours ago, David Begbie1709163777 said:

I will keep testing with BISF as its not something I am too familiar with and find the online documentation not that great

Hrm, have you been looking the docs page? It's pretty indepth https://eucweb.com/docs/bisf-7-1912

 

Strange you are seeing duplicate...  using BIS-F has always been my go-to for sealing (but also, whilst I know it functionally works, like most, I see ConfigMgr disabled in the non-persistent VDI)

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...