Jump to content
Welcome to our new Citrix community!
  • 0

Upgrade a Machine Catalog in CLI


Maxime Bertrand

Question

We are using scripts in scheduled tasks to :

- boot the template of our MC, patch them and Poweroff them

- upgrade our MC through the commandlet : Publish-ProvMasterVmImage -AdminAddress $AdminAddress -MasterImageVM $Snap.FullPath -ProvisioningSchemeName $MachineCatalog -RunAsynchronously

Then we use a BrokerRebootScheduleV2 to reboot and upgrade the VDAs.

 

But since we do this, we have some issues after VDAs reboot : a few hours after the reboot, VDA are registred, but the GPOs are not applied exhaustively. That is why some users cannot get their sessoions, cause the RDP Users Restricted Group GPO is not applied.

 

My questions :

Do we miss any step in the MC upgrade in order the AD objects refreshes properly?

What are the permissions needed for the scheduled task to perform properly?

Link to comment

1 answer to this question

Recommended Posts

  • 0
On 2/6/2024 at 4:03 AM, Maxime Bertrand said:

We are using scripts in scheduled tasks to :

- boot the template of our MC, patch them and Poweroff them

- upgrade our MC through the commandlet : Publish-ProvMasterVmImage -AdminAddress $AdminAddress -MasterImageVM $Snap.FullPath -ProvisioningSchemeName $MachineCatalog -RunAsynchronously

Then we use a BrokerRebootScheduleV2 to reboot and upgrade the VDAs.

 

But since we do this, we have some issues after VDAs reboot : a few hours after the reboot, VDA are registred, but the GPOs are not applied exhaustively. That is why some users cannot get their sessoions, cause the RDP Users Restricted Group GPO is not applied.

 

My questions :

Do we miss any step in the MC upgrade in order the AD objects refreshes properly?

What are the permissions needed for the scheduled task to perform properly?

Schedule task should always be configured with the System context to run as local system account. With respect to the addition of reboot schedule, I would mention to also perform a gpupdate during your image reseal. How are you are applying your GPOs to the computer objects, check if you could move those to the Citrix policies or not. Once the policy processing takes place try to run GPRESULT to see the different policies applied to the computer objects.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...