XenApp and XenDesktop 7.13

The product release includes the following new and enhanced features.


New page in VDA installers:

The graphical wizards of the VDA installers (except VDAWorkstationCoreSetup.exe) have a new page named Additional Components. This page lists several components that can be installed.

User Profile Manager
User Profile Manager WMI Plugin
Machine Identity Service
AppDisk and Personal vDisk

By default, all of these additional components are selected if you select “Create a master image” on the Environment page of the VDA installation wizard. If you select “Enable Remote PC Access” on the Environment page, none of the additional components are selected by default.

This feature brings the graphical and command-line interfaces of the VDA installers into closer equivalency. Each of these components can be omitted from a command-line installation by using the /exclude option. (By design, the VDAWorkstationCoreSetup.exe VDA installer cannot install any of these components.)

If you upgrade a VDA that does not have those components already installed, default settings could result in those components being installed during the upgrade, unless you specifically exclude them or use the VDAWorkstationCoreServices.exe installer.

Installing Citrix App-V components when installing a VDA:

Previously, you enabled or disabled installation of the Citrix App-V software on the Features page of the VDA installer wizards (except VDAWorkstationCoreSetup.exe). To disable Citrix App-V software installation from the VDA command line, you used the /no_appv option.

Now, you enable or disable Citrix App-V software installation on the Additional Components page of the VDA installation wizards (except VDAWorkstationCoreSetup.exe). To disable Citrix App-V software installation from the command line, use the /exclude “Citrix Personalization for App-V – VDA” option. (The /no_appv command-line option is no longer valid.)

If you enable the Citrix Personalization for App-V – VDA check box, the “Citrix AppDisk / Personal vDisk” components are automatically selected. This is a known issue in this release. You can prevent this by installing the VDA from the command line containing the /exclude “Personal vDisk” option.

Additional UDP ports opened in firewall during VDA installation:

If you enable the new HDX adaptive transport policy setting, UDP ports 1494 and 2598 are automatically opened in the Windows firewall by default when you install or upgrade a VDA using the graphical interface. (These ports are listed on the Firewall page of the installation wizard). These ports are used for communication with the Delivery Controller.

When installing a VDA from the command line, specify the new /enable_hdx_udp_ports option when using the new adaptive transport policy setting.

Note: TCP ports 1494 and 2598 are opened automatically for use during fallback or when the adaptive transport feature is not used. Those TCP ports are already covered with the existing /enable_hdx_ports option.

Application Group session sharing

When applications in an Application Group are started, by default they reuse existing sessions to launch faster and use fewer resources. In previous releases, although you could prevent application session sharing between Application Groups, applications in the same Application Group would always session share.

You can now configure Application Groups so that application session sharing is disabled between applications in the same Application Group. In some circumstances this may be desirable: for example, you may want users to start non-seamless applications in full size application windows on separate monitors. In this mode applications in the Application Group always run in separate sessions which are indistinguishable from each other for subsequent brokering and reconnection purposes. If a disconnected session exists which is already running the requested application, it is reconnected. You can disable application session sharing using the PowerShell SDK only.


AppDisk includes the following new features and enhancements:

  • Updated logging mechanism. An enhancement to the AppDisk logging and support paradigm allows an administrator to obtain diagnostic information and optionally upload it to the Citrix Insight Services (CIS) website.

Session Recording

Session Recording includes the following new and enhanced features:

  • Database names are configurable. You can use a custom name or the default database name for the Session Recording Database and for the Administrator Logging Database.
  • Database high availability. Session Recording supports three solutions for database high availability based on Microsoft SQL Server.


Director includes the following new and enhanced features:

  • Application-centric troubleshooting. This enhancement facilitates troubleshooting of active application instances in a XenApp and XenDesktop Site with the introduction of a new Application Instances slice-n-dice page in the Filters view. The page displays all active application instances on VDAs of Server OS, and their idle state information.
    Additionally, the Sessions slice-n-dice page is extended to include the session idle time metric enabling easy identification of idle sessions. You can sort and filter the session and application instances based on their idle time measurements and select instances to log off or disconnect.
    The Application Instances filter page and idle time measurements in the Sessions filter pages are available if Director, the Delivery Controller(s), and VDAs are version 7.13 or later.
  • Transport protocol on Session Details panel. The Director Session Details panel is enhanced to display the transport protocol in use for the session. The protocol is displayed as TCP or UDP for the HDX connection type based on the new HDX adaptive transport technology.

Virtual Delivery Agents (VDAs) 7.13

Version 7.13 of the VDA for Server OS and the VDA for Desktop OS include the following enhancements to HDX technologies:

  • Adaptive transport. Adaptive transport for XenApp and XenDesktop optimizes data transport by applying a new Citrix protocol called Enlightened Data Transport (EDT) in preference to TCP whenever possible. Compared to TCP and UDP, EDT delivers a superior user experience on long-haul WAN and internet connections. EDT dynamically responds to changing network conditions while maintaining high server scalability and efficient use of network capacity. EDT is built on UDP and improves data throughput for all ICA virtual channels, including Thinwire display remoting, file transfer (Client Drive Mapping), printing, multimedia redirection. If UDP is not available, adaptive transport automatically reverts to TCP.Enable it using the HDX Adaptive Transport policy setting. The same setting is applicable on both LAN and WAN conditions. This feature requires Citrix Receiver for Windows 4.7 or Citrix Receiver for Mac 12.5. For external secure access, it requires NetScaler Unified Gateway 11.1.51.

  • HDX 3D Pro support for AMD GPUs. Use HDX 3D Pro graphics acceleration technologies with AMD Multiuser GPU (MxGPU) on the AMD FirePro S-series server cards. This release includes support for multimonitors (up to a maximum of six), console blanking, custom resolution, and high frame rate.

  • Access to a high-performance video encoder for Intel Iris Pro graphics processors. The Use hardware encoding for video codec policy setting enables the use of hardware encoding for Intel Iris Pro graphics processors (new in 7.13) and for NVIDIA GRID GPUs (introduced in 7.11). For Intel Iris Pro graphics processors, hardware encoding is supported with VDAs for Desktop OS (in standard or HDX 3D Pro mode) and VDAs for Server OS. For NVIDIA GRID GPUs, hardware encoding is supported with VDAs for Desktop OS in HDX 3D Pro mode.

  • Enhanced drawing features on Wacom tablets. Wacom drawing tablets can connect to published desktops on a remote desktop service (RDS) VM when redirected with generic USB redirection. Though you can use the tablet’s pen device as a mouse device while it is redirected, we recommend that you also maintain a standard USB mouse, which is not redirected, to allow access to local client functions. The redirected device is active only inside the session and doesn’t have control over the local client. Install the driver for the Wacom devices on the hosting RDS OS and the same driver must support each device connected to the server.

  • Enhanced support for Asian languages. Enables the local Input Method Editor (IME) from the client device for entering text into a virtual desktop or application instead of the pre-deployed IME on the server. Using the local IME enables additional language choices because of the various IME brands available for the client. Using the local IME affords you convenience when using client touch keyboards, and an experience that is the same as using a native application. To enable or disable the local IME on the client, use these commands on the command line interface: wfica32.exe /localime:on to enable it and wfica32.exe /localime:off to disable it. The new setting applies to all sessions started after the setting change.

  • Auto client reconnect and session reliability consistency. Auto client reconnect and session reliability allow users to reconnect automatically to their Citrix Receiver sessions after recovering from network disruptions. Updates to auto client reconnect and session reliability policies in Studio are synchronized from server to client, which helps maintain reliable connectivity.

  • Bidirectional content redirection. Enables administrators to specify client to host and host to client URL redirection using group policies. Server policies are set in Studio, and client polices are set from group policy.

  • Client drive mapping. File copying performance is enhanced.

VDA installation and upgrade changes:

  • The 7.13 VDAs contain several new and enhanced features, as described in this section. However, after upgrading your VDAs from version 7.9, 7.11, or 7.12, you do not need to update the Machine Catalog’s functional level. The default (“7.9 (or newer …)”) remains the current functional level.

StoreFront 3.9

StoreFront includes the following new features and enhancements.

  • SAML authentication through StoreFront. Administrators can configure StoreFront to integrate with a SAML Identity Provider in Manage Authentication Methods > SAML Authentication.
  • Import multiple NetScaler Gateway vServer configurations. Administrators can import multiple vServer configurations from the StoreFront management console (Manage NetScaler Gateways > imported from file) or using PowerShell.
  • Configure two URLs for the same NetScaler Gateway using the StoreFront PowerShell SDK. In 3.9, administrators can set a new optional paramater, -gslburl, on the GslbLocation attribute. This simplifies the NetScaler Gateway administration in StoreFront.
  • Support for adaptive transport.
  • Citrix Customer Experience Improvement Program (CEIP). You are now automatically enrolled in CEIP when you install StoreFront.


Provisioning Services 7.13

Provisioning Services includes the following new features and enhancements:

  • PVS-Accelerator. This feature enables a PVS proxy to reside in the XenServer’s Control Domain on a host where streaming of a Provisioning Services vDisk is cached at the proxy before being forwarded to the virtual machine. Using the cache, subsequent booting (or any I/O requests) of the virtual machine on the same host can be streamed from the proxy rather than streaming from the server over the network. Using this model, more local resources on the XenServer host are consumed, but streaming from the server over the network saves resources, effectively improving performance.
  • Linux streaming. You can now provision Linux virtual desktops directly in the XenDesktop environment.

Introduction to Citrix XenDesktop 7.6



Used to be …..


And now …..


Image result for citrix xendesktop 7.6 architecture




So components;

According to Citrix Documents : ( Citrix Free Training CXA-104: Citrix XenApp 7.6 Overview)

XenApp 7.6 is built on the “FlexCast Management Architecture” and offers simple , powerful configuration and operations management and cloud-style automation and scalability.

FlexCast Delivery Technology : (FMA) is a collection of services that work together to efficiency deliver hosted applications ad server desktops at scale.

Studio : The studio management console allows you to configure and manage your XenApp implementation.

Director : is the web-based management console that enables IT support and Help Desk teams to monitor and troubleshoot a XenApp environment.

StoreFront : is an integral component of any XenDesktop , XenApp , XenMobile,or VDI-in-a-box implementation .It authenticates users to Microsoft Active Directory and manages the delivery of desktops and applications from your servers in the datacenter to user’s devices.
Citrix Delivery Controller : Authenticates and manages end-user access and brokers connections between end users and their virtual desktops and applications.

Virtual Delivery Agent : (VDA) manages the HDXconnections between physical or virtual machines that host applications and desktops,and endpoints running Citrix Receiver.

Site : is used to organize resources much like a farm in previous releases. A site represents a single deployment and database.

Machine Catalog : is a collection of machines (physical or virtual) managed as a single entry that you allocate to end users through a Delivery Group.
Delivery Group : specifies who can use a set of applications or server desktops,as well as user settings.


Virtual Delivery Agent – VDA :

The VDA manages the HDX connection between virtual machines that host applications and endpoints running Citrix Receiver.
In order to work correctly the VDA must establish communication or REGISTER with Controllers in the deployments. Along with StoreFront and the Controller , the VDA plays an important role in application enumeration and launch process. If the VDA can not register itself with the Controller , users will not be able to launch applications.

When a connection is required , registered VDA’s can retrieve session details such as password encryption level from the Controller.

Registration occurs when :
– The VDA starts
– The Citrix Desktop Services is restarted.
– The Agent heartbeat or a notification is rejected by the Controller.
– The IP address is changed.
– A Network or communication failure occurs.


What is new in XenApp and XenDesktop 7.12

Citrix is like a running away horse. Most of the companies are still struggling with 6.5 and trying to design and migrate to new architecture, a new release of versions keep coming. So now version 7.12, starting from version 7 a new robust architecture was introduced. It is getting better and better in each version. This is taken from Citrix website.

XenApp and XenDesktop 7.12

The product release includes the following new and enhanced features.

High availability using Local Host Cache

 Local Host Cache (LHC) allows connection brokering operations to continue when normal operations are interrupted due to loss of connection with the Site database. LHC replaces the connection leasing feature as the recommended XenApp and XenDesktop high availability solution. During outages, LHC supports new users and existing users launching new resources, as well as users accessing pooled resources (shared desktops).

New service: The product ISO now contains the new configsync_service_x86/x64.msi for this feature.

Using tag restrictions with Application Groups and desktops

In earlier releases, you could apply tags to items and then use those tags to tailor search displays in Studio.

Now when you publish applications in an Application Group or a desktop in a Delivery Group, you can use a tag restriction to specify that only machines in selected Delivery Groups that have a specified tag should be considered for launch.

Using a tag restriction enables you to use your existing machines for more than one publishing task, saving the costs associated with deploying and managing additional machines. Using a tag restriction can be thought of as subdividing (or partitioning) the machines in a Delivery Group. You can also use a tag restriction to help isolate and troubleshoot a subset of machines in a Delivery Group.


 Multiple restart schedules for machines in Delivery Groups

In earlier releases, administrators could create one restart schedule for all the machines in a Delivery Group. Now, you can use PowerShell cmdlets to:

  • Create multiple restart schedules for a Delivery Group.
  • Configure each schedule to periodically restart only those machines in that Delivery Group that have a specified tag. For example, a daily restart schedule might be optimal for machines in one department, while a weekly restart schedule is suitable for all others.

This new functionality gives you the flexibility to manage periodic machine restarts when the various teams within your organization have different restart requirements. Using the tag restriction feature to essentially partition the machines in a Delivery Group, it’s easy to restart some machines on a more or less frequent schedule than other machines in the same Delivery Group.

Citrix Insight Services

Install and upgrade analytics: In the 7.11 version, automatic upload of install/upgrade analytics to Citrix Insight Services was enabled by default in the full-product installer’s graphical interface and disabled by default in the command line interface. In this version, the graphical interface no longer contains the check box that controls automatic upload, and automatic upload is enabled by default in both the graphical and command line interfaces. You can disable the automatic upload in the registry or by using a new option in the command line interface.

Customer Experience Improvement Program: You are now automatically enrolled in the Citrix Customer Experience Improvement Program when you install a Windows VDA.

Azure Resource Manager connection enhancements

Azure environment support

When you create a connection to Azure Resource Manager, you can now select your Azure environment. The current values are: Azure Global and Azure China.

Azure Hybrid Use Benefits support

When you create a Machine Catalog in Studio, you can now enable or disable support for the Azure Hybrid Use Benefits (HUB), in which you use existing on-premises Windows Server licenses with existing on-premises Windows Server images. Using HUB can reduce the cost of running VMs in Azure to the base compute rate.

Wizard changes in Studio

In the Create Connection wizard, subscription ID and connection name fields that were previously on the Connections page have moved to a new Connection Details page.

In the Create Machine Catalog wizard, the Storage Account page is now titled Storage and License Types.

The MCS I/O storage optimization feature introduced in XenApp and XenDesktop 7.9 for on-premises hypervisor connections is now fully supported for Microsoft Azure Resource Manager connections.

New streamlined standalone VDA for Desktop OS installer

The VDAWorkstationCoreSetup.exe standalone package is an addition to the available standalone VDA installers. This package installs a VDA for Desktop OS that is optimized for using Remote PC Access on a physical machine, or for VDI on a virtual machine that is not being used as a master image.

It is the smallest VDA for Desktop OS installation package currently available. It installs only the core services required for operation. It does not install components used for App-V, Profile management, Machine Identity Service, and Personal vDisk. It does not install a Citrix Receiver for Windows.


Automatic deletion of extracted files when using a standalone VDA installer

When using any standalone VDA installer, files are extracted to a Temp folder. In earlier versions, those files had to be manually deleted. In this version, those files are automatically deleted after the installation completes.


Director includes the following new and enhanced features:

  • User-friendly Connection and Machine failure descriptions. Connection and Machine failures in the Director’s Filters page are supported with detailed descriptions of the possible failure causes and recommended actions. This enables administrators to efficiently troubleshoot the connection or machine related failures in the XenApp and XenDesktop Site.

  • Increased historical data availability in Enterprise edition. The data retention period in Director deployments with the XenApp and XenDesktop Enterprise Edition has increased from seven days to one month. This enables the XenApp and XenDesktop Enterprise users to query historical data from the Monitoring Service for any period up to 31 days based on the data retention settings, and access historical trend reports for up to one month from Director’s Trends tab. This feature requires Director and Delivery Controller version 7.12.

  • Custom Reporting. A new Custom Reports user interface in the Trends tab enables you to create new reports without having to write OData queries to extract real-time and historical data available in the Monitoring database. You can export custom reports, save and share the corresponding OData queries. This feature is available in the Platinum Edition of Director deployments.

  • Automate Director notifications with SNMP traps. Director integrates Citrix Alert notifications with Simple Network Management Protocol (SNMP), a standard protocol for network management. You can configure a Citrix Alert with an SNMP trap. When the alert is triggered, the corresponding SNMP trap message is forwarded to the configured network listener for further processing. You can configure SNMP alerting by using PowerShell cmdlets.

Session Recording

Session Recording includes the following new features and enhancements.

  • IP address or IP Range based Policy Rule Criteria. You can configure a Session Recording policy to enable or disable record sessions based on a client IP address or range of addresses.
  • Highlight Idle Periods in Player. Highlights the idle periods of a recording in a timeline when played back with the  Session Recording Player. Idle periods of a recorded session are the portions in which no action takes place.
  • TLS 1.2. Full support for TLS 1.2 encryption during data transfer.

Virtual Delivery Agents (VDAs) 7.12

Version 7.12 of the VDA for Server OS and the VDA for Desktop OS include the following enhancements to HDX technologies:

  • 8-bit color depth Thinwire support. A new value of 8 bits per pixel is available in the Preferred color depth for simple graphics policy setting. This provides an ultra-low bandwidth usage option intended for workloads that are not graphically demanding, for example, MS Office, mobile apps and custom legacy apps with simple interfaces. Once set, all connections to the VDA show in 8-bit color. The 8-bit color depth option is not supported when the Use video codec for compression policy setting is set to For the entire screen.

  • HTML5 video redirection for internal web sites. Provides the best balance between smooth audio and video display and server scalability for HTML5 video content in a virtualized environment. In 7.12, this feature is available for internal web sites only as it requires the addition of a JavaScript customization (HDXVideo.js) to web pages hosting HTML5 video content. This feature is controlled by a new multimedia policy setting, HTML5 video redirection (disabled by default) and is available with Citrix Receiver for Windows 4.6 and Citrix Receiver for Linux 13.5. The JavaScript files are located in %Program Files%/Citrix/ICA Service/HTML5 Video Redirection in the VDA install.

  • Citrix Universal print driver supports stapling and paper source selection in EMF print format. XenApp and XenDesktop 7.9 introduced Citrix Universal print driver support for stapling and paper source selection in XPS print format. In this release, support of these advanced features extends to EMF print format. EMF is the default print format for the Citrix Universal print driver.

  • Keyboard layout synchronization. Dynamic synchronization of the keyboard layout from the client to the VDA during a XenApp and XenDesktop session enables users to switch between preferred keyboard layouts on the client device. This provides a consistent user experience when, for example, switching the touch keyboard layout between English and Spanish. When the user switches the layout, they briefly see a message while the synchronization is in progress. They can then continue working with the new keyboard layout. This feature is supported with Citrix Receiver for Windows 4.6, the VDA for Desktop OS and the VDA for Server OS.

Feature for evaluation

  • New enlightened data transport layer (for evaluation only). IT administrators can evaluate a new HDX data transport layer designed for challenging long-haul WAN and Internet connections. This alternative to TCP delivers a superior user experience while maintaining high server scalability and efficient use of bandwidth. This new transport layer above UDP improves data throughput for all ICA virtual channels including Thinwire display remoting, file transfer (Client Drive Mapping), printing, multimedia redirection and others. In 7.12, this feature is for evaluation only and is disabled by default. It can be enabled in a non-production environment with a new policy setting, HDX Enlightened Data Transport. Set the new policy setting to Preferred to use enlightened data transport when possible, with fallback to TCP. In this release, this feature requires Citrix Receiver for Windows 4.6 or Citrix Receiver for Mac 12.4.

VDA install and upgrade changes

  • The 7.12 VDAs contain several new and enhanced features, as described above. However, after upgrading your VDAs from 7.9 or 7.11, you do not need to update the Machine Catalog’s functional level. The default “7.9 (or newer …)” remains the most current functional level.
  • As noted in the Streamlined standalone VDA for Desktop OS installation package section above, the standalone VDA for Desktop OS package has been supplemented with an even smaller package that delivers only the core services needed for VDA operations on workstations.

Deprecation forecast

Certain platforms, Citrix products, and features are scheduled to be deprecated after the next XenApp and XenDesktop Long Term Service Release (LTSR) releases. However, those items are supported in this XenApp and XenDesktop version and will continue to be supported in subsequent versions that are released up to and including the next LTSR.

For example (using arbitrary version numbers):

  • In version 1.5, Citrix announces that feature X will be deprecated as of the next LTSR.
  • The next LTSR is 1.9 LTSR, which will be released after version 1.9 releases.
  • Feature X will be supported on version 1.5 and all future versions up to and including 1.9 LTSR.  From the time the deprecation is forecasted, Citrix will monitor customer use and feedback about feature X to determine whether it will be supported in Cumulative Updates to 1.9 LTSR.

Generally, platform support in XenApp and XenDesktop ends when the platform’s manufacturer ends extended support. Exceptions are noted. Deprecation of browser version support is not included.

When possible, alternatives are offered for items that will be deprecated.

Announced in XenApp and XenDesktop 7.12

In-place upgrades from XenDesktop 5.6 or 5.6 FP1 will not be allowed after the next LTSR. Instead, you can migrate your XenDesktop 5.6 or 5.6 FP1 deployment to the current XenDesktop version.

The following platforms will not be supported after the next LTSR:

  • VDAs on  Windows 8.1 and earlier Windows desktop releases. Install desktop OS VDAs on Windows 10.
  • VDAs on Windows Server 2008 R2. Install server OS VDAs on supported versions such as Windows Server 2012 R2 or Windows Server 2016.
  • XenDesktop 5.6 used on Windows XP. No VDA installations on Windows XP will be supported. Install VDAs on a supported Windows version.
  • CloudPlatform connections. Use a different supported hypervisor or cloud service.
  • Azure Classic (also known as Azure Service Management) connections. Use Azure Resource Manager.
  • Installing core components (other than Studio) on 32-bit machines: Delivery Controller, Director, StoreFront, and License Server. Use 64-bit machines.

The following features will not be supported after the next LTSR:

  • Connection leasing. Use Local Host Cache.
  • Legacy Thinwire mode
  • Desktop Composition Redirection (DCR)

StoreFront 3.8

StoreFront includes the following new features and enhancements.

  • Multiple Internet Information Services (IIS) web sites.  After creating multiple websites in IIS, the PowerShell SDK can create a StoreFront deployment in those IIS websites. You can now have a single server hosting numerous Citrix Receiver for Web sites and stores, each having its own domain name.
  • Firefox browser. Once Firefox stops supporting the Netscape Plugin Application Programming Interface (NPAPI) plugin in Firefox 53, StoreFront 3.8 will still support Citrix Receiver for Web client detection and launch in Firefox for Windows and Mac.
Troubleshooting, Virtualization

Updates stuck at 5% on Server 2012 R2

A few of my friends had this issue and I had it recently. After updates applied using WSUS one of the VMs got stuck on 5% over a few hours. Tried a few things;

Go to the ‘Automatic Start action‘ on virtual machine settings to change the delay to 5 seconds, this way you can hold f8 to get to options, or shift+f10 to get the troubleshooting menu


and Choose Command Prompt


dism.exe /image:C:\ /cleanup-image /revertpendingactions

make sure you change the drive X: to C but  I received error 3017.

Next thing to try is to go to c:\windows\winsxs

dir pending and locate pending.xml

and rename this file which has got all the pending update details.

ren pending.xml pending_old.xml

and create a blank pending.xml file

echo > pending.xml

Also rename softwaredistribution folder under C:\Windows

ren softwaredistribution softwaredistribution_old

This folder contains updates. Restarted and Voila! back to normal.

System Center Virtual Machine Manager, Virtualization

SCVMM Networking

There are some components which are like a building blocks, and we put them together to build up our network infrastructure in SCVMM. Everything is all about understanding logical and virtual components and how they interact and connect with the physical components.

Image result for scvmm networking

I like this image to simplify understanding all the components. thanks to Hyper-V Rockstar website. They also have a video to explain all these components and how they connect to each other by given a scenario.

Logical Networks

Most organizations have different types of networks, such as a corporate network, management network, demilitarized zone (DMZ), Internet network, backup network, and testing network. The different networks might be separated physically or separated using networking concepts such as Virtual LAN (VLAN), Private VLAN (PVLAN), and network virtualization. Each of these networks is defined inside VMM as a logical network, which is the primary building block to help model your physical network infrastructure and connectivity.

In addition, an organization might have different physical locations or data centers. In this situation, VMM lets you define a logical network that includes details about the sites it exists at, along with the configuration required at each site. For example, suppose an organization has a management network at its Dallas and Houston locations. In Dallas, the management network uses the subnet with VLAN 10, whereas in Houston, the management network uses the subnet with VLAN 20. This information can be modeled in VMM using network sites, which are linked to a VMM host group and contained within a logical network. This setup enables VMM to assign not only the correct IP address to virtual machines (VMs) based on location and network but also the correct VLAN or PVLAN. This is a key point. The logical network is modeling the physical network, so it’s important your objects match the physical topology such as the correct IP and VLAN configuration. A network site in a logical network doesn’t have to reflect an actual physical location but rather a specific set of network configurations.

A network site can be configured with just an IP subnet, just a VLAN, or an IP subnet/VLAN pair. You only need to configure IP subnets for a site if VMM will be statically assigning IP addresses to VMs created within the site. If DHCP is present, no IP subnet configuration is required. If VLANs aren’t being used, you don’t need to configure a VLAN. If DHCP is used on the network and VLANs aren’t used, you don’t have to create any network sites.

After the network sites are defined within a logical network, you can add IP pools to the defined IP address subnet, which enables VMM to configure VMs with static IP addresses as the VMs are deployed. If DHCP is used on the network, there’s no need to configure IP pools in VMM or even specify the IP subnet as part of the site configuration. DHCP would be leveraged for the IP assignment. However, if you don’t have DHCP, creating the IP pool allows VMM to handle the IP assignment for you. When a VM is deleted, VMM reclaims the IP address for its pool. Even when DHCP is primarily used on the network, if you’re using features such as load balancing as part of a service, VMM has to be able to allocate and track that IP address, which will require the configuration of an IP pool. If no IP pool is created for a network site, VMM configures the VMs to use DHCP for address allocation.

When using VMM, you should try to minimize the number of logical networks to keep the configuration as simple as possible. You should create them only when you need them. For example, as Figure 1 shows, I have several logical networks defined: a corporate network that has its own DHCP, an Internet network, a private network, two lab networks that use VLANs to separate communication (VMM allocates the IP addresses in these lab networks), and a network virtualization–enabled network that has an IP pool used for the Hyper-V host communications.

Virtual Machine Networks

The goal for virtualization is to separate and abstract the logical networks from the VMs. This abstraction is achieved through the use of VM networks, which is another networking architectural component in VMM. When you use VM networks, the VMs have no idea of the underlying technology (e.g., VLANs, network virtualization) used by the logical network. A VM’s virtual network adapter can only be connected to a VM network. When network virtualization is used, the Customer Address (CA) space (i.e., the IP addresses given to the VMs) is defined as part of the VM network. This allows specific VM subnets to be created as needed within the VM network, completely separate from the logical network IP configuration.

There are some scenarios in which the isolation provided by VM networks isn’t required. For example, you don’t need isolation when direct access to the infrastructure is required, such as when the VMM server is running on a VM. In these instances, you can create a no-isolation pass-through VM network that directly passes communication through to the logical network. The VM network is present only because a VM’s virtual network adapter needs to connect to a VM network. If a logical network has multiple network sites defined, when you deploy a VM, it will automatically pick the correct IP subnet and VLAN configuration based on the location to which you’re deploying the VM. Users of self-service type portals are exposed to VM networks but not the details of the underlying logical networks.

Although logical networks are defined as part of the networking fabric view within the Fabric workspace, VM networks are defined within the VMs and Services workspace. When creating a VM network, you need to specify which logical network and specific site it relates to.

Port Profiles and Port Classifications

There are two types of port profiles: virtual port profiles and uplink port profiles. With virtual port profiles, you can configure settings that will be applied to virtual network adapters attached to VMs or virtual network adapters used by the management host OS. The settings can include:

  • Offload settings such as those used to configure virtual machine queue (VMQ), IPsec task offloading, and single root I/O virtualization (SR-IOV)
  • Security settings such as those used to configure DHCP guard
  • Guest teaming settings
  • Quality of Service (QoS) settings such as minimum and maximum bandwidth settings

VMM provides a number of built-in virtual port profiles for common network adapter uses, many of which are aimed at virtual network adapters used by the host OS. After a virtual port profile is used within a logical switch and the logical switch is deployed to a host, the host will be flagged as noncompliant if the virtual port profile configuration is changed, because the host’s configuration no longer matches the configuration of the virtual port profile. To fix this problem, you can easily remediate the servers to apply the updated configuration.

An uplink port profile defines the connectivity of the virtual switch to the logical networks. You need a separate uplink port profile for each set of hosts that require the same physical connectivity. (Remember that the logical networks define the physical network.) Conversely, anytime you need to restrict a logical network to specific hosts in the same location or need custom connectivity, you need a different uplink port profile. In the uplink port profile, you can select the logical networks that will be available as part of the logical network and the NIC teaming configuration when used on hosts. No preconfigured uplink port profiles are supplied, because their primary purpose is to model the logical networks that can be connected and, by default, there are no logical networks. If a change is made to the uplink port profile definition (e.g., a new VLAN is added), VMM will use a logical switch to automatically update all the virtual switches on the Hyper-V hosts that use the uplink port profile.

Port classifications are also available. They’re containers for port profile settings. You can think of port classifications as storage classifications, where you might create a gold storage classification that uses a top-of-the-line SAN and a bronze storage classification that uses a much lower tier of storage. Or you might create a high bandwidth classification and low bandwidth classification.

The benefit of the port classification is that it acts a layer of abstraction between the port profiles assigned to the logical switches. Because of this abstraction layer, you can assign a port classification to a VM template, but have a VM’s logical switch determine the port profile to be used.

VMM includes a number of port classifications that correlate to the provided virtual port profiles. Port classifications are linked to virtual port profiles as part of the logical switch creation process. Like VM networks, port classifications are exposed to users through self-service portals and not the underlying port profiles.

Logical Switches

Although it’s possible to manually perform virtual switch configurations on a server-by-server basis, it can lead to inconsistencies. In addition, it inhibits the automatic deployment of new Hyper-V hosts.

Fortunately, VMM has the logical switch component, which acts as a container for all virtual switch settings. It also ensures a consistent deployment of switch configurations across all servers. Automatic configuration with the logical switch is useful for not only deployments but also compliance tracking and enforcement. After a host is deployed using the logical switch component, VMM will continue to track the host’s configuration and compare it to the logical switch’s configuration. If the host’s configuration deviates from that of the logical switch, this configuration will be flagged as noncompliant, which you can then resolve through the administrative interface. If the logical switch is updated (e.g., a new extension is added), all the Hyper-V hosts using the logical switch will automatically be updated.

When configuring the logical switch, you can specify:

  • The Hyper-V virtual switch extensions that should be deployed to the hosts.
  • The uplink port profiles that relate to the switch.
  • The port classifications for the various types of virtual ports. For each port classification, you can select a specific virtual port profile to be used for the logical switch

As part of the logical switch component deployment, you can have VMM automatically configure NIC teaming on the Hyper-V hosts. You just need to select multiple network adapters on the host when applying the logical switch to the host. This means that you don’t need to make any networking configurations on the actual Hyper-V host. You do everything in VMM.


Microsoft System Center, System Center Virtual Machine Manager

System Center Virtual Machine Manager SCVMM 2016 build numbers

Build Number KB Release Date Description
3.2.9013.0 SCVMM 2016 Technical Preview
3.2.9234.0 SCVMM 2016 Technical Preview 2
3.2.9362.0 SCVMM 2016 Technical Preview 3
4.0.1075.0 SCVMM 2016 Technical Preview 4
4.0.1091.0 KB3119301 Update for SCVMM 2016 Technical Preview 4
4.0.1374.0 SCVMM 2016 Technical Preview 5
4.0.1379.0 KB3158141 Cumulative Update 1 (CU1) for SCVMM 2016 Technical Preview 5
4.0.1381.0 KB3160164 Cumulative Update 2 (CU2) for SCVMM 2016 Technical Preview 5
4.0.1390.0 KB3164176 Cumulative Update 3 (CU3) for SCVMM 2016 Technical Preview 5
4.0.1662.0 Download 2016 September 26 SCVMM 2016 RTM
4.0.1968.0 KB3190597 2016 October 13 Update Rollup 1 for SCVMM 2016
4.0.1968.10 KB3208888 2016 December 12 Hotfix 1 for SCVMM 2016 Update Rollup 1
4.0.2043.0 KB3209586 2017 January 24 Update Rollup 2 for SCVMM 2016
Microsoft System Center, System Center Virtual Machine Manager, Virtualization

Updates Rollup 2 for SCVMM 2016

We have been waiting for this to come up and here it is:

Improvements and issues that are fixed

Virtual Machine Manager now lets you not claim certain storage devices by Multipath I/O

(MPIO) when you add a host. This list of storage devices is controlled through

a registry key on the Virtual Machine Manager server.

When hosts are added to a cluster with Storage Spaces Direct (S2D) enabled,

you receive the following warning:


Multipath I/O is not enabled for known storage arrays on host hostname.

  • Multipath I/O (MPIO) is not disabled for the hosts in a BMC Storage Spaces Direct cluster.
  • Provides a consistent experience across Hyper-V and S2D clusters for changing classification on Cluster Shared Volume (CSV).
  • The Virtual Machine Manager cloud cannot calculate the storage classification capacity (it is displayed as 0) with an S2D cluster.
  • After onboarding an out-of-band Hyper Converged or S2D Scale Out FileServer (SOFS) into Virtual Machine Manager, the Storage Provider is not added, and SOFS properties such as volume, physical disk, and tiers are not available in Virtual Machine Manager.
  • Migrating a virtual machine (VM) from a VMware ESXi host to a Nano server host fails with error 2903.
  • SAN migration of virtual machines fail between two stand-alone Nano Server hosts.
  • As part of the V2V conversion for a VMWare Highly Available virtual machine, Virtual Machine Manager calculates the host ratings without considering CSV.
  • Migration of and/or cloning the virtual machine fails because the version of the virtualization software on the host does not match the version of the virtual machine’s virtualization software on the source.
  • Files are left in the following scenarios:
    • In the virtual machine library directory, even after the virtual machine is deleted from the Library
    • When a service instance fails and then is deleted
  • You can’t delete NAT Connection from the UI for Network Controller (NC) Managed Networks.
  • The Cloud Summary is missing capacity data for Tenant Administration.
  • Deletion of Logical Switch triggers a Virtual Machine Manager UI crash.
  • Program Menu reverts to System Center 2012 after installation of System Center Virtual Machine Manager 2016 Update Rollup 1.
  • Shielding an existing virtual machine fails intermittently with Error (1730).
  • Virtual machine start job reports fail with error 12711 when a virtual machine has the Set Order Priority option set.
  • Provides a simplified Create Volume wizard for S2D cluster creation.
  • Guest Agent is not upgraded on servicing a service after you upgrade Virtual Machine Manager from System Center 2012 R2 Virtual Machine Manager to System Center 2016 Virtual Machine Manager.
  • Service operations fail when there is a shared VHDX on a CSV volume and more than one Service virtual machine hosted on a single host.
  • Provides reliability improvements in the Virtual Machine Manager service.
  • Removal of Hyper-V Host fails in the following scenarios:
    • If any virtual machine on the host exists with checkpoints
    • If hosts have a VHD that’s referenced by a disk on another host
  • Slow performance when you perform a refresh on virtual machines that have many checkpoints.
  • Nano virtual machine deployment through a virtual machine template does not join the domain.
  • VDI virtual machines deployed through RDS do not appear in the Virtual Machine Manager console.
  • With Network Controller (NC) onboarded, virtual machine operations fail when there is a Port SACL applied on the virtual machine network.
  • NAT improvements including the following:
    • The release of the IP address reserved for a NAT connection when the connection throws an exception
    • The display of junk entries if the virtual machine network has a NAT connection
  • The removal of incoming NAT rules applied on a network adapter after the network adapter is disconnected and reconnected.
  • Creating a Host Cluster with Static IP address fails.
  • Network Controller (NC)–related improvements including the following:
    • The scale-out and scale-in of NC virtual machines.
    • The blocking of IPV6-based virtual machine network creation from the UI.
  • Network Controller-managed network adapter is not displayed as noncompliant after a PortACL rule is removed.
  • Load balancer improvements including the following scenarios:
    • Virtual Machine Manager goes into an inconsistent state after a SLB MUX deployment failure.
    • Load Balancing rules don’t work after disconnecting and reconnecting Network Controller-managed network adapters.
  • Gateways do not require certificates. They use user name and password for authentication. But, Gateway Templates starts the MUX service, which requires certificates for controller certificates and MUX certificates based on CA self-signed scenarios. This forces gateways to mandate certificates even through it is not required.
  • Virtual Machine Manager mandates all the gateway front-end pools to be available for the Network Controller host group scope.
  • Virtual Machine Manager lets users create a network adapter with dynamic option for Network Controller-managed connected networks. This should be blocked with an appropriate error message as the Network Controller does not support dynamic IP configuration for the network adapter.
  • Changing a virtual machine network between Network Controller-managed connected networks is successful in Virtual Machine Manager. However, the Network Controller still has old information in its network adapter JSON when it uses the DHCP option.
  • UI improvements include the following:
    • Noncompliant warning (26909) displayed for a Virtual Machine and its network adapter when you deploy a virtual machine that is connected to a network by using a Dynamic IP address.
    • Hyper-V Nano host is displayed as not compliant for SET team Logical Switch.
  • By default, Remote Access Gateway connections are disabled when configured through Virtual Machine Manager.
  • Improved SDN manageability includes the following:
    • When you use the Force option to remove a Virtual Network Gateway even when the Network Controller is down.
    • Setting Port Profiles of Network Controller-managed virtual machines after migration.
  • Virtual Machine Manager does not delete the routes from the Network Controller. However, removing the VPN Connection deletes the routes and the VPN connection. Creating the same routes from Virtual Machine Manager will also work as it would find the routes in the Network Controller.
  • When a self-service user deploys a virtual machine to the cloud and changes the hardware profile, Virtual Machine Manager does not let you use the IP pool available in the selected VLAN.
  • Unable to create VLAN-based logical networks through Virtual Machine Manager when the subnet is not specified.

For more details about other features that are available in Virtual Machine Manager 2016, see What’s New in VMM 2016.


Known issues

  • You cannot update VM hardware profile properties for VMs with dynamic memory after you install Update Rollup 2. The error that you see is because of the startup memory in the Console being reset to 1 every time that you start the VM Properties dialog box from the Console for a VM where Dynamic Memory is enabled. This issue is only a display issue and actual memory of the VM is not affected.

Because this is just a Console issue, you can continue to use VMM PowerShell to manage hardware properties without performing any additional steps. Or, the properties can be updated from the Console after stopping the VM and updating the startup memory within the original acceptable range.

  • When you create a VM with dynamic memory through the Console or by updating the memory of a VM from static to dynamic through the Console after you deploy Update Rollup 2, the default maximum memory is set to a value greater than 1 TB. This causes VM creation/update to fail.

To work around this issue, update the maximum memory value to 1TB or less in the Console to avoid errors. Additionally, you can use PowerShell to create VMs with 1TB maximum memory without performing any additional steps.

  • After you apply Update Rollup 2, if you try to change the value for ‘Number of Processors’ of a deployed VM through the Administrator Console or VMM PowerShell to a number greater than 64, you encounter an error. This issue applies to even new VMs you create after you install Update Rollup 2.

To work around this issue, continue to provision VMs with the number of processors not greater than 64.