5 min read

ConfigMgr - Task Sequence to update Citrix VDA and Windows 10

ConfigMgr - Task Sequence to update Citrix VDA and Windows 10
Citrix Workspace™

This is just a Copy/Paste from my LinkedIn Article in order to move the information over here, will get to rewrite it later on.

I made an submission to the MEMCM Community Hub with and example TS for you to work with if you want

Configuration Manager Community hub

At a customer we ran in to a problem with updating Citrix VDI's to Windows 10, 1803 -> 1909. When we used IPU or Feature Update, after the windows upgrade was done the device was missing the config manager certificates, and really no matter what we did we couldn't get it back and so the client couldn't communicate with the management point.

We used updated media for 1909 so it wasn't the "Windows 10 1903/1909-FU-All-certs-gone"-problem.

But, my colleague Christian Damberg, found out that the Citrix Virtual Delivery Agent had to be updated, and once it was, the certificate problem did not reappear after the Windows 10 upgrade.

The road to a successful VDA update was a bit trickier than we expected, and citrix is absolutely not in my comfort-zone, but finally i found a way that worked, and i thought i would share it here in-case anyone else struggles with it.

First, you can find a citrix doc on it here, which loosely describes how to do it, this can also be used a general guidance for updating VDA.

Install VDAs using SCCM | Citrix Virtual Apps and Desktops 7 2112
To successfully deploy a Virtual Delivery Agent using Microsoft System Center Configuration Manager or similar software distribution tools, Citrix recommends using the VDA installer in a sequence of steps.

We used a separate task sequence just for the VDA. And the TS we ended up with goes like this, step-by-step:

First we restart the VDI, to make sure that there is no active sessions on it, you can use XenCenter and the console to manage the device, this does not "count" as a session and wont halter the update.

After this we start the intall of the application, using a "install Application" step, and the VDA is packaged using PSADT (PowerShell Application Deployment Toolkit). We used the "WDAWorkstationSetup_XXXX.exe", add the parameters as needed by your environment, and here we ended up specifying the following:

/Components, /Controllers, /disableexperiancemetrics, /enable_framehawk_port, /enable_hdx_ports, /enable_real_time_transport, /enable_remote_assistance, /exclude, /optimize, /quiet, /noreboot, /noresume

This can vary for you, and according to the Citrix Doc, if i interpret it correctly, you can just use "/quiet /noreboot /noresume".

Depending on the exitcode of the VDA installer, you need to do additional reboots, and then continue the update, or you will just have to do one, and then your done. If it exit's with "0" or "8", you can just do a reboot and its done, if it exits with a "3", you need to reboot and then pick-up the update again. We had some trouble getting the appinstall to pass the exitcode to CM some times, so i used the following PSADT cmdlet to capture it in a variable and just make a new TSVar depending on it, to make sure it always does what i want.

$VDAExitCode = Execute-Process -Path "$dirfiles\VDAWorkstationSetup_1912.exe" -Parameters "ALOT-OF-PARAMETERS" -WindowStyle 'hidden' -PassThru if($VDAExitCode.ExitCode -eq '3'){ $TSEnvironment = New-Object ComObject Microsoft.SMS.TSEnvironment $TSEnvironment.Value("VDAExitCode") = $VDAExitCode.ExitCode }

And then i use this a condition on the "Exit 3" groups in the TS. but, it's

If All the conditions are True: Task Seuqnce Variable VDAExitCode equals "3"

The "install Application" step will finish and CM AppEnforce will see it as completed, but, it's really not (if it exits with exitcode "3")...

At the first "Exit 3" group, there is no "Restart Computer" as first step of the group, as i have added exitcode "3" and "8" as a "Hard Reboot" on the CM application object, Deployment Type -> Return Codes. So, if the "install Application" step finished with any of those, CM will force the reboot, and the the TSVariable we created, will handle what happens next. But, we noticed that some installs lock-ups (for the loss of a better word) and the first "Continue VDA upgrade" might fail with an exitcode 4, if it does it need another reboot and thats why I've added another group with a condition to run if the previous exit was 4, then we try to continue the update again. I've only seen exit 4 happen on the first continue, but it might happen at the following as well.

To continue to update you will need to run the installer from the .exe that the installer copies during the first "install Application"-step, as stated in the Citrix Docs article:

When a VDA installation runs for the first time on a machine, the VDA installer being used is copied onto that machine.

  • When using a VDA installer other than VDAWorkstationCoreSetup_XXXX.exe, the VDA installer is copied to %ProgramData%\Citrix\XenDesktopSetup\XenDesktopVdaSetup.exe.
  • When using VDAWorkstationCoreSetup_XXXX.exe, the VDA installer is copied to %ProgramData%\Citrix\XenDesktopSetup\XenDesktopRemotePCSetup.exe.

So, the "Continue VDA Upgrade" for us is a "Run Command Line" -TSstep:

cmd.exe /c %ProgramData%\Citrix\XenDesktopSetup\XenDesktopVdaSetup.exe /Components /Controllers /disableexperiancemetrics /enable_framehawk_port /enable_hdx_ports /enable_real_time_transport /enable_remote_assistance /exclude /optimize /quiet /noreboot /noresume

I don't know if you have to use all the parameters again, or if "/quiet /noreboot /noresume" is sufficient, but i did, and it worked..

If it all goes fine, you either exit with a "0", "3" or "8". If it's a 3, we just rinse-and-repeat. I don't know how many 3's you can get, so i just added a couple to hopefully safe it, after each restart, i added a "Check if XenDesktopSetup catalogue (misspelled) exist" which is a "Run PowerShell Script" that checks for the XenDesktopSetup catalogue.

If((Test-Path -Path $env:ProgramData\Citrix\XenDesktopSetup") -eq $true){ Write-Output "1" } Else{ Write-Output "0" }

And i use "Output to task sequence variable" -> "XenSetupCatalogue" to use it as a condition on the next "Continue VDA Upgrade" step, as i noticed that even if the previous "Continue VDA Upgrade" step could be the last and the update is all done, it can output a "3" which means that the update needs to continue after reboot, but when reading the logs everything points to it being finished, just needing a reboot, and it then removes the "XenDesktopSetup" folder, and if you dont check this after reboot, you will try and run the continue-setup-cmdlet and it will fail with exitcode 1 and it seems as it all went bad, even if it don't.

So, just as before, rinse-and-repeat until done, and you will hopefully then get an "0" or an "8" (and maybe even an 3...) and it will go to the last group "Exit 0 or 8", do a last restart of the device, and finish up.

Hopefully after this, the VDA will be updated and you can now deploy you windows 10 update to the VDI's, either by adding a IPU part after the VDA is updated, or maybe by inventorying the application -> Collection -> Feature Update deployment, it's really up to you! I take the TS for the VDA, and add it on a "Run Task Sequence Step" in the IPU i use to update the VDI.