u/ToeRevolutionary9124

Citrix (very belatedly) released this article: https://docs.citrix.com/en-us/provisioning/current-release/advanced-concepts/secure-boot-cert-expiration-ca-updates.html

I'm interested in this part of the article specifically:

"The CA certificate which is used to validate the Windows boot loader. When using Citrix Provisioning, the Windows boot loader is validated by the Citrix Provisioning Network Boot Program which has the CA certificate embedded. Currently, shipping versions of Citrix Provisioning only include the old CA certificate but there will be releases that include the new one as well - Citrix Provisioning will try both old and new certificate when loading the Windows Boot Loader."

As far as I can tell, the version of PVS I'm using (2203 CU7) does NOT contain the new 2023 secure boot cert in the Network Boot Program. But over a year ago, I updated the windows boot loader on all my PVS images so that it was signed by the new 2023 certificate. I also updated the .NVRAM file to include the new 2023 certs on each virtual machine that ISO boots from PVS. They still boot fine, whereas the article suggests they shouldn't, as the version of the Network Boot Program I'm using doesn't trust the new 2023 cert.

Am I missing something here in terms of how this works?

All my controllers fell into grace licensing for a period of around six hours last night, between around 8PM-2AM ET. It resolved without any action on our part. The error on the controllers suggests they were unable to contact the LAS license server, but the license server was online and accessible. The license server itself had a error that stated it was unable to connect to the License Activation Service. At the same time, the Citrix download site was not functioning, which makes me think this was a Citrix side issue rather than anything on our side. Just wondering if anyone else saw the same thing?

Hey all

I built a couple of new CVAD 2203 CU7 farms a few months back, using LAS licensing. Both farms have two controllers each. One farm is prod and one is test. The licensing status is showing as okay on all brokers, as well as the license server itself.

The only issue I have is that in the Citrix cloud on-prem license server status, our LAS license server has an orange exclamation mark next to it. When I view details, I see 10 different IDs listed under 'Citrix Virtual Apps and Desktops'. Eight of those IDs appear to belong to the four controllers (two in prod farm and two in test farm) that I set up. Each controller seems to have two different IDs, one for the standard broker and one for the HA broker. All eight are showing as connected.

But I also have two additional HA broker IDs that show as 'Lost connection', with a last successful connection listed as several weeks ago. I cannot find an easy way to identify where these brokers or where they came from. The IDs don't match any broker or controller IDs in our environment that I can find.

Does anyone know how I can find more details on these? License server logs? I'm really looking for a controller server name, or some other way I can figure out what these are.

Thanks!