Product documentation
Citrix Hypervisor
8.2 CU1 XenServer 8
View PDF

Windows VMs

April 16, 2024
Contributed by: 
X

Installing Windows VMs on the Citrix Hypervisor server requires hardware virtualization support (Intel VT or AMD-V).

Note:

Nested virtualization is not supported for Windows VMs hosted on Citrix Hypervisor.

Basic procedure for creating a Windows VM

The process of installing a Windows on to a VM consists of the following steps:

  1. Selecting the appropriate Windows template

  2. Choosing the appropriate boot mode

  3. Installing the Windows operating system

  4. Installing the XenServer VM Tools for Windows (I/O drivers and the Management Agent)

Warning:

Windows VMs are supported only when the VMs have the XenServer VM Tools for Windows installed.

Windows VM templates

Windows operating systems are installed onto VMs by cloning an appropriate template using either XenCenter or the xe CLI, and then installing the operating system. The templates for individual guests have predefined platform flags set which define the configuration of the virtual hardware. For example, all Windows VMs are installed with the ACPI Hardware Abstraction Layer (HAL) mode enabled. If you later change one of these VMs to have multiple virtual CPUs, Windows automatically switches the HAL to multi-processor mode.

The available Windows templates are listed in the following table:

Template Name Supported boot modes Description
Windows 10 (32-bit) BIOS Used to install Windows 10
Windows 10 (64-bit) BIOS, UEFI, UEFI Secure Boot Used to install Windows 10 (64-bit)
Windows Server 2016 (64-bit) BIOS, UEFI, UEFI Secure Boot Used to install Windows Server 2016 or Windows Server Core 2016 (64-bit)
Windows Server 2019 (64-bit) BIOS, UEFI, UEFI Secure Boot Used to install Windows Server 2019 or Windows Server Core 2019 (64-bit)
Windows Server 2022 (64-bit) BIOS, UEFI, UEFI Secure Boot Used to install Windows Server 2022 or Windows Server Core 2022 (64-bit)

Citrix Hypervisor supports all SKUs (editions) for the listed versions of Windows.

Attach an ISO image library

The Windows operating system can be installed either from an install CD in a physical CD-ROM drive on the Citrix Hypervisor server, or from an ISO image. See Create ISO images for information on how to make an ISO image from a Windows install CD and make it available for use.

Guest UEFI boot and Secure Boot

Citrix Hypervisor enables recent versions of Windows guest operating systems to boot in UEFI mode. UEFI boot provides a richer interface for the guest operating systems to interact with the hardware, which can significantly reduce Windows VM boot times.

For these Windows operating systems, Citrix Hypervisor also supports Windows Secure Boot. Secure Boot prevents unsigned, incorrectly signed or modified binaries from being run during boot. On a UEFI-enabled VM that enforces Secure Boot, all drivers must be signed. This requirement might limit the range of uses for the VM, but provides the security of blocking unsigned/modified drivers. If you use an unsigned driver, secure boot fails and an alert is shown in XenCenter.

Secure Boot also reduces the risk that malware in the guest can manipulate the boot files or run during the boot process.

Note:

Guest UEFI boot was provided as an experimental feature in Citrix Hypervisor 8.0. UEFI-enabled VMs that were created in Citrix Hypervisor 8.0 are not supported in Citrix Hypervisor 8.2. Delete these VMs and create new ones with Citrix Hypervisor 8.2.

Citrix Hypervisor supports UEFI boot and Secure Boot on newly created Windows 10 (64-bit), Windows Server 2016 (64-bit), Windows Server 2019 (64-bit), and Windows Server 2022 (64-bit) VMs. You must specify the boot mode when creating a VM. It is not possible to change the boot mode of a VM between BIOS and UEFI (or UEFI Secure Boot) after booting the VM for the first time. However, you can change the boot mode between UEFI and UEFI Secure Boot at any time.

Consider the following when enabling UEFI boot on VMs:

  • Ensure that the UEFI-enabled VM has at least two vCPUs.
  • You can import or export a UEFI-enabled VM created on Citrix Hypervisor as an OVA, OVF, or an XVA file. Importing a UEFI-enabled VM from OVA or OVF packages created on other hypervisors is not supported.
  • To use PVS-Accelerator with UEFI-enabled VMs, ensure that you are using Citrix Provisioning 1906 or later.
  • Use the UEFI settings menu to change the screen resolution of the XenCenter console. For detailed instructions, see Troubleshooting.

Consider the following when enabling UEFI Secure Boot on VMs:

  • The Citrix Hypervisor server must be booted in UEFI mode. For more information, see Network boot installations

  • Your resource pool or standalone server must have access to Secure Boot certificates.

    Only one Citrix Hypervisor server in the pool requires access to the certificates. When a server joins a pool the certificates on that server are made available to other servers in the pool.

Note

UEFI-enabled VMs use NVME and E1000 for emulated devices. The emulation information does not display these values until after you install XenServer VM Tools for Windows on the VM. UEFI-enabled VMs also show as only having 2 NICs until after you install XenServer VM Tools for Windows.

Enabling UEFI boot or UEFI Secure Boot

You can use XenCenter or the xe CLI to enable UEFI boot or UEFI Secure Boot for your VM.

For information about creating a UEFI-enabled VM in XenCenter, see Create a VM by using XenCenter.

Using the xe CLI to enable UEFI boot or UEFI Secure Boot

When you create a VM, run the following command before booting the VM for the first time:

    xe vm-param-set uuid=<UUID> HVM-boot-params:firmware=<MODE>
    xe vm-param-set uuid=<UUID> platform:secureboot=<OPTION>
<!--NeedCopy-->

Where, UUID is the VM’s UUID, MODE is either BIOS or uefi, and OPTION is either ‘true’ or ‘false’. If you do not specify the mode, it defaults to uefi if that option is supported for your VM operating system. Otherwise, the mode defaults to BIOS. If you do not specify the secureboot option, it defaults to ‘auto’. For UEFI-enabled VMs created on a Citrix Hypervisor server that is booted in UEFI mode and has Secure Boot certificates available, the ‘auto’ behavior is to enable Secure Boot for the VM. Otherwise, Secure Boot is not enabled.

To create a UEFI-enabled VM from a template supplied with Citrix Hypervisor, run the following command:

    UUID=$(xe vm-clone name-label='Windows 10 (64-bit)' new-name-label='Windows 10 (64-bit)(UEFI)')
    xe template-param-set uuid=<UUID> HVM-boot-params:firmware=<MODE> platform:secureboot=<OPTION>
<!--NeedCopy-->

Do not run this command for templates that have something installed on them or templates that you created from a snapshot. The boot mode of these snapshots cannot be changed and, if you attempt to change the boot mode, the VM fails to boot.

When you boot the UEFI-enabled VM the first time you are prompted on the VM console to press any key to start the Windows installation. If you do not start the Windows installation, the VM console switches to the UEFI shell.

To restart the installation process, in the UEFI console, type the following commands.

EFI:
EFI\BOOT\BOOTX64

When the installation process restarts, watch the VM console for the installation prompt. When the prompt appears, press any key.

Disabling Secure Boot

You might want to disable Secure Boot on occasion. For example, Windows debugging cannot be enabled on a VM that in Secure Boot user mode. To disable Secure Boot, change the VM into Secure Boot setup mode. On your Citrix Hypervisor server, run the following command:

varstore-sb-state <VM_UUID> setup

Keys

UEFI-enabled VMs are provisioned with a PK from an ephemeral private key, the Microsoft KEK, the Microsoft Windows Production PCA, and Microsoft third party keys. The VMs are also provided with an up-to-date revocation list from the UEFI forum. This configuration enables Windows VMs to boot with Secure Boot turned on and to receive automatic updates to the keys and revocation list from Microsoft.

Troubleshooting your UEFI and UEFI Secure Boot VMs

For information about troubleshooting your UEFI or UEFI Secure Boot VMs, see Troubleshoot UEFI and Secure Boot problems on Windows VMs.

Create a VM by using XenCenter

To create a Windows VM:

  1. On the XenCenter toolbar, click the New VM button to open the New VM wizard.

    The New VM wizard allows you to configure the new VM, adjusting various parameters for CPU, storage, and networking resources.

  2. Select a VM template and click Next.

    Each template contains the setup information that is required to create a VM with a specific guest operating system (OS), and with optimum storage. This list reflects the templates that Citrix Hypervisor currently supports.

    Note:

    If the OS that you are installing on your VM is compatible only with the original hardware, check the Copy host BIOS strings to VM box. For example, you might use this option for an OS installation CD that was packaged with a specific computer.

    After you first start a VM, you cannot change its BIOS strings. Ensure that the BIOS strings are correct before starting the VM for the first time.

    To copy BIOS strings using the CLI, see Install HVM VMs from Reseller Option Kit (BIOS-locked) Media. The option to set user-defined BIOS strings are not available for HVM VMs.

  3. Enter a name and an optional description for the new VM.

  4. Choose the source of the OS media to install on the new VM.

    Installing from a CD/DVD is the simplest option for getting started.

    1. Choose the default installation source option (DVD drive)
    2. Insert the disk into the DVD drive of the Citrix Hypervisor server

    Citrix Hypervisor also allows you to pull OS installation media from a range of sources, including a pre-existing ISO library. An ISO image is a file that contains all the information that an optical disc (CD, DVD, and so on) would contain. In this case, an ISO image would contain the same OS data as a Windows installation CD.

    To attach a pre-existing ISO library, click New ISO library and indicate the location and type of the ISO library. You can then choose the specific operating system ISO media from the list.

  5. Choose a boot mode for the VM. By default, XenCenter select the most secure boot mode available for the VM operating system version.

    Note:

    • The UEFI Boot and UEFI Secure Boot options appear grayed out if the VM template you have chosen does not support UEFI boot.
    • You cannot change the boot mode after you boot the VM for the first time.

  6. Select a home server for the VM.

    A home server is the server which provides the resources for a VM in a pool. When you nominate a home server for a VM, Citrix Hypervisor attempts to start the VM on that server. If this action is not possible, an alternate server within the same pool is selected automatically. To choose a home server, click Place the VM on this server and select a server from the list.

    Notes:

    • In WLB-enabled pools, the nominated home server isn’t used for starting, restarting, resuming, or migrating the VM. Instead, Workload Balancing nominates the best server for the VM by analyzing Citrix Hypervisor resource pool metrics and by recommending optimizations.
    • If a VM has one or more virtual GPUs assigned to it, the home server nomination doesn’t take effect. Instead, the server nomination is based on the virtual GPU placement policy set by the user.
    • During rolling pool upgrade, the home server is not considered when migrating the VM. Instead, the VM is migrated back to the server it was on before the upgrade.

    If you do not want to nominate a home server, click Don’t assign this VM a home server. The VM is started on any server with the necessary resources.

    Click Next to continue.

  7. Allocate processor and memory resources for the VM. For a Windows 10 VM, the default is 1 virtual CPU and 2,048 MB of RAM. You can also choose to modify the defaults. Click Next to continue.

  8. Assign a virtual GPU. The New VM wizard prompts you to assign a dedicated GPU or one or more virtual GPUs to the VM. This option enables the VM to use the processing power of the GPU. With this feature, you have better support for high-end 3D professional graphics applications such as CAD/CAM, GIS, and Medical Imaging applications.

  9. Allocate and configure storage for the new VM.

    Click Next to select the default allocation (24 GB) and configuration, or you might want to do the following extra configuration:

    • Change the name, description, or size of your virtual disk by clicking Edit.
    • Add a new virtual disk by selecting Add.

  10. Configure networking on the new VM.

    Click Next to select the default NIC and configurations, including an automatically created unique MAC address for each NIC. Alternatively, you might want to do the following extra configuration:

    • Change the physical network, MAC address, or Quality of Service (QoS) priority of the virtual disk by clicking Edit.
    • Add a new virtual NIC by selecting Add.

  11. Review settings, and then click Create Now to create the VM and return to the Search tab.

    An icon for your new VM appears under the host in the Resources pane.

  12. On the Resources pane, select the VM, and then click the Console tab to see the VM console.

  13. Follow the OS installation screens and make your selections.

  14. After the OS installation completes and the VM reboots, install the XenServer VM Tools for Windows.

Create a Windows VM by using the CLI

To create a Windows VM from an ISO repository by using the xe CLI:

  1. Create a VM from a template:

    xe vm-install new-name-label=vm_name template=template_name
<!--NeedCopy-->

    This command returns the UUID of the new VM.

  2. Create an ISO Storage Repository:

    xe-mount-iso-sr path_to_iso_sr
<!--NeedCopy-->

  3. List all of the available ISOs:

    xe cd-list
<!--NeedCopy-->

  4. Insert the specified ISO into the virtual CD drive of the specified VM:

    xe vm-cd-add vm=vm_name cd-name=iso_name device=3
<!--NeedCopy-->

  5. Start the VM and install the operating system:

    xe vm-start vm=vm_name
<!--NeedCopy-->

    At this point, the VM console is visible in XenCenter.

  6. On the XenCenter Resources pane, select the VM, and then click the Console tab to see the VM console.

  7. Follow the OS installation screens and make your selections.

  8. After the OS installation completes and the VM reboots, install the XenServer VM Tools for Windows.

For more information on using the CLI, see Command Line Interface.

Install XenServer VM Tools for Windows

XenServer VM Tools for Windows (formerly Citrix VM Tools) provide high performance I/O services without the overhead of traditional device emulation. For more information about the XenServer VM Tools for Windows and advanced usage, see XenServer VM Tools for Windows.

Note:

To install XenServer VM Tools for Windows on a Windows VM, the VM must be running the Microsoft .NET Framework Version 4.0 or later.

Before you install the XenServer VM Tools for Windows, ensure that your VM is configured to receive the I/O drivers from Windows Update. Windows Update is the recommended way to receive updates to the I/O drivers. However, if Windows Update is not an available option for your VM, you can also receive updates to the I/O drivers through other means. For more information, see XenServer VM Tools for Windows.

To install XenServer VM Tools for Windows:

  1. We recommend that you snapshot your VM before installing or updating the XenServer VM Tools.

  2. Download the XenServer VM Tools for Windows file from the Citrix Hypervisor downloads page.

    1. Log in to your Citrix account to access the downloadable files.
    2. Expand the product sections on the Citrix Hypervisor downloads page and click into any supported version of Citrix Hypervisor.

    3. On the product page, go to the Citrix Hypervisor Main Components section.

      The XenServer VM Tools for Windows are available in a 32-bit and a 64-bit version.

    4. Download the MSI file and verify your download against the provided SHA256 value.

  3. Copy the file to your Windows VM or to a shared drive that the Windows VM can access.

  4. Run the managementagentxXX.msi file to begin XenServer VM Tools installation.

    Msiexec.exe /package managementagentxXX.msi

  5. Follow the prompts in the installer.

    1. Follow the instructions on the wizard to accept the license agreement and choose a destination folder.

    2. The wizard displays the recommended settings on the Installation and Updates Settings page. For information about customizing these settings, see XenServer VM Tools for Windows.

    3. Click Next and then Install to begin the XenServer VM Tools for Windows installation process.

  6. Restart the VM when prompted to complete the installation process.

Update Windows operating systems

This section discusses updating Windows VMs with updated operating systems.

Upgrades to VMs are typically required when moving to a newer version of Citrix Hypervisor. Note the following limitations when upgrading your VMs to a newer version of Citrix Hypervisor:

  • Before migrating Windows VMs using live migration, you must upgrade the XenServer VM Tools for Windows on each VM.
  • Suspend/Resume operation is not supported on Windows VMs until the XenServer VM Tools for Windows are upgraded.
  • The use of certain antivirus and firewall applications can crash Windows VMs, unless the XenServer VM Tools for Windows are upgraded.

We recommend that you do not remove the XenServer VM Tools from your Windows VM before automatically updating the version of Windows on the VM.

Use Windows Update to upgrade the version of the Windows operating system on your Windows VMs.

Note:

Windows installation disks typically provide an upgrade option if you boot them on a server which has an earlier version of Windows already installed. However, if you use Windows Update to update your XenServer VM Tools, do not upgrade the Windows operating system from an installation disk. Instead, use Windows Update.

For information about upgrading the version of the XenServer VM Tools for Windows, see XenServer VM Tools for Windows.

Prepare to clone a Windows VM by using Sysprep

The only supported way to clone a Windows VM is by using the Windows utility sysprep to prepare the VM.

The sysprep utility changes the local computer SID to make it unique to each computer. The sysprep binaries are in the C:\Windows\System32\Sysprep folder.

Note:

For older versions of Windows, the sysprep binaries are on the Windows product CDs in the \support\tools\deploy.cab file. These binaries must be copied to your Windows VM before using.

To clone Windows VMs:

  1. Create, install, and configure the Windows VM as desired.

  2. Apply all relevant Service Packs and updates.

  3. Install the latest version of XenServer VM Tools for Windows.

  4. Install any applications and perform any other configuration.

  5. Run sysprep. This utility shuts down the VM when it completes.

  6. Using XenCenter convert the VM into a template.

  7. Clone the newly created template into new VMs as required.

  8. When the cloned VM starts, it completes the following actions before being available for use:

    • It gets a new SID and name
    • It runs a setup to prompt for configuration values as necessary
    • Finally, it restarts

    Note:

    Do not restart the original, sys-prepped VM (the “source” VM) again after the sysprep stage. Immediately convert it to a template afterwards to prevent restarts. If the source VM is restarted, sysprep must be run on it again before it can be safely used to make more clones.

For more information about using sysprep, visit the following Microsoft website:

Windows VM release notes

There are many versions and variations of Windows with different levels of support for the features provided by Citrix Hypervisor. This section lists notes and errata for the known differences.

General Windows issues

  • When installing Windows VMs, start off with no more than three virtual disks. After the VM and XenServer VM Tools for Windows have been installed, you can add extra virtual disks. Ensure that the boot device is always one of the initial disks so that the VM can successfully boot without the XenServer VM Tools for Windows.

  • When the boot mode for a Windows VM is BIOS boot, Windows formats the primary disk with a Master Boot Record (MBR). MBR limits the maximum addressable storage space of a disk to 2 TiB. To use a disk that is larger than 2 TiB with a Windows VM, do one of the following things:

    • If UEFI boot is supported for the version of Windows, ensure that you use UEFI as the boot mode for the Windows VM.
    • Create the large disk as the secondary disk for the VM and select GUID Partition Table (GPT) format.

  • Multiple vCPUs are exposed as CPU sockets to Windows guests, and are subject to the licensing limitations present in the VM. The number of CPUs present in the guest can be confirmed by checking Device Manager. The number of CPUs actually being used by Windows can be seen in the Task Manager.

  • The disk enumeration order in a Windows guest might differ from the order in which they were initially added. This behavior is because of interaction between the I/O drivers and the Plug-and-Play subsystem in Windows. For example, the first disk might show up as Disk 1, the next disk hot plugged as Disk 0, a later disk as Disk 2, and then upwards in the expected fashion.

  • A bug in the VLC player DirectX back-end replaces yellow with blue during video playback when the Windows display properties are set to 24-bit color. VLC using OpenGL as a back-end works correctly, and any other DirectX-based or OpenGL-based video player works too. It is not a problem if the guest is set to use 16-bit color rather than 24.

  • The PV Ethernet Adapter reports a speed of 100 Gbps in Windows VMs. This speed is an artificial hardcoded value and is not relevant in a virtual environment because the virtual NIC is connected to a virtual switch. The Windows VM uses the full speed that is available, but the network might not be capable of the full 100 Gbps.

  • If you attempt to make an insecure RDP connection to a Windows VM, this action might fail with the following error message: “This could be due to CredSSP encryption oracle remediation.” This error occurs when the Credential Security Support Provider protocol (CredSSP) update is applied to only one of the client and server in the RDP connection. For more information, see https://support.microsoft.com/en-gb/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm.

Windows VMs
April 16, 2024
Contributed by: 
X
April 16, 2024
Contributed by: 
X

In this article

Site feedback | Privacy and legal terms | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.