Citrix PVS Sealing Automation – a little bit more…

Automation, XenServer, Provisioning Server, BIS-F


On so many customers I stumble about the last automation steps to seal their Master Images with Citrix Provisioning Services. If the customer has used the BDM-ISO it’s neacassary to switch the Storage Device ID (WriteCache ID 0, local Install ID 1) and insert the BDM-Boot-ISO, the vDisk must created first and the Master Target Device in the PVS Collection also. After you have optimize and seal your image, you must change the vDisk to shared Mode, select the right WriteCacheType and CacheSize, select the right Load Balancing and replicate this vDisk accross your PVS Servers.. so many manual steps…

All this needed steps now, I have automate with an Powershell Script and and Event-Trigger


  • XenServer
    • tested with XS 7.x
    • Script would be developed for XenServer, if you have experience with VMware PowerCLI or Hyper-V you can change it for your own.
  • On an Admin-Server you have to install
  • Base Image Script Framework (BIS-F) 6.x to seal the Image -> [Download not found]
    • ADMX for BIS-F must be configured for fully silent sealing without any MessageBoxes

GPO Settings

Group Policy – PVS Maintenance / MasterDevice:

The next GPO Settings can be placed in a single GPO for your PVS Maintenance /Master  Devices

GPO for SealMasterImage Event-Script:

For your  Master Image create an Policy to set 3 System Environmentvariables, their be needed in the Event-Log to start the trigger on the Admin-Server

SealMasterImageServer: The Computername of your Admin-Server, where to have to install the PVS Console and the XenServer Powershell SDK is installed

SealMasterImagePVSCollection: The Name of the PVS Collection to be placed the Master Target Device in (must be created first)

SealMasterImagePVSDiskStore: The Name of the PVS Store to create the vDisk (must be created first)

NOTE: Please do not change the name of this Environmentvariables, the script will not be run !!

GPO for Base Image Script Framework (BIS-F):


Copy Script to Admin- Server

Copy the Script on your Admin-Server (Download below), in the next few steps we will configure it !

Create vDisk Name Schema

As an example: IF you have create different Master Images, like for Standard User and for Admin Users with Admin-Tools and some else, and would build different PVS vDisk’s. You can use different vDisk Names in your Enterprise Software Deployment (ESD) for your Master Images as an Environment Variable, that would be used from the Script.

Standard vDisk: vDisk-XA7-STD

Admin vDisk: vDisk-XA7-ADM

Create an Package in your ESD with the following code orrun that manualy on your Master Image

REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment” /v “SealMasterImagePVSDiskName” /t “REG_SZ” /d “vDisk-XA7-STD” /f

NOTE: If you have only one Image to create with all your Software, you can ignore this line above and add this Environment Variable to the GPO above “GPO for SealMasterImage Event-Script”. If SealMasterImagePVSDiskName is not specified, the script will create a vDisk based on the Computername with an incremental Versioncounter, e.g. %Computername%-V01.

Create Event-Log entry for testing

Booting up your Master Image, log on with administrative privileges, check with run > cmd > set    if all Environmentvariables for SealMasterImage are set.

After that run the following command to create an Remote Event on the Admin-Server (%SealMasterImageServer%)

eventcreate /S %SealMasterImageServer% /T INFORMATION /SO SealMasterImage /ID 1000 /L APPLICATION /D “<Params><VMName>%COMPUTERNAME%</VMName><PVSCollection>%SealMasterImagePVSCollection%</PVSCollection><PVSDiskStore>%SealMasterImagePVSDiskStore%</PVSDiskStore><PVSDiskName>%SealMasterImagePVSDiskName%</PVSDiskName></Params>”

Please Check the Application Eventlog on the Admin-Server

Create Trigger from this Event

Triggerd from this Event with Source “SealMasterImage” and Event-ID “1000” we would start an scheduled Task.

Right Click on the Event > Attach Task to this Event

Change the Name to “SealMasterImage” > Next

Check the entries > Next

Action: start a Programm > Next

Program/Script: powershell.exe

Add arguments (optional): E:\SCRIPTS\SealImage\TriggerEvent.ps1 -eventRecordID $(eventRecordID) -eventChannel $(eventChannel)

Start in (optional): E:\SCRIPTS\SealImage\tmp

Finish >  Next

The scheduled Task would be created now, but it’s not operational as it is, some specified values to run the trigger are missing. Export the scheduled Task and save it “SealMasterImage.xml

Open the SealMasterImage.xml with an XML Editor and add the ValueQueries

        <Value name=”eventChannel”>Event/System/Channel</Value>
        <Value name=”eventRecordID”>Event/System/EventRecordID</Value>
        <Value name=”eventSeverity”>Event/System/Level</Value>
Save the XML and delete the previous created schedule Task “SealMasterImage” .. yes, do it !

open cmd with administrative privileges and create a new Task based on the XML File.

schtasks /create /TN “Event Viewer Tasks\SealMasterImage” /XML “SealMasterImage.xml”

But Why ???

If you have a look to the XML View of the eventlog “SealMasterImage” it has an EventRecordID and Channel . After some times you have multiple eventlogs from the same Eventsoiurce SealMasterImage, same ID 1000 and same Channel Application. The EventRecordID is unique and increment the counter per each event.  If you rememeber to the line from the scheduled task
E:\SCRIPTS\SealImage\TriggerEvent.ps1 -eventRecordID $(eventRecordID) -eventChannel $(eventChannel)” it parsing the EventRecordID and the EventChannel as an argument to the script to query this specified eventlog entry and ignore all the other one.

Change the Security Settings in the Scheduled Task to run with an separated user account

Change Parameters in Script based on your Environment

Open the Script “SealPVSImage.ps1” and change the following content based on your target environment.

Change the Mailsettings, an HTML Report will send to this Mailaddress after the script is run.

IF you have different BDM-ISO’s based on DataCenter 1 or 2 you can automatically placed in the right one (calculated from the XenServer Hostname), or you can change it to a static one, change Line 208

Maintenance Servers Text File

The Script connect to specified Servers only, if you have standalone XenServers (without Pool) enter the XenServerHost,MasterImageComputerName. An example can be fund in the root folder of the SealMasterImage Folder. If you have an XenServer Pool enter the PoolMaster,MasterImageComputerName.Last Package in your ESD for your Master Image

At last step if you have build your Master Image create and Package with the following command.

eventcreate /S %SealMasterImageServer% /T INFORMATION /SO SealMasterImage /ID 1000 /L APPLICATION /D “<Params><VMName>%COMPUTERNAME%</VMName><PVSCollection>%SealMasterImagePVSCollection%</PVSCollection><PVSDiskStore>%SealMasterImagePVSDiskStore%</PVSDiskStore><PVSDiskName>%SealMasterImagePVSDiskName%</PVSDiskName></Params>”

Create XenSever encrypted Password

The Script creates an encrypted password for the root user based on the user account, who runs the script. For that you must run the script only once with the user account, you as entered in the security settings of the scheduled task. This opens the XenServer Connection prompt to enter the root password. This will be saved encrypted in the folder of the SealImage folder.

Create Event-Log entry to test the script

Booting up your Master Image, log on with administrative privileges, check with run > cmd > set    if all Environmentvariables for SealMasterImage are set.

After that run the following command to create an Remote Event on the Admin-Server (%SealMasterImageServer%)

eventcreate /S %SealMasterImageServer% /T INFORMATION /SO SealMasterImage /ID 1000 /L APPLICATION /D “<Params><VMName>%COMPUTERNAME%</VMName><PVSCollection>%SealMasterImagePVSCollection%</PVSCollection><PVSDiskStore>%SealMasterImagePVSDiskStore%</PVSDiskStore><PVSDiskName>%SealMasterImagePVSDiskName%</PVSDiskName></Params>”

Check the Eventlogs on the Admin-Server and the Log folder of the SealImage folder. HTML Report

IF you have entered a valid Mail configuration in the script, you will receive an final E-Mail with an HTML Report an all the steps are made.

Final Result

As you can see above in the HTML Report, how many steps and checks are automate. In this Version only the Final vDisk copy across PVS Servers are not included…  Here we go .. download it below and send any comments if you like or some ideas for the future…

Download via GitHub here | | Founder Base Image Script Framework (BIS-F) | IT-Architect EUC | Automation Enthusiast

Leave A Comment

CAPTCHA ImageChange Image