Trellix Agent deployment flow to VDI-mode systems
Technical Articles ID:
KB88533
Last Modified: 2023-08-31 12:21:20 Etc/GMT
Last Modified: 2023-08-31 12:21:20 Etc/GMT
Environment
Trellix Agent (TA) 5.x
Citrix Virtual Desktop Infrastructure
Microsoft Virtual Desktop Infrastructure
VMware Virtual Desktop Infrastructure
Citrix Virtual Desktop Infrastructure
Microsoft Virtual Desktop Infrastructure
VMware Virtual Desktop Infrastructure
Summary
This article describes the TA deployment flow to Virtual Desktop Infrastructure (VDI) systems.
NOTE: The log file examples used in this article are based on ePO 5.x and TA 5.0.x. Table names and log messages can differ, depending on the product versions.
Audit Log entries from a successful deployment
Detailed deployment process
At the beginning of the deployment process, no system with the specified fully qualified domain name (FQDN) exists in the ePO System Tree.framepkg.exe /Install=agent /enableVDImode
To install TA 5.x using a URL, the command is as follows:
TrellixSmartInstall.exe -v
IMPORTANT:
TheFrminst.exe process doesn't convert an installed agent to VDI Mode.
If you upgrade TA using either theframepkg.exe file or an ePO task with switches, VDI mode is removed from the agent.
I #04708 NAIMSERV Received [AgentPubKey] from UMU21V:{F73653A2-E23E-11E6-2585-00155D0A3E05}
X #04708 NAIMSERV keymngnt.cpp(303): Provisioned VDI agent UMU21V(UMU21V.Support2.ham) to AgentGUID {F73653A2-E23E-11E6-2585-00155D0A3E05} on node 106
I #04708 NAIMSERV Processing agent props for UMU21V(F73653A2-E23E-11E6-2585-00155D0A3E05)
X #04708 EPODAL ePOData_Connection.cpp(815): UPDATE [dbo].[EPOComputerProperties] SET
X #04708 EPODAL [DomainName] = N'SUPPORT2',
...
X #04708 EPODAL [Vdi] = 1
X #04708& PODAL WHERE [ParentID] = 106
X #04708 NAIMSERV servdal.cpp(1123): Adding EPOAGENT3000 properties for UMU21V(106)
NOTES:
The newly created Database record looks similar to the following:
X #04708 MOD_EPO mod_epo.cpp(260): Processing epo request, session ID=10, memory load 10 percent.....
X #04708 NAIMSERV naimserv.cpp(513): Agent is in VDI mode
...
I #04708 NAIMSERV Received [AgentUninstResponse] from UMU21V:{F73653A2-E23E-11E6-2585-00155D0A3E05}
ePO updates the record in theePOLeafNodeMT . ePO sets the existing values for AgentPubKey and LastCommSeqNum to NULL:
Masvc(1444.1472) ioservice.Info: Generating Agent GUID because no prior GUID exists in the TA database
NOTE: If theAgentGUID wasn't removed on the primary image, the agent regenerates the AgentGUID anyway. The AgentGUID is regenerated when the agent detects a hardware change (image mounted to a new virtual machine).
TheMasvc.log file records the following:
Masvc(1440.1492) ioservice.Info: Regenerating Agent GUID due to SMBIOS UUID change from 'B840B9E7-C86E-488E-9A05-A6798CEFE472' to '1b3b7c66-e305-11e6-1717-00155d0a3e05'.
Masvc(1444.1472) DataChannel.Manager.Info: DataChannel Service ignoring decoration of SPIPE package for : { PolicyManifestRequest }
Masvc(1444.1472) ahclient.Info: Agent communication session started
Masvc(1444.1472) ahclient.Info: Agent is connecting to ePO server
Masvc(1444.1472) ahclient.Info: Initiating spipe connection to site https://172.26.146.47:443/spipe/pkg?AgentGuid={1b3b7c66-e305-11e6-1717-00155d0a3e05}&Source=Agent_3.0.0.
...
Masvc(1444.1472) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <200>.
Masvc(1444.1472) ahclient.Info: Agent handler reports spipe package received. Response code 200.
Masvc(1444.1472) ahclient.Info: Spipe connection response received, network return code = 1008, response code 200.
Masvc(1444.1472) cryptoservice.Info: Agent received REQUEST PUBLIC KEY package from ePO server
Masvc(1444.1472) DataChannel.Manager.Info: DataChannel Service ignoring decoration of SPIPE package for : { AgentPubKey }
Masvc(1444.1472) ahclient.Info: Agent communication session started
Masvc(1444.1472) ahclient.Info: Agent is connecting to ePO server
Masvc(1444.1472) ahclient.Info: Sending the spipe package over existing connection site https://172.26.146.47:443/spipe/pkg?AgentGuid={1b3b7c66-e305-11e6-1717-00155d0a3e05}&Source=Agent_3.0.0.
X #04708 MOD_EPO mod_epo.cpp(260): Processing epo request, session ID=14, memory load 10 percent...
...
X #04708 NAIMSERV naimserv.cpp(513): Agent is in VDI mode
...
I #04708 NAIMSERV Received [AgentPubKey] from UMU21V:{1B3B7C66-E305-11E6-1717-00155D0A3E05}
X #04708 NAIMSERV keymngnt.cpp(303): Provisioned VDI agent UMU21V(UMU21V.Support2.ham) to AgentGUID {F73653A2-E23E-11E6-2585-00155D0A3E05} on node 106
I #04708 NAIMSERV Processing agent props for UMU21V(F73653A2-E23E-11E6-2585-00155D0A3E05)
X #04708 EPODAL ePOData_Connection.cpp(815): UPDATE [dbo].[EPOComputerProperties] SET
X #04708 EPODAL [TotalPhysicalMemory] = 6441984000,
...
X #04708 EPODAL WHERE [ParentID] = 106
X #04708 NAIMSERV servdal.cpp(1140): Updating EPOAGENT3000 properties for UMU21V(106)
NOTE: The log file examples used in this article are based on ePO 5.x and TA 5.0.x. Table names and log messages can differ, depending on the product versions.
Audit Log entries from a successful deployment
| Action | Log entry for success | ||||||||||||
| A new VDI system is added to ePO |
|
||||||||||||
| A system is deprovisioned |
|
||||||||||||
| A system is starting |
|
Detailed deployment process
At the beginning of the deployment process, no system with the specified fully qualified domain name (FQDN) exists in the ePO System Tree.
- Start the VDI system and install the TA.
VDI mode, use the following command (or add these switches to a deployment task that upgrades the agent):
To install TA 5.x using a URL, the command is as follows:
IMPORTANT:
- Install switches aren't used during the agent deployment unless it's being upgraded.
- You can't convert an agent to VDI mode using an Assigned Client Task if the version installed is the same as the version being deployed.
- The
framepkg.exe andTrellixSmartInstall.exe methods listed above can be used to convert an installed agent to VDI mode (5.x agent only).
The
If you upgrade TA using either the
- After the TA installation, the VDI system connects to ePO for the first time. ePO creates a record for the system in the ePO database with VDI-mode enabled. The following information is recorded in the
server.log file:
X #04708 NAIMSERV keymngnt.cpp(303): Provisioned VDI agent UMU21V(UMU21V.Support2.ham) to AgentGUID {F73653A2-E23E-11E6-2585-00155D0A3E05} on node 106
I #04708 NAIMSERV Processing agent props for UMU21V(F73653A2-E23E-11E6-2585-00155D0A3E05)
X #04708 EPODAL ePOData_Connection.cpp(815): UPDATE [dbo].[EPOComputerProperties] SET
X #04708 EPODAL [DomainName] = N'SUPPORT2',
...
X #04708 EPODAL [Vdi] = 1
X #04708& PODAL WHERE [ParentID] = 106
X #04708 NAIMSERV servdal.cpp(1123): Adding EPOAGENT3000 properties for UMU21V(106)
NOTES:
keymngnt.cpp(303): Provisioned VDI agent UMU21V(UMU21V.Support2.ham) to AgentGUID {F73653A2-E23E-11E6-2585-00155D0A3E05} on node 106 - ePO provides the VDI system withAgentGUID . ePO returns the sameAgentGUID , because it's the first communication,[Vdi] = 1 - A computer property (see theEPOComputerPropertiesMT table, not theEPOLeafNodeMT table).Adding EPOAGENT3000 properties for UMU21V(106) - ePO creates a record with AutoID 106 (see theePOLeafNodeMT table).
The newly created Database record looks similar to the following:
| AutoID | Node Name | Agent GUID | Last Update | AgentPubKey | NodeCreatedDate | LastCommSeqNum |
| 106 | 2017-01-25 13:30:12.970 | <some_value> | 2017-01-25 14:30:06.093 | 0x0000000000000008 |
- When the VDI system is shut down, TA sends a specific event to ePO (
AgentUninstResponse ). When ePO receives this event, it deprovisions the node by updating the record in the database appropriately.
NOTE: Deprovisioned nodes remain in the System Tree permanently.
The following is recorded in theserver.log file :
The following is recorded in the
X #04708 NAIMSERV naimserv.cpp(513): Agent is in VDI mode
...
I #04708 NAIMSERV Received [AgentUninstResponse] from UMU21V:{F73653A2-E23E-11E6-2585-00155D0A3E05}
ePO updates the record in the
| AutoID | Node Name | Agent GUID | Last Update | AgentPubKey | NodeCreatedDate | LastCommSeqNum |
| 106 | 2017-01-25 13:30:12.970 | NULL | 2017-01-25 14:30:06.093 |
- When the VDI system is restarted, TA generates a new
AgentGUID (if it was removed on the primary image). The following is recorded in themasvc.log file:
NOTE: If the
The
- The agent communicates with the ePO server.
- ePO searches for a record with the specified FQDN in the database. It finds the record created previously, because this record has the same FQDN, and has been deprovisioned.
- ePO requests the public key from the agent. It makes this request because it was set to NULL in the database as part of the deprovisioning.
Themasvc.log file records the following:
Masvc(1444.1472) ahclient.Info: Agent communication session started
Masvc(1444.1472) ahclient.Info: Agent is connecting to ePO server
Masvc(1444.1472) ahclient.Info: Initiating spipe connection to site https://172.26.146.47:443/spipe/pkg?AgentGuid={1b3b7c66-e305-11e6-1717-00155d0a3e05}&Source=Agent_3.0.0.
...
Masvc(1444.1472) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <200>.
Masvc(1444.1472) ahclient.Info: Agent handler reports spipe package received. Response code 200.
Masvc(1444.1472) ahclient.Info: Spipe connection response received, network return code = 1008, response code 200.
Masvc(1444.1472) cryptoservice.Info: Agent received REQUEST PUBLIC KEY package from ePO server
- TA sends the public key as requested. The communication is recorded in
masvc.log as follows:
Masvc(1444.1472) ahclient.Info: Agent communication session started
Masvc(1444.1472) ahclient.Info: Agent is connecting to ePO server
Masvc(1444.1472) ahclient.Info: Sending the spipe package over existing connection site https://172.26.146.47:443/spipe/pkg?AgentGuid={1b3b7c66-e305-11e6-1717-00155d0a3e05}&Source=Agent_3.0.0.
- ePO sends back the old AgentGUID (the one the agent reported during the initial communication with ePO). The AgentGUID is stored in the database, and recorded in the
Server.log file:
...
X #04708 NAIMSERV naimserv.cpp(513): Agent is in VDI mode
...
I #04708 NAIMSERV Received [AgentPubKey] from UMU21V:{1B3B7C66-E305-11E6-1717-00155D0A3E05}
X #04708 NAIMSERV keymngnt.cpp(303): Provisioned VDI agent UMU21V(UMU21V.Support2.ham) to AgentGUID {F73653A2-E23E-11E6-2585-00155D0A3E05} on node 106
I #04708 NAIMSERV Processing agent props for UMU21V(F73653A2-E23E-11E6-2585-00155D0A3E05)
X #04708 EPODAL ePOData_Connection.cpp(815): UPDATE [dbo].[EPOComputerProperties] SET
X #04708 EPODAL [TotalPhysicalMemory] = 6441984000,
...
X #04708 EPODAL WHERE [ParentID] = 106
X #04708 NAIMSERV servdal.cpp(1140): Updating EPOAGENT3000 properties for UMU21V(106)
- ePO updates the existing record for the system in the database:
AutoID Node Name Agent GUID Last Update AgentPubKey NodeCreatedDate LastCommSeqNum 106 UMU21V F73653A2-E23E-11E6-2585-00155D0A3E05 2017-01-25 14:00:02.610 <some_different_value> 2017-01-25 14:30:06.093 0x000000000000000E
The agent changes the AgentGUID from the initial value to the value sent by ePO.
The Masvc.log file records the following:
Masvc(1444.1472) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <200>.
Masvc(1444.1472) ahclient.Info: Agent handler reports spipe package received. Response code 200.
Masvc(1444.1472) ahclient.Info: Spipe connection response received, network return code = 1008, response code 200.
Masvc(1444.1472) ioservice.Info: ePO has sent agent GUID {F73653A2-E23E-11E6-2585-00155D0A3E05}, using this GUID for further use
Masvc(1444.1472) ioservice.Info: Enforcing policy as agent GUID changed.
Masvc(1444.1472) ahclient.Info: Agent handler reports spipe package received. Response code 200.
Masvc(1444.1472) ahclient.Info: Spipe connection response received, network return code = 1008, response code 200.
Masvc(1444.1472) ioservice.Info: ePO has sent agent GUID {F73653A2-E23E-11E6-2585-00155D0A3E05}, using this GUID for further use
Masvc(1444.1472) ioservice.Info: Enforcing policy as agent GUID changed.
- All communication from the agent to the server uses the stored
AgentGUID .
| AutoID | Node Name | Agent GUID | Last Update | AgentPubKey | NodeCreatedDate | LastCommSeqNum |
| 106 | 2017-01-25 13:30:12.970 | <some_value> | 2017-01-25 14:30:06.093 | 0x0000000000000008 |
Related Information
Troubleshooting Notes
Known Issues
- Troubleshooting starts by viewing the ePO Audit Log (see the top of this article for examples). Use the Quick find field to filter for a specific system name.
- To search for a specific FQDN, use the Quick System Search monitor in the ePO Summary Dashboard.
- If a search returns multiple entries, delete all records and follow the documented workflow above and compare the logs with your environment.
- ePO only updates the existing record for a VDI system if both of the following hold true:
- The FQDN is found.
- The record is deprovisioned.
Otherwise, a new record is created, resulting in multiple entries for a single VDI system.
- Always make sure that VDI systems are shut down properly. Don't turn off these systems; otherwise, the
AgentUninstResponse event isn't sent to ePO. If the event isn't sent, the system isn't correctly deprovisioned. - Look in the ePO
server.log for theAgentUninstResponse event from the VDI system. If this event isn't received, continue to troubleshoot the VDI client.
Known Issues
Affected Products
Languages:
This article is available in the following languages:
