Citrix Virtual Delivery Agent (VDA) 2402 Upgrade via SCCM Task Sequence

If you’re a Citrix or ConfigMgr (MECM/SCCM) guy/gal looking to upgrade Citrix VDA to version 2402 using a Task Sequence, you’re in the right place.

As you may be aware, Citrix recently announced a vulnerability which can be found here: Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2024-6151.

Reading the bulletin notes about what customers should do, they recommended upgrading older Citrix VDAs to versions which contain the fixes.

I was requested to upgrade our current Citrix VDAs (2203, 2209, etc.) to version 2402 for the following:

  1. Single Session Remote PCs provisioned in Azure with VDA installed
  2. Single Session VDIs provisioned using Machine Creation Services (MCS)
  3. Multi Session VDIs provisioned using Machine Creation Services (MCS)

Even though I managed to get the Task Sequence working, I’m still beating my brain testing the Citrix VDA deployment using an Application or Package, and deployed to machines which have never had the agent installed before (new builds, existing installs) to see if I can deploy without having to rely on a Task Sequence.

Where do I go? What do I do?

Here is the page where you can see Citrix’s latest security bulletins. Save it for next time.

Here is Citrix official documentation on how to package and deploy Citrix VDA v2402 using SCCM.

Here is how Citrix wants you to install using command line and here are the Citrix installation return codes.

Most importantly, here is how to Citrix wants you to deploy via 3rd party applications (SCCM/Ansible/Intune).

How to create SCCM Task Sequence for Citrix VDA v2402

Here is how Citrix recommends we create the Task Sequence.

Prerequisites

First, I created a package for Citrix VDA Workstation Setup v2402 within SCCM console, then added it to my newly created Task Sequence. If you don’t have the files, you’ll need someone on your team with a Citrix account to download it from the portal.

Second, I followed Citrix’s grouping as you will see in the screenshots.

I have deployed this to SingleSession machines so far, however I’ll be using the same task sequence with some modifications for the MultiSession ones as well.

Step 1. Restart computer.

Pending Windows Updates requiring reboot, something else, you never know…

Step 2. Install .NET Framework 4.8 and Visual C++

*** I haven’t included the prereqs however according to this Citrix article for deploying VDA v2311 using SCCM – the prerequisites are installed during installation…if required. Still, I think it’s generally a good idea to include the binaries in this step of your Task Sequence.

Step 3. Install VDA First Attempt

Begin VDA installation using Citrix package and command line installer. My install command line is:

VDAWorkstationSetup_2402.exe /controllers "controller1.mydomain.com controller2.mydomain.com" /remotepc /quiet /noreboot /noresume /enable_remote_assistance /enable_real_time_transport /enable_ss_ports /xendesktopcloud /enable_hdx_ports /NO_MEDIAFOUNDATION_ACK /components vda /includeadditional "Citrix VDA Upgrade Agent"

This step has Package checked and pointing to my Citrix Package for VDA 2402.

The Options tab for this step will check if the following condition is true:

C:\Program Files\Citrix\Virtual Desktop Agent\BrokerAgent.exe version is 7.41.100.109

There are of course other ways you can do this, but for me this is what worked and is considered precise.

Step 4. Restart computer.

Step 5. Install VDA Second Attempt

This step runs the following command line:

%ProgramData%\Citrix\XenDesktopSetup\XenDesktopVdaSetup.exe

and in the Options tab of the step, there is a condition to check that the following file exists:

%ProgramData%\Citrix\XenDesktopSetup\CitrixVirtualDesktopAgent.xml

Step 6. Restart computer

This step has 2 conditions in the Options tab, which suggests that the return code of Step 5 (2nd VDA install attempt) should not equal to 0 or 8 in order to reboot.

For reference, here is Citrix’s installation return codes.

Task Sequence variable _SMSTSLastActionRetCode not equals "0"

Task Sequence variable _SMSTSLastActionRetCode not equals "8"

Step 7. Install VDA

In this step, I’ve repeated the same as Step 5 (Install VDA Second Attempt), where it will run the following command line:

%ProgramData%\Citrix\XenDesktopSetup\XenDesktopVdaSetup.exe

And in the Options tab of this step, it says it will run if the following condition is not met:

C:\Program Files\Citrix\Virtual Desktop Agent\BrokerAgent.exe version not equals 7.41.100.109

Step 8. Restart computer based on return code of 3.

Step 9. Restart that computer one more time with no return code conditions because only real IT professionals know that restarts are the solution to every problem.

Issues Faced and Troubleshooting Tools

Citrix VDA Cleanup Utility

In this case, we used ConfigMgr to check the device’s Installed Applications x64 (right-click on device in CM console > select Start > select Resource Explorer > select Installed Applications x64) and we ended up using the Citrix VDA Cleanup Utility However, be aware that Citrix does not recommend using this tool unless absolutely necessary.

When deploying Citrix VDA v2402 via SCCM Task Sequence, we experienced one machine in particular which was showing multiple older versions of Citrix VDA installed.

ConfigMgr Task Sequence Monitor

This is another great tool which I use for monitoring my Task Sequences. It uses Powershell and neatly displays the Task Sequence allowing me to filter for great information, as well as see the install return codes, error codes and help me pinpoint the exact issue. You can find it here on ConfigMgr Task Sequence Monitor (smsagent.blog).

You can find a bunch of built-in and manual ways to monitor your Task Sequences in this informative blog article from System Center Dudes.

Conclusion

If this article helped you or completely destroyed your environment, please leave a comment or share with others.

Leave a Reply

Your email address will not be published. Required fields are marked *