XCP-ng Windows PV-Drivers 8.2.2

[borzel]

The Xen Project PV-Drivers 8.2.2 are officially released (https://xenproject.org/downloads/windows-pv-drivers/windows-pv-drivers-8-series/windows-pv-drivers-8-2-2/), so we can follow them.

• [x] setup a fresh win10 buildnode
• [x] build win-xenbus
• [x] build win-xenvif
• [x] build win-xennet
• [x] build win-xenvbd
• [x] build win-xeniface
• [x] fix the "Driver Package is untrusted" issue
  • [x] install Vates certificate into the Computers Trusted Publishers Store before sillently installing the PV drivers
  • [x] resolve untrusted verification of the .inf files with the .cat files
• [x] Update trouble shooting guide
• [ ] Check if CITRIX-Drivers are present and abort installer to avoid mixing the drivers resulting in an unbootable VM
• [ ] Allow installation and use without "Window Update" enabled (aka without the additional CITRIX PCI vendor device)
• [ ] ~~Check and fix VSS driver~~
• [ ] Fix the branding issues (duplicate names XCP-ng XCP-ng)

[borzel]

aahhh!!!! could not build xeniface because of a bug in Windows Driver KIT 10.0.17763.0 ... ahhh!!!!
They had their #pragma (push) and #pragma (pop) not in sync to each other

maybe now it builds ...

References:

• https://developercommunity.visualstudio.com/content/problem/386142/windows-sdk-100177630-pragma-push-pop-mismatch-in.html

[borzel]

build of PV Drivers 8.2.2 was successfull Now I test on a german Windows 10 Pro x64 to install all the fun stuff, if this goes well, we have the next beta release :-)

[borzel]

for our brave testers: https://github.com/xcp-ng/win-pv-drivers/releases/tag/v8.2.2-beta

[stormi]

Thanks @borzel :+1:

[borzel]

:exclamation: Found the reason why the drivers get not installed when the main installer runs :exclamation:

C:\Windows\INF\setupapi.dev.log

• Driver package signer is unknown. Assuming untrusted signer.
• Driver package failed signature validation. Error = 0xE0000242

Searching how to resolve this... :thinking:

[borzel]

So if you install the drivers later (like mentioned in some troubleshooting guides and posts) this pops up:

and this is in the logfile C:\Windows\INF\setupapi.dev.log

... :thinking: ...

EDIT: This all happens on an fresh installed Windows 10 - 1803 - Build 17134.112 - German locale

[borzel]

Hmm... after some reading .. all the relevant things are there:

• valid Certificate Chain - from Certum
• valid Timestamp - from Symantec :-/
• valid Cross Certificate Chain - from Microsoft

[borzel]

Here someone has the same problem, but with Windows 7 (still reading):

https://social.msdn.microsoft.com/Forums/office/en-US/b65222ea-d11a-41cd-8d9b-fef43aedb065/howto-sign-kernel-driver-for-automated-field-deployment?forum=wdk

[borzel]

Our .cat file maybe is not properly signed:

[borzel]

ahhh!!!! :bulb:

If you manually acknowledge the driver signature and the checkbox (trust software from "Vates") it installs the public cert into your ~personal~ computers certificate store.

As I worked on the installer I wondered why CITRIX installed his public cert in the certificate store ... but maybe it's for that exact reason :man_facepalming: so that the driver installing can work silently in the main installer.

Oh man (and all woman)! MS and documenting the relevant stuff is hard... you get all possible yadda yadda and BLA BLA in the docu, but not the important stuff. :fire:

[borzel]

Installed the Vates cert in the trusted publisher cert store:

another problem occures:

So maybe the .cat file is not created properly.

[borzel]

Ahh!!! :bulb:

The cert has to be in the computers trusted publishers store!

[borzel]

There is the relevant function (https://github.com/xcp-ng/win-installer/blob/d232c8e5b074f1137f83b1d9d0d858fc727ea790/src/HelperFunctions/Helpers.cs#L88):

And there our cert is/has to be mentioned (https://github.com/xcp-ng/win-installer/blob/d232c8e5b074f1137f83b1d9d0d858fc727ea790/src/InstallAgent/InstallAgent.cs#L361):

[borzel]

Release Candidate is here: https://github.com/xcp-ng/win-pv-drivers/releases/tag/v8.2.2.200-RC1

Please test and report back!

[sanmigit]

Management Agent fails to install on Windows Server Standard 2019 Spanish (Spain) (probably cosmetic) Event viewer complains about unmanaged system exception:

Aplicación: InstallAgent.exe Versión de Framework: v4.0.30319 Descripción: el proceso terminó debido a una excepción no controlada. Información de la excepción: System.Exception en HelperFunctions.Helpers.BitIdxFromFlag(UInt32) en PVDevice.PVDevice.AllFunctioning() en InstallAgent.InstallAgent.__InstallThreadHandler() en InstallAgent.InstallAgent.InstallThreadHandler() en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) en System.Threading.ThreadHelper.ThreadStart()

Despite the error, my Xenserver 7.2 reports: I/O optimized Management Agent installed Not able to receive updates from Windows Update

And after running C:\Program Files\XCP-ng\XenTools\install-XenProvider.cmd my list of vss providers reports XCP-ng XEN VSS Provider flawlessly:

C:\Program Files\XCP-ng\XenTools>vssadmin list providers vssadmin 1.1 - Herramienta administrativa de línea de comandos del Servicio de instantáneas de volumen. (C) Copyright 2001-2013 Microsoft Corp.

Nombre de proveedor 'Microsoft File Share Shadow Copy provider' Tipo de proveedor: Recurso compartido de archivos Id. de proveedor: {89300202-3cec-4981-9171-19f59559e0f2} Versión: 1.0.0.1

Nombre de proveedor 'Microsoft Software Shadow Copy provider 1.0' Tipo de proveedor: Sistema Id. de proveedor: {b5946137-7b9f-4925-af80-51abd60b20d5} Versión: 1.0.0.7

Nombre de proveedor 'XCP-ng XEN VSS Provider' Tipo de proveedor: Hardware Id. de proveedor: {3aeb8223-a8eb-43a2-8ff7-868312e67a8f} Versión: 1.0

[borzel]

@sanmigit from what I see on your screenshot: you just have to reboot, this is a known error :-)

[nagilum99]

Is that related to the bug, which appears only if language is not english?

[borzel]

@nagilum99 no, that language bug is only related to Windows Update. We don't have XCP-ng packages in windows update (yet)

[imtrobin]

Testing XCP-ng.Windows.PV.Drivers.8.2.2.200-rc1 on XCP-NG 7.6.0, win10 LTSC 64bit, english.

It works great, thanks!

[imtrobin]

Sorry, I spoke too fast. I did get one instance installed fine, but I cannot repeat it in subsequent installs. In other VMs

1. First install 8.2.2.200-rc1, will result"Management Management Agent Failed to install",
2. Install again with Repair, it will show Windows Management Agent installed successfully'
3. Reboot, but Windows Management Agent is not installed.

I still have the instance where the Windows Management Agent is working fine ,but I can't reproduce it today.

[olivierlambert]

Same Windows 10 64bits?

[imtrobin]

Yes, same win 10 LTSC. Actually I'm trying two different machines, fresh win10 VMs, same results.

Both will get BSOD StopCode: INACCESSIBLE BOOT DEVICE after I install XCP-ng.Windows.PV.Drivers.8.2.2.200-rc1

I think win10 seems to be installing a version itself , maybe from windows update? The strangest thing is the working LTSC from yesterday is working fine, but today new installs will BSOD.

[olivierlambert]

I'm downloading Win 10 LTSC right now for my lab and I'll report back

[olivierlambert]

So I did a fresh install of Win 10 US LTSC 64 bits.

Here is the device manager after the first boot:

As you can see, all emulated drivers. Then I downloaded the ZIP file or RC drivers, extracted and run "setup":

Then after reboot I had:

And finally, the device manager now:

Also the management agent is running well:

[olivierlambert]

Also some disk bench showing PV drivers are here:

[imtrobin]

Repro Test 1

1. Fresh Install. The device manager looks the same as yours.
2. Reboot. I get the popup XenServer PV Storage Host needs to restart. I did not install the guest tools yet. 3.Reboot. The device manager already shows XenSRC PVDisk
3. Now I also get the popup, Xenserver PV Network Class needs to restart. I did not yet install guest tools.
4. Reboot. It already has the this installed without me installing the guest tools
5. Install guest tools. Fail to install guest management tools.
6. Reboot. BSOD

Repro Test 2 1 Fresh Install. 2. Reboot. I get the popup XenServer PV Storage Host needs to restart. I press Cancel and install tools 3. Run setup again. Still fail to install guest managemant tools 4.Reboot. BSOD

The one that worked, I might have installed the guest tools directly without reboot. I will a bit more tests later.

[imtrobin]

Ok, got a working repro test

1. Fresh Install
2. Do not reboot as it will somehow pull a version from somewhere else. Install Guest tools immediately.
3. It will popup with host requiring a reboot. Reboot.
4. It will popup another reboot required. Reboot. It will show Management Agent installed. All working well.

So I wasn't drunk when I installed the first time., The reboot before install guest tool is the one causing the problem. In subsequent installs, I shutdown the VM to do a snapshot.

[borzel]

@imtrobin @olivierlambert it's installing the Citrix drivers from Windows Update. If you install also our drivers windows gehts confused and you are in trouble.

How to avoid that? Sone times ago I reserved the pci device number for XCP-ng for exact that reason. So that VMs with that pci device number instead of the Citrix one is created and prevent the citrix drivers from windows update.

[borzel]

@olivierlambert reference: https://github.com/xcp-ng/xcp/issues/76

[olivierlambert]

@imtrobin yeah just follow the installer and keep the I/O driver ticked and only reboot when asked, it will work.