Citrix PVS – Management Interface: vDisk file access was denied

During some tests in Citrix PVS lab environment I wanted to make a copy of a vDisk. So I’ve copied the files and imported it in PVS Console. When I wanted to change new vDisk properties and I’ve get that kind of error message:

pvs_vdisk__access_error1_1

Management Interface: vDisk file access was denied.

I found the same error message in Citrix KB: CTX124219.

Cause:
The account running the Streaming service needs access to the vDisk file location path.

Resolution:
Provide the Streaming service ID for proper access to the vDisk file location.

Yeah, that’s great, but what does that mean? What is service ID? Let’s try to verify “Citrix PVS Stream Service” log on account:

pvs_vdisk__access_error_2

It was PoC installation, so “Citrix PVS Stream Service” was using “Network Service” account. The next step was to verify vDisk files permissions. XA_template vDisk was created by PVS service:

S:\XA_Store>icacls XA_template.vhd
XA_template.vhd NT AUTHORITY\NETWORK SERVICE:(F)
BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Users:(I)(RX)

and my copied file:

S:\XA_Store>icacls XA_test.vhd
XA_test.vhd BUILTIN\Administrators:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
domain\my_user_account:(I)(F)
BUILTIN\Users:(I)(RX)

As you can see, the “Network Service” doesn’t have access to that new vDisk file. So let’s grant that specific permission:

S:\XA_Store>icacls XA_test.* /grant "NT AUTHORITY\NETWORK SERVICE":(F)
processed file: XA_test.lok
processed file: XA_test.pvp
processed file: XA_test.vhd
processed file: XA_test.xml
Successfully processed 4 files; Failed processing 0 files

We can also remove permissions from my user account:

S:\XA_Store>icacls XA_test.* /remove "domain\my_user_account"
processed file: XA_test.lok
processed file: XA_test.pvp
processed file: XA_test.vhd
processed file: XA_test.xml
Successfully processed 4 files; Failed processing 0 files

After that operations we will have to restart streaming service and you will be able to access that specific vDisk.

Of course in production environment you sould always use dedicated technical account for “Citrix PVS Stream Service“. That account should have also access to vDisk stores directories.

[2014-03-01] Update: Similar problem on Citrix KB: Copied vDisk Fails to Boot in Private Mode [CTX138782]

Post author

There are 2 Comments

  1. Posted by Eric Reply

    Thanks, this was the fix for me!

  2. Posted by Joe Shonk Reply

    “Of course in production environment you sould always use dedicated technical account for “Citrix PVS Stream Service“. That account should have also access to vDisk stores directories.”

    No, this is incorrect. Using Network Services in more secure that an old fashion service account.

    Joe

Leave a Reply