RE: Windows server 2025 VM's stuk after some hours/days after migrating fro m xenserver to xcp-ng

@rniesen Do you mean occasional hangs? Yes, Server 2025 is known to hang if these options are not present.

@rniesen Your VM is missing Viridian extensions (Hyper-V-compatible VM enlightenments implemented by Xen). This is typically due to the wrong VM template being chosen at the time of creation; the built-in Windows template should be used for all Windows VMs. There's an issue with Server 2025 that causes it to not run well without these features enabled.

Please power off your VM, run this command to add them back, then reboot:

xe vm-param-set uuid=<vm-uuid> platform:viridian=true platform:viridian_time_ref_count=true platform:viridian_reference_tsc=true platform:viridian_apic_assist=true platform:viridian_crash_ctl=true platform:viridian_stimer=true

@rniesen

Hi,

Could you check the VM's Viridian settings from the host:

xe vm-param-get uuid=... param-name=platform

Followed by checking the Windows BCDEDIT settings:

bcdedit /enum all

Hello all,

The XCP-ng Standard VGA Display Driver v0.1.34.2310 is released with important compatibility fixes for Windows Server.
Get it here: https://github.com/xcp-ng/win-xstdvga/releases

This driver provides high-resolution consoles and resolution switching in Xen Orchestra for Windows VMs running on the XCP-ng hypervisor.

This is a beta release. This driver will eventually be integrated into the main Windows PV tools package.

Changelog:

• Add support for multiple VGA devices
• Fix compatibility with older versions of Windows Server
• Enable CET Shadow Stack support
• Add device name branding

Hello all,

The XCP-ng Standard VGA Display Driver for Windows v0.1.29.2216 has been released https://github.com/xcp-ng/win-xstdvga

This driver provides high-resolution consoles and resolution switching for Windows VMs running on the XCP-ng hypervisor.

This is a beta release. This driver will eventually be integrated into the main Windows PV tools package.

Driver rereleased with bug fixes. See below

@acebmxer Re time issues: Do you have Xen tools or any other sources of time sync? Suspending a VM and then later resuming it will cause the VM's time to not be updated. It'll have to rely on either NTP or the Xen tools daemon to get the correct time.

@wilsonqanda Make sure to turn off "Network" in boot order. You might also want to increase the VM's root disk size when creating it.

Here's a full cloud config that I used (except the ssh keys):

#cloud-config
hostname: {name}
ssh_authorized_keys:
  - ssh-rsa ...
disable_root: false
apt:
  sources:
    xen-guest-agent:
      filename: xen-guest-agent.list
      source: deb [trusted=yes] https://gitlab.com/api/v4/projects/xen-project%252Fxen-guest-agent/packages/generic/deb-amd64/ release/
      append: false
packages:
  - xen-guest-agent

@busthead Do you see anything when typing dir FS0: at the shell? Also, can you upload the non-working ISO somewhere and send it to me via PM?

The Windows ISOs also require you to press a key to start Setup. If XCP-ng Center is not fast enough to display the screen then you may end up with the UEFI shell. Try starting the installation from Xen Orchestra or spamming a key when the VM is starting.

@Chemikant784 Never mind, I think I've found the right combination of Registry options to disable the driver installations from the onboard script side.

But yes, the idea is to make the process as automatic as possible. I can change the onboard script to shut down after the initial uninstallation instead.

Also, the installation MSI will need some changes in order to avoid being blocked by stale C000 devices.

@Chemikant784 Indeed one of the problems is that on newer versions of Windows, Microsoft decided to completely disregard several Windows Update policies, including the ones related to device installation (?!). So once the Citrix option is enabled, Windows will insist on installing the drivers for it no matter what, which is why the 2nd XenClean is needed after disabling the Windows Update option in order to clean up after Windows.

@Chemikant784 I've been preparing a reworked XenClean and XCP-ng driver onboarding tool here. Every time the onboard.ps1 script is run, it'll try to automatically uninstall old drivers and install the XCP-ng as conditions permit: https://nextcloud.vates.tech/index.php/s/eL4sfxQGxZXe8SX

The Windows Update device is quite stubborn since disabling it causes the problem as you said. Could you try the following procedure:

• Keep the Windows Update option enabled
• Block installation of the PCI\VEN_5853&DEV_C000 device using the "Prevent installation of devices that match any of these device IDs" setting
• Run XenClean
• Turn off the Windows Update option
• Install XCP-ng drivers

Getting rid of the Windows Update device is quite cumbersome... I'll look for a way to automate this

@psafont Freezing/thawing doesn't actually suspend a VM, but it's just a part of the backup process, where I/O operations are quiesced to create a stable view of the on-disk data.

@psafont Looks like these hooks are for suspend-resume rather than snapshot/backups? I couldn't find any mention of hook calls during the snapshot process

There used to be quiescent snapshot capabilities in older versions (mainly for Windows VSS support), but it has since been removed. I'd say @Team-XAPI-Network knows more about the reason.

@tsukraw There's no need to uninstall the old version, the upgrade is enough.

The feature to disable time sync is also just a convenience shortcut for setting the TimeSyncMode value in HKLM\SYSTEM\CurrentControlSet\Services\xenagent to a DWORD of 0. You can set it manually or through Group Policy if you wish. (In fact, GPO might be a better solution on domain environments)

@McHenry Turning off the Manage via Windows update first + tools uninstall + reinstall should take care of it.

@McHenry I think the detection is accurate in your case. Have you checked the driver versions in Device Manager? See https://docs.xcp-ng.org/troubleshooting/windows-pv-tools/#xenserver-vm-tools-not-upgrading-drivers-after-installation

@mickwilli Do you know what solved the issue, was it the tsc_mode=2+nomigrate=true one or was it a Windows update?

@acebmxer The Recommended actions section of the guest Secure Boot docs has been updated with our latest recommendations. In short, VMs existing prior to the varstored update will need to have their Secure Boot certificates updated with the Propagate certificates button.

@ovicz Ok, I've contacted the storage team for a look.