XenMobile: Android Citrix VPN could not connect with Samsung Note Devices

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

XenMobile: MAM enrollment is failing with an error: Http/1.1 Internal Server Error 43531

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

Netscaler SDX – Bad LACP packets from SDX device



SDSC-N77-PROD# sh lacp internal event-history errors

1) Event:E_DEBUG, length:87, at 173109 usecs after Tue Oct 3 12:55:55 2017

[102] lacp_net_rx_data(283): Rcvd BAD PDU: Sanity failed: if_idx 0x1a090000: pkt_len 64

2) Event:E_DEBUG, length:87, at 112596 usecs after Tue Oct 3 12:55:55 2017

[102] lacp_net_rx_data(283): Rcvd BAD PDU: Sanity failed: if_idx 0x1a010000: pkt_len 64

3) Event:E_DEBUG, length:87, at 26104 usecs after Tue Oct 3 12:55:55 2017

[102] lacp_net_rx_data(283): Rcvd BAD PDU: Sanity failed: if_idx 0x1a08f000: pkt_len 64

4) Event:E_DEBUG, length:87, at 984448 usecs after Tue Oct 3 12:55:54 2017

[102] lacp_net_rx_data(283): Rcvd BAD PDU: Sanity failed: if_idx 0x1a00f000: pkt_len 64

5) Event:E_DEBUG, length:87, at 530838 usecs after Tue Oct 3 12:55:54 2017

[102] lacp_net_rx_data(283): Rcvd BAD PDU: Sanity failed: if_idx 0x1a08e000: pkt_len 64

Related:

  • No Related Posts

Configuring a SDX Channel from the SVM


To configure a channel from the Management Service

1. On the Configuration tab, navigate to System > Channels.

2. In the details pane, click Add.

3. In the Add Channel dialog box, set the following parameters:

Channel ID—ID for the LA channel to be created. Specify an LA channel in LA/x notation, where x can range from 1 to a number equal to one-half the number of interfaces. Cannot be changed after the LA channel is created.

Possible values:

Static: configured only on the data interfaces.

Active-Active: configured only on the management interfaces 0/x.

Active-Passive: configured only on the management interfaces 0/x.

LACP: configured on data interfaces as well as the management interfaces 0/x.

Throughput (Applies only to a static channel and LACP): Low threshold value for the throughput of the LA channel, in Mbps.

Bandwidth High (Applies only to a static channel and LACP): High threshold value for the bandwidth usage of the LA channel, in Mbps. The appliance generates an SNMP trap message when the bandwidth usage of the LA channel is equal to or greater than the specified high threshold value.

Bandwidth Normal (Applies only to a static channel and LACP): Normal threshold value for the bandwidth usage of the LA channel, in Mbps. When the bandwidth usage of the LA channel becomes equal to or less than the specified normal threshold after exceeding the high threshold, the NetScaler appliance generates an SNMP trap message to indicate that bandwidth usage has returned to normal.

4. On the Interfaces, add the interfaces that you want to include in this channel.

5. On the Settings, set the following parameters:

Channel State (Applies only to a static channel)—Enable or disable the LA channel.

LACP Time (Applies only to LACP): Time after which a link is not aggregated if the link does not receive an LACPDU. The value must match on all the ports participating in link aggregation on the SDX appliance and the partner node.

Long: Every 30 seconds with a 90 second timeout

Short: Every 1 second with a 3 second timeout

HA Monitoring—In a High Availability (HA) configuration, monitor the channel for failure events. Failure of any LA channel that has HA MON enabled triggers HA failover.

Tag All—Add a four-byte 802.1q tag to every packet sent on this channel. The ON setting applies tags for all VLANs that are bound to this channel. OFF applies the tag for all VLANs other than the native VLAN.

6. Click Create, and then click Close.

Related:

Netscaler VPX 1000 – Azure – Slowness getting through Netscaler.


With 12.0 builds, we have changed default yield behavior for PE vCPUs. vCPU will not yield to hypervisor, even though if there is less/moderate traffic in 12.0 build, which was not the case for 11.1 builds. That’s the reason, VPX vCPU is always 100% on hypervisor. However, vCPU is allocated to management core might not be 100%.

NetScaler yields PE vCPUs to hypervisor in sparse/moderate traffic cases. Since we have observed Tx overflow/congestion, it’s somewhat related to scheduling, we thought not yielding vCPU helps in improving the situation.

– set ns vpxparam -cpuyield NO

Upgrade to 12.0.53.X+

Related:

Netscaler GSLB is answering queries for Vserver that are Down.


When the GSLB vserver is down, with all the corresponding gslb services in the down state, the DNS query response can have the IP addresses of the down GSLB services. This is by design/expected behavior.

However, you can configure the GSLB virtual server to send an empty down response (enable EDR on GSLB Vserver). When this option is set, a DNS response from a GSLB virtual server that is in a DOWN state does not contain IP address records, and this prevents clients from attempting to connect to GSLB sites that are down.


https://docs.citrix.com/en-us/netscaler/10-1/ns-tmg-wrapper-10-con/netscaler-gslb-gen-wrapper-10-con/ns-gslb-protct-setup-against-fail-con.html

Configuring a GSLB Virtual Server to Respond with an Empty Address Record When DOWN

A DNS response can contain either the IP address of the requested domain or an answer stating that the IP address for the domain is not known by the DNS server, in which case the query is forwarded to another name server. These are the only possible responses to a DNS query.

When a GSLB virtual server is disabled or in a DOWN state, the response to a DNS query for the GSLB domain bound to that virtual server contains the IP addresses of all the services bound to the virtual server. However, you can configure the GSLB virtual server to in this case send an empty down response (EDR). When this option is set, a DNS response from a GSLB virtual server that is in a DOWN state does not contain IP address records, but the response code is successful. This prevents clients from attempting to connect to GSLB sites that are down.

Note: You must configure this setting for each virtual server to which you want it to apply.

To configure a GSLB virtual server for empty down responses by using the command line interface

At the command prompt, type:

set gslb vserver<name> -EDR (ENABLED | DISABLED)

Example

> set gslb vserver vserver-GSLB-1 -EDR ENABLED Done 

To set a GSLB virtual server for empty down responses by using the configuration utility

  1. Navigate to Traffic Management > GSLB > Virtual Servers.
  2. In the GSLB Virtual Servers pane, select the GSLB virtual server for which you want to configure a backup virtual server (for example, vserver-GSLB-1).
  3. Click Open.
  4. On the Advanced tab, under When this VServer is “Down,” select the Do not send any service’s IP address in response (EDR) check box.
  5. Click OK.

Related:

Error: “Functional Level Too Low For Catalog” While Registering VDAs in XenApp

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

VDA registration fails due to incorrect DNS configuration

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

Citrix XenMobile 10.x Multiple Security Updates

A number of security vulnerabilities have been identified in Citrix XenMobile Server. The vulnerabilities have been assigned the following CVE numbers.

Affecting XenMobile Server 10.7 and 10.8:

  • CVE-2018-10653 (High): XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server
  • CVE-2018-10650 (Medium): Insufficient Path Validation Vulnerability in Citrix XenMobile Server
  • CVE-2018-10654 (Medium): Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server
  • CVE-2018-10648 (Low): Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server
  • CVE-2018-10651 (Low): Open Redirect Vulnerabilities in Citrix XenMobile Server


Affecting XenMobile Server 10.7:

  • CVE-2018-10649 (Medium): Cross-Site Scripting Vulnerability in Citrix XenMobile Server
  • CVE-2018-10652 (Medium): Sensitive Data Leakage in Citrix XenMobile Server

These issues have already been addressed in the Citrix Cloud service.

Related:

Ports required for VDA Registration and session launch are unavailable

To resolve this issue, peview the ports currently in use in the Site and verify they are not being used by other applications. If needed, resolve port conflicts to ensure the ports are available for the VDAs to use:

1. Open a command line window on the VDA

2. Type in <netstat –ano | find “:serviceport”> (where serviceport is the portnumber being used, for example :80)

C:>netstat -ano |find “:80”

TCP 192.168.0.115 61311 186.6.57.55:80 ESTABLISHED 1584

TCP 192.168.0.115:61351 186.6.57.55:80 ESTABLISHED 1584


3. In the output, the last column represents the process id that is using the port

4. In the example above, process 4 and 1584 are using the port 80

5. Use tasklist to find the process using port 80

C:>tasklist |find “1584”

Httpd.exe 1584 Console 1 132,242 K

6. In this case, Apache server is using the process

7. Decide if you want to stop the process or reconfigure the application in use to use another port.

Related: