How to Configure and Troubleshoot Browser Content Redirection

Browser Content Redirection controls and optimizes the way XenApp and XenDesktop deliver any web browser content (like HTML5) to users. Only the visible area of the browser where content is displayed (a.k.a viewport) will be redirected.

1.0 Feature Requirements

Client side:

Citrix Receiver for Windows 4.10 or higher

  • Windows 7, 8.x,or 10,and Internet Explorer 11.

Citrix Receiver for Linux : 13.9

  • WebKitGTK+ 2.16 or higher should be packaged with the Linux distribution

XenApp / XenDesktop 7.16-7.17-7.18:

VDA operating system: Windows 10 (1607 or higher), Windows Server 2012 R2, Windows Server 2016

Browser on the VDA: Internet Explorer 11 with HdxjsInjector Add-On (BHO) enabled.

HdxVideo.js is injected on the webpage with the help of Internet Explorer Browser Helper Object (BHO).

BHOs are a plugin model for Internet Explorer that provides hooks for browser APIs.

Policies

The following policies are available for the Browser Content Redirection feature in Citrix Studio:

User-added image

2.0 Browser Content Redirection policyBy default, Citrix Receiver tries client fetch and client render. If client fetch and client render fails, server-side rendering is tried. If you also enable the Browser Content Redirection proxy configuration policy, Citrix Receiver tries only server fetch and client render.

By default, the Browser Content Redirection policy is set to Allowed.

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINESOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionType: DWORD1 = Browser content redirection is Allowed.0 = Browser content redirection is Prohibited

2.1 Browser Content Redirection ACL Configuration policy

Use this policy to configure an Access Control List (ACL) of URLs that can use browser content redirection or are denied access to browser content redirection.

Authorized URLs are the whitelisted URLs whose content is redirected to the client. The wildcard * is permitted, but it isn’t permitted within the protocol or the domain address part of the URL:

  • Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos*
  • Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only the index.html page is redirected.

By default, this setting is set to https://www.youtube.com/*

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINECitrixHdxMediastreamName: WebBrowserRedirectionACLType: REG_MULTI_SZ

2.2 Browser Content Redirection Blacklist Configuration policy (7.17 and higher)

This setting works along with the Browser Content Redirection ACL Configuration policy. If URLs are present in the Browser Content Redirection ACL Configuration policy and the Browser Content Redirection Blacklist Configuration policy, the blacklist configuration takes precedence and the browser content of the URL isn’t redirected.

Policy Settings:

  • Unauthorized URLs: Specifies the blacklisted URLs whose browser content isn’t redirected to the client, but rendered on the server. The wildcard * is permitted, but it isn’t permitted within the protocol or the domain address part of the URL.
  • Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos*
  • Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only index.html is blacklisted.

By default, this list is empty.

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

HKLMSOFTWAREWow6432NodeCitrixHdxMediastreamOrHKLMSOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionBlacklistType: REG_MULTI_SZ​

2.3 Browser Content Redirection Proxy Configuration policy

This policy provides configuration options for proxy settings on the VDA for Browser Content Redirection feature.

If enabled with a valid proxy address and port number, only Server Fetch Client Rendering is attempted.

If disabled or left unconfigured with default value, Client Fetch Client Rendering is attempted.

Allowed pattern: http://<hostname/ip address>:<port>

For example, http://proxy.example.citrix.com:80

By default, this setting is prohibited in Studio.

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

(Registry path varies depending on VDA architecture):

HKLMSOFTWAREWow6432NodeCitrixHdxMediastreamOrHKLMSOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionProxyAddressType: REG_SZ

2.4 Browser Content Redirection Authentication Sites policy (7.18 and higher)

This setting allows you to configure a list of URLs that sites redirected via Browser Content Redirection can use to authenticate a user.

In other words, it specifies the URLs for which Browser Content Redirection will remain active (redirected) when navigating away from a whitelisted URL.

A classic scenario is a website that relies on an Identity Provider (IdP) for authentication.

For example, website www.xyz.com needs to be redirected to the endpoint, but the authentication portion is handled by a third party IdP, like Okta (www.xyz.okta.com).

The Admin would need to use the Browser Content Redirection ACL Configuration policy to whitelist www.xyz.com, and use Browser Content Redirection Authentication Sites to whitelist www.xyz.okta.com.


Registry override options on the VDA for policy settings:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINECitrixHdxMediastreamName: WebBrowserRedirectionAuthenticationSitesType: REG_MULTI_SZ

2.5 Client Side Optimization

The following registry key can be set on the Client (Receiver for Windows 4.10 only, in 4.11 is already included by default) in order to enable HdxBrowser.exe (the overlay browser on the endpoint responsible for Client-side rendering) to use the GPU resources on the Client, hence reducing CPU utilization.

HKEY_LOCAL_MACHINE (and in HKEY_CURRENT_USER) SOFTWARE Microsoft Internet Explorer Main FeatureControl FEATURE_GPU_RENDERING (create if not present) HdxBrowser.exe = (DWORD) 00000001___________________________________________________________________________________________________________________________

3.0 Browser Content Redirection Troubleshooting

3.1 General troubleshooting steps

Step May clear problem in
Close Internet Explorer, re-open, and navigate to a whitelisted site. Browser Add-On and HdxVideo.js file
Disconnect and reconnect the session. Receiver, HdxBrowser.exe, WebsocketAgent, and services
Logoff and logon to a new session. Receiver, HdxBrowser.exe, WebsocketAgent, and services
Stop the services: 1. Browser redirection service, 2. HTML5 redirection service, and 3. Port forwarding service. Restart them in reverse order listed. Logoff and logon the session. All components


3.2 Data to collect for troubleshooting

CDF modules to trace:

VDA Side Receiver Side
HDX_Multimedia_BrowserService
HDX_Multimedia_HdxjsInjector
HDX_Multimedia_PortForwardLibrary
HDX_Multimedia_PortForwardService
HDX_Multimedia_WebSocketAgent
HDX_Multimedia_WebSocketPipe
HDX_Multimedia_WebSocketService
PE_Service_CtxEchoSvc
PE_Library_GvchBase
IcaClient_DriversVd_BrowserRedir
IcaClient_DriverVd_PortForward
Ica_Multimedia_HdxBrowser

Ensure HdxBrowser.exe is running on Receiver while you are on a whitelisted site.


4.0Browser JavaScript log live debugging:

  1. Open %programfiles%CitrixHTML5 Video RedirectionHdxVideo.js

    (or depending on your VDA version, the Javascript can also be located inside a folder called %programfiles%CitrixICASERVICE)

    You might need to do this running Notepad as an Admin and opening the .js file from the Open menu

  2. Change the line var DEBUG_ONLY = false; to var DEBUG_ONLY = true;

    Save the file and close your Editor.

  3. Close Internet Explorer and reopen it, hit f12, and go to the Console tab. Browse to a whitelisted site, e.g. https://www.youtube.com

  4. You should see traces from [HdxVideo.js] (example below). Collect the entire log.

    Key messages to look for are highlighted in bold, with additional comments inside brackets [ ]:

    [HdxVideo.js] OnUnload (window): [object Window]

    [HdxVideo.js] DocumentBodySuppressor.start()

    [HdxVideo.js Events] interceptEventListeners()

    [HdxVideo.js] DocumentBodySuppressor.trySetBodyStyle(): stopping observer

    [HdxVideo.js] OnLoad (window): [object HTMLDocument]

    [HdxVideo.js] Unredirected video count: 0

    [HdxVideo.js] HDX_DO_PAGE_REDIRECTION: true [if false, redirection is not even attempted. Problem with policies or browser Extension?]

    [HdxVideo.js] infallback: undefined

    [HdxVideo.js] Installing event listeners.

    [HdxVideo.js] msexitFullscreen – Found!

    [HdxVideo.js] onWSOpen: [Websocket opening to WebsocketAgent.exe 127.0.0.1:9001 succeeded. If failed, check your IE Security Settings]

    [HdxVideo.js] >>> {“v”:”pageurl”,”url”:”https://www.google.de/”}

    [HdxVideo.js] onVisibilityChange:

    [HdxVideo.js] >>> {“v”:”vis”,”vis”:true}

    [HdxVideo.js] onResize:

    [HdxVideo.js] >>> {“v”:”pageredir”}

    [HdxVideo.js] sendClientSize: w: 1316 h: 755

    [HdxVideo.js] >>> {“v”:”clisz”,”w”:1316,”h”:755}

    CSI/tbsd_: 15.599,072ms

    CSI/_tbnd: 15.658,128ms

    [HdxVideo.js] <<< {“v”:”winid”,”title”:”CitrixVideo:{1b83a2dc-39ae-4455-ad7d-d56e71fbb45d}”}

    [HdxVideo.js] onWSMessage: winid: CitrixVideo:{1b83a2dc-39ae-4455-ad7d-d56e71fbb45d}

    [HdxVideo.js] setWindowTitle: CitrixVideo:{1b83a2dc-39ae-4455-ad7d-d56e71fbb45d}

    [HdxVideo.js] documentTitleMutator.start()

    [HdxVideo.js] >>> {“v”:”winid”}

    [HdxVideo.js] <<< {“v”:”pageredir”} [VDA is instructing Receiver to start the redirection process]

    [HdxVideo.js] onWSMessage: pageredir

    [HdxVideo.js] Redirecting page — 화이팅! https://www.google.de/ [Korean characters means the redirection was successful]

A common error is:

[HdxVideo.js] OnUnload (window): [object Window]

Navigation Event Separator HTML1300: Navigation occurred.
www.youtube.com

[HdxVideo.js] DocumentBodySuppressor.start()

[HdxVideo.js Events] interceptEventListeners()

[HdxVideo.js] DocumentBodySuppressor.trySetBodyStyle(): stopping observer

[HdxVideo.js] OnLoad (window): [object HTMLDocument]

[HdxVideo.js] Installing event listeners.

[HdxVideo.js] msexitFullscreen – Found!


[HdxVideo.js] doRedirection(): exception connecting to WebSocket: SecurityError

[HdxVideo.js] onWSError:

[HdxVideo.js] Showing content — suspendRedirection.

In the Developer Tools console this can be seen as:

User-added image

This is caused by some security configurations in IE11’s Security Zones.

Please add the following entries to to the Trusted Zone in IE11 (Internet Options -> Security)


5.0How to verify the webpage is redirected

Method #1: Drag the IE11 window quickly. You will notice a ‘delay’ or ‘out of frame’ between the viewport and the User Interface.

Also you will notice a quick change in the title on the Tab (CitrixVideoId) before the original title is placed back

User-added image


Method #2: When the right mouse button is clicked on window area, a customized context menu is displayed. Back/Forward menu items are currently disabled for the initial releases. The remaining menu items perform the following tasks:

  • Refresh: refreshes current client side web page.
  • Open: if the mouse point is focused on a hyper link, the link will be opened; otherwise, nothing will happen.
  • Open in New Tab: if the mouse point is focused on a hyper link, the link will be opened in a new Tab; otherwise, nothing will happen. (Note: for the initial release, this works only when pop-up is enabled on VDA side IE instance.)
  • Open in New Window: if the mouse point is focused on a hyper link, the link will be opened in a new Tab; otherwise, nothing will happen. (Note: for the initial release, this works only when pop-up is enabled on VDA side IE instance and the link is opened in a new Tab rather than in a new Window)
  • About HDX Browser Redirection: Browse to Citrix support site in a new Tab
User-added image

Related:

  • No Related Posts

Citrix Cloud Service Level Agreement Violation

Tradução automática

Эта статья была переведена автоматической системой перевода и не был рассмотрен людьми. Citrix обеспечивает автоматический перевод с целью расширения доступа для поддержки контента; Однако, автоматически переведенные статьи могут может содержать ошибки. Citrix не несет ответственности за несоответствия, ошибки, или повреждения, возникшие в результате использования автоматически переведенных статей.

Related:

  • No Related Posts

HDX Insight Diagnostics and Troubleshooting Guide

Skipped parsing ICA connection – HDX Insight not supported for this host

Log message example

: ICA Message 10973207 0 :

“Skipped parsing ICA connection – HDX Insight not supported for this host”

Jun 23 17:20:42

: ICA Message 10973208 0 :

“Skipping ICA flow: Session GUID [Undefined], Session setup time [Undefined], Client Type [0x0000], User [Undefined], Server [Undefined,192.168.48.205],

Ctx Flags [0x1000000], Track Flags [0x81000000], “

Related:

  • No Related Posts

How to Upgrade Software on NetScaler Appliances in High Availability Setup

Warning! Any customization within NetScaler or NetScaler Gateway might cause unexpected behavior during and after the upgrade or downgrade process. This could also lead to a possible configuration loss. Any sort of customization within NetScaler or NetScaler Gateway should be backed up and removed before the upgrade or the downgrade process.

To upgrade the software on the NetScaler appliances in a high availability setup, complete the following procedures, in the same order:

User-added image
1. Upgrading Secondary Appliance
User-added image
2. Upgrading Primary Appliance
User-added image
3. Synchronization of Secondary Appliance

Upgrading Software on the Secondary Appliance

To upgrade software on the secondary appliance, complete the following procedure:

User-added image

  1. Log on to the secondary NetScaler appliance using an SSH utility, such as PuTTY and specifying the NetScaler IP (NSIP). Use the nsroot credentials to log on to the appliance.

  2. From the command line interface of the appliance, type the following command to save the existing configuration:

    save config

  3. Switch to the shell prompt.

    login as: usernameUsing keyboard-interactive authentication.Password:Last login: Wed Jun 24 14:59:16 2015 from 10.252.252.65Done> shellCopyright (c) 1992-20
  4. Run the following command to change to the default installation directory:

    # cd /var/nsinstall

  5. Run the following command to create a temporary subdirectory of the nsinstall directory:

    # mkdir x_xnsinstall

    Note: The text x_x is used to name the NetScaler version for future configurations. For example, the directory for the installation files of NetScaler 9.3 will be called 9_3nsinstall. Do not use a period (.) in the folder name, it can cause failed upgrades.

  6. Change to the x_xnsinstall directory.

  7. Download the required installation package and documentation bundle, such as “ns-x.0-xx.x-doc.tgz”, to the temporary directory created in Step 4.

    Notes:

    • Some builds do not have a documentation bundle as it does not have to be installed.
    • Click the Documentation tab from the GUI to access the documentation.
  8. Before you run the install script, the files must be extracted and placed on the appliance. Use the following command to uncompress the bundle downloaded from Citrix website:

    tar -zxvf ns-x.0-xx.x-doc.tgz

    The following is a quick explanation of the parameters used –

    x – Extract files

    v – Print the file names as they are extracted one by one

    z – The file is a “gzipped” file

    f – Use the following tar archive for the operation

  9. Run the following command to install the downloaded software:

    # ./installns

    Note
    : If the appliance does not have sufficient disk space to install the new kernel files, the installation process performs an automatic cleanup of the flash drive.

  10. After the installation process is complete, the process prompts to restart the appliance. Press y to restart the appliance.

  11. Log on to the appliance Command Line Interface using the nsroot credentials.

  12. Run the following command from to display the state of the NetScaler appliance:

    > show ha node

    The output of the preceding command should indicate that the appliance is a secondary node and synchronization is disabled.

  13. Run the following command to disable synchronization on the appliance if synchronization is not disabled:

    > set ha node -hasync disabled

  14. Ensure that the configuration is complete and as expected.

  15. Run the following command to perform a force failover and takeover as primary appliance:

    > force failover

Upgrading Software on the Primary Appliance

To upgrade software on the primary appliance, complete the following procedure:

User-added image

Note: After completing the “Upgrading Software on the Secondary Appliance” procedure, the original primary appliance is now a secondary appliance.

  1. Log on to the secondary NetScaler appliance using an SSH utility, such as PuTTY. Use the nsroot credentials to log on to the appliance.Follow the same steps as mentioned in the above section to complete the installation process.We have to follow the same steps as mentioned in step 2 to step 9 in the previous section(Upgrading Software of the Secondary Appliance)

  2. After the installation process is complete, the process prompts to restart the appliance. Press y to restart the appliance.

  3. Log on to the appliance Command Line Interface using the nsroot credentials.

  4. Run the following command to display the state of the NetScaler appliance:

    > show ha node

    The output of the preceding command should indicate that the appliance is a primary node and the status of the node state is marked as UP.

  5. If the appliance is not a primary appliance, run the following command to perform a force failover to ensure that the appliance is a primary appliance:

    > force failover

  6. Verify that the appliance is a primary appliance.

Top of Page

Enabling Synchronization on the Secondary Appliance

To enable synchronization on the secondary appliance, complete the following procedure:

  1. Run the following command to verify that the appliance is a secondary appliance:

    > show node

  2. Run the following command to enable synchronization on the appliance:

    > set ha node -hasync enabled

  3. Run the following command to verify that the configuration of the secondary appliance is synchronized with that of the primary appliance:

    > show ns runningconfig

Top of Page

Related:

How to Obtain Performance Statistics and Event Logs from NetScaler

NetScaler CLI

You can run the nsconmsg command from NetScaler shell prompt without naming a file, to report events in real time.

  • Use the following syntax to read a historical file:

    /netscaler/nsconmsg -K /var/nslog/newnslog -d event

    Displaying event informationNetScaler V20 Performance DataNetScaler NS10.5: Build 57.7.nc, Date: May 14 2015, 07:35:21 rtime: Relative time between two records in millisecondsseqno rtime event-message event-time11648 16310 PPE-0 MonServiceBinding_10.104.20.110:443_(tcp-default)

    Notes: The preceding command uses -d event to request display of major events. The parameter -K (uppercase) is for reading and -k (lowercase) is for writing. If you accidentally use -k then you might overwrite any information.

  • To view the time span covered by a given newnslog file, use the syntax as in the following example:

    /netscaler/nsconmsg -K /var/nslog/newnslog -d setime

    The current data is appended to the /var/nslog/newnslog file. NetScaler archives the newnslog file automatically every two days by default. To read the archived data, you must extract the archive as shown in the following example:

    cd /var/nslog – This is the command to go to a particular directory from NetScaler Shell Prompt.

    tar xvfz newnslog.100.tar.gz – This is the command to extract the tar file.

    /netscaler/nsconmsg -K newnslog.100 -d setime – This is the command to check time span covered by the particular file, in this example newnslog.100.

    “ls -l”command can be used to check all the logs file and time stamp associated with those files

    root@NETSCALER# cd /var/nslog

    root@NETSCALER# ls -l

     wheel 461544 Aug 7 2014 newnslog.1.tar.gz-rw-r--r-- 1 root wheel 191067 Aug 7 2014 newnslog.10.tar.gz-rw-r--r-- 1 root wheel 11144873 Apr 26 22:04 newnslog.100.tar.gz-rw-r--r-- 1 root wheel 11095053 Apr 28 22:04 newnslog.101.tar.gz-rw-r--r-- 1 root wheel 11114284 Apr 30 22:04 newnslog.102.tar.gz-rw-r--r-- 1 root wheel 11146418 May 2 22:04 newnslog.103.tar.gz-rw-r--r-- 1 root wheel 11104227 May 4 22:04 newnslog.104.tar.gz-rw-r--r-- 1 root wheel 11297419 May 6 22:04 newnslog.105.tar.gz-rw-r--r-- 1 root wheel 11081212 May 8 22:04 newnslog.106.tar.gz-rw-r--r-- 1 root wheel 11048542 May 10 22:04 newnslog.107.tar.gz-rw-r--r-- 1 root wheel 11101869 May 12 22:04 newnslog.108.tar.gz-rw-r--r-- 1 root wheel 11378787 May 14 22:04 newnslog.109.tar.gz-rw-r--r-- 1 root wheel 44989298 Apr 11 2014 newnslog.11.gz

    T

  • Use the nsconmsgcommand to only display a span of time within the given file, as shown in the following example:

    /netscaler/nsconmsg -K /var/nslog/newnslog -s time=22Mar2007:20:00 -T 7 -s ConLb=2 -d oldconmsg

    Where

    • s time=22Mar2007:20:00 is start at March 22, 2007 at exactly 8 p.m.
    • T 7 is display seven seconds of data
    • s ConLb=2 is a detail level for load balancing statistics
    • d oldconmsg is display statistical information

    The statistical information provided by the -d oldconmsg parameter is recorded every seven seconds. The following is a sample output:

    VIP(10.128.58.149:80:UP:WEIGHTEDRR): Hits(38200495, 18/sec) Mbps(1.02) Pers(OFF) Err(0)Pkt(186/sec, 610 bytes) actSvc(4) DefPol(NONE) override(0)Conn: Clt(253, 1/sec, OE[252]) Svr(3)S(10.128.49.40:80:UP) Hits(9443063, 4/sec, P[2602342, 0/sec]) ATr(5) Mbps(0.23) BWlmt(0 kbits) RspTime(112.58 ms)Other: Pkt(36/sec, 712 bytes) Wt(10000) RHits(31555)Conn: CSvr(42, 0/sec) MCSvr(20) OE(16) RP(11) SQ(0)S(10.128.49.39:80:UP) Hits(9731048, 4/sec, P[2929279, 0/sec]) ATr(9) Mbps(0.27) BWlmt(0 kbits) RspTime(161.69 ms)Other: Pkt(41/sec, 756 bytes) Wt(10000) RHits(31555)Conn: CSvr(32, 0/sec) MCSvr(19) OE(13) RP(4) SQ(0)S(10.128.49.38:80:UP) Hits(9341366, 5/sec, P[2700778, 0/sec]) ATr(4) Mbps(0.27) BWlmt(0 kbits) RspTime(120.50 ms)Other: Pkt(42/sec, 720 bytes) Wt(10000) RHits(31556)Conn: CSvr(37, 0/sec) MCSvr(19) OE(13) RP(9) SQ(0)S(10.128.49.37:80:UP) Hits(9685018, 4/sec, P[2844418, 0/sec]) ATr(3) Mbps(0.23) BWlmt(0 kbits) RspTime(125.38 ms)Other: Pkt(38/sec, 670 bytes) Wt(10000) RHits(31556)Conn: CSvr(32, 0/sec) MCSvr(20) OE(10) RP(7) SQ(0)

    Note: The reason the client connection count of the individual services do not add up to the client connection count of the virtual server is because of session reuse between the NetScaler appliance and the back-end service.

Description of the Output

Virtual Server Sample Output

VIP(10.128.58.149:80:UP:WEIGHTEDRR): Hits(38200495, 18/sec) Mbps(1.02) Pers(OFF) Err(0) Pkt(186/sec, 610 bytes) actSvc(4) DefPol(NONE) override(0) Conn: Clt(253, 1/sec, OE[252]) Svr(3)

The following list describes the virtual server statistics:

  • VIP (IP address:port:state:Load balancing method): The IP address and port of the Virtual IP address as it was configured; State of the virtual server or virtual IP address such as UP, DOWN, or OUT OF SERVICE; Load balancing method, configured for the Virtual IP address..

  • Hits (#): Number of requests that reached the virtual server.

  • Mbps (#): Total traffic Volume on the Vserver (Rx + Tx) converted into Mbits/s

  • Pers: Type of persistence configured.

  • Err (#): Number of times error page was generated by the virtual server.

  • Pkt (#/sec, # bytes): Volume of network traffic in terms of packets passing through the virtual server; average size of the packets, flowing through the virtual server.

  • actSvc(#): Number of active services that are bound to the virtual server.

  • DefPol (RR): Indicates whether default load balancing method is active. Default load balancing method is used for some number of initial requests to smooth the behavior of the other methods.

  • Clt (#, #/sec): Number of current client connections to the virtual server rate.

  • OE [#]: Number of server connections from the virtual server in open established state.

  • Svr (#): Number of current server connections from the virtual server.

In the preceding output, Svr(3) indicates that when the command collected the statistical sample, there are three active connections for the virtual server to the back-end server, even though there are four services in total. When a client has an “open established” connection to the virtual server, it is not necessary that the client is sending or receiving any network traffic at that point of time when the command collected the information. Therefore, it is common to see the Svr counter lower than the OE[] number. The connections that are actively making or receiving transactions are represented by Svr counter. The Mapped IP address (MIP) or Subnet IP address (SNIP) makes the connection to the associated back-end server, but the NetScaler tracks which virtual server is connected to the back-end server and calculates the counter.

Service Sample Output

S(10.128.49.40:80:UP) Hits(9443063, 4/sec, P[2602342, 0/sec]) ATr(5) Mbps(0.23) BWlmt(0 kbits) RspTime(112.58 ms)Other: Pkt(36/sec, 712 bytes) Wt(10000) RHits(31555)Conn: CSvr(42, 0/sec) MCSvr(20) OE(16) RP(11) SQ(0)

The following list describes the service statistics:

  • S (IP address:port:state): IP address, port, and state of the service such as, DOWN, UP, or OUT OF SERVICE.

  • Hits (#, P[#]): Number of hits directed to the service, Number of hits directed to the service due to configured server persistence.

  • ATr (#): Number of active connections to the service.

    Note: Active connections are those which have outstanding request to the service or currently have traffic activity.

  • Mbps (#.##): Total traffic Volume on the Service (Rx + Tx) converted into Mbits/s

  • BWlmt ( # kbits): Defined bandwidth limit.

  • RspTime ( # ms): Average response time of the service in milliseconds.

  • Pkt(#/sec, #bytes): Traffic volume in terms of packets per second going to the service; Average size of the packets.

  • Wt (#): Weight index, used in load balancing algorithm.

    Note: If you divide this value by 10,000, then you get the actual configured weight of the service.

  • RHits (#): Running hits counter used in Round Robin load balancing algorithm.

  • CSvr (#, #/sec): Number of connections to the service rate.

  • MCSvr (#): Maximum number of connections to the service.

  • OE (#): Number of connections to the service in established state.

  • RP (#): Number of connections to the service, residing in the reuse pool.

  • SQ (#): Number of connections to the service, waiting in the surge queue.

NetScaler GUI

The log files and various troubleshooting data can be obtained from NetScaler Configuration Utility too, To download specific files using GUI Navigate to System>Diagnostics>Maintenance>Delete/Download log files. You can download the specific files and can share the same with support.

User-added image
Select a file and click on Download to download the file:

User-added image

Related:

  • No Related Posts

How to Create Machine Catalog using MCS in Azure Resource Manager

Pre-requisites

  • Access to the XenApp and XenDesktop Service of Citrix Cloud.
  • An Azure Subscription.
  • An Azure Active Directory (Azure AD) user account in the directory associated with your subscription, which is also co-administrator of the subscription.
  • An ARM virtual network and subnet in your preferred region with connectivity to an AD controller and Citrix Cloud Connector.
  • “Microsoft Azure” host connection
  • To create an MCS machine catalog, XenDesktop requires a master image that will be used as a template for all the machines in that catalog.

User-added image

Creating Master Image from Virtual Machine deployed in Azure Resource Manager

Create a virtual machine (VM) in Azure using the Azure Resource Manager gallery image with either the Server OS or Desktop OS (based on whether you want to create Server OS catalog or Desktop OS catalog).

Refer to Citrix Documentation – install Citrix VDA software on the VM for more information.

Install the applications on the VM that you want to publish using this master image. Shutdown the VM from Azure Portal once you have finished installing applications. Make sure that the power status for the VM in Azure Portal is Stopped (deallocated)

User-added image

When creating MCS catalog we need to use the .vhd file that represents OS disk associated with this VM as master image for the catalog. If you have the experience of using Microsoft Azure Classic connection type in XenDesktop, you would have captured specialized image of the VM at this stage, but for Microsoft Azure connection type you don’t have to capture the VM image, you will only shutdown the VM and use the VHD associated with the VM as master image.

Create MCS Catalog

This information is a supplement to the guidance in the Create a Machine Catalog article. After creating master image, you are all set to create MCS catalog. Please follow the steps as described below to create MCS catalog.

  1. Launch the Studio from your Citrix Cloud client portal and navigate to Machine Catalogs in the left hand pane.

  2. Right click Machine Catalogs and click on Create Machine Catalog to launch the machine creation wizard.

  3. Click Next on the Introduction page.

    User-added image

  4. On the Operating System page Select Server OS or Desktop OS based on what type of catalog you want to create and click Next.

    User-added image

  5. On the Machine Management page, select Citrix Machine Creation Service (MCS) as the deployment technology and select the Microsoft Azure hosting resource and click Next.

    User-added image

Master Image Selection – This page provides a tree view which you can navigate to select the master image VHD. At the topmost level are all the resource groups in your subscription except those which represent the MCS catalog created by XenDesktop. When you select and expand a particular resource group, it shows list of all the storage accounts in that resource group. If there are no storage accounts in that resource group, there will not be any child items under that resource group. If you have manually created number of resource groups and storage accounts to host your manually created VMs in your subscription, the master image page will show all those resource groups, storage accounts, containers and VHDs even though not all those VHDs are master images that you want to use for the provisioning. Select the storage account that has your master image. When you expand the storage account, it shows list of containers inside the storage account. Expand the container that has master image VHD and select the VHD that you want to use as master image for the catalog.

User-added image

You need to know the VHD path in order to select it. If you have stood up a VM in Azure and prepared it to be used as a master image and you want to know the VHD path, follow the steps below:

  1. Select the resource group that has your master image VM.

  2. Select the master image VM and click Settings

  3. Click on Disks then Click OS Disks and copy the disk path.

    User-added image
    User-added image

  4. OS disk path is structured as https://<storage account name>.blob.core.window.net/<container name>/<image name>.vhd

  5. You can use the disk path obtained in the step above to navigate the tree view to select image.

Note: If you don’t shutdown the master image VM and select the corresponding VHD to create a catalog, the catalog creation will fail. So make sure if you are selecting the VHD which is attached to running VM instance, the VM is in Stopped(deallocated) state.

  1. Storage type selection – XenDesktop supports Locally Redundant Standard or Premium storage for provisioning VMs in Azure. Your master image VHD can be hosted in any type of storage account, but for the VMs to be provisioned in Azure, XenDesktop will create new storage accounts based on storage type you selected.User-added image

  2. XenDesktop will provision maximum 40 VMs in single storage account due to IOPS limitations in Azure. For example if you want to create 100 VM catalog, you will find 3 storage accounts created and VM distribution in each storage account will be 40, 40 and 20.

  3. VM instance size selection – XenDesktop will show only those VM instance sizes which are supported for the selected storage type in the previous step. Enter number of VMs and select the VM instance size of your choice and click Next.

    User-added image

  4. Network Card Selection – Select network card and the associated network. Only one network card is supported.

    User-added image

  5. Select resource location domain and enter machine naming scheme.

    User-added image

  6. Enter credentials for your resource location Active Directory.

    User-added image

  7. Review the catalog summary, enter the catalog name and click Finish to start provisioning.

    User-added image

  8. Once the provisioning is complete, you will find new resource group created in your Azure subscription which hosts, all the VMs, storage accounts and network adapters for the catalog you provisioned. The default power state for the VMs after provisioning is Stopped(deallocated).

    User-added image

Once the provisioning is complete, you will find new resource group created in your subscription that has VM RDSDesk-01 as per the naming scheme we provided, NIC corresponding to that VM and a storage account that XenDesktop created to host the OS disk and the identity disk for the VM. The VM will be hosted on the same network as that of the selected hosting resource during catalog creation and the default power state of the VM will be Shutdown(deallocated).

The resource group created by XenDesktop during the MCS provisioning will have following naming convention

citrix-xd-<ProvisioningSchemeUid>-<xxxxx>

To find out which resource group in the Azure portal corresponds to the catalog you created from studio, follow the steps below.

  1. Connect to your XenApp and XenDesktop service using Remote PowerShell SDK. Please visit this link to find our how to interact with your Citrix Cloud environment using Remote PowerShell SDK.
  2. Run command Get-ProvScheme -ProvisioningSchemeName <Catalog Name>
  3. Note down the ‘ProvisioningSchemeUid’ from the output of the above command.
  4. Go to the Azure portal and search for the resource group name that contains ‘ProvisioningSchemeUid’ you obtained in step 3.
  • Note:

    As a best practice you should always create a copy of your master image and use the copied image as input to the provisioning process. In future if you want to update the catalog, you can start the master image VM and make necessary changes, shut it down and again create a copy of the image which will be your update image. This helps you to use the master image VM to create multiple image updates.

    Remember to shutdown the master image VM from Azure portal before starting to create the catalog. The master image needs to be copied into catalog’s storage account once provisioning starts, so we need to make sure it is not in use by any VM, otherwise it will lead to image copy failure and eventually provisioning failure.

  • Make sure you have sufficient cores, NIC quota in your subscription to provision VMs. You are most likely going to run out of these two quotas. You may not be able to check your subscription quota limits,
  • If your master image VM is provisioned in the Premium storage account then just shutting down the VM from the portal isn’t enough. You also need to detach the disk from the VM to use it as master image in provisioning. But in Azure Resource Manager you can not detach the disk while the VM is still available. So you need to delete the VM from the portal, this will only delete the VM but keep the OS disk in the storage account. The NIC corresponding to the VM also needs to be deleted separately.
User-added image

Related:

  • No Related Posts

How to Configure Full VPN Setup on a NetScaler Gateway Appliance

Configure a full VPN Setup on a NetScaler Gateway Appliance

To configure a VPN setup on NetScaler Gateway appliance, complete the following procedure:

  1. From NetScaler configuration utility, navigate to Traffic Management > DNS.

  2. Select the Name Servers node, as shown in the following screen shot.

    Ensure that the DNS Name Server is listed. If it is not available, add a DNS Name Server.

    User-added image

  3. Expand NetScaler Gateway > Policies.

  4. Select the Session node.

  5. Activate the Profiles tab of NetScaler Gateway Session Policies and Profiles page and click Add.

    Note: For each component you configure in the Configure NetScaler Gateway Session Profile dialog box, ensure that you select the Override Global option for the respective component.

  6. Activate the Client Experience tab.

  7. Type the intranet portal URL in the Home Page field if you would like to present any URL when the user login into the VPN.

    If homepage parameter is set to “nohomepage.html”, homepage will not be displayed. When the plug-in starts, a browser instance starts and gets killed automatically.

    User-added image

  8. Ensure to select the desired setting from the Split Tunnel list (for more information about this setting, check above).

  9. Select OFF from the Clientless Access list if you want FullVPN.

    User-added image

  10. Ensure that Windows/Mac OS X is selected from the Plug-in Type list.

  11. Select the Single Signon to Web Applications option if desired.

  12. Ensure that the Client Cleanup Prompt option is selected if required, as shown in the following screen shot:

    User-added image

  13. Activate the Security tab.

  14. Ensure that ALLOW is selected from the Default Authorization Action list, as shown in the following screen shot:

    User-added image

  15. Activate the Published Applications tab.

  16. Ensure that OFF is selected from the ICA Proxy list under Published Applications option.

    User-added image

  17. Click Create.

  18. Click Close.

  19. Activate the Policies tab of the NetScaler Gateway Session Policies and Profiles page in the Vserver or activate the Session Policies at the GROUP/USER Level as required.

  20. Create a Session policy with a required expression or ns_true, as shown in the following screenshot:

    User-added image

  21. Bind the Session policy to the VPN virtual server.

    Go to NetScaler Gateway virtual server > Policy. Choose the required session policy (in this example Session_Policy) from the drop-down list.

  22. If Split Tunnel was configured to ON, you should configure the Intranet Applications you would like the users to access when connected to the VPN. Go to NetScaler Gateway > Resources > Intranet Applications.

    User-added image

  23. Create a new Intranet Application. Select Transparent for FullVPN with Windows client. Select the protocol you would like to allow (TCP, UDP, or ANY), Destination Type (IP address and Mask, IP address Range, or Hostname).

    User-added image

  24. There is no full VPN support for for iOS and Android apps.

    Set a new policy for Citrix VPN on iOS and Android using following expression:

    REQ. HTTP . HEADER User-Agent CONTAINS /NSGiOSplugin Il REQ.HTTP.HEADER User -Agent CONTAINS /CitrixVPN

    User-added image

  25. Bind the Intranet Applications created at the USER/GROUP/VSERVER level as required.

Additional Parameters

The following are some of the parameters we can configure and a brief description of each:

Split Tunnel

Diagram of split tunnel settings

User-added image

Split Tunnel Off

When split tunnel is set to off, the NetScaler Gateway Plug-in captures all network traffic originating from a user device and sends the traffic through the VPN tunnel to NetScaler Gateway. In other words, the VPN client establishes a default route from the client PC pointing to the NetScaler Gateway VIP, meaning that all the traffic needs to be sent through the tunnel to get to the destination. Since all the traffic is going to be sent through the tunnel, authorization policies must determine whether the traffic is allowed to pass through to internal network resources or be denied.

While set to “off”, all traffic is going through the tunnel including Standard Web traffic to websites. If the goal is to monitor and control this web traffic then we should forward these requests to an external Proxy using NetScaler. User devices can connect through a proxy server for access to internal networks as well.

NetScaler Gateway supports the HTTP, SSL, FTP, and SOCKS protocols. To enable proxy support for user connections, you must specify these settings on NetScaler Gateway. You can specify the IP address and port used by the proxy server on NetScaler Gateway. The proxy server is used as a forward proxy for all further connections to the internal network.

For more information review the following links:

Enabling Proxy Support for User Connections

Split Tunnel OFF

Split Tunnel ON

You can enable split tunneling to prevent the NetScaler Gateway Plug-in from sending unnecessary network traffic to NetScaler Gateway. If split tunnel is enabled, the NetScaler Gateway Plug-in sends only traffic destined for networks protected (intranet applications) by NetScaler Gateway through the VPN tunnel. The NetScaler Gateway Plug-in does not send network traffic destined for unprotected networks to NetScaler Gateway. When the NetScaler Gateway Plug-in starts, it obtains the list of intranet applications from NetScaler Gateway and establishes a route for each subnet defined on the intranet application tab in the client PC. The NetScaler Gateway Plug-in examines all packets transmitted from the user device and compares the addresses within the packets to the list of intranet applications (routing table created when the VPN connection was started). If the destination address in the packet is within one of the intranet applications, the NetScaler Gateway Plug-in sends the packet through the VPN tunnel to NetScaler Gateway. If the destination address is not in a defined intranet application, the packet is not encrypted and the user device then routes the packet appropriately using the default routing originally defined on the client PC. “When you enable split tunneling, intranet applications define the network traffic that is intercepted and send through the tunnel”.

For more information review the following link:

Split Tunnel ON

Reverse Split Tunnel

NetScaler Gateway also supports reverse split tunneling, which defines the network traffic that NetScaler Gateway does not intercept. If you set split tunneling to reverse, intranet applications define the network traffic that NetScaler Gateway does not intercept. When you enable reverse split tunneling, all network traffic directed to internal IP addresses bypasses the VPN tunnel, while other traffic goes through NetScaler Gateway. Reverse split tunneling can be used to log all non-local LAN traffic. For example, if users have a home wireless network and are logged on with the NetScaler Gateway Plug-in, NetScaler Gateway does not intercept network traffic destined to a printer or another device within the wireless network.

To configure split tunneling

  1. From the Configuration Utility navigate to Configuration tab > NetScaler Gateway > Policies > Session.
  2. In the details pane, on the Profiles tab, select a profile and then click Open.
  3. On the Client Experience tab, next to Split Tunnel, select Global Override, select an option and then click OK twice.

Configuring Split Tunneling and Authorization

When planning your NetScaler Gateway deployment, it is important to consider split tunneling and the default authorization action and authorization policies.

For example, you have an authorization policy that allows access to a network resource. You have split tunneling set to ON and you do not configure intranet applications to send network traffic through NetScaler Gateway. When NetScaler Gateway has this type of configuration, access to the resource is allowed, but users cannot access the resource.

Diagram of split tunneling and authorization policy

User-added image

If the authorization policy denies access to a network resource, you have split tunneling set to ON, and intranet applications are configured to route network traffic through NetScaler Gateway, the NetScaler Gateway Plug-in sends traffic to NetScaler Gateway, but access to the resource is denied.

For more information about authorization policies, review the following:

Configuring Authorization

Configuring Authorization Policies

Setting Default Global Authorization

To configure network access to internal network resources

  1. In the configuration utility, on the Configuration tab > NetScaler Gateway > Resources > Intranet Applications.
  2. In the details pane, click Add.
  3. Complete the parameters for allowing network access, click Create and then click Close.


Intranet IPs

No Intranet IPs

User-added image

When we do not setup intranet IPs for the VPN users, the user sends the traffic to the NetScaler Gateway VIP and then from there the NetScaler builds a new packet to the intranet application resource located on the internal LAN. This new packet is going to be sourced from the SNIP toward the intranet application. From here, the intranet application gets the packet, processes it and then attempts to reply back to the source of that packet (the SNIP in this case). The SNIP get the packet and send the reply back to the client who made the request.

For more information review the following link:

No Intranet IPs

Intranet IPs

User-added image

When Intranet IP are being used, the user sends the traffic to the NetScaler Gateway VIP and then from there the NetScaler is going to map the client IP into one of the configured INTRANET IPs from the Pool. Be advised that the NetScaler is going to own the Intranet IP pool and for this reason these ranges shouldn’t be used in the internal network. The NetScaler will assign an Intranet IP for the incoming VPN connections like a DHCP server would do. The NetScaler builds a new packet to the intranet application located on the LAN the user would access. This new packet is going to be sourced from one of the Intranet IPs toward the intranet application. From here, intranet applications gets the packet, process it and then attempt to reply back to the source of that packet (the INTRANET IP). In this case the reply packet needs to be routed back to the NetScaler, where the INTRANET IPs are located (Remember, the NetScaler owns the Intranet IPs subnets). To accomplish this task, the network administrator should have a route to the INTRANET IP, pointing to one of the SNIPs (it would be recommended to point the traffic back to the SNIP that holds the route from which the packet leaves the NetScaler the first time to avoid any asymmetric traffic).

For more information review the following link:

Intranet IPs

Configuring Name Service Resolution

During installation of NetScaler Gateway, you can use the NetScaler Gateway wizard to configure additional settings, including name service providers. The name service providers translate the fully qualified domain name (FQDN) to an IP address. In the NetScaler Gateway wizard, you can configure a DNS or WINS server, set the priority of the DNS lookup, and the number of times to retry the connection to the server.

When you run the NetScaler Gateway wizard, you can add a DNS server at that time. You can add additional DNS servers and a WINS server to NetScaler Gateway by using a session profile. You can then direct users and groups to connect to a name resolution server that is different from the one you originally used the wizard to configure.

Before configuring an additional DNS server on NetScaler Gateway, create a virtual server that acts as a DNS server for name resolution.

To add a DNS or WINS server within a session profile

  1. In the configuration utility, configuration tab > NetScaler Gateway > Policies > Session.
  2. In the details pane, on the Profiles tab, select a profile and then click Open.
  3. On the Network Configuration tab, do one of the following:
    • To configure a DNS server, next to DNS Virtual Server, click Override Global, select the server and then click OK.
    • To configure a WINS server, next to WINS Server IP, click Override Global, type the IP address and then click OK.

Related:

  • No Related Posts

What are the HKLMRSD hives and how are they used in App Layering?

RSD is the App Layering (and Unidesk) registry virtualization system. It stands for Registry Splitter Driver, and allows us to combine multiple registry hives into a single virtual hive for both reads and writes.

The RSD hives are always mounted directly under HKEY_LOCAL_MACHINE, and they are all uniquely named. Normally, it’s RSD_something, where “something” includes the ID of the layer involved. When editing a layer, there will be one RSD hive, and the ID is the layer being edited. That hive is write-only, capturing the data of the boot registry hives as they are being modified. For a published image, there might be multiple RSD hives, however, some of which are read-only, and one of which is read/write. (In Unidesk V2 and V3, there is always only one RSD hive, and the ID is either the layer you are editing or the desktop you are on.) All of the RSD hives, no matter what they are, are stored in C:Program FilesUnidesketc.

Here’s an example of a machine with three RSD hives.

regedit, showing RSD_P1, RSD_VIRTP800007V0R1 and RSD_VIRTPDF8006V0R1

This is from a published machine, which you can tell because it has more than one RSD hive mounted.

There are four kinds of RSD hives.

  • RSD_PxxxV0Ry: when editing an Application or Platform layer, there will be one RSD hive mounted. The “xxx” is the hexadecimal representation of the layer ID (which you can see in the Layering Management Console if you click the (i) for additional information). “y” is the revision number of the layer.
  • RSD_P1: when Elastic Layering is set to Applications Only or Office 365, P1 is the system-wide, temporary RSD hive where local changes are stored and retrieved.
  • RSD_VIRTPxxxV0Ry: with any Elastic Layering mode, this is the RSD hive for an Elastically Assigned layer. “xxx” is the layer ID, and “y” is the revision number. It is read-only, and is attached when the Elastic Layer is attached. The VIRTP hive is the exact same hive that was captured as the P hive when creating a layer.
  • RSD_UepMount: when Full User Layers are selected, this is the read/write hive for the Full User Layer, attached at user login, where all registry writes are captured.

Within each mounted RSD hive, there is one top-level folder called REGISTRY; under that are folders for the specific HKEYs being virtualized, and under that are folders for the hives. So RSD_P1REGISTRYMACHINESystem is the virtualized HKEY_LOCAL_MACHINESystem hive. The RSD hives are not complete registry hives. They contain only the data that has been created, deleted or modified within their respective scopes. For P1 and UepMount, that is data within the current session or for the specific user’s history. For P and VIRTP, those are the data from the creation of the layer.

You will never have RSD_UepMount and RSD_P1 on the same machine, because they are for different Elastic Layering modes. But you can have multiple RSD_VIRTP hives on a machine, one for each attached Elastic Layer.

Within the hives, we capture the exact data being updated. The name, location, data, and security settings are copied into the writable RSD hive exactly as they are being written into the main system registry hives. If you create some key called MyData (DWORD) in HKLMSoftwareMysoftwareWhatever, then we will create the exact same MyData in HKLMRSD_P1REGISTRYMACHINESoftwareMysoftwareWhatever. Th original write still goes to the main hives on the boot disk, but we keep a copy in our own hive.

In addition to capturing new and modified keys, which is easy since it’s just a direct copy of the key, we also need to be able to capture deletions of keys. We do this by deleting the actual key from RSD and replacing it with a slightly modified key. Instead of MyData, we will create a key in the same location (of type REG_NONE) called MyData followed by ASCII 01 through 08. For instance, “MyData”:

RegEdit showing a key with a delete token

In that screen shot, Last Counter and Last Help were created or updated (you can’t actually tell the difference), but Updating was deleted. Whenever you see that set of ASCII graphic charact6ers at the end of a registry key in an RSD hive, it’s not corruption. It’s an indicator that the original key was deleted.

You can also see a __Unidesk_ key above it. Ignore those, they are strictly for internal bookkeeping.

The actual driver that implements our registry virtualization is unirsd.sys. When a request to read a registry key is received, UniRSD intercepts the request and checks with every attached RSD hive to see if the key has been modified anywhere in the system. First it checks the hives on the boot disk, then each of the attached read-only hives, if any, and then it checks the writable hive (RSD_P1, RSD_UepMount or RSD_PxxxV0Ry, depending on what kind of machine is involved). The highest priority copy of the data is used. If the highest priority copy is actually a delete token, then “KeyNotFound” is returned instead. When a request to create, modify or delete a key comes in, it is always routed to the writable hive.

Although seldom appropriate, it is possible to directly modify the writable hive in order to modify the registry. Normally, you would simply modify the main hive, and let UniRSD decide where to route the request. But if you want the writable hive to simply forget a key. which would allow the original version from a lower hive to become visible again, you can manually delete it from the writable hive in RegEdit, and the lower-priority copy will immediately become the highest priority copy, and will become visible.

You can also modify the read-only RSD hive from an attached Elastic Layer, but that change is strictly local and will be dropped on the next reboot.

All of these RSD hives are in C:Program FilesUnidesketc, as we said above. The etc folder, in addition to containing the writable hives and the VIRTP hives from Elastically Assigned layers, actually also includes the RSD_P hives from every layer included in the image itself. These hives are part of their respective layers, so they are include in the published image even though they are not actually used in the published desktop. So, in theory, if you wanted to understand what layer in the published image contained a particular piece of data, you could load up its RSD hive from the published image and look around.

Related:

  • No Related Posts

7023284: Installation fails on Linux server: “messgage: 40 Please check your configuration”

This document (7023284) is provided subject to the disclaimer at the end of this document.

Environment

Verastream Host Integrator

Situation

Installation fails to complete successfully on a Linux server. The following is recorded at the end of the installation log (in /opt/attachmate/verastream):
Starting registration.

Setting password for Management Server linux_server:33000

. bin/chg-mgmt-password.sh linux_server:33000 admin fixed_config_vms_password config_new_vms_password

Could not set password for linux_server:33000 (admin/vms_password)

message: 40

Registering Session Server linux_server with Management Server linux_server:33000

. bin/add-session-server.sh linux_server:33000 admin config_vms_password linux_server

Could not add Session Server linux_server (admin/vms_password) to linux_server:33000

message: 40

Please check your configuration

Resolution

Make sure there is adequate disk storage available on the Linux server. When this problem was observed, it was discovered that not enough disk space was available on the server to allow the product to run.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts