Slowness in Presenting Citrix Gateway/AAA Login page on Client Browsers

NOTE: httpd (and all other non-packet engine processes on Netscaler) run ONLY on the management CPU core. On most Netscaler models, there is only 1 management core. Therefore, adding too many httpd processes can have negative effects, including RAM exhaustion and swapping. In an SDX environment, it is often preferable to provision additional VMs (each with it’s own management core) rather than increasing this value too far.

To resolve this, we need to increase the MaxClients from 30 to 60 in the “httpd.conf” and then restart the process.

NOTE: 60 is recommended if you have confirmed you have experienced this issue, however with certain customers who have very heavy loads on a single ADC, this number may need to be even higher. We do not recommend higher values unless it is found necessary due to testing. The value can be set as high as 255 without other changes, but again higher values are not recommended unless found to be required with testing.

Below are the steps to change the MaxClients value in httpd.conf:

1. Before you modify files, ensure you have a local copy of the original /etc/httpd.conf. Store this file in a location that is not on the ADC, i.e. your local drive.

2.Using a texteditor, open the /etc/httpd.conf file, and modify the MaxClient value to 60

3. Copy /etc/httpd.conf to /nsconfig/httpd.conf. From CLI you can use this command: cp /etc/httpd.conf /nsconfig

4. Run the ps -aux | grep -i httpd command and you should see an output that shows one root process and other processes labelled as nobody. Note the PID (column 2) for the process owned by root.

5. Kill the root process by running this command (replace PID with number from above): kill -6 PID

6.After killing the process, wait for 2 minutes and the process will get started automatically.

7. This can be confirmed by running the command from step 4 again and looking for the httpd process owned by root.

If you need to go back to the original configuration:

1. Ensure you have the local copy of the original /etc/httpd.conf

2. Delete the /etc/httpd.conf

3. Delete the /nsconfig/httpd.conf

4. Copy your local copy of httpd.conf to /etc/httpd.conf and /nsconfig/httpd.conf

Note:The copy within / nsconfig is used for backup usage only and the modification need to be done on /etc/httpd.conf only

WARNING – Following the above solution might result in issues with future firmware upgrades.

When you apply the above configuration, the httpd.conf will not be updated during a future firmware upgrade. This could cause the GUI to become completely unavailable.

If this occurs, you must delete the file /nsconfig/httpd.conf (on both primary and then secondary node), reboot the ADC, and then reapply the below settings.

The clear diagnosis of that issue is that if you run “ps aux | grep httpd” in shell mode, there will be no httpd processes running.


Refer to Citrix Documentation for detailed information on upgrades: https://docs.citrix.com/en-us/citrix-adc/12-1/upgrade-downgrade-citrix-adc-appliance/troubleshooting.html

Related:

Leave a Reply