“Socket Error 10061” , “unknown client error 1110″ ,”unknown client error 0” occur randomly during session roaming. User cannot access desktop via session roaming.
1) Remove the line with ‘00000000-0000-0000-0000-000000000000’ value in the table MonitorData.DesktopGroup on the database. This line is the first one.
To do so :
>>Go into the DBTablesMonitorData.DesktopGroup, right click, edit top 200 rows.
>>Try selecting the row on the left so everything is highlighted. Right click on it and delete row
2) Restart monitor service on both controller
3) Log in back to Director
Related Links : http://discussions.citrix.com/topic/375612-data-source-unresponsive-or-reported-an-error-view-director-server-event-logs-for-further-information/
The reason of the session creation failure is as below.
1. session was not established as they have problem on RDS CAL.
2. session was not established as they have problem on user profile.
3. session was not established as they canceled during the session creation
4. session was not established as they canceled password change during the session creation.
Note: We may have other scenarios of session creation failure.
If I had an IPS device connected inline with the SSL V, and next inline of the SSL V is a Proxy SG.
Does the SSL “https” stream that arrives from the Internet, does it get decrypted by the SSLV to be sent to the IPS, which in case a clean traffic, returns it to the SSLV to be encrypted again and then re-decrypted to be sent to the Proxy SG, which in turn if the traffic is allowed, sends it back to the SSLV to be encrypted again and sent to the internal “LAN”?
Users cannot log on multiple times a day and NetScaler XML monitor shows the following logs:
19483 0 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): DOWN; Last response: Failure - TicketTag not found in the response. Sun Oct 17 04:36:17 201519493 7 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): UP; Last response: Success - TicketTag found in the response. Sun Oct 17 04:36:47 201519494 0 PPE-0 'server_serviceGroup_NSSVC_HTTP_10.20.30.13:8080(svcg_xml?storefront01.example.com?8080)' UP Sun Oct 17 04:36:47 201519496 0 PPE-0 'server_serviceGroup_NSSVC_HTTP_10.20.32.13:8080(svcg_xml?storefront02.example.com?8080)' DOWN Sun Oct 17 04:38:56 201519497 35 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): DOWN; Last response: Failure - TCP connection successful, but application timed out Sun Oct 17 04:39:34 2015[…]19508 14 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): UP; Last response: Success - TicketTag found in the response. Sun Oct 17 04:41:33 201519509 0 PPE-0 'server_serviceGroup_NSSVC_HTTP_10.20.30.13:8080(svcg_xml?storefront01.example.com?8080)' UP Sun Oct 17 04:41:33 2015In NetScaler traces you can observe a reset getting sent with reset code 9701.
9700 – NSDBG_RST_PASS
This code indicates that the NetScaler appliance receives a TCP RST code from either the client or the server, and is transferring it. For example, the back end server sends a RST code, and the NetScaler appliance forwards it to the client with this code.
9701 – NSDBG_RST_NEST/NSDBG_RST_ACK_PASS
In NetScaler software release 9.1 and the later this code indicates that a RST code was forwarded as in the preceding RST code 9700, and the ACK flag was also set.
Case 1: When 2 NTP servers are added with preferred option as YES set for both servers.
-It uses mitigation rules defined in the RFC. http://doc.ntp.org/3-5.93e/prefer.html (Please refer to the Mitigation Rules section)
Case 2: When 2 NTP servers are added with preferred option as YES set for one server, and NO for the other server
-The appliance synchronizes with that particular server first which has preferred option as YES.
One Particular URL responding very slow when traffic going through proxy.
Client configured PAC file to reach proxy. When bypass proxy it’s working well.
new-connection: start 1 elapsed 0 ms
client-in: start 18 elapsed 69177 ms
scan-request-completed: start 69195 elapsed 0 ms
server-out: start 69199 elapsed 0 ms
server-in: start 69279 elapsed 0 ms
client-out: start 69280 elapsed 0 ms
access-logging: start 69316 elapsed 0 ms
stop-transaction: start 69316 elapsed 0 ms
Total Policy evaluation time: 69177 ms
url_categorization complete time: 69316
ICAP Response Scan: start 69195 delay 0 finish 0
server connection: start 69199
server connection: connected 69200 first-byte 69279 last_byte 69316
client connection: first-response-byte 69280 last-response-byte 69316
Total time added: 69181 ms
Total latency to first byte: 69183 ms
Request latency: 69181 ms
OCS connect time: 1 ms
Response latency (first byte): 1 ms
Response latency (last byte): 0 ms
stop transaction ——————–
I had been intercepting ssl traffic and non domain computers were couldn’t authenticate with IWA authentication. Also domain users cannot authentication with windows sso. I want to intercept only specific destination address and other destination wouldn’t intercepted.
1. Domain user’s received below error message from proxy.
2. Non domain user’s received below error message from proxy.
Proxy layer description:
|Any||Any||Windows sso and PermitAuthenticationError||None|
|Any User Authentication Error||Any||AuthenticateGuest(IWA)||None|
|Any||example.com||http and https||any||Allow||None|
|email@example.com||onlyauth.com||http and https||any||Allow||None|