Director Error- “Cannot retrieve data” while Retreving User Connections on the Director

Note : Before following the steps, make sure you have a backup of the database.

1) Remove the line with ‘00000000-0000-0000-0000-000000000000’ value in the table MonitorData.DesktopGroup on the database. This line is the first one.

To do so :

>>Go into the DBTablesMonitorData.DesktopGroup, right click, edit top 200 rows.

>>Try selecting the row on the left so everything is highlighted. Right click on it and delete row

2) Restart monitor service on both controller

3) Log in back to Director

Related Links : http://discussions.citrix.com/topic/375612-data-source-unresponsive-or-reported-an-error-view-director-server-event-logs-for-further-information/

Related:

  • No Related Posts

Zombie(Ghost) session displayed in studio with username “-“

This issue happens if something happens in early state of session creation and so the session is not established completely.

The reason of the session creation failure is as below.

1. session was not established as they have problem on RDS CAL.

2. session was not established as they have problem on user profile.

3. session was not established as they canceled during the session creation

4. session was not established as they canceled password change during the session creation.

Note: We may have other scenarios of session creation failure.

Related:

  • No Related Posts

What’s the traffic flow in case of an inline IPS and an inline Proxy SG?

I need a solution

Hi;

If I had an IPS device connected inline with the SSL V, and next inline of the SSL V is a Proxy SG.

Does the SSL “https” stream that arrives from the Internet, does it get decrypted by the SSLV to be sent to the IPS, which in case a clean traffic, returns it to the SSLV to be encrypted again and then re-decrypted to be sent to the Proxy SG, which in turn if the traffic is allowed, sends it back to the SSLV to be encrypted again and sent to the internal “LAN”?

Kindly

Wasfi

0

Related:

  • No Related Posts

Monitor for Load Balanced XML Servers Through NetScaler Fails with Error: “Ticket tag not found in response”

Users cannot log on multiple times a day and NetScaler XML monitor shows the following logs:

19483 0 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): DOWN; Last response: Failure - TicketTag not found in the response. Sun Oct 17 04:36:17 201519493 7 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): UP; Last response: Success - TicketTag found in the response. Sun Oct 17 04:36:47 201519494 0 PPE-0 'server_serviceGroup_NSSVC_HTTP_10.20.30.13:8080(svcg_xml?storefront01.example.com?8080)' UP Sun Oct 17 04:36:47 201519496 0 PPE-0 'server_serviceGroup_NSSVC_HTTP_10.20.32.13:8080(svcg_xml?storefront02.example.com?8080)' DOWN Sun Oct 17 04:38:56 201519497 35 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): DOWN; Last response: Failure - TCP connection successful, but application timed out Sun Oct 17 04:39:34 2015[…]19508 14 PPE-0 MonServiceBinding_10.20.30.13:8080_(http_xml)(svcg_xml?storefront01.example.com?8080): UP; Last response: Success - TicketTag found in the response. Sun Oct 17 04:41:33 201519509 0 PPE-0 'server_serviceGroup_NSSVC_HTTP_10.20.30.13:8080(svcg_xml?storefront01.example.com?8080)' UP Sun Oct 17 04:41:33 2015In NetScaler traces you can observe a reset getting sent with reset code 9701.

9700 – NSDBG_RST_PASS

This code indicates that the NetScaler appliance receives a TCP RST code from either the client or the server, and is transferring it. For example, the back end server sends a RST code, and the NetScaler appliance forwards it to the client with this code.

9701 – NSDBG_RST_NEST/NSDBG_RST_ACK_PASS

In NetScaler software release 9.1 and the later this code indicates that a RST code was forwarded as in the preceding RST code 9700, and the ACK flag was also set.

Related:

  • No Related Posts

Behavior of 'Preferred' Option when two NTP servers are added

The Prefer option is an NTP level setting. Not only the ADC, but all devices conform to the rules in the RFC : http://doc.ntp.org/3-5.93e/prefer.html

Case 1: When 2 NTP servers are added with preferred option as YES set for both servers.

-It uses mitigation rules defined in the RFC. http://doc.ntp.org/3-5.93e/prefer.html (Please refer to the Mitigation Rules section)

Case 2: When 2 NTP servers are added with preferred option as YES set for one server, and NO for the other server

-The appliance synchronizes with that particular server first which has preferred option as YES.

Related:

  • No Related Posts

URL Slowness

I need a solution

One Particular URL responding very slow when traffic going through proxy.

Client configured PAC file to reach proxy. When bypass proxy it’s working well.

Website http://x.x.x.x:8080/UIUX93/ 

Ceckpoint timings:
      new-connection: start 1 elapsed 0 ms
      client-in: start 18 elapsed 69177 ms
      scan-request-completed: start 69195 elapsed 0 ms
      server-out: start 69199 elapsed 0 ms
      server-in: start 69279 elapsed 0 ms
      client-out: start 69280 elapsed 0 ms
      access-logging: start 69316 elapsed 0 ms
      stop-transaction: start 69316 elapsed 0 ms
      Total Policy evaluation time: 69177 ms
    url_categorization complete time: 69316
    ICAP Response Scan: start 69195 delay 0 finish 0
    server connection: start 69199
    server connection: connected 69200 first-byte 69279 last_byte 69316
    client connection: first-response-byte 69280 last-response-byte 69316
    
  Total time added: 69181 ms
  Total latency to first byte: 69183 ms
     Request latency: 69181 ms
    OCS connect time: 1 ms
    Response latency (first byte): 1 ms
     Response latency (last byte): 0 ms
stop transaction ——————–

0

Related:

  • No Related Posts

SSL intercept authentication failed

I need a solution

Hello guys,

Good day

I had been intercepting ssl traffic and non domain computers were couldn’t authenticate with IWA authentication. Also domain users cannot authentication with windows sso. I want to intercept only specific destination address and other destination wouldn’t intercepted. 

1. Domain user’s received below error message from proxy. 

2. Non domain user’s received below error message from proxy. 

Proxy layer description:

Web authentication layer

Source Destination Action Track Comment
Any Any Windows sso and PermitAuthenticationError None  
Guest authentication layer

Source Destination Action Track Comment
Any User Authentication Error Any AuthenticateGuest(IWA) None  
Web Access layer

Source Destination Service Time Action Track Comment
Any example.com http and https any Allow None  
user@test.com onlyauth.com http and https any  Allow  None  
SSL Intercept layer

Source Destination Service Action Track Comment
Any example.com Any SSLInterception1 None  

Thank you

0

Related:

  • No Related Posts