Unable to access Storefront through NetScaler Gateway and getting ” Could reach the page ” error.

– After upgrading to 12.0 build 58.15 , unable to access the Storefront server through NetScaler Gateway and getting ” Could reach the page ” error.

NOTE: On NetScaler Gateway Session profile, the Storefront URL is configured with Storefront Load balancing server IP.

– If Storefront Load balancer IP is replaced with Actual Storefront Server IP, then Storefront is accessible through NetScaler gateway.

In the following nstrace screenshot, we could see that the Storefront Load balancer has sent Export cipher in the Server Hello. For which, we could see a FATAL Error message from NetScaler gateway Vserver.

User-added image

Related:

  • No Related Posts

Error: “HTTP/1.1 Internal Server Error 43554” When Logging to NetScaler

>> NetScaler Gateway vserver is configured, while getting error “http:// internal service error”

>> Verified the configuration on NetScaler the address in published application was not correct. Correct the address.

Web Browsers –>Web Interface Address: https:<Ip or FQDN of SF Server>/citrix/<StoreName> Receiver: Web Interface Address: https:<Ip or FQDN of SF Server>

>> Also check the policy hit command the session profile policy is also getting hit.

nsconmsg -d current -g pol_hits

>> Created the new test gateway server on the storefront server.

>>Storefront address was incorrect in Session profile.

You can traverse to Session Profile by following this path,

NetScaler Gateway > Virtual Servers > Edit virtual server > Session Policies > Select Session Policy and Click Edit Session Profile > Published Applications > Web Interface Address > Edit the address to the correct one.

Example Configuration,

User-added image

Related:

  • No Related Posts

Error: “Your apps are not available at this time. Please try again” When Receiver Connects Through NetScaler Gateway

Solution 1

To resolve this issue change the beacon entries in StoreFront. Add the NetScaler Gateway addresses to external beacon.

Reference: https://docs.citrix.com/en-us/storefront/3-11/integrate-with-netscaler-and-netscaler-gateway/configure-beacon.html

External Beacon

If you want to use ICA proxy from internal and external connections (all clients should only go through NetScaler), then add a fake address in the internal beacon of StoreFront.

Note: The internal beacon should only be resolvable inside the network, if the beacon is resolvable externally then Citrix Receiver will not be able to add the account.

Solution 2

The issue relates to compatibility of Receiver 4.x and Web Interface XenApp services site. Receiver 4.x supports services sites but when connecting thru NS, users may experience issues as described in CTX136828 – Error When Using Windows Receiver PNAgent through Access Gateway Enterprise Edition Appliance.

Also note Citrix Documentation – NetScaler to Web Interface XenApp Services site is not supported.

Related:

  • No Related Posts

Notice of Change Announcement for NetScaler SD-WAN 4000-SE (Standard Edition)

Citrix Systems, Inc. announces End of Maintenance for NetScaler SD-WAN 4000-SE (Standard Edition) appliances.

The tables below explain the Citrix NetScaler SD-WAN life cycle management milestones as well as important information regarding dates and options during this period. The dates and milestones provided are in accordance with stated End of Life/End of Support policies for Citrix Systems, Inc.

Table 1. Milestones and Dates

Milestone Definition Date
Notice of Change (NSC) The NSC date is the date on which Citrix announces the intent to initiate the lifecycle management process for a hardware platform. May 15, 2018
End of Sale (EOS) The date on which Citrix will no longer offer the product. June 15, 2018
End of Maintenance (EOM) / End of Life (EOL) The EOL milestone signals the point at which no support or maintenance is provided. Product information will be limited to the historical material available on MyCitrix.com or other online resources and is subject to removal beyond this date. June 15, 2023

Click here for the Citrix Product LifecycleMilestones Definitions.

Products Affected

The products affected by this announcement and their replacements are listed in Table 2 (below). The products listed in the Product Replacement / Alternatives column represent the migration path for these discontinued platforms.

Table 2. Platforms affected by this announcement.

Product Description Replacement / Alternatives
NetScaler SD-WAN 4000-SE (Standard Edition) 4100-SE (Standard Edition)

Customer Actions

Citrix recommends that existing customers take steps to upgrade to the latest NetScaler SD-WAN platform so that they can take advantage of the upgraded features and performance. This will ensure the best transition of the product.

For More Information

For more information about the Citrix NetScaler SD-WAN, visit https://www.citrix.com/products/netscaler-sd-wan/ or contact your local Citrix sales representative / authorized Citrix business partner..

Related:

  • No Related Posts

Netscaler VPX 1000 – Azure – Slowness getting through Netscaler.


With 12.0 builds, we have changed default yield behavior for PE vCPUs. vCPU will not yield to hypervisor, even though if there is less/moderate traffic in 12.0 build, which was not the case for 11.1 builds. That’s the reason, VPX vCPU is always 100% on hypervisor. However, vCPU is allocated to management core might not be 100%.

NetScaler yields PE vCPUs to hypervisor in sparse/moderate traffic cases. Since we have observed Tx overflow/congestion, it’s somewhat related to scheduling, we thought not yielding vCPU helps in improving the situation.

– set ns vpxparam -cpuyield NO

Upgrade to 12.0.53.X+

Related:

  • No Related Posts

How to Use the Authentication Feature of a NetScaler Appliance with a Load Balancing or Content Switching VServer on the Appliance

This article describes how to use the authentication feature of a NetScaler appliance with a Load Balancing or Content Switching virtual server on the appliance.

Requirements

To complete this task, the NetScaler appliance must have license for the Load Balancing, Content Switching, and Authentication, Authorization, and Auditing (AAA – Application Traffic) features.

Related:

  • No Related Posts

Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise

This vulnerability has been addressed in the following versions of Citrix NetScaler ADC and NetScaler Gateway:

• Citrix NetScaler ADC and NetScaler Gateway version 12.0 Build 57.24 and later

• Citrix NetScaler ADC and NetScaler Gateway version 11.1 Build 58.13 and later

• Citrix NetScaler ADC and NetScaler Gateway version 11.0 Build 71.24 and later

• Citrix NetScaler ADC and NetScaler Gateway version 10.5 Build 68.7 and later

Citrix NetScaler ADC and NetScaler Gateway version 10.1 are not planned to be updated as part of remediating this issue. Customers on version 10.1 should plan to move to a later version to receive the latest security updates.

These new versions can be downloaded from the following locations:

https://www.citrix.com/downloads/netscaler-adc.html

https://www.citrix.com/downloads/netscaler-gateway.html

Citrix strongly recommends that customers using affected versions of NetScaler ADC and NetScaler Gateway to upgrade to a version of the appliance firmware that contains the fixes for this issue as soon as possible.

Related:

  • No Related Posts

FAQ: XenMobile Server Support

This article contains answers to the frequently asked questions on XenMobile Server Support.

General

What is XenMobile Server Support?

How do I get to the support page on App Controller server?

In which version of App Controller Support feature is available?

What are the browsers and platforms supported?

What ports needs to be open for the support feature to work?

I am getting error “Unable to get the details from the server.” for NetScaler Gateway?

I am getting error “Failed to authenticate with the App Controller”?

I am getting error “Login Failed: Check XDM credentials or Database server is down.”?

How do I exit from the support page?

What if I have queries/suggestions regarding Support page?

Servers and Operations

What are the servers supported by the supportability framework?

How should I add App Controller HA pair in the Support Page?

How should I add XenMobile Device Manager Cluster Setup?

Can I add multiple servers for each server type?

Do I need to add the servers again in the next session/login?

What are the operations supported in the Support Page?

Can I perform more than one operation at a time?

Should all the three servers be in the same deployment of XenMobile Environment?

Connectivity Checks

Where/how are the connectivity checks done?

What does ‘Perform Connectivity Checks’ on NetScaler Gateway do?

What does ‘Perform Connectivity Checks’ on XenMobile Device Manager do?

I am unable to perform Connectivity Checks on App Controller?

Support Bundles

What information is collected in support bundles?

Can I collect support bundles for more than one server at a time?

Will I download multiple support bundles in this case?

Where do the support bundles get downloaded?

Are the generated support bundles permanently stored on the App Controller server?

Citrix Insight Services

What is “Citrix Insight Services” server?

What are the credentials to be used for uploading Support Bundles to Citrix Insight Services?

I do not have a “Citrix Insight Services” account. How do I upload the support bundle?

I do not have a SR number from “Citrix Insight Services”. Can I still upload support bundles?

General

  • IS it possible to install/configure DNS server on XenMobile appliance.
The DNS server should be installed on windows machine that is in the same network as that of your XenMobile , Since the XenMobile is linux appliance it is not possible ,

  • Is it possible to configure internal (sql and internal network )and external (apns )on dns server
All of the internal ip address and hostname can be added on the dns server as an address record . the external url are already public and dont require separate entries on DNS server . However if you are using proxy/firewall the traffic should be open bidirectional for communications. You can check out the following document for the same.
http://docs.citrix.com/en-us/xenmobile/server/system-requirements/ports.html

  • can we add static route to XenMobile

    We can only add static route on Netscaler , this is not possible for XenMobile. Can you please elaborate the exact requirement here so that .

Q: What is XenMobile Server Support?

A: XenMobile Server Support is an online platform that provides a one-stop location where administrators can perform various troubleshooting and instrumentation related tasks. It provides an easy way to collect troubleshooting information. For example, logs, configurations, environment information among other information.

Q: How do I get to the support page on App Controller server?

A: To access XenMobile Server Support page, open a browser and logon to App Controller admin ControlPoint. After you logon, edit the URL in the address bar to replace “main.html” by “support”. Now the URL should look like https://<AppControllerServer>:4443/ControlPoint/support.

Q: In which version of App Controller Support feature is available?

A: Support feature is available from App Controller 9.0 onwards.

Q: What are the browsers and platforms supported?

A: Support feature is supported on latest versions of Firefox, Chrome, Safari, IE10 and IE11. It is tested on Windows and Mac.

Q: What ports needs to be open for the support feature to work?

A: Port 443 for SSL/HTTPS and port 22 for file transfer needs to be open for support feature to work.

Q: I am getting error “Unable to get the details from the server.” for NetScaler Gateway?

A: Ensure correct password for the server is entered in the support page. Passwords are not cached, and it needs to be entered each time the page is refreshed or a new session is started.

Q: I am getting error “Failed to authenticate with the App Controller”?

A: Ensure correct password for the App Controller server is entered in the support page. Passwords are not cached, and it needs to be entered each time the page is refreshed or a new session is started.

Q: I am getting error “Login Failed: Check XDM credentials or Database server is down.”?

A: Ensure correct password for the XenMobile Device Manager server is entered in the Support page. Passwords are not cached, and it needs to be entered each time the page is refreshed or a new session is started.

Q: How do I exit from the support page?

A: Use the Exit button on the bottom right of the Support page. It will redirect to the ControlPoint Page.

Q: What if I have queries/suggestions regarding Support page?

A: Contact the Citrix Support Personnel for more information.

Servers and Operations

Q: What are the servers supported by the Supportability Framework?

A: Supportability Framework supports App Controller, XenMobile Device Manager, and NetScaler Gateway Server.

Q: How should I add App Controller HA pair in the Support Page?

A: App Controller Cluster deployments are currently not supported. You can provide each cluster node separately to collect respective support bundles.

Q: How should I add XenMobile Device Manager Cluster Setup?

A: You can add any one of the cluster nodes of the XenMobile Device Manager cluster. Operations are performed on all the nodes in the cluster.

Q: Can I add multiple servers for each server type?

A: Yes, you can add multiple servers under each server type.

Q: Do I need to add the servers again in the next session/login?

A: No, all servers added are persistent across sessions. However, passwords are not cached, and it needs to be entered again.

Q: What are the operations supported in the Support Page?

The following operations are supported:
  • Perform Connectivity Checks
  • Collect Support Bundles and Download to Client
  • Collect Support Bundles and Upload to ‘Citrix Insight Services’

Q: Can I perform more than one operation at a time?

A: Yes, you can select all the operations or a combination of operations at a time.

Q: Should all the three servers be in the same deployment of XenMobile Environment?

A: Not Necessary. Any supported XenMobile server which is reachable from the App Controller can be added to the support page.

Connectivity Checks

Q: Where/how are the connectivity checks done?

A: Connectivity checks are initiated and controlled by the App Controller . However, actual Connectivity Checks happen from the NetScaler Gateway/XenMobile Device Manager Server to their associated backend servers.

Q: What does ‘Perform Connectivity Checks’ on NetScaler Gateway do?

A: ‘Perform Connectivity Checks’ on NetScaler Gateway does a reachability check for all the backend servers associated with NetScaler Gateway. The connectivity validation also involves performing server-specific protocol and port validation ensuring the validity of the backend servers.

Q: What does ‘Perform Connectivity Checks’ on XenMobile Device Manager do?

A: ‘Perform Connectivity Checks’ on XenMobile Device Manager does reachability checks for Apple Servers.

Q: I am unable to perform Connectivity Checks on App Controller?

A: Currently, ‘Perform Connectivity Checks’ is not supported on App Controller .

Support Bundles

Q: What information is collected in support bundles?

A: You receive the following information for each server:

XenMobile Device Manager Server Support bundle

  1. Logs
  2. Config files
    • Cluster_configuration
    • Ew-Config.properties
    • Pki.xml
    • Log4j
    • Push_services
    • Oscache
    • Server.xml
  3. Information collected as part of helper.jsp
    • Patches
    • Cluster Info
    • Thread Dump
    • Thread Dump V2
    • Push Service Status (if IOS)
  4. Server details (Windows)
    • OS Version
    • Number of cores (CPU)
    • Memory
    • Page file settings
    • Interfaces settings (speed, ipv4, ipv6 (enabled)
    • Disk space

App Controller Server Support bundle

  • Audit logs with information for customers to get an overall picture of what is happening in the system
  • Debug file with information required for DEV during debugging

NetScaler Server Support bundle

  • NetScaler System information
  • NetScaler Gateway logs
  • NetScaler Gateway database information
  • NetScaler Gateway core information
  • NetScaler Trace files

Q: Can I collect support bundles for more than one server at a time?

A: Yes, you can collect support bundles for multiple servers of same type/different type at the same time.

Q: Will I download multiple support bundles in this case?

A: No, all support bundles are compressed into one single file.

Q: Where do the support bundles get downloaded?

A: Support bundles get downloaded into the default “downloads” folder set by the browser.

Q: Are the generated support bundles permanently stored on the App Controller server?

A: No. At any point, only the last generated support bundle is present on the App Controller Server. All support bundles are cleaned up periodically, during Logoff, session expiry, or reboot of App Controller.

Citrix Insight Services

Q: What is “Citrix Insight Services” server?

A: Citrix Insight Services (formerly known as TaaS) is an initiative from Citrix focused on making the support of Citrix environment as easy as possible. Citrix has developed tools and online analysis capabilities to help collect environment information, analyze that information and receive tailored recommendations based on Citrix environment and configuration.

Q: What are the credentials to be used for uploading Support Bundles to Citrix Insight Services?

A: You need to use your My Account credentials for uploading Support bundles to Citrix Insight Services.

Q: I do not have a “Citrix Insight Services” account. How do I upload the support bundle?

Q: I do not have a SR number from “Citrix Insight Services”. Can I still upload support bundles?

A: Yes, SR number is an optional parameter while uploading support bundles. However, if a case is already open with Citrix, and you have an SR number, the support bundles uploaded with SR number, would directly be linked with the case.

Related:

  • No Related Posts

NetScaler VPN Login Page and Management Page Down after upgrade to 12.0

Edit the customized httpd.conf file in ‘/nsconfig’ folder:

Go to line 166 and search for this line:

LoadModule php5_module /libexec/libphp5.so

Replace it with:

LoadModule php7_module /libexec/libphp7.so

If you do not need any customization then just delete the httpd.conf file from ‘/nsconfig’ and ‘/etc’ and reboot the NetScaler. After reboot, correct httpd.conf will be auto-generated on NetScaler.

Note: While editing the file on Secondary, make sure you have HA sync disabled. Otherwise changes will be reverted back as Primary will sync the wrong file content to your node.

Related:

  • No Related Posts

7021472: Setting the Telnet Terminal Type for UNIX Hosts

Background

A UNIX host computer may use a different terminal type for connecting than Reflection uses for emulation. If you are having trouble running a UNIX host application with a Telnet connection, it is possible that the Telnet negotiation between Reflection and the host is incorrect. Since by default the Telnet terminal type is not linked to the emulation terminal type, each needs to be configured independently.

Two Terminal Types in Reflection: Telnet and Emulation

Reflection has two settings for terminal type: the Telnet terminal type, and the emulation terminal type.

Telnet Terminal Type

When Reflection makes a Telnet connection to a host computer, the Telnet protocol negotiates a terminal type with the host. UNIX hosts typically use this value to set the $TERM value of the terminal environment, but a default file such as .profile or .login can override the negotiated $TERM value. The Telnet terminal type can be configured in Reflection Desktop 16, Reflection 2014, or Reflection 2011 from Document Settings > Host Connection > Configure Connection Settings > More Settings > General tab, and in Reflection from the Connection Setup dialog box > More Settings > General tab.

Emulation Terminal Type

Reflection uses this value, configured in Reflection Desktop 16, Reflection 2014, or Reflection 2011 from Document Settings > Terminal Configuration > Select Terminal Type, and in Reflection from the Setup menu, to identify the type of terminal Reflection will emulate. The default is VT500-7. Note: Since VT500 emulation includes VT200, VT300 and VT400, you receive these levels when the emulation terminal type is set to VT500-7 or VT500-8.

Configuring the Correct Telnet Terminal Type

Follow the steps below to configure the Telnet terminal type for your host.

In Reflection Desktop 16, Reflection 2014, or Reflection 2011:

  1. If you are currently connected, disconnect your session.
  2. In the quick access toolbar, click the Document Settings icon.
  3. Under Host Connection, click Configure Connection Settings. Verify that Telnet is the Network Connection Type selected, and then click More Settings.
  4. On the General tab, in the Terminal type field, enter the Telnet terminal type for your host by selecting from the drop-down menu or typing in the correct terminal type for your UNIX or OpenVMS host computer. Click OK twice.
  5. Click Connect to make a Telnet connection to your host.
  6. Verify that the host applications are working correctly. To verify the term setting on a UNIX host, issue the set or echo $TERM command.
    • If the host applications work correctly, continue with step 7.
    • If the host applications still do not function correctly, disconnect the session. Repeat steps 2 through 6 above, using a different Telnet terminal type in step 4.
  1. In the quick access toolbar, click the Save button and save your current session document, entering a unique file name, such as the name of the host computer. Click Save.

In Reflection 14.x:

  1. If you are currently connected, disconnect by clicking the Disconnect icon on the toolbar. (Or click Connection > Disconnect.)
  2. Click Connection > Connection Setup.
  3. Select Network in the Connect Using group box and click TELNET.
  4. Click More Settings.
  5. Your next action depends on the product:
    • For Reflection for UNIX and OpenVMS and Reflection for ReGIS Graphics, in the Terminal Type field (found on the General tab), enter the Telnet terminal type for your host by selecting from the drop-down menu or typing in the correct terminal type for your UNIX or OpenVMS host computer.
    • For Reflection for HP (on the General tab), select the “Use emulation terminal ID” check box. Accept the remaining default values.

Click OK.

  1. Click Connect to make a Telnet connection to your host.
  2. Verify that the host applications are working correctly. To verify the term setting on a UNIX host, issue the set or echo $TERM command.
    • If the host applications work correctly, continue with step 8.
    • If the host applications still do not function correctly, disconnect the session. Repeat steps 2 through 7 above, using a different Telnet terminal type in step 5.
  1. Save the Telnet terminal type to your Reflection settings file:
    1. Click File > Save As to open the Save Settings dialog box.
    2. Enter a name for your settings file. You can give the settings file a unique name, such as the name of the host computer.
    3. Click Save.

Related:

  • No Related Posts