Error: “Time out during TCP connection establishment stage” and ADC Load Balancing Service Groups in Down State

The monitor message “Time out during TCP connection establishment stage” means that the web server either was not listening or was unreachable. This indicates a network problem.

In the packet capture syn request was being sent but no response and hence times out.

It was a firewall misconfiguration where a rule was causing the issue. After the rule was modified to allow tcp connections, it worked and service came up.

Related:

  • No Related Posts

Error: “Time out during TCP connection establishment stage” and ADC Load Balancing Service Groups in Down State

The monitor message “Time out during TCP connection establishment stage” means that the web server either was not listening or was unreachable. This indicates a network problem.

In the packet capture syn request was being sent but no response and hence times out.

It was a firewall misconfiguration where a rule was causing the issue. After the rule was modified to allow tcp connections, it worked and service came up.

Related:

  • No Related Posts

TCP Profiles on NetScaler

TCP configurations for a NetScaler appliance can be specified in an entity called a TCP profile, which is a collection of TCP settings. The TCP profile can then be associated with services or virtual servers that want to use these TCP configurations.

Built-in TCP Profiles

For convenience of configuration, the NetScaler provides some built-in TCP profiles. For a list of built-in profiles, refer to Citrix Documentation – Built-in TCP Profiles.

For a list of options that are available for a TCP profile, refer to Citrix Documentation – ns tcpProfile.

Note: These values can have serious impacts on network performance. Use these values carefully when adjusting them manually in existing profiles, or when creating new profiles.

To specify service or virtual server level TCP configurations

Command line interface

  1. Configure the TCP profile:

    set ns tcpProfile <profile-name>

  2. Bind the TCP profile to the service or virtual server.

    To bind the TCP profile to the service:

    set service <name>

    For example:

    > set service service1 -tcpProfileName profile1

Configuration utility

  1. Configure the TCP profile.

    Navigate to System >Profiles > TCP Profiles, and create the TCP profile.

  2. Bind the TCP profile to the service or virtual server.

    Navigate to Traffic Management > Load Balancing > Services/Virtual Servers, and create the TCP profile, which should be bound to the service or virtual server.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts

How to Pass the Client's Source Port to the Backend Server When Accessed Through NetScaler

To achieve this, we would have to disable the Use Proxy Port option.

To configure the Use Proxy Port setting on a service by using the configuration utility:

  1. Navigate to Traffic Management> Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and unselect Use Proxy Port.

To configure the Use Proxy Port setting on a service by using the CLI:

At the command prompt, type:

set service svc -useproxyport NO

The Use Proxy Port option works only when the Use Source IP/ Use Client IP option is enabled on the Service/Service Group respectively.

Also, this option is enabled by default for TCP-based service types, such as TCP, HTTP, and SSL,

This will allow the backend server to see client IP and source port from which the client tries to connect.

Related:

  • No Related Posts