Slowness in Presenting Citrix Gateway/AAA Login page on Client Browsers

Note: httpd (and all other non-packet engine processes on Netscaler) run ONLY on the management CPU core. On most ADC models, there is only 1 management core. Therefore, adding too many httpd processes can have negative effects, including RAM exhaustion and swapping. In an SDX environment, it is often preferable to provision additional VMs (each with it’s own management core) rather than increasing this value too far.

To resolve this, we need to increase the MaxClients from 30 to 60 in the “httpd.conf” and then restart the process.

Note: 60 is recommended if you have confirmed you have experienced this issue, however with certain customers who have very heavy loads on a single ADC, this number may need to be even higher up to 90. We do not recommend higher values unless it is found necessary due to testing. The value can be set as high as 255 without other changes, but again higher values are not recommended unless found to be required with testing.

Note: If performing the changes in a High Availability setup changes must be made under PRIMARY node otherwise HA file synchronization will override the changes made in /nsconfig folder.

Below are the steps to change the MaxClients value in httpd.conf:
  1. Before you modify files, ensure you have a local copy of the original /etc/httpd.conf. Store this file in a location that is not on the ADC, i.e. your local drive.
  2. Using a texteditor (ee), open the /etc/httpd.conf file, and modify the MaxClients value to 60
  3. Copy /etc/httpd.conf to /nsconfig/httpd.conf. From CLI you can use this command: cp /etc/httpd.conf /nsconfig/
  4. Run the ps -aux | grep -i httpd command and you should see an output that shows one root process and other processes labelled as nobody. Note the PID (column 2) for the process owned by root.
  5. Kill the root process by running this command (replace PID with number from above): kill -6 PID
  6. After killing the process, wait for 2 minutes and the process will get started automatically.
  7. This can be confirmed by running the command from step 4 again and looking for the httpd process owned by root.
  8. If the httpd process does not start after waiting for some time you can restart the process with below commands:

#killall httpd

#/bin/httpd -f /etc/httpd.conf

If you need to go back to the original configuration:

  1. Ensure you have the local copy of the original /etc/httpd.conf
  2. Delete the /etc/httpd.conf
  3. Delete the /nsconfig/httpd.conf
  4. Copy your local copy of httpd.conf to /etc/httpd.conf and /nsconfig/httpd.conf

Note: The copy on /nsconfig/ dir will ensure the parameter MaxClients 60 is loaded after a full reboot every time. No need to change it in Secondary node in a HA setup, HA Sync will update the file in Secondary node automatically.

WARNING – Following the above solution might result in issues with future firmware upgrades.

When you apply the above configuration, the httpd.conf will not be updated during a future firmware upgrade. This could cause the GUI to become completely unavailable.

If this occurs, you must delete the file /nsconfig/httpd.conf (on both primary and then secondary node), reboot the ADC, and then reapply the below settings.

The clear diagnosis of that issue is that if you run “ps -aux | grep httpd” in shell mode, there will be no httpd processes running.


Leave a Reply