How to Add a Static Route on Netscaler MAS

In order to add a static route, you would need to modify the system routing table. To make the changes permanent, the svm.conf file would need to be edited.

  1. Log in to NetScaler MAS, using an SSH client.

  2. Make a backup copy of the file /mpsconfig/svm.conf using command:

    cd /mpsconfig/ cp svm.conf svm.conf.bak

  3. Add the following line to the above file “route add -net” using the following command:

    echo “route add -net”>> svm.conf

  4. Reboot the device using command:


  5. Verify if the static route is present in the system routing table:

    netstat -rn

Please note that the gateway address (in our case it’s must be in one of the interfaces subnets. Otherwise route will not be added and you will receive the following message:

route: writing to routing socket: Network is unreachable

add net gateway Network is unreachable


Citrix Gateway | AAA: EPA Plugin does not launch with Outlook Embedded Browser (Edge WebView)

•The existing implementation on EPA Plugin is dependent on browser to loopback communication. The browser should be able to communicate with for the EPA process to work

•The article: states to need to allow loopback communication for WebView need to execute the following command: CheckNetIsolation LoopbackExempt -a -n=”microsoft.win32webviewhost_cw5n1h2txyewy” where “microsoft.win32webviewhost_cw5n1h2txyewy” is the APPID for the WebView, this was done but it did not resolve the issue.

• Further looking through the netstat O/P we noted the process ID of the application trying to communicate with, that process ID belonged to the application “Microsoft.AAD.BrokerPlugin.exe” having APPID “Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy” Although the epaplugin component (nglauncher.exe) was listening on the above process id was unable to communicate with it and was stuck in SYN_SENT

• So, at that point it was identified the webview itself does not handle the network communication during O365 authentication, instead uses the Microsoft.AAD.BrokerPlugin.exe application, therefore it’s this application which has to be allowed loopback communication.


CCS 12.5 REST API HTTP Error 503. The service is unavailable.

I need a solution


in our testing environment I have set up CCS 12.5 and in the Integration Services setting of the Application Server I have enabled the REST API on the standard port (12431). The application server service (and later the entire server) was restarted to enable the API. A check for the listening ports confirms there’s indeed a service listening on the port:

netstat -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP              LISTENING       4

On a Linux server, which is able to open a connection to the application server on this port (verified with netcat), using the Symantec-provided sample Python scripts and Curl I’m getting an HTTP error 503 – Service is unavailable. I tried running Curl for Windows directly on the application server with the same result. With the Python scripts the error I’m getting is:

Token Generation Failed. Please check if the REST API is enabled and User name and password is correct

The REST API is enabled, and though I’m pretty sure it’s not the credentials causing the failure, I have also tried providing different CCS users’ credentials to the script (with CCS Administrator role) – to no avail. I modified the script to output the responseToken.status_code, which is 503.

Would you please point me to the right direction what to check, what am I missing? Thank you!



WSS/SEP Seamless Integration Issues

I need a solution

I have SEP / WSS integration active but port 2968 is closed in the SEPM console, how can I enable this port on the server ?.

We make a telnet to this port but it is closed, and we execute the following command in the SEPM server but it is closed:

netstat -an | find ": 2968" | find "LISTENING"

Can someone help us?

ATT andres Garcia



Networker 9.1 DDOS 5.7.x > RHEL Clients 8.x 9.x>Stale Sessions


We have networker server on windows , DD9500 DDOS 5.7.x , RHEL CLients 8.x and 9.x That Do not Cancel sessions on the Client side and on the Data Domain, when a Workflow action timeout occurs on a client due to a stale NFS Mount.

Issue is with 350+ RHEL Clients all using same NFS Mount from NFS Server cause maximum session limit reached on DD when the NFS server crashed and all the RHEL NFS Clients mount points went stale, resulting in backup reaching timeout, but sessions not cancelled on the data domain.

The only way to detect actual session count is netstat -an in SE mode and lsof -I TCP:20149 in BASH mode

Anyone else see this on RHEL clients? Currently have support investigating but wanted to get a feel for this in the community


XenDesktop 7.15 – Broker service not listening to new storefront port 1080

  • Below is the output of the netstat

    User-added image

    User-added image

    As you can see the port-1080 is not listening even in 2012r2 server.

    Now, I go ahead and point my storefront server to this delivery controller, so that a store is created and I try browsing to this storeweb.

    User-added image

    And when I run netstat again, I don’t see the port listening:

    User-added image

    And then I install Storefront on the server:

    User-added image

    And run the netstat command, I still do not see the port listening:

    User-added image

    When creating a store,

    User-added image

    Netstat o/p:

    User-added image

    Browsed to the site now and ran the netstat command, same result- do not see 1080 running

    User-added image

    Then I configured the site, and just created machine catalog, and before creating delivery groups, ran the command netstat, with the below output:

    User-added image

    Yay! 1080 is listening.

    Uninstalled storefront and rebooted the box:

    User-added image

    This time, the process using the port 1080, is not identified. So, changed the port again by running the command:

    User-added image

    Netstat o/p:

    User-added image

    And the port is now not listening. So, I attempted to launch the URL from another storefront server to this same broker and I see the port 8080 listening.

    User-added image

    To test again, I built a new storefront server and then mapped the delivery controller to a newly created store and the behaviour was the same-the port was listening.


    The port will be listening on the controller only when a site is configured. From what we have seen so far, after setting the port using the brokerservice.exe –wiport “port no” , there has to be a store url that needs to be accessed to have the port listening to the storefront.

  • Related:

    7023182: Linux Replication Fails with Error “TCPSocket::Bind(): Address already in use”

    This document (7023182) is provided subject to the disclaimer at the end of this document.


    PlateSpin Migrate 12.0 and up

    PlateSpin Forge 11.1 and up

    PlateSpin Protect 11.0 and up


    A Linux replication fails with the message ERROR: “TCPSocket::Bind(): Address already in use” at the step sending files stage.


    There is an existing connection using port 3725 on the source.
    On the source run netstat -nlp to find out what connection using data transfer port exists and what its PID is. By default, the data transfer port is 3725.
    If the process using the connection over the data transfer port is the ofx controller process, end the process. If another process is using that connection, consider when would be an appropriate time to run the replication or consider changing the data transfer port to a port number that won’t be used.


    This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.


    Cannot use port 443 after SEPM upgrade 14.2

    I do not need a solution (just sharing information)

    I recently upgraded SEPM from version 12.x to 14.2.

    During the server configuration, port 443 was being detected as in use and I was unable to use this port for HTTPS communication. I had to set a custom port 50001 in order to continue.

    Netstat shows PID 4 listening on this port which is the System process. I’ve determined this to be IIS.

    I can go into IIS and stop the web site, which allows me to change HTTPS back to 443 – but I receive server errors in the Admin console.

    Based on what I have read, I believe IIS is involved in SEPM server communications, so it would appear that SEPM cannot use port 443 because it is being used by itself.

    Can anyone provide insight into this? I would like to use the default ports.

    SEPM is installed on Windows Server 2008 R2 SP1 and IIS is version 7.5.



    • No Related Posts

    Ports required for VDA Registration and session launch are unavailable

    To resolve this issue, peview the ports currently in use in the Site and verify they are not being used by other applications. If needed, resolve port conflicts to ensure the ports are available for the VDAs to use:

    1. Open a command line window on the VDA

    2. Type in <netstat –ano | find “:serviceport”> (where serviceport is the portnumber being used, for example :80)

    C:>netstat -ano |find “:80”

    TCP 61311 ESTABLISHED 1584


    3. In the output, the last column represents the process id that is using the port

    4. In the example above, process 4 and 1584 are using the port 80

    5. Use tasklist to find the process using port 80

    C:>tasklist |find “1584”

    Httpd.exe 1584 Console 1 132,242 K

    6. In this case, Apache server is using the process

    7. Decide if you want to stop the process or reconfigure the application in use to use another port.


    NetWorker 9.1.0: 9.1.1.x is fixed for scheduled clones that do not complete (hang) with 4 symptoms, or combinations of the 4 symptoms.

    Article Number: 502645Article Version: 3 Article Type: Break Fix

    NetWorker 9.1

    Scheduled clones do not complete (hang) with 4 symptoms, or combinations of these 4 symptoms:

    — Devices being cloned from have the Message “reading, idle” and devices being

    written to have the Message “writing, idle” when viewed in the NMC ->

    Monitoring -> Devices pane

    There may be a number in front of the message “reading, idle” or “writing, idle“, for example “3 writing, idle“. The number represents the number of nsrmmd Process identifiers (pids) that are active for the device.

    The command nsrmm -Cv -f <device_name> will return the pid numbers. Example,

    Data Domain disk <Volume_name> mounted on <Device_name>, pool <Pool_name>, write enabled, active nsrmmd PIDs on server: 9185, 14351

    an example of query a remote storage node’s device from the NetWorker server would return

    nsrmm -Cv -f rd=<Remote_host_name>:<device>

    Data Domain disk <Volume_name> mounted on rd=<Remote_host_name>:<device>, pool <Pool_name>, write enabled, active nsrmmd PIDs on storage node: 7881, 14685, 4936

    — The Alert pane may prompt a “Waiting for 1 writable volume(s) to backup

    pool ‘<Pool_name>’ disk(s) or tape(s) on

    ” in for the pool that the clone is configured to write


    While the Log pane will report

    Suggest manually labeling a new writable volume for pool ‘<Disk_Pool>’

    Though the all devices labeled for the pool display “writing, idle”.

    — The Policies pane notes the clone is running, in the Show details and message logs the

    clone is reporting

    07/27/2017 02:17:34 PM Unable to setup direct save with server <NetWorker_sarver>: busy.

    07/27/2017 02:17:34 PM NSR server <NetWorker_server>: busy

    07/27/2017 02:17:34 PM waiting 30 seconds then retrying

    — From the NetWorker server, the command

    while true ; do netstat -an | grep tcp | wc -l ; done

    returns a ton of ports in use. The number fluctuates while the clone is running.

    Stopping the clone in the NMC -> Monitoring frees the TCP ports.

    Windows PowerShell equivalant

    From an Administrator DOS command prompt enter PowerShell:

    PS C:> while ($true -eq $true) {netstat -an | FIND /C `”TCP`”; sleep 5}

    SPI: RPS clone from DD to AFTD hangs due to too many connections in use (connection leak)

    Install the latest Cumulative Fixes package for NetWorker 9.1.1.

    You can download the latest Cumulative fixes packages for NetWorker from the following location: