Radius server test connectivity fails : Error: 1812/udp’ is not a valid Radius authentication port or Radius client is not configured properly in the Radius server.

We have seen certain cases where a PBR is configured for the management IP (NSIP) pointing to a next hop gateway.

In case the ADC does not have a SNIP in the same subnet as the next hop configured, then the packet might never leave the ADC and hence it would fail.

No SNIP causes the Radius packet from Freebsd to Virtual server to be not sent to the actual server.

Related:

  • No Related Posts

Service on ADC shows DOWN with monitor error: “No MIP/SNIP available”

To resolve this issue, complete the following steps:

  1. Make sure that SNIP for the subnet you are trying to connect to is added on the ADC.
  2. Verify if there exits a route in that Subnet. If the route does not exist then add the route using add route command.

    Note:- you might get this error if you have two default routes. Check the show route output and delete one route after confirming from the customer.
  3. Alternatively, you can also create a Net profile with the SNIP that you configired and then Bind it to Service / Service Group to make sure that monitor probes are initiated with that SNIP .

Related:

  • No Related Posts

How to create responder policy allow/block a set of ip's

  • We need to first create a data set under AppExpert>Dataset
  • We need to put all the IP that we want to block/allow

User-added image

  • After creating the data set create the following responder policy

CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY(“data_set”)

In the above expression I have called the data set in the expression

For subnet range the policy will be as follows:

CLIENT.IP.SRC.IN_SUBNET(x.x.x.x/32)

Now if we want to evaluate single Ip and subnet we need to create the following expression:

CLIENT.IP.SRC.TYPECAST_TEXT_T.CONTAINS_ANY(“data_set”) && CLIENT.IP.SRC.IN_SUBNET(x.x.x.x/32)

>You can use other subnets using && operator. Take assistance of expression editor to configure the policy.

>And create a action (in this case I am creating a action as redirect)

User-added image

>Bind the responder to the virtual server

Since the above expression is true for ip 1.1.1.1 you will get redirected to https://citrix.com

Related:

  • No Related Posts

Service on NetScaler Shows DOWN with Error: “No MIP/SNIP available”

To resolve this issue, complete the following steps:

1. Verify the NetScaler routing table using the following command:

show route

2. Verify if there exits a route in that Subnet. If the route does not exist then add the route using add route command.

Note:- you might get this error if you have two default routes. Check the show route output and delete one route after confirming from the customer.

3. Add a Mapped IP of Back end Server Subnet.

4. Create a Net profile with the SNIP and then Bind it to Service / Service Group .

Related:

How to Add a Static Route on Netscaler MAS

In order to add a static route, you would need to modify the system routing table. To make the changes permanent, the svm.conf file would need to be edited.

  1. Log in to NetScaler MAS, using an SSH client.

  2. Make a backup copy of the file /mpsconfig/svm.conf using command:

    cd /mpsconfig/ cp svm.conf svm.conf.bak

  3. Add the following line to the above file “route add -net 10.20.30.0/28 10.0.0.1” using the following command:

    echo “route add -net 10.20.30.0/28 10.0.0.1”>> svm.conf

  4. Reboot the device using command:

    reboot

  5. Verify if the static route is present in the system routing table:

    netstat -rn

Please note that the gateway address (in our case it’s 10.0.0.1) must be in one of the interfaces subnets. Otherwise route will not be added and you will receive the following message:

route: writing to routing socket: Network is unreachable

add net 10.20.30.0: gateway 10.0.0.1: Network is unreachable

Related:

Load Balanced Virtual Server Marked DOWN on Secondary Node of HA Pair

Since the SNIP is a “floating” IP address that is shared between the nodes, it can only be active on whichever node is primary. Since the SNIP is not active on the secondary node, monitor probes cannot be sent from the secondary node, and this results in the backend services and load balanced vServers to be marked DOWN. The virtual servers are marked UP on the primary node.

Related:

Site Filters created using AD import use wrong (netbios) field

I need a solution

So… we’ve set up an AD import of Sites from 2  domains – and asked for site filters based on the registered subnet IP addesses to be created. All looks good until you come to see what these filters display . One domain gives the right results – the other nothing. Curious we investigated and it seems the second domain has a slightly different netbios name to the domain name. The Domain is Example-Domain but the netbios name in exampledomain.

The association to the subnets for the imported domain Example-Domain are all created correctly, to the Example-Domain domain  but the filters use a query which uses the exampledomain name and so does not find the associations to the subnest or the devices on that subnet/site. If you copy and edit the flter and change the netbios name from exampledomain to the Example-Domain domain name all works fine… So it seems to be a ‘undocumented feature’

We’ve tried setting up a SQL query to automatically correct this as follows 

Use Symantec_CMDB

Go

Update [Item]

Set [State]= Cast(Replace(Cast ([State] as NVARCHAR(max)), ‘exampledomain’, ‘Example-Domain’) as NTEXT)

where [Productguid] =’ea8fbe73-41c2-422d-b0c0-ab35e9c656d4′ and [State] like ‘%DC=EXAMPLE-DOMAIN,DC=COM%’  
and [State] like ‘%exampledomain%’
and [Description] = ‘%This filter contains%’ 

Go

Select * from Item

where [Productguid] =’ea8fbe73-41c2-422d-b0c0-ab35e9c656d4′ and [State] like ‘%DC=EXAMPLE-DOMAIN,DC=COM%’  
and [State] like ‘%exampledomain%’ 
and [Description] = ‘%This filter contains%’

The ProductGuid is the guid for filters and the State field has the XML for the filter query, we believe. So we are just looking to substitue the exmapledomain in the query XML with Example-Domain

But this doesn’t seem to work and its not clear why

Does anyone understand this and are able to offer any advice?

0

Related:

AutomationRule on Edit Incident – Classification

I need a solution

After Update to 8.5 RU3 the automationRule OnTicketEdited works not like before.

in this rule i want to route the Ticket with classification routing table. But the Routing doesnt happen.

all other Rules working fine. all Ather Actions working fine.

in ProcessHistory it shows that the rule was executed, but the Ticket is always on the old WorkingQueue

Then [Assign Existing Incident Tasks][Using Category Routing Table(Routing Table: Classification)] Using [1 Parameter] AND [Route Incident][Using Category Routing Table(Routing Table: Classification)] :: The conditions were met. 2 Successful Actions. Rule [2]: Action Succeeded:

0

1574543666

Related:

  • No Related Posts

[Citrix-ADC] Unable to delete SNIP in cluster. 'ERROR: An existing route relies on the presence of this subnet' is displayed.

We have multiple SNIP configured on ADC. When we try to delete any of SNIP, operation fails with error:

An existing route relies on the presence of this subnet.

This error holds valid, where we have only SNIP that subnet in show ns ip, and we have a route with that SNIP being used as next hop gateway.

When we try to remove that SNIP, it should not let us delete that, as that is the only SNIP in that subnet, and a route in our configuration has dependency on that SNIP.

However in our case, we have multiple SNIP in that subnet, so it should let us delete the other SNIPs.

Which doesn’t seems to be working, hence is an incorrect behavior.

> show ns ip

Related:

How to change subnet mask of NSIP on Netscaler

1 – Take a SSH session to NetScaler.

2. Enter into shell

> shell

3- Execute the command nsconfig and get the option to modify the subnet mask of NSIP.

root@NS# nsconfig

NSCONFIG NS11.1.

REVIEW CONFIGURATION PARAMETERS MENU

————————————

This menu allows you to view and/or modify the NetScaler’s configuration.

Each configuration parameter displays its current value within brackets

if it has been set. To change a value, enter the number that is displayed

next to it.

————————————

1. NetScaler’s IP address: [1.1.1.1]

2. Netmask: [255.255.255.224]

3. Advanced Network Configuration.

4. Time zone.

5. Network firewall mode: [0]

6. Cancel all the changes and exit.

7. Apply changes and exit.

Select a menu item from 1 to 7 [7]: 2

Related:

  • No Related Posts