NetScaler

458

Solutions

13

Content

i
The collection of articles, videos, and posts on this topic.

455

Contributors

NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.

Share tech news, updates, or what's on your mind.

Sign up to Post

We currently have a few Netscaler MPX 9700 FIPS devices with HA Configured nodes running version 11.1.57.11nc.

We need to apply a company WildCard certificate generated from a 3rd party (GeoTrust) for use with the Managment Console (GUI) as well as be available for the defined sites/endpoints on the system that will be used with StoreFront.

Since this is a FIPS Device, I am finding a bit confusing to determine the best approach to initially install and update these certificates on a Netscaler FIPS Appliance.

Any direction is appreciated.

Thanks in advance.
0
21 Comments
Hello.  We have a discrepency on the order of steps we need to enable FIPS in a HA setup for Netscaler MPX9700.  These are running version 11.1.

From the Articles, such as https://docs.citrix.com/en-us/netscaler/12-1/ssl/fips/configure-fips-ha.html and https://docs.citrix.com/en-us/netscaler/12/getting-started-with-netscaler/configure-fips-first-time.html, it reads as though you start with the HSM/FIPS module and then the HA portion of the GUI.  We are planning to use a WildCard for the certificate on the FIPS module and the URL's provided to users.

However; from research a co-worker insists that the HA portion through the GUI needs to be setup first, and then do the HSM/FIPS portion.

Any clarification from experience is appreciated.
0
37 Comments
We have Citrix Xenapp 7.15 update 1.

We have two delivery controllers. we noticed when we restart one of the two, we run into issue launching apps for about 5 minutes or so.  We noticed when we look at studio, it shows that VDAs are readjusting to point to the "up" delivery controller. This could take up to 5 minutes, during that time, logging in is temporarily on hold, and so is launching applications.

Any idea why that happens and how we can reduce that time before we restart a DC?
0
6 Comments
Hi, I am looking to configure MFA for a Citrix NetScaler using Symantec VIP. I was wondering does anyone know if Symantec VIP requires an on-prem server for authentication or does the NetScaler just access the Symantec VIP Cloud offering directly ?
0
2 Comments
Good day. I have removed one Xenapp delivery controller and made another primary. I have changed the storefront and studio to point to the new one. I have updated the STA in netscaler. I can connect to citrix resources internally fine but externally i now get the following error: Connection to the server "x.x.x.x:1494" was interrupted. Please check your network connection and try again.
0
3 Comments
Hey

I am newbie to Citrix Netscaler. ;)

I have create a loadbalancer to some https servers. I works as expected.

Is it possible to use content switching on the VIP (of the loadbalancer i just created)?

https://my.domain.com -> VIP -> 10.10.10.10
https://* -> VIP -> (to one of the https servers)

Thanks in advance.

Mike
0
1 Comment
Hello.  Trying to do some customization's to Citrix StoreFront 3.15.  I have found numerous articles that have helped, but getting stuck on the following two items.

#1 - Is there a way to move the Description next to the icon instead of below?  (I've attached a screen shot of what I see and would like to do)

#2 - Trying to set a footer on all pages as we front end Citrix Storefront with Netscaler (MPX9700) running version 11.  I have found an article to add the following in the custom\style.css, but doesn't seem to be working.  (Choosing black as our background screen is fairly light)

.customBottom {
font-size:30px;
text-align:center;
color:black;
position:static;
}

The other part of this is the text in the custom\script.js.  

$('.customBottom').html("Copyright & Copy 1996-2018. All rights reserved.<br />Terms of Service | Privacy Policy | Customer Service<br />");

Any direction is appreciated with the footer.  I am trying to put here on Storefont as I haven't had success using the instructions on displaying on the users login screen for Netscaler.


Thanks in advance for your help.
WishedLogo.png
0
28 Comments
Citrix error "There are no apps or desktops available to you at this time"
Citrix XenApp 7.15 LTSR
NetScaler 12.1 VPX
SSO configured through GPO's.
When login to StoreFront URL is working fine.
But login to NetScaler StoreFront load balance URL is giving above Error.
https://support.citrix.com/article/CTX133982 
https://support.citrix.com/article/CTX200583
https://support.citrix.com/article/CTX233380
Configured SSO as per CTX133982 and followed CTX200583 /CTX233380
Please suggest.
0
6 Comments
Citrix NetScaler ADC 12.1 48.13 nc ---StoreFront, Director, LDAP Virtual Servers are down when I configured with SSL. But they are UP, when I configured with http.
Please suggest how to troubleshoot.

Edit: I will leave that there but I think I initially misread your question, but the same steps are true of SSL - can you telnet from the NS to the SF / XA servers successfully, as a start.
0
3 Comments
How can we use the secondary Citrix NetScaler Server, in an H.A. pair to safely test out new configurations before the same changes are propagated to the other NetScaler?

We have 2 x version 12.0 Citrix NetScaler Servers in our environment.  They both are setup for auto-sync and propagation by default; but according to websites:

- https://support.citrix.com/article/CTX124439 
- https://docs.citrix.com/zh-cn/netscaler/11/system/high-availability-introduction/configuring-command-propagation-high-availability.html

There are commands to that can be executed to turn the HA Sync and HA Propagation off and then back on later.  At my company we would like to test out a 2 factor authentication option (during a planned maintenance window) and see how that works before it is available for all of the users.  I am thinking of doing the following:

1.  Enable the 2 factor authentication settings on the Authentication server.
       a.  Whatever it may be, that is a separate topic from this question.

2.  Then after the Authentication server is ready, disable auto-sync and auto-propagation on the NetScaler HA-Pair.

3.  Then configure the secondary NetScaler to work with the 2nd factor Authentication server.
        a.  Then plan a maintenance window to temporarily make the secondary NetScaler Server into the new primary NetScaler Server.
        b.  When I fail over the primary server, the secondary server will then become the new 'primary' server …
0
6 Comments
Is Azure Market Place "Citrix NetScaler" can authenticate with "On Prem AD" using  "Site 2 Site VPN" connection?
How many seconds Azure "Citrix NetScaler" token will be valid for Authentication?
At On Prem side, ADFS required?
Please suggest
0
8 Comments
How can I completely disable IPv6 from all network adapters on a Windows 7 Pro. computer?  The use this method to roll-out that configuration change to hundreds of computers?  Is there perhaps a script?

What I am looking for is to disable or un-check the ipv6 settings.

ipv6_1
I want it to be grey'd out or disabled.

ipv6_2
According to web page: https://techjourney.net/disable-turn-off-ipv6-support-in-windows-10-8-1-8-7-vista/

I have tried opening a command prompt as administrator and running 
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 0x000000FF /f

Open in new window


But after I run this command I think IPv6 is disabled partly; but, I still see the check mark on the adapters indicating that it is still enabled.  

Question1: How can I disable the ipv6 for all adapters on a windows 7 Pro. PC?  My manager specifically asked me to do the un-check box, to make it look disabled.

Question2:  How can I use that method for a mass deployment to change the config on hundreds of devices?

Question3:  How can I verify that IPv6 is indeed disabled?

Before the registry changes, if I ran an ipconfig all, under "Ethernet adapter Local Area Connection"  I saw
IPv4 Address. . . . . . . . . . . :  ###.##.##.###
Then I saw
DHCPv6 Client DUID. . . . . . . . : ##-##-##-##-##-##-##-##-##-##-##-##-##-##

After the Registry changes, I do not see any reference to DHCPv6 Client DUID. . . . . . . . : ##-##-##-##-##-##-##-##-##-##-##-##-##-##
0
19 Comments
How to create SHA256 CSR file for SSL certificate in Windows 2016?
Environment:
Windows 2016 IIS
Citrix XenApp 7.15 CU2
NetScaler VPX 12.0
VMWARE ESXi 6.5
0
2 Comments
On  a netscaler 16500 - suppose I want to traffic to https://yaya.foo.com/whatdoyouknow to redirect to https://www.sharktown.com/whatdoyouknow. But the same mechanism would deliver https://yaya.foo.com/somwhere to redirect to https://www.sharktown.com/somewhere. What would I need to cofigure? thank you
0
2 Comments
We have 2 Citrix NetScalers (Virtual Servers) configured in an HA-Pair.  We have updated the 'secondary' NetScaler and everything looks to be working just fine on that NetScaler when we have planned maintenance windows and failed over the Primary (with the older version) and then our pilot test group of users and devices logged on to the updated NetScaler.

Hence we have 1 x Primary 'NetScaler1' (version 11.0) and 1 x Secondary 'NetScaler2' (version 12.0).

I am planning on failing over the 11.0 NetScaler1 to become the secondary and then to have NEtScaler2 become the new Primary in the HA-Pair.  Eventually I will update NetScaler1 to version 12.0.  I think it would be a less disruptive to our employees if I just leave the Netcaler1 to be the secondary after I update it; however I need to test it after the update.

Is there a way to have specific user accounts only login to a Specific NetScaler Server IP address?  Or doe s HA simply not work that way?  Then I simply must fail over the NetScalers again for testing and plan another maintenance window?
0
2 Comments
How to setup an AAA server?

I have a project on the horizon that involves setting up Dual Factor Authentication on a Citrix NetScaler Server.  I have a rough outline from: https://www.carlstalhood.com/nfactor-authentication-for-netscaler-gateway-12/

But questions today are regarding setting up an Authentication server from scratch.  I have never setup or used an AAA server or RADIUS server before.

Question1:  Will I need to simply setup a Windows 2012 R2 or 2016 Server with the Remote Access Server role?

Quesiton2:  Will I need a certificate from a Certificate Authority?

Question3:  What is required for this AAA server to work with NetScaler?  All NetScaler configuration is separate from this question.
0
1 Comment
How can I view logging regarding state changes of NetScaler Gateway Virtual Servers? After upgrading to the latest version
sometimes user are getting to the proper login page and desktop and other times they redirected to a default site.

NetScaler (11515)
 NS11.1: Build 57.13.
0
4 Comments
When I look at the elliptic curve information for some VIPs in my Netscaler Load Balancer - I see
that there might be four or five lines dedidicated to elliptic curves. I forget the numbers
but one might be 128, 164, then 256, then 324 - let's say. Now I understand the larger the
number the higher the encryption level. But why would a vip have several elliptic curves
associated with it instead of just one?
0
5 Comments
Citrix Licensing Models: Apart below licenses, do we need any other software licenses for Citrix XenApp XenDesktop 7.x deployments?
Especially, VMWare licensing details required for XenDesktop SBC/VDI deployments.

Model 1: Rich Model

Citrix XenAppXenDesktop Platinum Edition
NetScaler MPX
Microsoft CIS Datacenter (Included RDS and Hyper-V VMs OS)  OR  VMWare ESXi with VCenter
MS SQL Server (Enterprise) AllwaysON

Model 2: Economic Model
Citrix XenAppXenDesktop Enterprise – Limited Director reports (31 days of historical analytic data), No Comtrade SCOM pack.
NetScaler VPX Model
MS SQL Server (Standard) without AllwayON
Microsoft CIS Datacenter (Included RDS and Hyper-V VMs OS)  OR Citrix XenServer

Microsoft License :
Hyper-V, Server OS, Desktop OS : Data Center Edition will cover Hyper-V, Server OS and Desktop OS on the Host server.
Extra Windows Desktop OS license for XenDesktop
http://www.purchasing.ufl.edu/contracts/microsoft-select-plus/Microsoft-VDI-Suites-and-Windows-VDA-FAQ-v31.pdf
I’m buying VDI software from VMware/Citrix/another vendor. Do I still need Windows VDA?
Yes. If you are accessing a Windows client OS as your guest operating system in the datacenter from a thin client, Windows VDA is the appropriate licensing vehicle regardless of the VDI software vendor you choose. The only scenario where you would not need Windows VDA is if you were using PCs covered under Software Assurance as the access devices, since …
0
7 Comments
How do i restrict access to a vServer on a netscaler based on which user tries to login.
0
2 Comments
Citrix NetScaler VPX 12.0 Configuration for StoreFront Loadbalance in Intranet 7.15 CU2 environment.
http://www.carlstalhood.com/storefront-load-balancing-netscaler-12/ 

How to create SSL certificates using MS CA :
https://mizitechinfo.wordpress.com/2013/08/29/step-by-step-deploying-a-standalone-root-ca-in-server-2012-r2-part-1/
https://mizitechinfo.wordpress.com/2013/08/31/step-by-step-deploying-an-enterprise-subordinate-ca-in-server-2012-r2-part-2/
https://support.citrix.com/article/CTX206492
http://www.citrixguru.com/2015/11/15/lab-part-15-configure-ssl-in-storefront/


1. SSL certificates requirement - PFX/CRT/PEM, How to generate required SSL certificate?  -- PFX
2. SSL Certificates required for StoreFront, DDC, and NetScaler? How to generate?
Windows 2016 Certificate Authority role required to generate these certificates? If yes, How to generate?
https://www.experts-exchange.com/questions/26672335/'Web-Server'-Certificate-Template-not-an-option-on-http-server-certsrv.html
3.  Service Accounts requirement for LDAP authentication. -- One Service Account Required
4.  How many IPs required for SF LB?
NS IP, SNIP, SF LB VIP, DDC LB VIP, Director LB VIP, DNS LB VIP.

Please close the thread.
0
1 Comment
Has anyone used the Netscaler content switching to have information from an internal server get published on an external hosted ERP Website?
Basically I am trying to take an internal Tableau Server to Netsuite.
0
0 Comments
Citrix Netscaler 12.0 ReWrite Policy

Hi

I am currently implementing a rewrite policy on my Netscaler testing environment to be able to insert a footer on the login page to inform users of anything they need to be aware of. The policy is working as expected, however when making a change to the policy, it is not reflecting the change on the logon page. It seems to be cached, but I am unsure where. I have tried 2 different browsers and also re-creating the Virtual Server and re binding the policy. I am following this guide:

https://support.citrix.com/article/CTX215817

Any help would be appreacited.

Thanks
0
0 Comments
Hello,

I'm unable to launch Citrix XenDesktop from outside my network. It gives me protocol driver error when launched from store front. Has anyone seen this error message before?


P.S I do not have a netscaler gateway in between. Currently using my firewall for port forwarding.

Thanks,

Kemar
0
6 Comments
Hello,

How can I create URL redirection on Netscaler

I need to redirect https://cportal/sites/NCSC/rfpanswers/*    to    https://sp.compugen.com/sites/rfp/RFP Document Database

please advise.
0
4 Comments

NetScaler

458

Solutions

13

Content

i
The collection of articles, videos, and posts on this topic.

455

Contributors

NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.