[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now







NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have purchased a company (Microsoft Exchange 2010) and will be migrating them to our Microsoft Exchange 2013 environment. In that process, we will need to migrate their SMTP sending devices to our exchange environment. This process is:

- entering the devices' IP into our Exchange 2013 reinjection list
- updating that device with the new SMTP server address of our exchange server

Issue: previous exchange environment operated with an injection list of all IPs: so they did not maintain a list. They also operate with a Citrix Netscaler load balancing device which is what they advertise to their devices as the SMTP address.

Question is: how can we effectively find the devices in this Exchange 2010 environment that are using the exchange server to send email with. For example, scan to email printer.

Suggestions please?

I have a OID as below

Open in new window

I would like to know how can I convert it to it's name using python? I do not want to make any network or localhost call.

this OID is mapped to one of the VSERVER's Name in NetScaler.
We have one user that receives:   Error: not a privileged user when she attempts to connect through the web interface to our Netscaler for VPN access to our network.   Assuming this must be something incorrect with her local client software but can't figure out what or why?  We have tried re-installing it.   We have 200+ users using the same web url and method to connect from home and do not receive this error.  Can anyone help with some basic instructions?  We are not sys admins and they have not responded...we just need to get her working.   Thanks for any assistance.
The ultimate Citrix XenDesktop 7.x internals cheat sheet!
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down and start your ENTIRE Citrix environment.
Hi all,

After having a pen test we have report outlining a number of insecure ciphers that have been highlighted with our Netscaler 7500 appliances. I looking in Traffic managment / SSL/Cipher groups I can see there are 104 polices in here.

Are all these polices in use if they are in the list?
Hi all,

We are currently running a pair of Netscaler in HA mode running build 47.14.

I have found some guides on how to upgrade the them, i would like to know are we OK to jump to current build 53.11 as there have been several releases since we last updated our systems.

Version NS11.1 51.26.nc


We are in the implementation phase of the netscaler vpn solution and we have found the session establishes successfully. During the session internal DNS is able to resolve to the internal DNS server however not within the defined scope is unable to resolve. For example  O365 which is an external resource.

We do not  have split tunneling disabled and need this function disabled. We do have internal DNS servers and has ns servers in the netscaler network configuration .

Any ideas are appreciated
Hello All,

I am about to implement Sharefile with Storage Zone Controllers on premises using the Setup Netscaler for Sharefile wizard.
In the first screen of the wizard in the "Load Balancing Virtual server configuration", there is a checkbox asking to configure Storage Zone Connectors for file shares. I am wondering if I will need to check this option since I will not be configuring any client or deploying XenMobile. What I want sharefile for is to be able configure users in the Sharefile control plane (Citrix Portal) and grant them access to upload documents through this portal. Also I will like to be able to share documents via an url sent in an email.
Would I need to check the connectors check box in my scenario?
Hi Experts,

We have 2 sites with Separate SoreFronts configured. They are in separate locations and there is site to site VPN set up between them.
We have NetScaller set up in one of locations which is Gateway for both sites. When people connecting to netscaller and trying to access citrix which is other location than NetScaller, connection is slow but when they are accessing citrix in the same location as NetScaller connection is fine. I'm assuming that slowness is caused by all traffic routed through Netscaller and then Netscaller routing traffic through VPN link between 2 sites. Is it possible then to set up NetScaller so If user is trying to access citrix which is not on site with Netscaller, he will be still authenticated by Netscaller but then all traffic will be redirected directly to that citrix, instead going through Netscaller? Hope it makes sense😊

Kind Regards,

I've done this a few years back but can't remember the procedure. The cert request has been added to the server via iis

Why do we use this for Citrix Web Servers. It maybe on Web Interface, StoreFront
Can someone let me know
I need some guidance on Xenapp7.12 server installation.

I installed 2 servers one with storefront and one with other features (Delivery Controller, Licensing, etc)

Now I am stuck with configuartion.

Appreciate your help.
If you have a pair of Citrix Netscalers - is there a way to set a management IP address that stays with the active member of the HA pair?
What I want is for users on the laptops to "Not get the error message below"  when they login to Citrix through Netscaler.
Please see details below

Error message
Citrix Receiver

Unable to launch your application. Contact your help desk with the following
Cannot connect to the Citrix XenApp server.Network issues are preventing your
connection. Please try again. If the presists, please call your help desk.

I have laptops that are not joined to the domain.  This is the laptop environment, and this what happens.
1. Windows 7 Ultimate on two laptops and Windows 7 professional  on four laptops
2. Internet Explorer 11
3.Latest OS service packs for Windows 7 ultimate and professional
4. Citrix receiver 3.4 on three laptops and 4.6 on three laptops .
5. Access to Citrix is being done by using https://someserver.citrix.com
6. The laptops users are connecting to the internet using a Wireless Verizon jetpack, there own home wireless, or Verizon MiFi card.
    Then Login to Citrix from https://someserver.citrix.com.
7. After the users Login to Citrix they get the error message above. - If the users randomly try again they " sometimes " can login.
    But not without getting the error above.
8. I can add the Citrix link for Netscaler someserver.citrix.com to Internet Explorer 11 compatibility view, and Trusted Sites .
    However when you exist I.E 11 and go back in the trusted site I added disappears.
9. XenApp6.5 version
Hi Citrix experts

we just finished new insulation for xen-desktop 7.12 with latest  netscaler vpx 11.1

everything work very well internal access VIA web or VIA Citrix receiver work very well no issues

from outside also no issue to access the published Xen-desktops VIA web browser

from mobiles devices like iPhone and iPad using citrix receiver  no issue

but when i use Citrix reciver from outside we get this error (( please check the attached file

please advice what could be the reason
We have a netscaler VPX allowing external access to our Citrix environment, we are using gateway direct authentication on the web interface site. the authentication policies on the netscaler are pointing to our ISE radius servers.
We have 2 x domains eame and mod, if an eame user logs in they can connect with no issues, if a mod user logs in they are authenticated but then get the 401 access denied error, i have gone through 100's of posts about this an everything looks fine and works for the eame users any help is appreciated
We have a NetScaler Loadbalancer NSMPX-5550, and unfortunately no one here is familiar with it. The initial setup was done by Citrix. I would like to load balance Exchange 2016 inbound traffic via the NetScaler. I may be asking a lot here, but can anyone point me in the right direction with clear instructions on getting this done. It will only load balance inbound traffic so that inbound emails can be spread across all the exchange 2016 servers. Since its inbound will it need certs installed on the NetScaler for Exchange or anything, and anything else such as inbound connection types or anything. Sorry to ask this but any help will be greatly appreciated. At first we planned on just having an inbound IP that's points to one of the internal Exchange server via the firewall, but I really don't want just 1 Exchange server receiving all the inbound traffic, i would like to for the NetScaler to balance this out across all the 3 Servers. Thanks in advance.
How you do configure the External and Internal certificates? Now let me state that when I am using .com for the internal domain, everything works, but when I try using a .local for the internal domain which most folks/companies would have in place, I run into all kinds of issues with the certs on the NetScaler and Storefront.
I purchased a wildcard cert from GoDaddy and installed in my Netscaler Access Gateway by the way I can hit my VIP, and it loads the older black web interface looking portal - that portion works.
When I attempt to log in, I get an HTTP 403 forbidden page right away. Now from the internal network I can navigation to my storefront site which is using a .local domain signed cert and can log in and display my resources with no issues.
After every login attempt from the external access gateway site, I get the following event error in the “Citrix Delivery Services” logs on my Storefront server -
Failed to run discovery
Citrix.Web.DeliveryServicesProxy.ConfigLoader.DiscoveryServiceException, ReceiverWebConfigLoader, Version=, Culture=neutral, PublicKeyToken=null
An error occured while contacting the Discovery Service

I tried binding the internal .local domain signed cert to my Access Gateway virtual server together with the GoDaddy wildcard .com cert but got an error indicating only one binding can be present
The same thing for my internal IIS binding for the Storefront server “Default Wed site” can only bind the …
Hi all

We have recently implemented a pair of Citrix Netscaler VPX200 devices. Along with these we have setup Citrix Command Center to monitor the status/health of the devices and report back via e-mail.

Within the SSL VPN Session Profile configuration on the Netscalers we use an IP Pool which will assign an IP from a range to be used to allow the client to talk to the internal network. This is due to our proxy servers ignoring requests if they are from a 192.168.x.x range, which most home networks are.

Whilst the reporting of the Netscaler from Citrix Command Center is working as it should, it is detecting the IP Pool assignments as seperate 'Entities' and therefore reporting on them. When a user logs off the VPN, it detects this entity as being down and sends out an alert. I can't change the severity of the 'Entity Down' alert as this will let us know if any loadbalancers or virtual servers go down.

Does anyone know a way around this, such as a rule which will ignore the VPN IP Pool from alerts, or something similar?

Many Thanks

Hi all
I have now successfully setup my Citrix Command Center to poll my 3 Netscalers, and send out alerts via E-Mail.
However we use an IP Pool of 250 IP's which will get assigned to users using our SSL VPN via Netscaler. When a user disconnects from the VPN, Citrix Command Center detects this under an EntityDown error and e-mails me.

I know I could change the severity of the EntityDown failure, however it does report on legitimate objects within Netscaler.

Does anyone know a way to keep the alerts of EntityDown, but exclude the IP Pool from it?

Many Thanks

We use our Netscaler with Radius authentication and Safeword OTP to enable the external access for our Citrix VDI.
Actual every user with a Token can access via Netscaler to our VDI.
The isse is now, the Safeword solution is also used to authenticate to OWA and we have to seperate these two possibilies.
We configured the the LDAP Server in NS the Base DN dc=**, dc=**.
Should we add there a CN=** which contains all useres who need the NS permission?
Do we need to change anything under other Settings?
Server Logon Name Attribute: sAMAccountName
Group Attribute: --<< NEW >>--
Sub Attribute Name:  cn

Thank you for your support.
If you have a have a service group member binding that was initially put in as disabled and now you want to enable it - what's the mojo?

bind serviceGroup pg-ord-http order14 8080 -state DISABLED

..and you wish to enable this binding later what's the command?

enable serviceGroup pg-ord-http order14


bind serviceGroup pg-ord-http order14 8080 -state ENABLED

 I have just imaged a Win7 Pro 64bit with Symantec Ghost and after the image is deployed GPO are not being applied and users not getting mapped drives and Netscaler proxy settings are not being applied. I would appreciate any assistance with this.
I've got a ticket out with Citrix on this but they are being less than helpful (read: useless).

Here's the situation: we've got a Citrix 7.5 farm with two Storefront servers, two Delivery Controllers and a virtual Netscaler Gateway.  We all connect all day internally to Storefront and launch our desktops/apps with no issue.

But, those of us who go home and try to launch desktops/apps from the externally facing Citrix store are periodically met with the following error messages:

"Cannot Connect to the Citrix XenApp Server.  SSL Error 43: The proxy denied access to" yadda yadda STA yadda "port 1494"
"Cannot connect to the Citrix XenApp server. The Citrix SSL server you have selected is not accepting connections."
and then always
"The connection to" yadda yadda "failed with status (Unknown client error 1110)"

You can always get in eventually just by trying a few times.  For me, it's usually three times, but sometimes it's been as many as a dozen times before it worked.  And it happens across all desktops/apps.

The documentation on this issue is wide and suggests a million things.  Citrix just keeps telling me to make sure the STAs match in my Storefront/Netscaler (they do).  Any ideas?
I have a 100 server XA65 Citrix environment accessed through a Netscaler and recently an issue has come up that only seems to effect 3 users.  These three users frequently get an SSL error 38. No one else does and when I test along side the users I am not able to replicate the error on my own system.  I know how to troubleshoot this issue when ALL users get the error, but not just specific users. I have checked and it doesn't seem to matter which STA gets used.

Any help would be appreciated.






NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.