NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.

Hello.  Env:  Netscaler MPX9700, 11.1, Storefront 3.15 (On Windows 2012R2) - 2 Stores.  XenApp 6.5 (1 store) & XenApp 7.15 (2nd Store).

I have switched my Secondary Store in StoreFront 3.15 to be the primary store, so want Netscaler/Storefront to use XenApp 7.15 Store as its primary.  

In Netscaler, I updated the Netscaler VIP and the StoreFront VIP (Under Traffic Mgmt) to use the existing IP set in DNS.  I am able to authenticate to either store.  However; when launching an application in either store, I receive the following errors.  (Attached).  What I don't understand is why this would occur?    I can put the IP's back and swap the default websites on Storefront and all works as expected.  Additionally this poses concern if another store was introduced or new IP's required for whatever reason.  Since it's getting authenticated and attempts to launch the app which sometimes registers in Director as a timeout failure, I'm confused as to where the communication is breaking on the way back and why that would be different?

I would simply change DNS however; two reasons I don't want to do that.  #1 - If I do that without understanding what is happening here, will I ever be able to get rid of the secondary store?  Secondly, we have already distributed the externally facing VIP's and some clients have already updated there whitelists.

Thoughts?  Thanks in advance.
We have a Netscaler in front of Storefront accessing a XenApp 6.5 backend.  We recently forced users to start using Netscaler URL to access Citrix.  They are currently finding that if they Login with Wrong Password just once, their domain account gets locked out and they just receive the pop up that circles over and over, cannot complete request.  We are not using single sign-on as we have 3 domains users can authenticate with.  

I have done some looking and it seems this is a common issue but not solved.  Suggestions?

Thanks in advance.  Not fun dealing with grumpy users... and don't blame them.
Hello.  Via audit and best practice we are working to eliminate port 80 for use on our Netscaler's.  I have 2 IP's on the HA Clusters I have some questions about.  (The env is Netscaler, Storefront, XenApp)

If I enable Secure Access only on the Management Portal IP, the page will no longer load.  Everything I see says to secure the NSIP which I have done, however; the Management IP is used on Traffic Domain 1 and is important in the HA Clusters.  This fails the same on a single node not part of an HA.  Is there another process to secure the Management IP?  This is used if we should fail over to continue monitoring the HA rather than 1 individual node.

Our Netscaler's are running version and are Netscaler MPX 9700 FIPS.

The secondary IP is considered a floating subnet IP between the 2 nodes.  I only have the 2 HA's in production in test a singular node.  So wanted to inquire as to the expected action should I enable the Secure Access only on the Network IP page options?

Thanks in advance for your assistance.
How can I get to know "Which Version of the Citrix Receiver/Workspace App my Citrix Gateway end users are using,"
Is it possible through Citrix ADM (NS MAS) logs? Or any other way do we have?
Please suggest.
Citrix NetScaler (ADC) VPX GSLB configuration step-by-step guide or document available?
I would like to do a POC on the latest 13.1 version.
Please share any links/docs.
Especially, I am looking for the prerequisites list.
Hello.  Behind our Netscaler's, We have StoreFront 3.15 running on Windows 2012 R2 Servers.  This was setup with two stores, one to point to the XenApp 6.5 environment and one to point to the new XenApp 7.15 environment.  

So on the Netscaler, there was a new VIP configured for the secondary store.

The setup is nearly complete on the secondary (XenApp 7.15) environment and need to switch the main URL for StoreFront to the secondary store.  What are the steps to switch to not break the store setup and avoid or have minimal downtime during the switch.

I would assume I also need to update the Virtual Server in the Netscaler to point to the new farm.

In other words, for users, I don't want to give them a new URL space, I want them to continue using the same URL.

When this was originally configured, this was presented at some point we'd need to switch.

So just want to throw this out there to determine what the steps are.

Thanks in advance.
We have a Netscaler VPX through which customers connect to XenApp Remote desktops (Via Citrix Client - Citrix Workspace). Because they connect over their internet connection to our XenApp Remote Desktops loctated in our data centre I would like to get some feed back on each customers connection quality.

Is there any report that Netscaler can produce that can provide this information (this is seperate from the CQI that is installed on the XenApp desktops).

Citrix ADC 13.1 access gateway URL showing "Checking system configuration on your device,"
I am expecting the login page. But URL showing a lock screen with the above text.
Please suggest how to get login page.
I have my non-production environment setup for XenApp 7.15 on Windows 2016.  So I went back to review and see what I can do to follow best practices and harden the configuration before handing to QA and starting the production environment.

I am struggling to find recommended IIS settings, so if you have that, please let me know.  In the past we typically adjust the default documents, app settings.

My question though is related to the Delivery Controller.  I currently this setting Service.AutoDiscoveryAddresses seto to localhost, which is not recommended.  So, my question, I'm confused.  When it states you should point to one Controller in the farm, does that mean to itself or a different controller in the farm?  When you have multiple Delivery Controllers should they all have the same Delivery Controller defined here, or ?  

I also see the recommendation to let the Netscaler manage these,, so will get that setup as well.

Could you please provide some clarity.  Thanks in advance.

Settings I'm referencing:

IS Manager, go to Default Web Site > Director > Application Settings, find Service.AutoDiscoveryAddresses, and make sure it points to one Controller in the farm, and not to localhost. From Citrix Docs: Director automatically discovers all other Controllers in the same Site and falls back to those other Controllers if the Controller you specified fails.

In the upgrade options,
In …
Hello experts! I need some clarification on where to set Citrix timeouts. It looks like there are values on StoreFront, NetScaler and various Citrix Policies and all of our values are different. I'd like to ensure that internal and externally connected users are logged out after 2 hours of inactivity.  We are running XenApp 7.15 LTSR with a pair of NetScalers in the DMZ. Current Settings:

StoreFront - Manage Receiver for Web Sites > Session Settings:
- Communication timeout duration = 3 minutes
- Session timeout = 8 hours
- Sign in timeout = 5 minutes

NetScaler - Traffic Management > Load Balancing > Virtual Servers > Traffic Settings > Client Idle Time-out = 180 seconds
NetScaler -  NetScaler Gateway > Global Settings > client Experience > Session Time-out (mins) = 30
NetScaler -  NetScaler Gateway > Global Settings > client Experience > Client Idle Time-out (mins) = blank

Citrix Studio > Policies > Server Idle timer interval = 3,600,000 ms

I'm also confused about what the difference is between Session Time-out and Client Idle Time-out on the NetScalers. It sounds like the session time-out will just end your session whether or not it's active. And the client idle time-out will nuke the client after a certain period of inactivity.

Anway, if someone can point me in the right direction I'd appreciate it. Also, if I'm missing any important information please let me know and thanks for your help!
Hello.  We are using Netscaler and Storefront to sit in front of our XenApp environment.  Users are currently using Citrix Receiver 4.12 and on Windows 10, primary browser is Chrome.

I have a user who is prompted every time she selects an application to Open Citrix Receiver Launcher.

I am trying to find the corresponding registry entry on where this is set as she does not have the option to 'check the option' as is noted with this behavior so it doesn't prompt each time.

Googling but haven't found  this information yet.

Thoughts are appreciated.
newly installed ADFS. /adfs/ls/idpinitiatedsignon.aspx works, adfs/fs/federationserverservice.asmx but /federationmetadata/2007-06/federationmetadata.xml does not work external. It is published through Netscaler
. the FQDN works good from internal network.
The netscaler reports now problem, and have not URL filtering.

no errors in any of the logs on ADFS server. Certificate is good
I am getting an error when sending faxes. We use GFI Fax Maker, Outlook and have Exchange Servers in DAG.

Users are sending outbound faxes from Outlook to external phone numbers and getting failures on the GFI logs that the message size exceeds fixed maximum message size.  I have changed the setting to 100MB on the smtp instance in IIS on the GFI server, and also in the Send Connector in Exchange but the sending faxes is still failing.

Exchange has Trend Micro Scan Mail. There is ForcePoint\Websense with Data Los Prevention and other policies and rules. There is also Citrix Netscaler but when sending out, it should not go through Netscaler.

Any thoughts, please help?
catalina installed and crashing MAc citrix reciever- urgent
How do I properly export Root, EnterpriseCA, and Domain Controller Certificate from Domain Controller Windows Server 2012?

Then, how do I import these certificate to Citrix Load Balancer 12.0? I need this for LDAPS setup for Active Directory Sync with the Cloud Vendor?

Should I be able to run ldp.exe tool  on DC and test LDAPS connection where instead of DC IP and port 636, I use my Netscaler Load Balancer VIP IP, and port 636, I previously configured on the Netscaler Load Balancer?
We are running Netscaler 11.1 in front of StoreFront 3.15.  Accessing the store via a browser works fine.  However; I noticed if accessing the page via a mobile device, the folder names are the only things I can see listed.  The application names are not visible.  I had customized the appearance for the web which is adversely affecting the appearance on other devices - my guess.

Is there a way to adjust this so I can keep the modifications for the browsers, but allow mobile devices to see the app names?

Thanks in advance for your assistance.
Now that we're rolling out our Netscaler / Storefront (3.15) environment with our XenApp 6.5 backend, the question came up around user experience.  I overlooked that they used to be able to set screen size and was wondering if this functionality exists somewhere in StoreFront - still looking....   I've attached the screen shot where they used to go in WebInterface to adjust those settings.  

Thanks in advance for your assistance.
We have Citrix VirtualApp 7.15.
The internal URL takes user to the netscaler VIP.
There is only on DC configured to authenticate users and 1 RSA  server.

We are having issue where  apps open after 5 min or 10 minutes after clinking on them . Sometime if the users are logged off due to idle timeout , on next launch it takes time or it will not even launch.
Storefront server is not logging any errors.
User profile store is accessible.
If I login to the application servers through rdp then they seem to be fine.

How can I troubleshoot this issue?
We have been asked to turn on  NetScaler Flow Logs.
Where can I turn this on on the netscaler?
And if it is already on then how can I collect logs for last few months?
We have Citrix Xenapp 7.15 update 1.

We have two delivery controllers. we noticed when we restart one of the two, we run into issue launching apps for about 5 minutes or so.  We noticed when we look at studio, it shows that VDAs are readjusting to point to the "up" delivery controller. This could take up to 5 minutes, during that time, logging in is temporarily on hold, and so is launching applications.

Any idea why that happens and how we can reduce that time before we restart a DC?
Hi, I am looking to configure MFA for a Citrix NetScaler using Symantec VIP. I was wondering does anyone know if Symantec VIP requires an on-prem server for authentication or does the NetScaler just access the Symantec VIP Cloud offering directly ?
How can I view logging regarding state changes of NetScaler Gateway Virtual Servers? After upgrading to the latest version
sometimes user are getting to the proper login page and desktop and other times they redirected to a default site.

NetScaler (11515)
 NS11.1: Build 57.13.
Has anyone used the Netscaler content switching to have information from an internal server get published on an external hosted ERP Website?
Basically I am trying to take an internal Tableau Server to Netsuite.
Citrix Netscaler 12.0 ReWrite Policy


I am currently implementing a rewrite policy on my Netscaler testing environment to be able to insert a footer on the login page to inform users of anything they need to be aware of. The policy is working as expected, however when making a change to the policy, it is not reflecting the change on the logon page. It seems to be cached, but I am unsure where. I have tried 2 different browsers and also re-creating the Virtual Server and re binding the policy. I am following this guide:

Any help would be appreacited.







NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.