NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm looking for some  assistance with nFactor; where the requirement is to configure the Two Factor for two different Tokens "RSA" & "DUO"; the security group will define the model of Token
First Authentication: LDAP
Second Authentication: RSA if a user is a member of "Citrix-RSA"  Security Group and DUO if the user is a member of "Citrix-DUO"
How do I properly export Root, EnterpriseCA, and Domain Controller Certificate from Domain Controller Windows Server 2012?

Then, how do I import these certificate to Citrix Load Balancer 12.0? I need this for LDAPS setup for Active Directory Sync with the Cloud Vendor?

Should I be able to run ldp.exe tool  on DC and test LDAPS connection where instead of DC IP and port 636, I use my Netscaler Load Balancer VIP IP, and port 636, I previously configured on the Netscaler Load Balancer?
We are running Netscaler 11.1 in front of StoreFront 3.15.  Accessing the store via a browser works fine.  However; I noticed if accessing the page via a mobile device, the folder names are the only things I can see listed.  The application names are not visible.  I had customized the appearance for the web which is adversely affecting the appearance on other devices - my guess.

Is there a way to adjust this so I can keep the modifications for the browsers, but allow mobile devices to see the app names?

Thanks in advance for your assistance.
Now that we're rolling out our Netscaler / Storefront (3.15) environment with our XenApp 6.5 backend, the question came up around user experience.  I overlooked that they used to be able to set screen size and was wondering if this functionality exists somewhere in StoreFront - still looking....   I've attached the screen shot where they used to go in WebInterface to adjust those settings.  

Thanks in advance for your assistance.
We have Citrix VirtualApp 7.15.
The internal URL takes user to the netscaler VIP.
There is only on DC configured to authenticate users and 1 RSA  server.

We are having issue where  apps open after 5 min or 10 minutes after clinking on them . Sometime if the users are logged off due to idle timeout , on next launch it takes time or it will not even launch.
Storefront server is not logging any errors.
User profile store is accessible.
If I login to the application servers through rdp then they seem to be fine.

How can I troubleshoot this issue?
Environment:        Netscaler in front of StoreFront 3.15 on Windows 2012.
Backend:              XenApp 7.15  (2 Delivery Controller & 2 XenApp Servers on Windows 2016, so 4 VM’s)

Summary: We are currently using the Netscaler/Storefront configuration to front-end our XenApp 6.5 Server farm and IS working properly.
We are setting up a NEW backend XenApp 7.15 farm to replace the existing 6.5 farm.  We will continue to use the same Netscaler’s & StoreFront Systems.  We will need to run parallel for a short time.

Recommendation:  It was recommended to just provision a second Store on the StoreFront systems to point to the new XenApp 7.15 servers – done.  Once tested, we just remove the old 6.5 store and wolla.  So, this is the direction we are trying to setup, but not working.  Explaining what is happening below:

In Netscalers, we have added the following under Netscaler Gateway for the 2nd Store:
1.      Configure NetScaler Gateway Session Policy
2.      NetScaler Gateway Session Policies and Profiles
3.      STA to the New Delivery Controller under VPN Virtual Server under Netscaler Gateway

Question: Do I need to setup a secondary Virtual Server with a new VIP on the Netscaler under Traffic Management, Load Balancing, Virtual server?  From the recommendation I have not done this.

The XenApp 6.5 Farm is using port 8080 to talk to it’s STA’s.  

Question:, we’ve tried both port 8080 and port 443 for the …
We have setup a Netscaler (11.1)/StoreFront (3.15 - Windows 2012R2)  environment.  I am now setting up users to support the system.  

I am trying to look for the best way to provide read-only access to all the configuration, the ability to view Active Users & ICA Sessions as well as the ability to Enable/Disable StoreFront servers as they are worked on.

I did try to initially add the read-only roll, however the user was still able to execute the initial edit.

Any suggestions are appreciated.  We are finally about ready to roll this out :)

We have been asked to turn on  NetScaler Flow Logs.
Where can I turn this on on the netscaler?
And if it is already on then how can I collect logs for last few months?
I have a configuration of Netscaler 11.1, Storefront 3.15 (windows 2012 R2) and XenApp 6.5 systems.

We have found through a recent audit that we seeing this finding "The remote installation of IIS leaks a private IP address through the WebDAV interface. This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server."

The interesting thing is, if you go to the IP of the primary StoreFront server the result is the actual StoreFront URL and passes.  It's the secondary node in the cluster presents it's IP in the url instead of the StoreFront URL.

Has anyone else run across this?

Thanks in advance
We have Citrix Xenapp 7.15 update 1.

We have two delivery controllers. we noticed when we restart one of the two, we run into issue launching apps for about 5 minutes or so.  We noticed when we look at studio, it shows that VDAs are readjusting to point to the "up" delivery controller. This could take up to 5 minutes, during that time, logging in is temporarily on hold, and so is launching applications.

Any idea why that happens and how we can reduce that time before we restart a DC?
Hi, I am looking to configure MFA for a Citrix NetScaler using Symantec VIP. I was wondering does anyone know if Symantec VIP requires an on-prem server for authentication or does the NetScaler just access the Symantec VIP Cloud offering directly ?
How can I view logging regarding state changes of NetScaler Gateway Virtual Servers? After upgrading to the latest version
sometimes user are getting to the proper login page and desktop and other times they redirected to a default site.

NetScaler (11515)
 NS11.1: Build 57.13.
Has anyone used the Netscaler content switching to have information from an internal server get published on an external hosted ERP Website?
Basically I am trying to take an internal Tableau Server to Netsuite.
Citrix Netscaler 12.0 ReWrite Policy


I am currently implementing a rewrite policy on my Netscaler testing environment to be able to insert a footer on the login page to inform users of anything they need to be aware of. The policy is working as expected, however when making a change to the policy, it is not reflecting the change on the logon page. It seems to be cached, but I am unsure where. I have tried 2 different browsers and also re-creating the Virtual Server and re binding the policy. I am following this guide:

Any help would be appreacited.


We are looking to implement Windows Hello for Business in our environment.

On Citrix Environment:

XenApp 7.16
Windows 2016 Backend and VDA
Netscaller VPX NS11.1
Azure MFA (On-Prem) Radius
StoreFront 3.13
On AD side we meet all the requirements for Windows HFB

We introduced MS AD FS On-Prem as part of the Hello For Business prep.


Since Windows HFB works using Hardware TPM( or Software Substitute), curious how Citrix will handle that with a XenApp shared Desktop environment.


Any Thoughts, Links for Citrix+ Hello For Business, guidance, etc are welcomed.

We have one user that receives:   Error: not a privileged user when she attempts to connect through the web interface to our Netscaler for VPN access to our network.   Assuming this must be something incorrect with her local client software but can't figure out what or why?  We have tried re-installing it.   We have 200+ users using the same web url and method to connect from home and do not receive this error.  Can anyone help with some basic instructions?  We are not sys admins and they have not responded...we just need to get her working.   Thanks for any assistance.
Hello All,

I am about to implement Sharefile with Storage Zone Controllers on premises using the Setup Netscaler for Sharefile wizard.
In the first screen of the wizard in the "Load Balancing Virtual server configuration", there is a checkbox asking to configure Storage Zone Connectors for file shares. I am wondering if I will need to check this option since I will not be configuring any client or deploying XenMobile. What I want sharefile for is to be able configure users in the Sharefile control plane (Citrix Portal) and grant them access to upload documents through this portal. Also I will like to be able to share documents via an url sent in an email.
Would I need to check the connectors check box in my scenario?
We have a netscaler VPX allowing external access to our Citrix environment, we are using gateway direct authentication on the web interface site. the authentication policies on the netscaler are pointing to our ISE radius servers.
We have 2 x domains eame and mod, if an eame user logs in they can connect with no issues, if a mod user logs in they are authenticated but then get the 401 access denied error, i have gone through 100's of posts about this an everything looks fine and works for the eame users any help is appreciated
Hi Experts,

We are facing an issue with our netscaler environment as the state for 2 ADFS servers (internal) is showing as Down.  Because the ADFS servers are showing as down the requests are not redirecting causing issues with users accessing emails and SharePoint.

I have resolved this temporarily by redirecting traffic to our standby ADFS server , however, we need to get the production server up and running on netscaler. Both the servers are online and I can ping and RDP to these servers. Its a 2008 R2 server with ADFS 2.0 and I can access the management console for ADFS and no issues really there.

I have attached a couple of images to show what we are seeing in netscaler and hopefully this helps. It seems that it is trying to connect to the internal ADFS server on port 443 but unable to.

Hoping someone has come across these issues before and would be able to assist me.

Thanks for your help.

After upgrading to citrix netscaler vpx to 11.0-66.11 from version 10.5 the Netscaler Gateway function was coming up as unlicensed.
This netscaler had been workign for more then a year.
So thinking that the license may have expired I went to mycitrix and allocated a license that was valid till 2017.
After applying the license the Netscaler was showing a licensed but the VIP was showing as down.
Upon checking the VIP it did not have a certificate assigned to it.
On going to manage certificates I could see the actual certificate there.
So I went to Traffic Management -> SSL -> Certificates and tried to install the certificate again.
On filling all the fields and clinking install I received the error - "Certificate with key size greater than RSA512 or DSA512 bits not supported".
Our certificate was generated with a key size of 2048 but had been working OK with netscaler OS version 10.5.
Please advise if anyone has seen this before and what can I do to resolve the issue.
We have an issue that we are trying to help a client resolve, unfortunately both of us don't know enough about this Citrix connection we inherited.  They have a Netscaler GW server on VPX that provides the portal for users incoming connections both on our internal LAN and through the firewall for external users.

We now have a point to point, Layer 2 connection with a separate VLAN.  We are able to ping the IP of our URL to the internal IP address but we don't get a return from the web server for the portal login page.  All our other traffic is routing fine between the two VLANS which makes us thing there is some additional firewall setting or issue within the Netscaler itself.
Is it possible to add the reCaptcha v2 widget into the logon page for NetScaler 11.x application gateway? Management would like to use reCaptcha in conjunction with AD auth as the initial part of login and then, based on client group, direct the user to the applications or to RSA for secondary auth for sensitive applications.
Hi, i have a website running IIS 8.5 (win 2012 R2) which runs over HTTP. i have a virtual directory within the same website which i want to secure over HTTPS.
i have both HTTP & HTTPS bindings for the website.

I have a citrix netscaler in front of the website which has been configured to perform SSL offload. the service on the netscaler which sends traffic to the website is both HTTP& HTTPS
I have disabled anonymous authentication and enabled basic authentication for the virtual directory, however i have not checked the 'Require SSL' box for the Virtual Directory.

When a client connects to the Virtual Directory via HTTP they get prompted for username & password and if they enter this, it lets them in, the same happens if the connct via HTTPS

What i need to do is redirecrt/ rewrite the HTTP connection just for the Virtual Directory so that it forces it to be a HTTPS connection. any ideas?

many thanks

I am trying to figure out a piece of puzzle with my new Citrix Xenapp 7.6 installation (my first of this edition).

I have one Xenapp terminalserver, one storefront server and one Netscaler gateway.

I can input my information (link) into Citrix Receiver from outside my local network and be able to launch applications and desktops directly from within the Receiver. But when i try to do the same from inside my local network it will not work. It just refuses to accept the link/logon.

There is probably a simple resolution, and misconfiguration by me.

I appreciate any responses from you Citrix gurus :)






NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.