NetScaler

420

Solutions

424

Contributors

NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi all,

After having a pen test we have report outlining a number of insecure ciphers that have been highlighted with our Netscaler 7500 appliances. I looking in Traffic managment / SSL/Cipher groups I can see there are 104 polices in here.

Are all these polices in use if they are in the list?
0
Hi all,

We are currently running a pair of Netscaler in HA mode running build 47.14.

I have found some guides on how to upgrade the them, i would like to know are we OK to jump to current build 53.11 as there have been several releases since we last updated our systems.

Thanks
0
Version NS11.1 51.26.nc

Hello,

We are in the implementation phase of the netscaler vpn solution and we have found the session establishes successfully. During the session internal DNS is able to resolve to the internal DNS server however not within the defined scope is unable to resolve. For example  O365 which is an external resource.

We do not  have split tunneling disabled and need this function disabled. We do have internal DNS servers and 8.8.8.8 has ns servers in the netscaler network configuration .

Any ideas are appreciated
0
Hi

I've done this a few years back but can't remember the procedure. The cert request has been added to the server via iis

Thanks
0
Why do we use this for Citrix Web Servers. It maybe on Web Interface, StoreFront
Can someone let me know
0
I need some guidance on Xenapp7.12 server installation.

I installed 2 servers one with storefront and one with other features (Delivery Controller, Licensing, etc)

Now I am stuck with configuartion.

Appreciate your help.
0
If you have a pair of Citrix Netscalers - is there a way to set a management IP address that stays with the active member of the HA pair?
0
What I want is for users on the laptops to "Not get the error message below"  when they login to Citrix through Netscaler.
Please see details below

Error message
Citrix Receiver

Unable to launch your application. Contact your help desk with the following
information.
Cannot connect to the Citrix XenApp server.Network issues are preventing your
connection. Please try again. If the presists, please call your help desk.

I have laptops that are not joined to the domain.  This is the laptop environment, and this what happens.
1. Windows 7 Ultimate on two laptops and Windows 7 professional  on four laptops
2. Internet Explorer 11
3.Latest OS service packs for Windows 7 ultimate and professional
4. Citrix receiver 3.4 on three laptops and 4.6 on three laptops .
5. Access to Citrix is being done by using https://someserver.citrix.com
6. The laptops users are connecting to the internet using a Wireless Verizon jetpack, there own home wireless, or Verizon MiFi card.
    Then Login to Citrix from https://someserver.citrix.com.
7. After the users Login to Citrix they get the error message above. - If the users randomly try again they " sometimes " can login.
    But not without getting the error above.
8. I can add the Citrix link for Netscaler someserver.citrix.com to Internet Explorer 11 compatibility view, and Trusted Sites .
    However when you exist I.E 11 and go back in the trusted site I added disappears.
9. XenApp6.5 version
0
Hi Citrix experts

we just finished new insulation for xen-desktop 7.12 with latest  netscaler vpx 11.1

everything work very well internal access VIA web or VIA Citrix receiver work very well no issues

from outside also no issue to access the published Xen-desktops VIA web browser

from mobiles devices like iPhone and iPad using citrix receiver  no issue

but when i use Citrix reciver from outside we get this error (( please check the attached file

please advice what could be the reason
22.jpg
11.jpg
0
We have a NetScaler Loadbalancer NSMPX-5550, and unfortunately no one here is familiar with it. The initial setup was done by Citrix. I would like to load balance Exchange 2016 inbound traffic via the NetScaler. I may be asking a lot here, but can anyone point me in the right direction with clear instructions on getting this done. It will only load balance inbound traffic so that inbound emails can be spread across all the exchange 2016 servers. Since its inbound will it need certs installed on the NetScaler for Exchange or anything, and anything else such as inbound connection types or anything. Sorry to ask this but any help will be greatly appreciated. At first we planned on just having an inbound IP that's points to one of the internal Exchange server via the firewall, but I really don't want just 1 Exchange server receiving all the inbound traffic, i would like to for the NetScaler to balance this out across all the 3 Servers. Thanks in advance.
0
How you do configure the External and Internal certificates? Now let me state that when I am using .com for the internal domain, everything works, but when I try using a .local for the internal domain which most folks/companies would have in place, I run into all kinds of issues with the certs on the NetScaler and Storefront.
 
I purchased a wildcard cert from GoDaddy and installed in my Netscaler Access Gateway by the way I can hit my VIP, and it loads the older black web interface looking portal - that portion works.
 
When I attempt to log in, I get an HTTP 403 forbidden page right away. Now from the internal network I can navigation to my storefront site which is using a .local domain signed cert and can log in and display my resources with no issues.
 
After every login attempt from the external access gateway site, I get the following event error in the “Citrix Delivery Services” logs on my Storefront server -
 
Failed to run discovery
Citrix.Web.DeliveryServicesProxy.ConfigLoader.DiscoveryServiceException, ReceiverWebConfigLoader, Version=2.6.0.0, Culture=neutral, PublicKeyToken=null
An error occured while contacting the Discovery Service

 
 
I tried binding the internal .local domain signed cert to my Access Gateway virtual server together with the GoDaddy wildcard .com cert but got an error indicating only one binding can be present
 
The same thing for my internal IIS binding for the Storefront server “Default Wed site” can only bind the …
0
We use our Netscaler with Radius authentication and Safeword OTP to enable the external access for our Citrix VDI.
Actual every user with a Token can access via Netscaler to our VDI.
The isse is now, the Safeword solution is also used to authenticate to OWA and we have to seperate these two possibilies.
We configured the the LDAP Server in NS the Base DN dc=**, dc=**.
Should we add there a CN=** which contains all useres who need the NS permission?
Do we need to change anything under other Settings?
Server Logon Name Attribute: sAMAccountName
Group Attribute: --<< NEW >>--
                             MemberOff
Sub Attribute Name:  cn

Thank you for your support.
0
If you have a have a service group member binding that was initially put in as disabled and now you want to enable it - what's the mojo?

bind serviceGroup pg-ord-http order14 8080 -state DISABLED

..and you wish to enable this binding later what's the command?

enable serviceGroup pg-ord-http order14

or..

bind serviceGroup pg-ord-http order14 8080 -state ENABLED

other?
0
Hi
 I have just imaged a Win7 Pro 64bit with Symantec Ghost and after the image is deployed GPO are not being applied and users not getting mapped drives and Netscaler proxy settings are not being applied. I would appreciate any assistance with this.
0
I've got a ticket out with Citrix on this but they are being less than helpful (read: useless).

Here's the situation: we've got a Citrix 7.5 farm with two Storefront servers, two Delivery Controllers and a virtual Netscaler Gateway.  We all connect all day internally to Storefront and launch our desktops/apps with no issue.

But, those of us who go home and try to launch desktops/apps from the externally facing Citrix store are periodically met with the following error messages:

"Cannot Connect to the Citrix XenApp Server.  SSL Error 43: The proxy denied access to" yadda yadda STA yadda "port 1494"
or
"Cannot connect to the Citrix XenApp server. The Citrix SSL server you have selected is not accepting connections."
and then always
"The connection to" yadda yadda "failed with status (Unknown client error 1110)"

You can always get in eventually just by trying a few times.  For me, it's usually three times, but sometimes it's been as many as a dozen times before it worked.  And it happens across all desktops/apps.

The documentation on this issue is wide and suggests a million things.  Citrix just keeps telling me to make sure the STAs match in my Storefront/Netscaler (they do).  Any ideas?
0
I have a 100 server XA65 Citrix environment accessed through a Netscaler and recently an issue has come up that only seems to effect 3 users.  These three users frequently get an SSL error 38. No one else does and when I test along side the users I am not able to replicate the error on my own system.  I know how to troubleshoot this issue when ALL users get the error, but not just specific users. I have checked and it doesn't seem to matter which STA gets used.

Any help would be appreciated.
0
Hi experts

we are going to install XenDesktop 7.12  for 250 users

plus we want to buy Netscaler as virtual appliance

right now we need this NetScaler to work as secure gateway maybe in the future we can use extra Netscaler features

but i need advice which version could be the right choice

netscaler vpx 25 MBps  standard   or  netscaler vpx 200 MBps  or netscaler vpx 1000 MBps

or maybe you have better advice

kindly advice
Sword
20140123_netscaler-data-sheet.pdf
0
Hi all, currently I'm using Citrix Xenapp 7.6 with NetScaler VPX express free edition. I'm in a small environment with less than 10 users. I'm thinking of upgrading to Xenapp 7.12 but is it possible to not use Netscaler? I do not have paid support with Citrix for Netscaler and configuring it is a pain. I'm using an all in one standalone virtual machine for my Xenapp Server.
0
Hi specialists,
i run into a problem, where some users don't connect to internal StoreFront site but connect to NetScaler.
While internal connection use SSO, NetScaler need 2FA for Authentication.
So users can't start working.
i need ideas why my receivers (4.4 / 4.5 / 4.6) connect to NetScaler and how to mitigate this.
Thanks.
0
I want to permit a few dozen ip hosts, subnets and ip address ranges to a VIP. Citrix documentation gives no example of a range.
Can someone provide an example creating an ACL to limit access to one VIP to a host, a subnet and a range? Thank you.

Also are there any performance gotchas regarding implementing ACLs on Netscaler?

https://docs.citrix.com/en-us/netscaler/11/networking/access-control-lists-acls/extended-acls-and-extended-acl6s.html
0
Customer has lobbed a very open-ended request for a hardware-based load balancing solution to front their web applications. I’d like to get a basic list of items to identify before sizing a particular solution. We could position something from F5 or Citrix. Here’s a summary of the current deployment:

-      Two Cisco UCS blade chassis hosting 50 or so VMs.
-      Customer access to these web servers arrives via redundant Internet connections landing on an HA pair of Cisco ASA firewalls.
-      Internet bandwidth is currently 50-Mbps, but we’d want to size for up to 200-Mbps.
-      Customer has indicated only that they’d require multi-URL support and SSL offload capabilities.

Is there a doc I could reference, or a summary of topics to explore that would help identify what exactly we’d should discuss to properly size?

-      Total expected throughput requirements for traffic heading for the URLs for which we’d be providing LB services?
-      Number of concurrent SSL connections? (Just the number, or would we also want bandwidth expectations just for the secure connections vs. aggregate for both HTTP and HTTPS?)
-      LB algorithm/options?
-      Higher-end security functions – so, beyond Layer 4 only?

Their requirements might turn out to be very simple, but I’d prefer to be able to talk through a range of higher-end options (Layer 4-7 ADC functionality), at least so they could cross them off of consideration.

Thank you
0
We have Xendesktop 7.11 and all is working ok internally.  I've setup a netscaler VPX express and can login to the external FQDN, I can also see the desktops applied to me via delivery groups.

The issue is when I launch the ICA file it points to the local IP address as opposed to the external address so fails

The connection to ""Windows 7 Static" failed with status (there is no Citrix XenApp server configured on the specified address.

Any help greatly appreciated
0
Hi all,

I have a AAA and a published RDWeb vServer on my NS11.0: Build 66.11.nc.

My vServer is set up for Authentication, using the web address of the AAA vserver.

Using a browser to navigate to the RDWeb URL:

For example:
https://rd.myrdweb.com/rdweb
Then AAA jumps in as it should and redirects me to https://aaa.myrdweb.com/
I present my credentials, I successfully login and the AAA sends me back to https://rd.myrdweb.com/rdweb
I then get the error page:

The aaa.myredweb.com page isnt' working
aaa.myrdweb.com redirected you too many times.

Checking using my browser - chrome and IE, the same thing happens. Multiple re-directs between each site until it stops.

I have a session policy but can't seem to see anything wrong. Any ideas?
0
I see the technical reference says "Creates an IPv4 address on the NetScaler appliance." But that doesn't really
say what those IP addresses are supposed to do exactly. Are they just place holders for future use? Something else??


       add ns ip 10.10.128.139 255.255.255.0 -vServer DISABLED
      add ns ip 10.10.128.140 255.255.255.0 -vServer DISABLED
      add ns ip 10.10.128.141 255.255.255.0 -vServer DISABLED


reference: https://docs.citrix.com/en-us/netscaler/11/reference/netscaler-command-reference/ns/ns-ip.html
0
Hi All,

Problem:
need help on fixing an issue with Citrix, when accessing the environment that goes through netscaler we are getting hits and misses with opening the applications, when it fails it has a "socket operation on non socket" error message, and then click it again you will eventually get through.


Environment:

we have 1 netscaler 2 storefronts and multiple application servers.

we are using Netscaler vs. NS11.0 63.16
and Citrix 7 Xenapp


Netscaler set up has

2x VIP 2x SNIP

DMZ
1 VIP 1 SNIP
Internal
1VIP 1 SNIP

no load balancing configured, it is basically a passthrough to go to the Storefronts

Troubleshooting and other stuff that might help.


*we have confirmed that the storefronts works ok, we are testing internally
*traceroute from netscaler to the storefronts and other servers have an odd behaviour

- it is 1 hop but on the three probes it will miss every other probe, so it will look like this

1.23 ms * 3.24ms * 1.1ms * 192.168.1.2

but on other boxes which is in the same subnet it will go through just fine.

we have confirmed that routers are automatic and the published routes are correct.
0

NetScaler

420

Solutions

424

Contributors

NetScaler is the industry’s leading web and application delivery controller that maximizes the performance and availability of all applications and data, and also provide secure remote access to any application from any device type. NetScaler products are easily selected by determining the edition providing functional needs and the appropriate physical or virtual appliance platform to fulfill performance needs.