Anyone else noticed a higher RAM usage (fixed, which is not going done, anymore) with 14.1 47.48? This is a MPX and the yellow line is RAM. Normally during evening / night, when there are no users, anymore, RAM was going done. Now, it's not and going up? Thank you

Is anyone using Security Advisor for NetScaler Console On-Premises? I’m asking because it seems there’s a bug with reporting CVE-2021-22956 after scanning.

Citrix NetScaler Console (OnPrem)- why it’s showing version 14.1-58.30 in Netascaler Telemetry ? 🫣

Hi everyone, we are facing the following issue on Chromebooks: When using SAML authentication between Citrix and Microsoft with Azure MFA, after the StoreFront session timeout, the user is automatically logged off from StoreFront and receives a message asking to close the browser. However, this is not possible because the Chrome process always remains running in the background. As a result, the user gets the following error (or “You cannot log on using a smartcard”), and the only workaround is to reboot the Chromebook. The user is not able to log in again until the Chromebook is rebooted. Has anyone found a solution for this? Would adding a logout URL to the Enterprise SSO app in Azure help? https://[Gateway]/cgi/logout We also came across some possible workarounds by modifying the StoreFront configuration file, but Citrix does not recommend this approach. Thanks

so i have a customer who has a 2 arm configuration DMZ/Internal but doesnt have a internal facing firewall but now want to place a internal firewall between the netscalers and backend servers. A new zone/Subnet will be created which will mean all existing internal Load balancing VIP's would need to be Re Ip'ed in the new subnet/zone. I have created the plan below thoughts anything i have missed ? any better ways ?

We are planning to enable RDP connections through NetScaler Gateway and use CyberArk as proxy. rdp://rdpproxy.company.com?alternate shellsPSM /a server.company.com /c PSM-RDP rdpproxy.company.com - CyberArk PSM and the alternate shell is from existing RDP file published as ICA application. We are getting the following error when clicking on the bookmark.

HI Guys, I am just wondering if anybod has been experiencing random logon failures through netscaler vpn since the 13.1 Build 59.22 release

In all cases, no auth failures are registered in storefront

might just add the customer is using Duo althogh it's still the old iframe method

I'm trying to confirm connectivity between the netscaler SNIP and my VDA network. Previously I've used the 'trick of creating a service on the netcsaler to 1494 and 2598 pointing to a VDA - this works great on a multisession VDA as it's always listening, but it appears that single session VDAs only listen when they are connected to via citrix (confirmed RDP doesn't work). Is there a way to get this to work (or another way to confirm connectivity)?

Is it normal for your vpx to look like this in the hypervisor after joining it to the ADM cloud server?

Citrix built-in monitors — does anyone know exactly what the Citrix StoreFront monitor is checking? The official documentation is very vague: https://docs.netscaler.com/en-us/citrix-adc/current-release/load-balancing/load-balancing-builtin-monitors/monitor-citrix-sf-services.html Is it simply performing an HTTP(S) request and verifying that the service responds with a 200 OK status code, marking the service as down for any other response (for example 503 Service Unavailable)? Or is there more (or less) detailed logic involved? Has anyone tested this in practice or looked deeper into how it really works?

New Netscaler and Console firmware today. There is NO hurry to deploy it. It just adds additional LAS code options. Otherwise it is same as the previous firmware. However new deployments go with this version.

Environment is Citrix DaaS. VDA version is 2507 on Windows 11. CWA is Windows 25.3.2.196. Noticed that in Citrix Monitor there was a recommendation of activating Network telemetry to gather L7 client Latency, L7 server latency, and throughput. I activated the policy on a device or two and we are seeing that on-prem NetScaler 14.1 Gateway connections fail “Gateway authentication failed because VDA refused connection. Error code 2091.2524.” If access is through 13.1 the connection is successful. I have tested with EDT\UDP and TCP which does not appear to be a factor. Connections work when not going through a Gateway. I have had a ticket open with Citrix support and having a working session has been an issue for the last few weeks. This feels like a bug that I just want to report but it is such a struggle to get this to Citrix.

I know this isn't new news, but sharing here what I posted internally for my team re NetScaler on Nutanix. FYI Nutanix is now officially supported for NetScaler VPX - previously it was 'Citrix Ready' via generic KVM support NetScaler blog post: NetScaler + Nutanix AHV: Transforming Enterprise Infrastructure Couple of things to note on this. • Citrix recommend migrating from the previous generic KVM appliance to the proper Nutanix VPX appliance (there's no in place upgrade path) but can do via the HA node thing which is slightly easier than a whole new build + config restore • Nutanix upgrades are a separate download to the generic VPX firmware updates. • There are things on Nutanix that are not supported - be aware and check the docs/faq. Eg dynamic disk increase, zero touch cert mgmt and more. • This seems strange to me but some system commands aren't supported eg nslookup and dig. (see FAQ in link) NetScaler docs, faqs etc here: Install NetScaler VPX on Nutanix Acropolis hypervisor #CKLK4RYS2 #CKHRXATV2

GSLB Monitor request. Had a client's AAA daemon crash on their netscaler, but GSLB didn't failover to the other datacenter when just that service went out. Anyone have any ideas on crafting a GSLB monitor to see those type of crashes and failover? Because these type of issues always happen in the middle of the night, and would prefer an automatic watchdog vs a page being sent out.

Anyone using WSTheme portal theme in production. We are testing WSTheme to match the look and feel of StoreFront 2507, but certain portions of login schemas built for RFWebUI is not working fine with WSTheme.

Hi, I’m upgrading netscaler vpx 13.1-59.22 to the latest build 13.1-60.29. For some reason it loosing its license validity and going ik Express mode. I redownloaded (modify allocations) the license file. Pre-installed -> rebooted (OK) -> upgraded to 60.29 -> Instance is EXPRESS. Anyone else got this issue?

What's people's preference when moving a standalone VPX from VMware to Nutanix. Import new VPX appliance into Nutanix and give it a new nsip and add it to a new HA pair with the VPX in VMware ? Or is it best to export the ns.conf and copy over files and batch import the configuration after tweaking it via notepad++

So Citrix support got back to us on our nsaaad crash we had with 14.1. They recommended we modify our LDAP configuration based on this new recommendation article. https://docs.netscaler.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/configure-ldap-offload-ssl-to-lb-virtual-server.html Basically what this has you do is connect to a tcp 636 ldap lb_vserver that has the backend AD machines connected with SSL_TCP 636, This only would work if the LDAP lb_vserver is on the NetScaler itself. This should reduce a lot of the SSL load for ldap queries. Has anyone else set this up? Any security issues you would think from this?

Bug Bounty Program for NetScaler https://hackerone.com/netscaler_public_program?type=team

So this looks interesting on the NetScaler 14.1 latest firmware. But what does it mean? What classifies as a violation? How long are they in timeout? How is it logged? Anyone have any detailed info on this? https://docs.netscaler.com/en-us/citrix-adc/current-release/security/ns-security-against-nw-threats

This message was deleted.

NetScaler licensing and LAS. I am trying to confirm if NetScaler Console and NetScaler agent are needed to license non-UHMC NetScaler (I think referred to in the docs as Fixed-term Bandwidth). As far as I can tell, without going through the exercise (as I don't have a customer ready and willing to make the change yet) it looks like you can do LAS Offline Activation without needing NetScaler Console/NetScaler Agent. There is no reference to NetScaler Console/NetScaler Agent anywhere in here. Has anyone been through this yet and can confirm? (I did ask Citrix, but I don't think they understood and sent me a link to an article on the built-in NetScaler Agent which isn't relevant here.) License Activation Service | NetScaler 14.1

Let's talk about certnames in NetScaler - a funny thing 🙂 I'm having customers always do a *.customer.com as Certname in NetScaler. Was working fine for years. A 12.1 Docs is saying this (first Screenshot) - so there should be always an error, but it was working fine. Now these customers upgraded to the latest 14.1 56.71 - and all installed Certs are gone (On filesystem they exist, but not installed) - when we now want to re-install the cert with *.customer.com as Display-Name - we are getting that Error in GUI (Second Screenshot) - what technically is correct, but why was it working fine for years? Just a "watch out" during upgrade, pre-check your Cert-names. Now, we moved back and re-installed all certs with the correct guideline, than doing the update to 56.71. But it was a lot of work...

I have successfully migrated a Netscaler VPX from Vmware to nutanix and i now need to migrate a NS Console Agent (I use the Netscaler console service in citrix cloud). I presume i would need a Qcow2 image (Linux KVM) download of the agent and then deploy it in nutanix. Is there any type of configuration export/import i can do and can i retain same IP ect of the original agent in VMware once its powered off as i would have to re do firewall rules if the IP changes . I can breifly remember setting up a DR node with floating IP when i configured on prem ADM/NMAS appliances previously in years gone by. Any steps would be appreciated as never had to do a migration like this previously for the NS Console agent

Does anyone know how to download the NetScaler Agent VMware appliance? The “Download Image” button during the initial setup doesn’t seem to be working…

Anyone else notice that the latest version of ADM no longer shows applications under Dashboard? It's like they no longer are collecting data, if I adjust the timeframe to before the upgrade, then I see previous data.