The Netscaler advanced Endpoint Analysis checks are quite literally only available with version 10.1.120.1316.e It doesnt mean this version and greater, just this specific version. So if you are after the funky Advanced EPA scanning and cant enable or find it anywhere. 1) you have to run this version 10.1.120.1316.e of the netscaler firmware, 10.1.120.1316.e 2) you […]
My (non exhaustive) list of helpful Netscaler session policies expressions for EPA. SCAN REGISTRY (Advanced free-form) CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters_Domain’).VALUE == domain.local CLIENT.REG(‘HKEY_LOCAL_MACHINE_64\\SOFTWARE\\McAfee\\AVEngine_AVDatVersion’).VALUE == 6198. CLIENT.REG(‘HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\AVEngine_AVDatVersion’).VALUE == 6198. CHECK FOR FILE EXISTENCE CLIENT.FILE(‘C:\\WindowsCompany_Laptop.txt’) CHECK FOR RUNNING PROCESS CLIENT.APPLICATION.PROCESS(firewall.exe) EXISTS CHECK OS VERSION (Match any expresssion) CLIENT.OS(winxp).SP == 2 CLIENT.OS(win7) EXISTS DETECT (or not) CITRIX RECEIVER (Match any) REQ.HTTP.HEADER […]
Situation: After an upgrade of our VPX devices to FW 10.1.121.10 intermittent authentication issues appeared for the access gateway users. They would simply fail the LDAP bind, yet all monitors would be green with all services up. Our radius and LDAP authentication point internally to a LB VIP on the Netscaler first before connecting to the individual […]
Situation: We upgraded our Netscaler VPX from 10.0.70.7 to 10.0.76.7 and we were then unable to authenticate to the netscaler console using our LDAP credentials and users were unable to authenticate at the Access Gateway pages. Solution: During the VPX upgrade the Netscaler truncated the first 2 characters of each line of the Authentication server […]
Whilst this is relatively self explanatory there are a few things around doing this that are useful to know Log into the SDX and go to Configuration > Management Service > Backup Files > Action > Factory Reset You will be presented with the following three options Explained here: Reset (Without Network Configuration)—Retain the IP addresses […]
Situation: We restored a ns.conf file to a Citrix Netscaler VPX running on an Netscaler SDX platform, however the device didnt come back online and the instance remained RED on the SDX interface. Typically the ipaddress of the SDX XenServer is 1 greater than the host By default the SDX SVM (Management Service) will be […]
SItuation: Channels (LA/x) in the VPX do not exist nor are they passed through when provisioned from the SDX netscaler device. Resolution: The channels are created only once, so if they are deleted or the devices are restored to another device then you must remove all channels, add a dummy channel like 1.8, reboot the VPX, then […]
To Backup the licence file SDX License location is /flash/mpsconfig/license/*.lic Via SCP copy the file from this location to a safe offsite location To Restore the Licence file System > Licenses > Manage Licenses > Upload License File + Browse Browse to your .LIC file location – upload and apply.
When adding a new cert (or replacement cert) from the command line we received the above error. The original key was used with openssl and there was no passphrase for the key file. Simply converting the key (not the cert) from the Netscaler shell worked using the following command: openssl rsa -in ‘originalkeyfile’ –out ‘newkeyfile’ fixes the file and […]
We upgraded our netscalers to NS10.0 Build: 70.7 nc. After authenticating with our AD credentials we would sometimes (all the time) get a blank console pointing to the address http://NETSCALER/menu/neo Workaround: Log in and point the console to http://NETSCALER/menu/guia Solution: ?