Home » vpx

Tag: vpx

Netscaler VPX load balancing of LDAPS broken

Situation: After an upgrade of our VPX devices to FW  intermittent authentication issues appeared for the access gateway users. They would simply fail the LDAP bind, yet all monitors would be green with all services  up. Our radius and LDAP authentication point internally to a LB VIP on the Netscaler first before connecting to the individual servers.

Solution: At this stage Citrix support are investigating the issue, they have recognised it as a bug and their workaround solution was to bypass the netscaler load balancer for LDAPS going direct to a specific server, or to downgrade to The downgrade was not a solution for us as we already had issues with the previous version with the VPX network and LACP negotiation.

Once we removed the internal LDAPS load balancer the Netscalers started authenticating immediately.

We then added another policy for a secondary authentication policy and  server so we did not introduce a single point of failure.



Netscaler upgrade to breaks authentication policy

Situation: We upgraded our Netscaler VPX from to and we were then unable to authenticate to the netscaler console using our LDAP credentials and users were unable to authenticate at the Access Gateway pages.

Solution: During the VPX upgrade the Netscaler truncated the first 2 characters of each line of the Authentication server section (including the password)

Either manually restore the information or copy the authentication lines from a backup of the previous ns.conf


Netscaler SDX not configuring port aggregate channels within VPX instances

SItuation: Channels (LA/x) in the VPX do not exist nor are they passed through when provisioned from the SDX netscaler device.

Resolution: The channels are created only once, so if they are deleted or the devices are restored to another device then you must remove all channels, add a dummy channel like 1.8, reboot the VPX, then reassign the LA/x channels again for the creation of the LA/x channels inside the VPX.

How to License a Netscaler Device

The netscalers are license by the FLEXnet host ID of the machine.

To get this information from the device

1) SSH, putty or use the console of the netscaler device and login as the nsroot account
2) run the shell
– command: shell
3) Run the FLEXnet host ID command
– command: lmutil lmhostid -ether

4) Output will be something like

root@ns# lmutil lmhostid -ether
lmutil – Copyright (c) 1989-2007 Macrovision Europe Ltd. and/or Macrovision Corporation. All Rights Reserved.
The FLEXnet host ID of this machine is “xxxxxxxxxxxx”

5) Use this when allocating your licensing file from mycitrix.com