Citrix ADC Load Balance Config for CyberArk PSM

At the time of this post, CyberArk does not have documentation on load balancing Privileged Session Management (PSM) traffic for Citrix ADC, though they provide an example config for F5, it doesn’t translate to Citrix. Hopefully, this would help something that is trying to do this for ADC. Couple of things to call out, the […]

Citrix ADC – Upgrade in HA Environment

Steps from bottom to top Instance Command new seconday set HA node -haSync ENABLED  new primary set HA node -haSync ENABLED  new seconday Rebooting Citrix ADC new seconday Verifying task completion new seconday Installing Citrix ADC using build-12.1-60.19_nc_64.tgz new seconday tar xvfz build-12.1-60.19_nc_64.tgz new seconday cd /var/nsinstall new seconday shell new primary forcefailover -f seconday Rebooting Citrix ADC seconday Verifying task completion seconday Installing Citrix ADC using build-12.1-60.19_nc_64.tgz seconday tar xvfz build-12.1-60.19_nc_64.tgz seconday cd /var/nsinstall seconday shell primary set HA node -haSync DISABLED  seconday set HA node -haSync DISABLED  primary save config primary Uploading file build-12.1-60.19_nc_64.tgz to Citrix ADC seconday […]

Netscaler Rewrite complete HTTP Request Body before sending to the backend server

You may run into cases where the sending application has one set of message standards and the receiving service has its own standards. One such case that I recently ran into with an app trying to initiate a call request via vendor-neutral open standards to Cisco Unified communication system. Obviously, Cisco expects the API request […]

Handle Netscaler AAA > "Target URL not found for redirection" after login

Citrix published a solution for this [CTX224908]; saying hit the LB first and have it populate “NSC_TASS” cookie. That might not work for all audiences. Users tend to bookmark the login page. Which happens to be AAA page. When they go back to their bookmark they hit the AAA page directly with out the “NSC_TASS” […]

Netscaler: Block Outlook Anywhere for external users

Responder Policy Action: Reset Expression: http.req.url.path.CONTAINS(“rpc”) && client.IP.SRC.IN_SUBNET(10.200.0.0/16).NOT Bind it to exchange load balance vServer. This will block access to Exchange IIS “Rpc” virtual directory (Outlook Anywhere) for devices outside 10.200.0.0/16. You can also go little beyond and create a pattern set and include owa rpc and use the pattern set in the Responder Expression. http.req.url.path.CONTAINS_ANY(“exch_ps”) […]

Applying HDX Policy's based on Access Gateway Connection

The following article illustrates how to apply certain policies (eg: disable access to local drive, printers, clipboard etc..) for users connecting from home (through Citrix Netscaler / Access Gateway) Step 1 Ensure xendesktop controllers configured to trust requests sent to the Citrix XML service. This can be done by executing the following powershell command on […]

Troubleshoot Netscaler AcessGateway autentication

tail -f /var/log/ns.log Example AAA LOGIN_FAILED 233 0 : User smulpuru – Client_ip 04.xx.158.50 – Failure_reason “External authentication server denied access” Cause due to improper configuration of LADP Authentication servers (TLS instead of SSL) Applies to Netscaler 9+ (SDX and VPX)