My college Thomas Kötzing did it: He published a tool to recover from lost passwords. You can find this tool from here. Of course, you need to have the content from /nsconfig/keys to do so.
A tool to recover lost NetScaler passwords
A
No more CTA
N
Starting with February 2025, Citrix cancelled both, the CTP and CTA program. So I lost my status as a CTA. This is not just sad for me but for all of the great community we had. I became friends with some of my fellow CTAs and some of the CTPs as well. I am thankful for these 4 years full of exciting projects, friendship and a great community. I hope to see you again, my friends!
Changing favicon and header-colour of Citrix NetScaler’s and Citrix ADM’s GUI
C
One of the most annoying things that can happen to you is making changes to the wrong NetScaler. I don’t know about you, but it happens to me from time to time because I usually have several NetScalers open at the same time, ideally NetScalers with identical configurations: the test environment, the integration environment and the production environment. Experiments and trials in the...
Where did Citrix NetScaler’s dig command go?
W
In the latest versions of Citrix NetScaler ADC, the dig command is missing. Where did it disappear to and why? The reason is relatively simple: recent versions of BSD from version 10 do not support dig anymore, it has been replaced by drill. The good thing is that drill has almost the same functions and parameters as dig, so you just have to replace dig with drill. The current Citrix NetScaler...
How to find out, when a STA went down on Citrix NetScaler ADC
H
Recently, I came across a question: When did the STA go down? How can we find out? Well, that’s easy to tell, as it gets logged. Unfortunately, the log isn’t that easy to understand. And, of course, like all logs in Citrix NetScaler, it disappears in a bit more than a day due to logfile rollover. Where do we search for these logs? Like always, my first source is Syslog. In a...
Citrix NetScaler language definition for Notepad++
C
Notepad++ is widely used by Windows administrators. The reason is, Notepad++ is not just a good editor, it also allows to “understand” different languages, like HTML, CSS, Java, Pearl and many more. My friend and fellow CCI (Citrix trainer) at that time, Christian Schwendemann (now Citrix employee), created NetScaler definitions for Notepad++. He sent it to me, but I found several...
Importing/exporting Citrix NetScaler Application Firewall profiles
I
Usually, we create profiles in a test environment. After thoughtful testing, we have to copy them to the production and the DR site. Requirements: Test, production and DR site have to be exactly the same version, or the import will fail. The user has to be able to use the shell (so it has to be equivalent to nsroot) Exporting a profile The profile can get exported at any time. This can be done...
Monitoring Citrix NetScaler WAF from command-line and ADM
M
No doubt, monitoring a WAF is an important thing to do. It helps to find attacks and their sources for forensic purposes and is needed to find false positives as well. How to do it? Citrix NetScaler WAF logs locally, that’s great for real-time logging and trouble shooting, but it may also log to external sources like Citrix Application Delivery Manager (ADM), that’s great for long...
Passing LDAP (AD) attributes from SAML IDP to SAML SP with Citrix ADC / NetScaler as a SAML IDP
P
Sometimes, we need specific attributes like an E-Mail address or the userPrincipalName to be passed from a SAML IDP to the SP. If you use a Citrix ADC / NetScaler as SAML IDP, it is, indeed, an easy thing to do. Let’s have a look. Extracting attributes from LDAP The first step, of course, is always to retrieve an attribute from LDAP. This is done via an LDAP policy. I won’t go into...
Troubleshooting login problems with Citrix NetScaler Gateway
T
last updated: April 26 2022 I am currently creating a slide deck for a CUGC event on May 11. It will be about securing Citrix (NetScaler) Gateway. During my work, I wanted to find out, what the cookie NSC_VPNERR is good for. After a successful login, its value is set to 3 (Citrix ADC 13.0, it’s not documented). With most of the current browsers, you have to press F12 to see the...