last update: October 2nd 2018 This is the second part of debugging logon. The first one, a network trace about LDAP, may be found here. Citrix ADC / NetScaler logs all events related to AAA (authentication, authorization, auditing) to /tmp/aaad.debug You need to be nsroot or superuser to successfully log on to the BSD shell. This is a requirement to change to BSD shell. Change to the /tmp...
Last update: Sept. 26 2018 I recently had to set languages, using my Citrix ADC (NetScaler), for a website. My customer has several similar web-pages in different subdirectories. Naming scheme is like this: for English for German … There is currently a total of 12 languages. There had been several requirements, and I had to create a set of responder policies to meet the requirements: if an...
Recently I had several requests related to NITRO. NITRO is Citrix NetScaler’s API. Any device may communicate to a NetScaler using NITRO. Even a browser! Citrix exposes several settings and counters and even allows changes. NITRO is the central source for scripting NetScalers. I, being rather an administrator than a programmer, am not that much interested in using NITRO with C++/C#, Java...
Last update: Nov 21th, 2018 tested using firmware 11.1 If you read about slowloris, you always read about NetScaler doing a great job. Tests in our lab environment show: NetScaler will successfully block these attacks. And there is hardly anything we have to do about it: It’s built into the system. Great news indeed! The only thing we have to do is reduce client idle timeout to a lower...
What’s an IP address calculator? I’m pretty sure it’s something you won’t need. It will help understanding IP addresses. It does calculations on IP addresses and will tell you, if the address is valid (or a network / broadcast address), and if two addresses are on the same subnet. Why did I create an IP address calculator like that? My daughter started studying informatics...
Last update: 2018/03/27 Sometimes we have to schedule commands in a Citrix NetScaler. A good example would be: force HA failover It’s obvious, we don’t want to fail over during day time to not disconnect TCP connections, to not interrupt users. The best time would be something like 3:30 AM. It’s obvious, we don’t want to set an alarm for 3:00 to get up, take a shower...
last updated: December 2020 Creating a Citrix NetScaler Test environment New since February 2020: Instead of downloading, you may just use my environment, hosted at my private data centre. Being a Citrix Certified Instructor I am very much aware of the Red/Green/Blue website used during official Citrix NetScaler training (CNS-220, CNS-222). I created my own test website. I usually use it during...
Last update: January 11th 2022 This one is outdated, as the Citrix ADC Version and MAS (former name of ADM) it refers to, is available no more. However, I wrote a new blog on how to enlarge disk space on a Citrix ADC / NetScaler VPX. My NetScaler VPX ran out of disk space. I did several tricks like adding a second disk and mounting ít into the update directors, to be able to upgrade my NetScaler...
last update: October 22nd 2021 Citrix NetScaler Logging and policy troubleshooting Some times it’s quite hard to understand what’s going on. There is a lot of mystics about policies. And it’s even harder to understand what went on (past tense). “Johannes, there had been several problems connecting to <any blabla application here>” “I’m sorry, I...
Yesterday I published a blog about DDOS- protection. I used the Citrix NetScaler AppQoE feature to do so. That’s nice, but not enough. I still could beat my server to a pulp easily. Just 10 clients launching a DDOS attack using HULK had been enough. I can’t throttle down the number of users to just 10! WTF? Basically AppQoE will just limit the number of users (actually it’s the...