This document describes the enhancements, fixed issues, and known issues in the maintenance releases of Citrix NetScaler, Citrix NetScaler SDX, and Citrix NetScaler Insight Center.
Release version: Citrix NetScaler, version 10.1 build 122.11
Replaces build: None
Release date: November 2013
Release notes version: 2.0
Language supported: English (US)
ENH ID 0353415: The SDX 22040/22060/22080/22100/22120 platform now supports NetScaler release 10.1 build 122.x.
ENH ID 0353415: NetScaler SDX platform supports a Redundant Array of Independent Disks (RAID) controller, which can support up to eight physical disks.
ENH ID 0413839: Management Service now supports assigning interfaces explicitly for high availability and service along with the management for BlueCat DNS/DHCP Server virtual machines.
ENH ID 0418196: The top-right corner of the page now displays a percentile icon, which you can click to display percentile values and the highest and lowest values for a selected metric.
ENH ID 0392016: HDX Insight reports now include details about session reconnects, client-side retransmissions, and server-side retransmissions.
ENH ID 0398322: HDX Insight now provides a report about active sessions, grouped by server IP and gateway IP address.
ENH ID 0423207: You can now select which columns to show in the tables in the NetScaler Insight Center graphical user interface (GUI), and you can rearrange the columns. Each user can make his or her changes persistent across his or her sessions.
Issue IDs 0391317 and 0423289: On a NetScaler appliance with both the application firewall and integrated caching enabled, a memory leak might occur.
Issue ID 0422639: On a NetScaler appliance with the application firewall enabled, web forms submitted with URL-encoded double-byte character (Chinese, Japanese, or Korean) inputs might generate a Form Field consistency check violation. The reason is that the application firewall counts bytes instead of characters when validating web form input, causing some double-byte input to exceed the form field maxlength attribute.
Issue IDs 0422919 and 0423289: On a NetScaler appliance with the application firewall enabled and configured, if a protected web site contains a multipart web form, a memory leak causes a small amount of memory to be consumed and not released each time the application firewall processes the web form. Repeated processing of requests and responses can gradually consume available memory.
Issue ID 0420596: After a user logs on to a NetScaler appliance through the CLI, the set cli mode-disabledFeatureAction NONE command is automatically executed, and the following error message appears:
ERROR: Not authorized to execute this command.
Issue ID 0403766: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the application firewall policies through the Security settings creates an erroneous condition.
Issue ID 0414431: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard for the first time, if you cancel the operation, the configurations that you created are not cleared and you cannot access the wizard again.
Workaround: Do not cancel the wizard during the first setup. If you want to change a configuration, go through the entire flow, click Done, and then return to the wizard and click the Edit link to update the configuration that you want to change.
Issue ID 0426594: The NetScaler configuration utility is not compatible with JRE version 7.45.
Issue ID 0429652: If a SureConnect policy is bound to a virtual server and you upgrade the NetScaler appliance to version 10.1, build 120.13, the policy is not displayed when you navigate to > <virtual server name>.
Issue ID 0430094: When you navigate to and, under Utilities, click TraceRoute and Run, the utility uses the default value for Packet Length(44) and displays the error message:
Packet length must be greater than 47.
Issue ID 0431045: When you use the configuration utility to add a new NetScaler IP address or subnet mask, the qwerty keyboard does not allow you to enter a value greater than 249 for the last octet.
Issue ID 0394856: If a content switching virtual server with a large number of existing connections is removed, flushing all the PCBs takes time. If any traffic destined for the virtual server is received during this time, the appliance fails.
Issue IDs 0420089 and 0425486: The synchronization of files in an HA setup stops working after the nsinternal user is disabled.
Issue ID 0417274: The NetScaler appliance fails while processing ICA traffic if you have disabled AppFlow logging on the VPN virtual server (set vpn vserver -appflowlog disable).
Issue IDs 0393613 and 0427971: If the first octet of the IP address of a service has a value of 6 (6.x.x.x), and the service is bound to a virtual server that is configured for persistence, the NetScaler appliance fails when it tries to direct a request to that service.
Issue IDs 0399446 and 0416718: In some cases, if you configure a domain-based IPv6 service on the NetScaler appliance, the appliance might become unresponsive.
Issue ID 0417630: In a high availability setup, after you upgrade the secondary node and make it the new primary, the process of file synchronization from the new secondary (old primary) node with the new primary node overwrites some of the updated data on the new primary. Specifically, the new monitoring scripts delivered as part of the upgrade on the new primary node are overwritten. As a result, the monitoring scripts might fail.
Issue ID 0424780: The stat servicegroup command incorrectly displays the svrttfb (server-time-to-first-byte) value as zero.
Issue ID 0426421: On a NetScaler SDX with AAA and SAML enabled and configured, occasionally the NetScaler appliance crashes and generates a core dump during SAML authentication.
Issue ID 0431206: On a NetScaler appliance with AAA enabled and configured, a user whose account is bound to over 100 groups might be unable to execute NetScaler commands at the command line despite having the appropriate permissions to do so. To work around this issue, do not bind a single user account to more than 99 groups.
Issue ID 0400651: If you create a channel on interfaces 0/1 and 0/2 by using the Management Service, and then provision a third-party instance and configure the management network for that instance on the newly created channel, the third-party instance is not reachable on the network.
Issue ID 0414851: The format of the APPFW CSRF TAG syslog message is not in the expected format. As a result, Command Center displays incorrect values, under AppFirewall Recent Logs, in some fields for this type of AppFirewall syslog message.
Issue ID 0424588: If a NetScaler instance is created with a Management VLAN using the 0/1 or 0/2 interface, the guest VMs fail to start after provisioning, because the guest VMs use the VLAN networks instead of physical network while assigning the interface.
Issue ID 0420630: The SNMP responses are not as specified by the RFC 4001.
Issue ID 0416941: After unbinding a netprofile from a NetScaler Gateway virtual server, the netprofile cannot be removed from the NetScaler appliance.
Issue ID 0410624: When a filter policy is globally bound to a NetScaler, application firewall or compression or authorization policies that are bound to a content switching virtual server are not saved in the running configuration. However, these bindings are displayed when you run the show cs vserver command.
Issue ID 0429232: After upgrading to NetScaler 10.1, policies that were globally bound to the NetScaler are also being bound at a virtual server level.
Issue ID 0418252: On a NetScaler appliance with Rewrite enabled and configured, a newly-created Rewrite policy that is bound to a content-switching virtual server might not be saved either in the running configuration or in the saved configuration.
Issue IDs 0413733, 0413871, and 0421055: SNMPD fails to respond if it receives a packet with a NULL community string.
Issue IDs 0406948 and 0429211: The NetScaler appliance sometimes fails when a TCP connection is closed from a SPDY client while some streams are still active.
Issue IDs 0417793, 0421214, 0421329, and 0423099: The NetScaler appliance stops sending TCP DUP ACKs when it receives out of order packets. This might result in latency between the client and the appliance, or the appliance and the server, with reduced throughput for some traffic patterns.
Issue ID 0419553: When the NetScaler appliance receives invalid Selective Acknowledgment (SACK) blocks from the client, it attempts to send old data that has already been cleared. As a result, the appliance stops responding.
Issue ID 0420781: The NetScaler appliance does not forward the complete request to the server if the request requires more than one packet. As a result, the transaction fails.
Issue ID 0430176: The NetScaler appliance intermittently resets TCP connections that originate from the NetScaler FreeBSD shell and are destined for NetScaler-owned IP addresses (for example, a SNIP or VIP address). The resets affect applications such as LDAP.
Issue ID 0423905: If a malformed packet is received from a client, the NetScaler appliance closes the connection and releases the resources used for that connection to the common pool. In some cases, some of these resources are not cleaned before returning to the pool and a bad resource might be reused for a future request. In such cases, the SSL handshake for that future request fails.
Issue ID 0388563: The following behavior occurs during a high availability force failover on a NetScaler appliance that has active ICA session applications launched:
Issue ID 0372768: If you use the default browser PDF plugin to view an application firewall report, embedded links might be inactive.
Workaround: Use the Adobe PDF browser plugin.
Issue ID 0323213: In a cluster setup, globally bound DNS policies are listed multiple times in the Bind/Unbind DNS Policy(s) to Global dialog box.
Issue ID 0361793: The count of the number of load balancing virtual servers, which is shown in the configuration summary, includes the load balancing virtual server that is created during the configuration of EdgeSight Monitoring, even though that load balancing virtual server is not displayed in the Load Balancing & Virtual Servers pane.
Issue ID 0374304: If you access the configuration utility through Internet Explorer 9 or 10 and rename a virtual server, a No such resource error message appears, even if the rename operation is successful.
Workaround: Use the mouse to click the OK button, instead of pressing the ENTER key on the keyboard.
Issue ID 0374437: If, when using the configuration utility to configure the NetScaler appliance, you press Alt+Tab to switch between programs, the current dialog box might disappear, hidden behind the main configuration utility screen. To reach the dialog box, press Alt+Tab a second time.
Issue ID 0388534: If you access the NetScaler configuration utility from the Start screen on a Windows 8 machine, the Java based configuration views are not displayed.
Workaround: Switch to the Desktop screen to display Java based configuration views. Microsoft Windows 8 does not support plug-ins on the Start screen, and therefore Java cannot run on the Start screen. For more information, see http://www.java.com/en/download/faq/win8_faq.xml
Issue ID 0389328: If you use the Google Chrome browser to access the NetScaler configuration utility, and the monitor resolution is low, you might not be able to use the mouse to scroll the screen.
Workaround: Use the arrow keys on the keyboard to scroll the screen.
Issue ID 0403766: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the application firewall policies through the Security settings will result in erroneous condition.
Issue ID 0409057: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, you get a distorted view of the published resources when you apply the application firewall settings in the Security section.
Issue ID 0411152: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the Optimization settings results in the unavailability of applications/desktops on accessing StoreFront through VPN.
Workaround: Do not apply the optimization settings.
Issue ID 0414422: When using the wizard, Web Interface on NetScaler does not publish XenDesktop applications if the load balancing virtual server is configured to listen on two XenDesktop servers.
Issue ID 0414431: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard for the first time, if you cancel the operation, the configurations that you performed are not cleared and you cannot access the wizard again.
Workaround: Do not cancel the wizard during the first setup. If you want to change some configuration, go through the entire flow, click Done, and then return to the wizard and click the Edit link to update the required configuration.
Issue ID 0399575: When you configure load balancing virtual servers in a content switched environment, the service types of primary and backup virtual servers must be the same. If you assign a backup virtual server with a service type of TCP to a load balancing virtual server with a service type of HTTP, any content switching action bound to the load balancing virtual server fails.
Issue ID 0370607: The configuration utility procedures in the NetScaler 10.1 documentation have not been updated to reflect the new top-level nodes. See http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-1-map/ns-rn-changes-gui-10-1-con.html for information about the new node structure.
Issue ID 0376662: The NetScaler appliance might fail in the following set of circumstances:
On the appliance, you have configured DNSSEC offload and enabled NSEC record generation for a zone.
The appliance receives a DNS NODATA/NXDOMAIN query for that zone, over TCP, and the DNSSEC OK bit in the query is set.
Issue ID 0416573: On the secondary node of a high availability (HA) configuration, if the HA propagation and HA synchronization options are disabled and Stay secondary is enabled, you cannot disable the Stay secondary option after upgrading the node.
Workaround: Open the /etc/syslog.conf file and change the line *.err;kern.debug;auth.notice;mail.crit/dev/console to kern.err;kern.debug;auth.notice;mail.crit/dev/console
Issue ID 0369946: If you bind an FTP user monitor to an IPv6 service, the state of the service is shown as DOWN.
Workaround: Refresh the screen. If appflow is enabled, the check box in the Insight column is selected.
Workaround: Copy and paste the expression from a notepad.
Object does not support this property or method.
Workaround: Restart the NetScaler Insight Center appliance.
Workaround: To upgrade to 120.13 or later builds, perform a fresh installation. To retain your existing configurations, make sure that the IP address of the NetScaler appliance and the IP address of NetScaler Insight Center remain the same .
Issue ID 0370574: After you create a channel on 1/x or 10/x interfaces, the NetScaler instance might show the status of the member interfaces as Error-Disabled (in the command line) or DOWN (in the configuration utility).
Workaround: After using the Management Service to create a channel, restart the SDX appliance.
Issue ID 0384909: If you disable an interface of an LA channel configured on a NetScaler instance running on a NetScaler SDX appliance, the SDX appliance does not notify the peer device that the interface is disabled. Therefore, the peer device might send traffic to the disabled interface.
Workaround: Disable the interface of the peer device so that it does not send traffic to the disabled interface of the SDX appliance.
Issue ID 0396252: If you specify secure-only access on a NetScaler instance, single sign-on to that instance from the Management Service user interface is not successful.
Issue ID 0399057: If, when provisioning a SECUREMATRIX GSB instance, you configure the management IP address on a 1/x or 10/x interface, the instance is not reachable through the network.
Issue ID 0399630: If you use the Management Service to bind a new interface to an LACP channel, the member interfaces of the channel are reset. As a result, the traffic is not evenly distributed among the interfaces in the channel.
Issue ID 0423068: The Management Service allows deleting a channel that is part of an NSVLAN on any NetScaler instance. If you delete such a channel, the NetScaler instance is not reachable over the management network.
Issue ID 0424630: If you create an LACP channel with more than 8 member interfaces, or a static channel with more that 16 member interfaces, the following error message appears: "Channel Interface String Length: 185 is greater than maximum allowed length:128".
Issue ID 0430121: The Management Service intermittently dumps a stat core when BlueCat VMs are provisioned on the SDX appliance.
Issue ID 0430449: Even after you configure a short message service (SMS) server, you do not receive an SMS message when an alert is generated.
Issue ID 0431243: If a management channel exists on a NetScaler instance, you cannot trace the route of a packet from the Management Service to a NetScaler instance.
Issue ID 0431463: If you apply a license after modifying the SVM host name, the license application might fail.
Workaround: Reboot the Management Service after changing the host name, and then try applying the license again.
Issue ID 0433054: Deletion of a management channel from the Management Service might not always succeed.
Workaround: Try deleting the management channel again from Management Service.
sysctl netscaler.ns_vpx_halt_method=2
sysctl netscaler.ns_vpx_halt_method=2
Issue ID 0371613: In a high availability configuration with the network firewall mode set to BASIC on the current secondary node, synchronization of configuration files from the primary to secondary node fails, regardless of whether you run the sync HA files command from the NetScaler command line or use the Start HA files synchronization dialog box in the configuration utility.
Workaround: Add the following extended ACL on each of the nodes of the HA configuration:
add acl <aclname> -srcIP <NSIP of the peer node> -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.27 -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.9 -protocol TCP -destport 22
Issue ID 0383958: $ is an invalid value for the port parameter of any extended ACL, but no error message appears if you specify this value. If, while using the configuration utility to configure an extended ACL, you set the port parameter to $, no error message appears, but the ACL is not configured.
Issue ID 0399436: The NetScaler appliance does not create session entries for ICMPv6 packets that match a forwarding-session rule.
Issue ID 0381000: On some NetScaler appliances, the following four sensor readings are no longer available. The stat system -detail command displays a value of 0.
Issue ID 0385217: On the MPX 8200/8400/8600 and MPX 5550/5650 platforms, if a 1G data port is connected but disabled, the status of the peer port on the switch might be shown as UP after the MPX appliance restarts.
Issue ID 0410251: With recent versions of the ixgbe driver, the dmesg.boot file and the show interface command report that the FTLX1471D3BCV-I3 LR SFP+ port is unsupported. This issue occurs with the following releases and builds:
Release 10.1 starting build 112.15 or later
Release 10 build 74 or later
Release 9.3 build 62.4 or later
Release 9.3.e build 59.5003.e or later
Issue ID 0390584: You cannot use the configuration utility to define classic SSL policies. However, you can use the configuration utility to bind and unbind classic SSL policies.
Issue ID 0425465: After changing the time zone on a NetScaler appliance, you must reboot the appliance so that policies referencing the LOCAL system use the new time zone instead of the old one. Otherwise, policies that should match do not, and policies that should not match do.
Issue ID 0368982: After you import a custom data source, the charts for the counters under the System entities statistics are inaccurate, because of issues in the third party charting engine.
Issue ID 0343395: On the NetScaler appliance, TLS protocol version 1.2 does not support a client certificate with an RSA 4096-bit key.
Issue ID 0345883: On the NetScaler appliance, TLS protocol version 1.2 does not support ephemeral Diffie-Hellman cipher suites.
Issue ID 0382647: The stat system -detail command does not display the number of CPUs.
Issue ID 0388481: When upgrading from release 9.3 to 10.1, the following SNMP alarms throw a time argument error: IP-CONFLICT, HA-LICENSE-MISMATCH, and HA-PROP-FAILURE. This issue occurs because, in version 10 and later, the time parameter is deprecated for these SNMP alarms.
Workaround: Before upgrading to release10.1, update the ns.conf file by removing the time parameter for these three alarms from the set snmp alarm command.
Issue ID 0397150: On a NetScaler appliance, if WIHome is configured to point to an IPv6 load balancing virtual server that points to the IPv6 StoreFront services, a user tying to log on receives a 500 Internal Server Error message.
Workaround: Remove the IPv6 load balancing virtual server configuration and configure WIHome to point directly to the StoreFront server URL.
Release version: Citrix NetScaler, version 10.1 build 121.10
Replaces build: None
Release date: October 2013
Release notes version: 4.0
Language supported: English (US)
ENH ID 0311561: NetScaler release 10.1 build 121.x is supported on the MPX 22040/22060/22080/22100/22120 platform.
Because of its smaller key size, Elliptic Curve Cryptography (ECC) is especially useful in a mobile (wireless) environment and in an interactive voice response environment, where every millisecond is important. Smaller key sizes result in power, memory, bandwidth, and computational cost savings.
ENH ID 0361257: The AAA-TM Kerberos functionality now supports single sign-on (SSO) with all supported authentication mechanisms. The CAC (Smart Card) and SAML SSO mechanisms are supported in all cases, regardless of the authentication method that the client uses to log onto the NetScaler appliance. The HTTP-Basic, HTTP-Digest, Forms-based, and NTLM (versions 1 and 2) SSO mechanisms are also supported if the client uses either HTTP-Basic or Forms-Based authentication to log onto the NetScaler appliance.
You can configure Kerberos SSO to work in one of two ways: by impersonation or by delegation. To configure Kerberos SSO by impersonation, you must have the user's password or client certificate. To configure impersonation using a client certificate, the user must also have a properly-configured version of the Citrix Receiver installed on his or her personal computer. To configure Kerberos SSO by delegation, you must have the delegated user's credentials in one of the following formats: the user's password, the keytab configuration that includes an encrypted password, or the client cert and the matching CA certificate.
To configure Kerberos SSO, first configure your NetScaler appliance to manage traffic to the web application servers that users will access through SSO. Next, configure AAA-TM for your preferred authentication method. Verify that the NetScaler appliance can communicate with your LDAP Active Directory (AD) server and your Kerberos server.
What you do next depends on whether you want to configure Kerberos SSO by Impersonation or by Delegation. Follow the instructions in the appropriate section below.
To configure Kerberos SSO by Impersonation, enable integrated authentication on each web application server. After you have done this, create and configure the NetScaler KCD account that will impersonate users.
To create the KCD account for SSO by impersonation with a password
add aaa kcdaccount <accountname> -realmStr <realm>
add aaa kcdAccount kcdaccount1 -realmStr EXAMPLE.COM
To create the KCD account for SSO by impersonation with a client certificate
add aaa kcdAccount <accountname> -cacert <cacert>
add aaa kcdAccount kcdaccount1 -cacert <path to certificate>
After you configure the NetScaler account on AD, enable integrated authentication on each web application server. Finally, create and configure the NetScaler KCD account that will serve as the delegated user.
To create the KCD account for SSO by delegation with a password
add aaa kcdaccount <accountname> -delegatedUser root -kcdPassword <password> - realmStr <realm>
Example (UPN format):
add aaa kcdaccount kcdaccount1 -delegatedUser root -kcdPassword passsword1 -realmStr EXAMPLE.COM
add aaa kcdAccount kcdaccount1 -realmStr EXAMPLE.COM -delegatedUser "host/kcdvserver.example.com" -kcdPassword password1
To create the KCD account for SSO by delegation with a keytab file
First, on the AD server, use the ktpass utility to create the appropriate keytab file. Next, use the file transfer utility of your choice to copy the keytab file from the AD server to the NetScaler appliance, and put it in /nsconfig/krb under the filename kcdvserver.keytab.
add aaa kcdaccount <accountname> -keytab <keytab>
add aaa kcdaccount kcdaccount1 -keytab kcdvserver.keytab
Finally, verify that the new KCD account has the proper keytab file and virtual server principle associated with it:
sh kcdAccount <accountname>
To create the KCD account for SSO by delegation with a client cert
add aaa kcdaccount <accountname> -realmStr <realm> -delegatedUser <spnuser> -usercert <cert> -cacert <cacert>
add aaa kcdaccount kcdaccount1 -realmStr EXAMPLE.COM -delegatedUser "host/kcdvserver.example.com" -usercert /certs/usercert -cacert /cacerts/cacert
Granular Data |
Time to purge |
7 seconds data |
6 min |
5 minutes data |
65 minutes |
Hourly data |
25 hours |
Daily data |
8 days |
Weekly data |
5 weeks |
Issue ID 0418200: On a NetScaler appliance that has AAA configured with SSL certificate set to "optional" and at least one authentication policy, when Android users attempt to authenticate, the Android Receiver client generates the following error: "invalid server certificate". This error is caused by improper cookie handling by the Android Receiver client.
Issue ID 0416714: When the NetScaler appliance sends large amounts of input data to the application firewall at once, the appliance can hang or crash. The appliance has now been programmed to send input data in batches limited to sizes that do not cause hangs or crashes to occur.
Issue ID 0379234: The show ns runningConfig command displays the current time instead of the time at which the configuration was last modified.
Issue IDs 0361970, 0387024, 0397473, and 0400307: When a NetScaler session expires, a session expiry message appears in the graphical user interface, and the user has to manually enter the IP address or the domain name of the NetScaler appliance in the address bar to log back on.
Issue ID 0409605: When using the Traffic Management > Load Balancing > Set up NetScaler for XenApp/XenDesktop wizard, the compression feature is not enabled on the appliance and for the service groups.
Issue ID 0413087: When using the wizard, if you configure XenDesktop and later edit the Xen Farm settings to have only XenApp, the XenDesktop bound to the Web Interface site of type Xenappservices in not modified. Therefore, published resources of both, XenApp and XenDesktop, are displayed when accessing the Web Interface site through Receivers.
Issue ID 0414361: When you click the Edit link to update the configurations specified in the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, an error is displayed when you try to apply the optimization settings.
Issue ID 0414760: When editing the Xen Farm settings in the wizard, load balancing configuration is lost if you switch from XenApp or XenDesktop to Both or from Both to XenApp or XenDesktop. This issue is observed only when Web Interface on NetScaler is the integration point.
Issue ID 0414807: When using the Traffic Management > Load Balancing > Set up NetScaler for XenApp/XenDesktop wizard, an error is displayed if:
Issue ID 0420349: Unable to access ICA connections through the graphical user interface
Issue ID 0408374: If a configuration has a large number of GSLB services and add location file command is used to add the location database, then not all the services may be assigned a location from the database.
Issue ID 0421837: When GSLB vserver is configured with RTT or Static Proximity as load balancing method or SOURCEIPHASH as the persistence type, the NetScaler appliance might restart because of invalid memory access.
Issue IDs 0357841 and 0408502: In an high availability configuration, for a connection to an FTP virtual server with stateful connection failover option enabled, if the FTP control connection is closed before the passive mode FTP data connection is opened, the secondary node may become unresponsive.
Issue ID 0409055: If you run a custom health monitoring script that does not require an argument, the NetScaler appliance sends an incorrect timeout to the script. As a result, the script continues to run for longer than expected. After some time, the maximum limit for the number of scripts allowed on the appliance is reached and new scripts cannot be run.
Issue ID 0417101 (MPX 9500): Oracle database monitor fills the console window with DONE and DEEP_FLD_LEN messages.
Issue ID 0410711: When diameter traffic hits a diameter load balancing virtual server which has persistency enabled, and that single packet contains multiple full requests and a partial request, the NetScaler fails to recognize the partial request and therefore sends the partial request to the server. This results in an invalid packet being sent to the server and the NetScaler sends 5XXX code to the client.
Issue ID 0383812: A monitor of type CiTRIX-wi-EXTENDED fails if the script name and site path arguments are not explicitly set.
Issue ID 0401793: MPTCP does not support IPv6 addresses.
Issue ID 0409426: The NetScaler appliances does not acknowledge the subflow FIN when it comes with the MPTCP DATA_FIN.
Issue ID 0412833: While using MPTCP, the NetScaler cannot adequately handle overlapping data sequence maps.
Issue ID 0414182: The NetScaler appliance must not send MPTCP control signals such as DATA_FIN or FAST_CLOSE when the NetScaler has already sent a subflow FIN.
Issue ID 0419184: While using MPTCP, the NetScaler appliance crashes when trying to free an already freed TCP session.
Issue ID 0413123: When you display the running configuration of a NetScaler instance in the Service Management interface, the double quotation marks (") are replaced with HTML code (;quot &).
Issue ID 0404849: The NetScaler appliance might restart if it receives a duplicate IPv6 fragment within a very short time after receiving the original fragment.
Issue ID 0413733, 0413871, and 0421055: SNMPD fails to respond if it receives a packet with a NULL community string.
Issue ID 0408393: If any entity is added as part of user interactive process on command line for SSL Certificates and the operation is aborted in between using CTRL+C, then again carrying out the same operation causes the NetScaler command line to crash.
Issue IDs 0216272 and 0358540: In an high availability setup, after a forced failover, the sync operation fails to sync the -establishClientConnection parameter setting.
Issue IDs 0375425, 0399769, 0401111, 0408648, 0413721, and 0414273: If TCP buffering or caching is enabled on a NetScaler appliance receiving an ACK packet that has ACK_NO at the left edge of the SACK block, the packet engine enters a loop while processing the packet.
Issue ID 0401526: On a NetScaler appliance, an invalid HTTP range request results in a large amount of memory usage and the following error appears: "ERROR: Communication error with the packet engine."
Issue ID 0405532 :TCP buffering bypasses as the calculated 'usable system memory' is less than the configured threshold value.
Issue ID 0411613: The NetScaler appliance can crash when there are split ICA frames that span 2 CGP frames with other CGP packets in between.
Issue ID 0412681: If changes are made in the nsconfig/resolv.conf file, the appliance fails to override the default DNS configurations.
Issue ID 0415623: If you specify an invalid IPv4 address in a command that can accept either IPv4 or IPv6 address, the NetScaler shell exits automatically due to memory corruption.
Issue ID 0388563: The following behavior occurs during a high availability force failover on a NetScaler appliance that has active ICA session applications launched:
Issue ID 0372768: If you use the default browser PDF plugin to view an application firewall report, embedded links might be inactive.
Workaround: Use the Adobe PDF browser plugin.
Issue ID 0323213: In a cluster setup, globally bound DNS policies are listed multiple times in the Bind/Unbind DNS Policy(s) to Global dialog box.
Issue ID 0361793: The count of the number of load balancing virtual servers, which is shown in the configuration summary, includes the load balancing virtual server that is created during the configuration of EdgeSight Monitoring, even though that load balancing virtual server is not displayed in the pane.
Issue ID 0374304: If you access the configuration utility through Internet Explorer 9 or 10 and rename a virtual server, a No such resource error message appears, even if the rename operation is successful.
Workaround: Use the mouse to click the OK button, instead of pressing the ENTER key on the keyboard.
Issue ID 0374437: If, when using the configuration utility to configure the NetScaler appliance, you press Alt+Tab to switch between programs, the current dialog box might disappear, hidden behind the main configuration utility screen. To reach the dialog box, press Alt+Tab a second time.
Issue ID 0388534: If you access the NetScaler configuration utility from the Start screen on a Windows 8 machine, the Java based configuration views are not displayed.
Workaround: Switch to the Desktop screen to display Java based configuration views. Microsoft Windows 8 does not support plug-ins on the Start screen, and therefore Java cannot run on the Start screen. For more information, see http://www.java.com/en/download/faq/win8_faq.xml.
Issue ID 0389328: If you use the Google Chrome browser to access the NetScaler configuration utility, and the monitor resolution is low, you might not be able to use the mouse to scroll the screen.
Workaround: Use the arrow keys on the keyboard to scroll the screen.
Issue ID 0403766: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the application firewall policies through the Security settings will result in erroneous condition.
Issue ID 0409057: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, you get a distorted view of the published resources when you apply the application firewall settings in the Security section.
Issue ID 0411152: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the Optimization settings results in the unavailability of applications/desktops on accessing StoreFront through VPN.
Workaround: Do not apply the optimization settings.
Issue ID 0414422: When using the wizard, Web Interface on NetScaler does not publish XenDesktop applications if the load balancing virtual server is configured to listen on two XenDesktop servers.
Issue ID 0414431: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard for the first time, if you cancel the operation, the configurations that you performed are not cleared and you cannot access the wizard again.
Workaround: Do not cancel the wizard during the first setup. If you want to change some configuration, go through the entire flow, click Done, and then return to the wizard and click the Edit link to update the required configuration.
Issue ID 0399575: When you configure load balancing virtual servers in a content switched environment, the service types of primary and backup virtual servers must be the same. If you assign a backup virtual server with a service type of TCP to a load balancing virtual server with a service type of HTTP, any content switching action bound to the load balancing virtual server fails.
Issue ID 0370607: The configuration utility procedures in the NetScaler 10.1 documentation have not been updated to reflect the new top-level nodes. See http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-1-map/ns-rn-changes-gui-10-1-con.html, for information about the new node structure.
Issue ID 0376662: The NetScaler appliance might fail in the following set of circumstances:
On the appliance, you have configured DNSSEC offload and enabled NSEC record generation for a zone.
The appliance receives a DNS NODATA/NXDOMAIN query for that zone, over TCP, and the DNSSEC OK bit in the query is set.
Issue ID 0369946: If you bind an FTP user monitor to an IPv6 service, the state of the service is shown as DOWN.
Issue ID 0331338: With USIP enabled, MPTCP requests do not go through.
Issue ID 0400819: MPTCP does not support FTP data connections.
Issue ID 0400861: Virtual servers to which a listen policy is bound accept connections from the first subflow only.
Issue ID 0400875: Multiple spillover persistence sessions are created for a single MPTCP transaction.
Workaround: Refresh the screen. If appflow is enabled, the check box in the Insight column is selected.
Workaround: Copy and paste the expression from a notepad.
Object does not support this property or method.
Workaround: Restart the NetScaler Insight Center appliance.
Issue ID 0370574: After you create a channel on 1/x or 10/x interfaces, the NetScaler instance might show the status of the member interfaces as Error-Disabled (in the command line) or DOWN (in the configuration utility).
Workaround: After using the Management Service to create a channel, restart the SDX appliance.
Issue ID 0384909: If you disable an interface of an LA channel configured on a NetScaler instance running on a NetScaler SDX appliance, the SDX appliance does not notify the peer device that the interface is disabled. Therefore, the peer device might send traffic to the disabled interface.
Workaround: Disable the interface of the peer device so that it does not send traffic to the disabled interface of the SDX appliance.
Issue ID 0399057: If, when provisioning a SECUREMATRIX GSB instance, you configure the management IP address on a 1/x or 10/x interface, the instance is not reachable through the network.
Issue ID 0399630: If you use the Management Service to bind a new interface to an LACP channel, the member interfaces of the channel are reset. As a result, the traffic is not evenly distributed among the interfaces in the channel.
Issue ID 0400651: If you create a channel on interfaces 0/1 and 0/2 by using the Management Service, and then provision a third-party instance and configure the management network for that instance on the newly created channel, the third-party instance is not reachable on the network.
Issue ID 0424588: If a NetScaler instance is created with a Management VLAN using the 0/1 or 0/2 interface, the guest VMs fail to start post provisioning, because the guest VMs use the VLAN networks instead of physical network while assigning the interface.
Remove the NetScaler instances whose management ports are in tagged VLAN.
Logon to the XenServer shell prompt and remove all the VLAN networks.
Create the guest VM instances first, and then create the NetScaler instances.
sysctl netscaler.ns_vpx_halt_method=2
sysctl netscaler.ns_vpx_halt_method=2
Issue ID 0371613: In a high availability configuration with the network firewall mode set to BASIC on the current secondary node, synchronization of configuration files from the primary to secondary node fails, regardless of whether you run the sync HA files command from the NetScaler command line or use the Start HA files synchronization dialog box in the configuration utility.
Workaround: Add the following extended ACL on each of the nodes of an HA configuration:
add acl <aclname> -srcIP <NSIP of the peer node> -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.27 -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.9 -protocol TCP -destport 22
Issue ID 0383958: $ is an invalid value for the port parameter of any extended ACL, but no error message appears if you specify this value. If, while using the configuration utility to configure an extended ACL, you set the port parameter to $, no error message appears, but the ACL is not configured.
Issue ID 0399436: The NetScaler appliance does not create session entries for ICMPv6 packets that match a forwarding-session rule.
Issue ID 0381000: On some NetScaler appliances, the following four sensor readings are no longer available. The stat system -detail command displays a value of 0.
This change affects the following platforms:
Issue ID 0385217: On the MPX 8200/8400/8600 and MPX 5550/5650 platforms, if a 1G data port is connected but disabled, the status of the peer port on the switch might be shown as UP after the MPX appliance restarts.
Issue ID 0410251: With recent versions of the ixgbe driver, the dmesg.boot file and the show interface command report that the FTLX1471D3BCV-I3 LR SFP+ port is unsupported. This issue occurs with the following releases and builds:
Release 10.1 starting build 112.15 or later
Release 10 build 74 or later
Release 9.3 build 62.4 or later
Release 9.3.e build 59.5003.e or later
Issue ID 0390584: You cannot use the configuration utility to define classic SSL policies. However, you can use the configuration utility to bind and unbind classic SSL policies.
Issue ID 0368982: After you import a custom data source, the charts for the counters under System entities statistics are inaccurate, because of issues in the third party charting engine.
Issue ID 0343395: On the NetScaler appliance, TLS protocol version 1.2 does not support a client certificate with an RSA 4096-bit key.
Issue ID 0345883: On the NetScaler appliance, TLS protocol version 1.2 does not support ephemeral Diffie-Hellman cipher suites.
Issue ID 0382647: The stat system -detail command does not display the number of CPUs.
Issue ID 0388481: When upgrading from release 9.3 to 10.1, the following SNMP alarms throw a time argument error: IP-CONFLICT, HA-LICENSE-MISMATCH, and HA-PROP-FAILURE. This issue occurs because, in version 10 and later, the time parameter is deprecated for these SNMP alarms.
Workaround: Before upgrading to release10.1, update the ns.conf file by removing the time parameter for these three alarms from the set snmp alarm command.
Issue IDs 0417793, 0421214, 0421329, and 0423099: The NetScaler appliance stops sending TCP DUP ACKs when it receives out of order packets. This might result in latency between the client and the appliance, or the appliance and the server, with reduced throughput for some traffic patterns.
Issue ID 0397150: On a NetScaler appliance, if WIHome is configured to point to an IPv6 load balancing virtual server that points to the IPv6 StoreFront services, a user tying to log on receives a 500 Internal Server Error message.
Workaround: Remove the IPv6 load balancing virtual server configuration and configure WIHome to point directly to the StoreFront server URL.
Issue ID 0363145: The following APIs are not available in version 10.1 or later: bindservicegroup_state2 unsetnslimitidentifier_selectorname. Instead use unsetnslimitidentifier_selector.
Release version: Citrix NetScaler, version 10.1 build 120.13
Replaces build: None
Release date: September 2013
Release notes version: 5.0
Language supported: English (US)
ENH ID 0318404: The NetScaler DNS64 feature responds with a synthesized DNS AAAA record to an IPv6 client sending an AAAA request for an IPv4-only domain. The DNS64 feature is used with the NAT64 feature to enable seamless communication between IPv6-only clients and IPv4-only servers. DNS64 enables discovery of the IPv4 domain by the IPV6 only clients, and NAT64 enables communication between the clients and servers.
For synthesizing an AAAA record, the NetScaler appliance fetches a DNS A record from a DNS server. The DNS64 prefix is a 96-bit IPv6 prefix configured on the NetScaler appliance. The NetScaler appliance synthesizes the AAAA record by concatenation of the DNS64 Prefix (96 bits) and the IPv4 address (32 bits).
ENH ID 0345912: The NetScaler now provides a wizard that simplifies the task of setting up a NetScaler appliance for a XenApp/XenDesktop deployment. For more information, see Setting Up NetScaler for XenApp/XenDesktop.
ENH ID 0413542: The first-time setup wizard now has separate subnet mask fields for the NetScaler IP (NSIP) and subnet IP (SNIP) addresses.
ENH ID 0346988: When you upgrade a NetScaler VPX instance on an SDX appliance, a new window, Upgrade Progress, shows the status of the upgrade operation, including any error messages. This feature is also available for SecureMatrixGSB and Websense Protector virtual machines.
ENH ID 0401113: The SDX SVM now allows you to configure 8 channels on a VPX instance.
Issue ID 0303060: Application firewall statistics are not supported for NetScaler classic policies. If you need to see numbers of policy hits and other statistics, you must use NetScaler default syntax policies.
Issue ID 0361970: When a NetScaler session expires, a session expiry message appears in the graphical user interface, and the user has to manually enter the IP address or the domain name of the NetScaler appliance in the address bar to log back on.
Issue ID 0401451: The NetScaler appliance, configured to function as DNS forwarder or DNS resolver, may becomes unresponsive whenever it receives UDP DNS truncated response from a name server.
Issue ID 0390545 (nCore): A NetScaler nCore appliance uses multiple CPU cores (Packet Engines) for packet handling. Every session on the appliance is owned by a packet engine (PE). If the appliance receives a request for which a session does not already exist, a session is created, and one of the PEs is designated as the owner of that session. Subsequent requests that belong to that session might not always arrive at and be handled by the owner PE. During the time that the PE gets details about the session from the owner PE, the packet is corrupted.
Issue ID 0398327: You can now bind a StoreFront monitor to a service group. Each member of a service group is now monitored by using the member's IP address.
The -hostname parameter is no longer required and is deprecated.
To determine whether to use HTTP (the default) or HTTPS to send monitor probes, you must now use the -secure parameter. If your current StoreFront monitor configuration uses HTTP, you only have to remove the hostname parameter.
To use HTTPS, set the -secure option to Yes.
add lb monitor storefront_ssl STOREFRONT -storename myStore -storefrontacctservice YES -secure yes
Issue ID 0409028: If you unbind a load balancing (LB) monitor from its service, all the connections to the configured destination IP address (destip) and port (destport) of the LB monitor are closed. In a typical L3 Direct Server Return (DSR) deployment mode, the destip and destport of the LB monitor are actually the IP address and port of the virtual server. Therefore, in a typical L3 DSR deployment, if you unbind an LB monitor from its service, all the existing connections to the virtual server are closed. The same behavior is observed if you delete a service.
Issue ID 0406391: If you bind monitors to services, and then bind a DoS or SureConnect policy to one of these services, save the configuration, and restart the appliance, you lose information about monitors bound to any services created after the service to which you bound the policy was created. Also, if you run the show ns runningConfig command before restarting the appliance, the monitor binding information does not appear.
Issue ID 0399708: Syncookie cannot be disabled on a TCP profile that has MPTCP enabled.
Issue ID 0399938: The NetScaler appliance might not respond when TCP buffering and MPTCP is enabled.
Issue ID 0400888: The NetScaler appliance does not respond when using client IP insertion with MPTCP.
Issue ID 0401105: MPTCP transactions of a TCP profile with Selective ACKnowledgement and window scaling might not respond.
Issue ID 0399972: If you use the Management Service to delete a channel on which an L2 VLAN was created, the L2 VLAN setting on the NetScaler instance is not cleared. Therefore, the channel continues to be listed on the VLAN Settings page of NetScaler instance Modify NetScaler Wizard.
Issue ID 0400502: If, when provisioning or modifying a NetScaler instance, you configure an L2 VLAN on a channel that was created by using the Management Service, the configuration fails.
Issue ID 0405115: SSL certificate installation on a NetScaler instance from the SDX Management Service fails during validation if the SSL certificate does not have an associated key file.
Issue ID 0405921: The SVM restore operation of NetScaler instances fail as the SVM shuts down the NetScaler instances that are still being provisioned.
Issue ID 0410416: After the SDX appliance restarts, NetScaler VPX instances on the appliance cannot send packets tagged with VLAN IDs through an LACP channel.
Issue ID 0401303: When the conditions specified in an ACL rule includes the operator !=, the NetScaler appliance may not properly filter packets based on the ACL rule.
Issue ID 0402123: The NetScaler appliance might not send the received IPv6 fragments to the appropriate packet engine for processing, which might result in the NetScaler appliance becoming unresponsive.
Issue ID 0404861: If the NetScaler appliance has redundant L2 connectivity with a switch, the NetScaler appliance may mark its link-local IPv6 addresses as duplicate during the DAD (Duplicate address detection) process.
Issue ID 0405190: When IP fragments are received on a load balancing virtual server with client timeout parameter set to zero, the NetScaler appliance might dump core and then restart.
Issue ID 0409202: The NetScaler license is not processed if the configuration file (ns.conf) contains multiple instances of the host name, or if the host name in the ns.conf file is different from the host name in the rc.conf file. With this fix, if the ns.conf file contains multiple host names, only the name set by the set ns hostname command is used. Also, the host name in ns.conf no longer takes precedence over the host name in rc.conf.
Issue ID 0401455: Modifying the content with more than one callout results in incorrect computation of the content length. This issue is not observed if all the callouts use GET requests.
Issue ID 0353546: When you try to add a second name-based SNMP manager, you get an error message that says an SNMP manger with that name already exists.
Issue ID 0391632: The output of the stat commands specified with -fullValues option is aligned incorrectly.
Issue ID 0391754: On a NetScaler MPX system, the SNMP count for the system's hardware memory and the show system memory display are incorrect. The amount of memory shown is larger than the actual amount.
Issue ID 0401111: If TCP buffering or caching is enabled on a NetScaler appliance receiving an ACK packet that has ACK_NO at the left edge of the SACK block, the packet engine enters a loop while processing the packet.
Issue ID 0402677: The NetScaler appliance might fail to respond if an ICMP error occurs when TCP buffering and integrated caching are enabled on the appliance.
Issue ID 0407868: Remote monitoring of a high capacity appliance, such as a NetScaler MPX 22000, might indicate a drop in performance even though performance remains robust. The apparent problem is the result of a pause in the stream of monitoring data, not an actual drop in throughput.
Issue ID 0407974: A session is not freed when port allocation fails. The session is getting matched and the NetScaler fails when it tries to access other linked sessions which are NULL.
Issue ID 0388563: The following behavior occurs during a high availability force failover on a NetScaler appliance that has active ICA session applications launched:
Issue ID 0372768: If you use the default browser PDF plugin to view an application firewall report, embedded links might be inactive.
Workaround: Use the Adobe PDF browser plugin.
Issue ID 0323213: In a cluster setup, globally bound DNS policies are listed multiple times in the Bind/Unbind DNS Policy(s) to Global dialog box.
Issue ID 0361793 (nCore and nCore VPX): The count of the number of load balancing virtual servers, which is shown in the configuration summary, includes the load balancing virtual server that is created during the configuration of EdgeSight Monitoring, even though that load balancing virtual server is not displayed in the Load Balancing > Virtual Servers pane.
Issue ID 0374304: If you access the configuration utility through Internet Explorer 9 or 10 and rename a virtual server, a No such resource error message appears, even if the rename operation is successful.
Workaround: Use the mouse to click the OK button, instead of pressing the ENTER key on the keyboard.
Issue ID 0374437: If, when using the configuration utility to configure the NetScaler appliance, you press Alt+Tab to switch between programs, the current dialog box might disappear, hidden behind the main configuration utility screen. To reach the dialog box, press Alt+Tab a second time.
Issue ID 0388534: If you access the NetScaler configuration utility from the Start screen on a Windows 8 machine, the Java based configuration views are not displayed.
Workaround: Switch to the Desktop screen to display Java based configuration views. Microsoft Windows 8 does not support plug-ins on the Start screen, and therefore Java cannot run on the Start screen. For more information, see http://www.java.com/en/download/faq/win8_faq.xml
Issue ID 0389328: If you use the Google Chrome browser to access the NetScaler configuration utility, and the monitor resolution is low, you might not be able to use the mouse to scroll the screen.
Workaround: Use the arrow keys on the keyboard to scroll the screen.
Issue ID 0403766: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the application firewall policies through the Security settings will result in erroneous condition.
Issue ID 0409057: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, you get a distorted view of the published resources when you apply the application firewall settings in the Security section.
Issue ID 0409605: When using the Traffic Management > Load Balancing > Set up NetScaler for XenApp/XenDesktop wizard, the compression feature is not enabled on the appliance and for the service groups.
Workaround: Enable compression on the appliance by using the enable ns feature CMP command. Also, enable compression for the service groups by using the set servicegroup <name> -CMP on command.
Issue ID 0411152: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, applying the Optimization settings results in the unavailability of applications/desktops on accessing StoreFront through VPN.
Workaround: Do not apply the optimization settings.
Issue ID 0413087: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, if you configure XenDesktop and later edit the Xen Farm settings to have only XenApp, the XenDesktop bound to the Web Interface site of type Xenappservices in not modified. Therefore, published resources of both, XenApp and XenDesktop, are displayed when accessing the Web Interface site through Receivers.
Issue ID 0414361: When you click the Edit link to update the configurations specified in the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, an error is displayed when you try to apply the optimization settings.
Workaround: Edit the XenFarm section (no actual changes required), click Continue and then apply the optimization settings.
Issue ID 0414422: When using the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, Web Interface on NetScaler does not publish XenDesktop applications if the load balancing virtual server is configured to listen on two XenDesktop servers.
Issue ID 0414431: When using the Traffic Management > Load Balancing > Set Up NetScaler for XenApp/XenDesktop wizard for the first time, if you cancel the operation, the configurations that you performed are not cleared and you cannot access the wizard again.
Workaround: Do not cancel the wizard during the first setup. If you want to change some configuration, go through the entire flow, click Done, and then return to the wizard and click the Edit link to update the required configuration.
Issue ID 0414760: When editing the Xen Farm settings in the Traffic Management > Load balancing > Set Up NetScaler for XenApp/XenDesktop wizard, load balancing configuration is lost if you switch from XenApp or XenDesktop to Both or from Both to XenApp or XenDesktop. This issue is observed only when Web Interface on NetScaler is the integration point.
Issue ID 0414807: When using the Traffic Management > Load Balancing > Set up NetScaler for XenApp/XenDesktop wizard, an error is displayed if:
Issue ID 0399575: When you configure load balancing virtual servers in a content switched environment, the service types of primary and backup virtual servers must be the same. If you assign a backup virtual server with a service type of TCP to a load balancing virtual server with a service type of HTTP, any content switching action bound to the load balancing virtual server fails.
Issue ID 0370607: The configuration utility procedures in the NetScaler 10.1 documentation have not been updated to reflect the new top-level nodes. See http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-1-map/ns-rn-changes-gui-10-1-con.html, for information about the new node structure.
Issue ID 0376662: The NetScaler appliance might fail in the following set of circumstances:
On the appliance, you have configured DNSSEC offload and enabled NSEC record generation for a zone.
The appliance receives a DNS NODATA/NXDOMAIN query for that zone, over TCP, and the DNSSEC OK bit in the query is set.
Issue ID 0369946: If you bind an FTP user monitor to an IPv6 service, the state of the service is shown as DOWN.
Issue ID 0383812: A monitor of type CiTRIX-wi-EXTENDED fails if the script name and site path arguments are not explicitly set.
add monitor wi-mon CiTRIX-wi-EXTENDED -userName administrator -password freebsd -domain xendt -sitePath "/Citrix/XenApp set monitor wi-mon CiTRIX-wi-EXTENDED -scriptname "nswi.pl" set monitor wi-mon CiTRIX-wi-EXTENDED -sitePath "/Citrix/XenApp
Issue ID 0331338: With USIP enabled, MPTCP requests do not go through.
Issue ID 0400819: MPTCP does not support FTP data connections.
Issue ID 0400861: Virtual servers to which a listen policy is bound accept connections from the first subflow only.
Issue ID 0400875: Multiple spillover persistence sessions are created for a single MPTCP transaction.
Issue ID 0401793: MPTCP does not support IPv6 addresses.
Workaround: Copy and paste the expression from a notepad.
Object does not support this property or method.
Workaround: Restart the NetScaler Insight Center appliance.
Workaround: To upgrade to build 120.13, perform a fresh installation. To retain your existing configurations, make sure that the IP address of the NetScaler appliance and the IP address of NetScaler Insight Center remain the same.
Issue ID 0370574: After you create a channel on 1/x or 10/x interfaces, the NetScaler instance might show the status of the member interfaces as Error-Disabled (in the command line) or DOWN (in the configuration utility).
Workaround: After using the Management Service to create a channel, restart the SDX appliance.
Issue ID 0384909: If you disable an interface of an LA channel configured on a NetScaler instance running on a NetScaler SDX appliance, the SDX appliance does not notify the peer device that the interface is disabled. Therefore, the peer device might send traffic to the disabled interface.
Workaround: Disable the interface of the peer device so that it does not send traffic to the disabled interface of the SDX appliance.
Issue ID 0399057: If, when provisioning a SECUREMATRIX GSB instance, you configure the management IP address on a 1/x or 10/x interface, the instance is not reachable through the network.
Issue ID 0399630: If you use the Management Service to bind a new interface to an LACP channel, the member interfaces of the channel are reset. As a result, the traffic is not evenly distributed among the interfaces in the channel.
Issue ID 0400651: If you create a channel on interfaces 0/1 and 0/2 by using the Management Service, and then provision a third-party instance and configure the management network for that instance on the newly created channel, the third-party instance is not reachable on the network.
sysctl netscaler.ns_vpx_halt_method=2
sysctl netscaler.ns_vpx_halt_method=2
Issue ID 0371613: In a high availability configuration with the network firewall mode set to BASIC on the current secondary node, synchronization of configuration files from the primary to secondary node fails, regardless of whether you run the sync HA files command from the NetScaler command line or use the Start HA files synchronization dialog box in the configuration utility.
Workaround: Add the following extended ACL on each of the nodes of an HA configuration:
add acl <aclname> -srcIP <NSIP of the peer node> -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.27 -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.9 -protocol TCP -destport 22
Issue ID 0383958: $ is an invalid value for the port parameter of any extended ACL, but no error message appears if you specify this value. If, while using the configuration utility to configure an extended ACL, you set the port parameter to $, no error message appears, but the ACL is not configured.
Issue ID 0399436: The NetScaler appliance does not create session entries for ICMPv6 packets that match a forwarding-session rule.
Issue ID 0385217: On the MPX 8200/8400/8600 and MPX 5550/5650 platforms, if a 1G data port is connected but disabled, the status of the peer port on the switch might be shown as UP after the MPX appliance restarts.
Issue ID 0410251: With recent versions of the ixgbe driver, the dmesg.boot file and the show interface command report that the FTLX1471D3BCV-I3 LR SFP+ port is unsupported. This issue occurs with the following releases and builds:
Release 10.1 starting build 112.15 or later
Release 10 build 74 or later
Release 9.3 build 62.4 or later
Release 9.3.e build 59.5003.e or later
Issue ID 0390584: You cannot use the configuration utility to define classic SSL policies. However, you can use the configuration utility to bind and unbind classic SSL policies.
Workaround: Use the CLI to define classic SSL policies.
Issue ID 0368982: After you import a custom data source, the charts for the counters under System entities statistics are inaccurate, because of issues in the third party charting engine.
Issue ID 0343395: On the NetScaler appliance, TLS protocol version 1.2 does not support a client certificate with an RSA 4096-bit key.
Issue ID 0345883: On the NetScaler appliance, TLS protocol version 1.2 does not support ephemeral Diffie-Hellman cipher suites.
Issue ID 0388481: When upgrading from release 9.3 to 10.1, the following SNMP alarms throw a time argument error: IP-CONFLICT, HA-LICENSE-MISMATCH, and HA-PROP-FAILURE. This issue occurs because, in version 10 and later, the time parameter is deprecated for these SNMP alarms.
Workaround: Before upgrading to release10.1, update the ns.conf file by removing the time parameter for these three alarms from the set snmp alarm command.
Issue ID 0411613: The NetScaler appliance can crash when there are split ICA frames that span 2 CGP frames with other CGP packets in between.
bindservicegroup_state2
unsetnslimitidentifier_selectorname. Instead use unsetnslimitidentifier_selector.
Release version: Citrix NetScaler, version 10.1 build 119.7
Replaces build: None
Release date: July 2013
Release notes version: 5.0
Language supported: English (US)
ENH ID 0320221: NetScaler appliances now support Multipath TCP (MPTCP). MPTCP is a TCP/IP protocol extension that identifies and uses multiple paths available between hosts to maintain the TCP session. You have to enable MPTCP on a TCP profile and bind it to a virtual server. When MPTCP is enabled, the virtual server functions as an MPTCP gateway and converts MPTCP connections with the clients to TCP connections that it maintains with the servers.
For more information, see MPTCP (Multi-Path TCP).
ENH ID 0311623: Call Home can now upload your NetScaler appliance's data to the Citrix TaaS server through a proxy server.
For more information, see Configuring Call Home.
ENH ID 0329710: The NetScaler can now export values of custom HTTP headers to the NSWL client. You can configure up to a maximum of two HTTP request header names and two HTTP response header names.
For more information, see Exporting Custom HTTP Headers.
ENH ID 0367021: You can now back up the NetScaler appliance at any time and then use the backup to restore the same appliance to that state.
For more information, see Backing Up and Restoring the NetScaler Appliance.
ENH ID 0236218: When configuring the Safe Commerce (credit card) check, you can now configure the application firewall to check the MIME/type of HTTP responses and skip responses that are not of the appropriate content type for Safe Commerce filtering. You can use this configuration option to prevent false positives.
To enable MIME/type checking, at the NetScaler command line type the following command:
bind appfw profile <name> -inspectResContentType <type>
For <name>, substitute the name of the profile. For <type>, substitute a string that matches the MIME/type. For example, to check for and skip PDF content sent to the library profile, you would type the following:
bind appfw profile library -inspectResContentType "text/PDF"
To disable a MIME/type rule that you have previously enabled, use the unbind command:
unbind appfw profile <name> -inspectResContentType <type>
ENH ID 0395659: AppFlow can now export ICA records from NetScaler appliances that have enterprise licenses. This ensures that HDX insight reports for NetScaler appliances with enterprise licenses are now available on the NetScaler Insight Center.
ENH ID 0403114: An option Recursion Available is added for the load balancing virtual servers of type DNS and DNS TCP to control the RA (Recursion Available) flag in all the DNS responses from these virtual servers.
Issue ID 0387049: When importing a keytab while setting up a KCD account, AAA might fail to extract the SPN from the keytab, causing the import to fail.
Issue ID 0403027: The application firewall includes an extraneous line break in the hidden field that it adds to forms as part of the form field consistency check. This line break is not javascript-compliant and can cause issues with javascript-enhanced forms.
Issue ID 0401148: The NetScaler cache fails to respond to a request in which an absolute URL does not include a slash (/) after the host name.
Issue ID 0372535: The pagination count on the page listing SSL policies that can be bound does not display the correct values.
Issue ID 0385305: In a GSLB setup, if you perform auto synchronization and the configuration file in your local site contains the add locationFile command, the command is not synchronized to the remote location.
Issue ID 0351870: If you change the load balancing group of a virtual server that has a large number of SSL sessions, the appliance might fail.
Issue ID 0383402: If a virtual server is UP because the service(s) are in Transition Out-Of-Service (TROFS) state, the clients do not respond due to requests being queued at the virtual server rather than at the services. Instead, the client must issue 503 or RST.
Issue ID 0401118: On a NetScaler appliance or VPX that is configured for load balancing in an environment that includes a Microsoft SQL server database, when a client sends a large number of long queries to the MSSQL database, the appliance or VPX might hang or crash.
Issue ID 0402472: If you attempt to create a KCD service account on a NetScaler appliance or virtual appliance that has AAA-TM enabled and integrated caching disabled, a buffer overflow might load the appliance or cause it to fail.
Issue ID 0400409: If you modify a NetScaler instance from the Management Service, binding 1/x and 10/x interfaces to an L2 VLAN fails.
Issue ID 0400607: If you create a static channel, you cannot use the Management Service to remove more than one member interface at a time from the channel.
Issue ID 0366321: The Network Visualizer does not display the bound IP addresses of a configured VLAN.
Issue ID 0402068: With Random source port selection for Active FTP enabled on the NetScaler appliance, when an FTP server initiates a connection from the standard TCP port number 20, the NetScaler appliance uses a random port instead of port 20 for the client side data connection.
Issue ID 0402123: The NetScaler appliance might not send the received IPv6 fragments to the appropriate packet engine for processing, which might result in the NetScaler appliance becoming unresponsive.
Issue ID 0391238: When an HTTP callout is configured with a virtual server that has a widcard port, the NetScaler appliance fails to respond the first time the callout is triggered.
Issue ID 0400084: An attempt to establish an HTTPS connection to a NetScaler FIPS appliance through a Chrome browser fails, because the browser sends a SPDY-NPN extension by default, and the NetScaler FIPS appliance does not support the NPN extension.
Issue ID 0400649: In the NetScaler configuration utility, the FipsKey parameter does not appear in the Install certificate dialog box. As a result, you cannot add a certificate-key pair on an MPX FIPS appliance by using the configuration utility.
Issue ID 0390257: SNMP returns incorrect values for the ifOutOctets and ifInOctets counters.
Issue ID 0394724: The SNMP module allocates memory for all OIDs in an SNMP request and queues them for further processing. With a large number of SNMP requests (each request with possibly hundreds of OIDs), the result can be a memory shortage that in turn leads to memory allocation failures.
Issue ID 0395735: The NetScaler appliance dumps a core when you create a cluster or a high availability setup on an appliance that has a TFTP load balancing virtual server.
Issue ID 0404094: If the SNMP service has the NSI_NS_SERVICE flag set, and you clear the configuration, the NetScaler appliance crashes.
Issue ID 0388563: The following behavior occurs during a high availability force failover on a NetScaler appliance that has active ICA session applications launched:
Issue ID 0303060: Application firewall statistics are not supported for NetScaler classic policies. If you need to see numbers of policy hits and other statistics, you must use NetScaler default syntax policies.
Issue ID 0372768: If you use the default browser PDF plugin to view an application firewall report, embedded links might be inactive.
Workaround: Use the Adobe PDF browser plugin.
Issue ID 0399596: When you update the application firewall signatures from the NetScaler command line, you must first update the default signatures, and then issue additional update commands to update each custom signatures file that is based on the default signatures. If you do not update the default signatures first, a version mismatch error prevents updating of the custom signatures files. For example, if you had two sets of custom signatures, named custom_signatures and custom_signatures_2, that were based on copies of the default signature file, you would update the signatures on your NetScaler appliance by issuing the following commands:
Issue ID 0323213: In a cluster setup, globally bound DNS policies are listed multiple times in the Bind/Unbind DNS Policy(s) to Global dialog box.
Issue ID 0361793: (nCore and nCore VPX) The count of the number of load balancing virtual servers, which is shown in the configuration summary, includes the load balancing virtual server that is created during the configuration of EdgeSight Monitoring, even though that load balancing virtual server is not displayed in the Load Balancing; Virtual Servers pane.
Issue ID 0374304: If you access the configuration utility through Internet Explorer 9 or 10 and rename a virtual server, a No such resource error message appears, even if the rename operation is successful.
Workaround: Use the mouse to click the OK button, instead of pressing the ENTER key on the keyboard.
Issue ID 0374437: If, when using the configuration utility to configure the NetScaler appliance, you press Alt+Tab to switch between programs, the current dialog box might disappear, hidden behind the main configuration utility screen. To reach the dialog box, press Alt+Tab a second time.
Issue ID 0388534: If you access the NetScaler configuration utility from the Start screen on a Windows 8 machine, the Java based configuration views are not displayed. Workaround : Switch to the Desktop screen to display Java based configuration views. Microsoft Windows 8 does not support plug-ins on the Start screen, and therefore Java cannot run on the Start screen. For information, see http://www.java.com/en/download/faq/win8_faq.xml
Issue ID 0389328: If you use the Google Chrome browser to access the NetScaler configuration utility, and the monitor resolution is low, you might not be able to use the mouse to scroll the screen.
Workaround: Use the arrow keys on the keyboard to scroll the screen.
Issue ID 0399575: When configuring load balancing virtual servers in a content switched environment, the service types of primary and backup virtual servers must be the same. If you assign a backup virtual server with a service type of TCP to a load balancing virtual server with a service type of HTTP, any content switching action bound to the load balancing virtual server fails.
Issue ID 0370607: The configuration utility procedures in the NetScaler 10.1 documentation have not been updated to reflect the new top-level nodes. See http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-1-map/ns-rn-changes-gui-10-1-con.html, for information about the new node structure.
Issue ID 0376662: The NetScaler appliance might fail in the following set of circumstances:
On the appliance, you have configured DNSSEC offload and enabled NSEC record generation for a zone.
The appliance receives a DNS NODATA/NXDOMAIN query for that zone, over TCP, and the DNSSEC OK bit in the query is set.
Issue ID 0401451: The NetScaler appliance, configured to function as DNS forwarder or DNS resolver, may becomes unresponsive whenever it receives UDP DNS truncated response from a name server.
Issue ID 0398327: Monitoring of StoreFront servers fails if they are part of a cluster and the StoreFront monitor is bound to the entire service group. The StoreFront monitor probe fails because individual members have different host names.
Workaround: If the StoreFront servers are part of a cluster, Citrix recommends that you add them as individual services instead of as members of a service group.
Issue ID 0369946: If you bind an FTP user monitor to an IPv6 service, the state of the service is shown as DOWN.
Issue ID 0383812: A monitor of type CiTRIX-wi-EXTENDED fails if the script name and site path arguments are not explicitly set.
add monitor wi-mon CiTRIX-wi-EXTENDED -userName administrator -password freebsd -domain xendt -sitePath "/Citrix/XenApp set monitor wi-mon CiTRIX-wi-EXTENDED -scriptname "nswi.pl" set monitor wi-mon CiTRIX-wi-EXTENDED -sitePath "/Citrix/XenApp
Issue ID 0406391: If you bind monitors to services, and then bind a DoS or SureConnect policy to one of these services, save the configuration, and restart the appliance, you lose information about monitors bound to any services created after the service to which you bound the policy was created. Also, the monitor binding information does not appear if you run the show ns runningConfig command before restarting the appliance.
Issue ID 0331338: With USIP enabled, MPTCP requests do not go through.
Issue ID 0399708: Syncookie cannot be disabled on a TCP profile that has MPTCP enabled.
Issue ID 0399938: The NetScaler appliance might not respond when TCP buffering and MPTCP is enabled.
Issue ID 0400819: MPTCP does not support FTP data connections.
Issue ID 0400861: Virtual servers with listenPolicy specified, accept connections from the first subflow only.
Issue ID 0400875: Multiple spillover persistence sessions are created for a single MPTCP transaction.
Issue ID 0400888: The NetScaler appliance does not respond when using client IP insertion with MPTCP.
Issue ID 0401105: MPTCP transactions of a TCP profile with Selective ACKnowledgement and window scaling might not respond.
Issue ID 0401793: MPTCP does not support IPv6 addresses.
Workaround: Start the session again.
Workaround: The correct value is displayed in the page.
Object does not support this property or method.
Workaround: Restart the appliance by running the following command on the command line interface:
#/etc/rc.d/analyticsd restart
Issue ID 0370574: After you create a channel on 1/x or 10/x interfaces, the NetScaler instance might show the status of the member interfaces as Error-Disabled (in the command line) or DOWN (in the configuration utility).
Workaround: After creating a channel by using the Management Service, restart the SDX appliance.
Issue ID 0384909: If you disable an interface of an LA channel configured on a NetScaler instance running on a NetScaler SDX appliance, the SDX appliance does not notify the peer device that the interface is disabled. Therefore, the peer device might send traffic to the disabled interface.
Workaround: Disable the interface of the peer device so that it does not send traffic to the disabled interface of the SDX appliance.
Issue ID 0399057: If, when provisioning a SECUREMATRIX GSB instance, you configure the management IP address on a 1/x or 10/x interface, the instance is not reachable on the network.
Issue ID 0399630: If you use the Management Service to bind a new interface to an LACP channel, the member interfaces of the channel are reset. As a result, the traffic is not evenly distributed among the interfaces in the channel.
Issue ID 0399972: If you use the Management Service to delete a channel on which an L2 VLAN was created, the L2 VLAN setting on the NetScaler instance is not cleared. Therefore, the channel continues to be listed on the VLAN Settings page of the NetScaler instance's Modify wizard.
Workaround: Modify the NetScaler instance and remove the nonexistent channel from the VLAN settings page.
Issue ID 0400502: If, when provisioning or modifying a NetScaler instance, you configure an L2 VLAN on a channel that was created by using the Management Service, the configuration fails.
Issue ID 0400651: If you create a channel on interfaces 0/1 and 0/2 by using the Management Service, and then provision a third-party instance and configure the management network for that instance on the newly created channel, the third-party instance is not reachable on the network.
sysctl netscaler.ns_vpx_halt_method=2
sysctl netscaler.ns_vpx_halt_method=2
Issue ID 0371613 : In a high availability configuration with the network firewall mode set to BASIC on the current secondary node, synchronization of configuration files from the primary to secondary node fails, regardless of whether you run the sync HA files command from the NetScaler command line or use the Start HA files synchronization dialog box in the configuration utility.
Workaround: Add the following extended ACL on each of the nodes of an HA configuration:
add acl <aclname> -srcIP <NSIP of the peer node> -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.27 -protocol TCP -destport 22
add acl ACL-example -srcIP 198.51.100.9 -protocol TCP -destport 22
Issue ID 0383958: $ is an invalid value for the port parameter of any extended ACL, but no error message appears if you specify this value. If, while configuring an extended ACL by using the configuration utility, you set the port parameter to $, no error message appears, but the ACL is not configured.
Issue ID 0399436: The NetScaler appliance does not create session entries for ICMPv6 packets that match a forwarding-session rule.
Issue ID 0385217: On the MPX 8200/8400/8600 and MPX 5550/5650 platforms, if a 1G data port is connected but disabled, the status of the peer port on the switch might be shown as UP after the MPX appliance restarts.
Issue ID 0390584: You cannot use the configuration utility to define classic SSL policies. However, you can use the configuration utility to bind and unbind classic SSL policies.
Workaround: Use the CLI to define classic SSL policies.
Issue ID 0368982: After you have imported a custom data source, the charts for the counters under System entities statistics are inaccurate, because of issues in the third party charting engine.
Issue ID 0343395: On the NetScaler appliance, TLS protocol version 1.2 does not support a client certificate with an RSA 4096-bit key.
Issue ID 0345883: On the NetScaler appliance, TLS protocol version 1.2 does not support ephemeral Diffie-Hellman cipher suites.
Issue ID 0388481: When upgrading from release 9.3 to 10.1, the following SNMP alarms throw a time argument error: IP-CONFLICT, HA-LICENSE-MISMATCH, and HA-PROP-FAILURE. This issue occurs because, in version 10 and later, the time parameter is deprecated for these SNMP alarms.
Workaround: Before upgrading to release10.1, update the ns.conf file by removing the time parameter for these three alarms from the set snmp alarm command.
bindservicegroup_state2
unsetnslimitidentifier_selectorname. Instead use unsetnslimitidentifier_selector.
Release version: Citrix NetScaler, version 10.1 build 118.7
Replaces build: None
Release date: June 2013
Release notes version: 3.0
Language supported: English (US)
The NetScaler VPX virtual appliance is supported on Microsoft Hyper-V Server 2012 and VMware ESX 5.1 virtualization platforms.
ENH ID 0364085: You can now create a load balancing monitor for an Oracle DBMS server by using the new Oracle-ECV monitor type. The supported data types are BINARY_DOUBLE, BINARY_FLOAT, CHAR, DATE, INTERVALDS, INTERVALYM, NUMBER, NVARCHAR, TIMESTAMP, TIMESTAMP_WITH_LOCAL_TIME_ZONE, and TIMESTAMP_WITH_TIME_ZONE.
You can configure the monitor by using the NetScaler command line or the configuration utility.
add lb monitor <monitorName> oracle-ecv [ parameters... ]
add lb monitor oracle-monitor5 ORACLE-ECV -userName hr -database xe -sqlQuery "select Name from testlb" -evalRule "ORACLE.RES.ATLEAST_ROWS_COUNT(1)"
To create or configure an Oracle-ECV monitor by using the configuration utility, navigate to Traffic Management => Load Balancing => Monitors, and then click Add to create the monitor or select an existing monitor and then click Open to configure the monitor.
ENH ID 0365382: Citrix NetScaler deployed with XenMobile Mobile Device Management (MDM) provides the ability to scale, ensure high availability for apps, and maintain security.
For more information, see the "NetScaler and XenMobile Solution for Enterprise Mobility" deployment guide.
ENH ID 0349674: A NetScaler MPX appliance for customers in Russia initially ships with a low encryption license. After proper authorization from the Russian agency, customers can upgrade to a Standard, Enterprise, or Platinum software edition, which enables high-encryption SSL performance on the appliance.
The look and feel of the first time user wizard has changed.
ENH ID 0322368: You must upgrade the NetScaler SDX appliance to XenServer version 6.1.0 to enable functionality of some features, such as LACP and third-party virtual machines. The process of upgrading the XenServer software involves uploading the build file of the target build to the Management Service, and then upgrading the XenServer software.
ENH ID 0257892: You can now configure link aggregation from the Management Service at the time of provisioning a NetScaler instance, or later by modifying an instance. An aggregated link is also known as a channel. The interfaces that form part of a channel are not listed in the Network Settings view shown when you add or modify a NetScaler instance. Instead of the interfaces, the channels are listed.
To access NetScaler documentation on eDocs, see http://support.citrix.com/proddocs/topic/netscaler/ns-gen-netscaler-wrapper-con.html.
Workaround: Use the Adobe PDF browser plugin.
For example, if you have two sets of custom signatures named custom_signatures and custom_signatures_2 that are based on copies of the default signatures file, you would update the signatures on your NetScaler appliance by issuing the following commands:
update appfw signatures "*Default Signatures" update appfw signatures "custom_signatures" update appfw signatures "custom_signatures_2"
Workaround: Make sure you delete existing TFTP load balancing virtual servers before creating the cluster or high availability setup.
Workaround: Use the mouse to click the OK button instead of pressing the ENTER key on the keyboard.
Workaround: Do not change the default pagination value (25). If you change the default pagination value and the appliance prompts you to stop running the script, choose to continue.
Workaround: Switch to the Desktop screen to display Java based configuration views. Microsoft Windows 8 does not support plug-ins in the Start screen, and therefore Java cannot run in the Start screen. For information, see http://www.java.com/en/download/faq/win8_faq.xml.
Workaround: Use the arrow keys on the keyboard to scroll the screen.
See Configuration Utility Changes, for information on the new node structure.
add monitor wi-mon CiTRIX-wi-EXTENDED -userName administrator -password freebsd -domain xendt -sitePath "/Citrix/XenApp set monitor wi-mon CiTRIX-wi-EXTENDED -scriptname "nswi.pl" set monitor wi-mon CiTRIX-wi-EXTENDED -sitePath "/Citrix/XenApp
Workaround: Start the session again.
Workaround: The correct value is displayed in the page.
Workaround: To view the details, click the help icon in the graphical user interface when the help page opens, click on the TOC tab and navigate to NetScaler Insight Center 10.1 > Enabling Data Collection.
Workaround: After creating a channel by using the Management Service, restart the SDX appliance.
Workaround: Disable the interface of the peer device so that it does not send traffic to the disabled interface of the SDX appliance.
Workaround: Modify the NetScaler instance and remove the non-existent channel from the VLAN settings page.
Workaround: Provision the NetScaler instance again.
sysctl netscaler.ns_vpx_halt_method=2
sysctl netscaler.ns_vpx_halt_method=2
add acl <aclname> -srcIP <NSIP of the peer node> -protocol TCP -destport 22
For example, for an HA configuration in which the primary node's NSIP address is 198.51.100.9 and the secondary node's NSIP address is 198.51.100.27, you would run the following command on the primary node:
add acl ACL-example -srcIP 198.51.100.27 -protocol TCP -destport 22
and the following command on the secondary node:
add acl ACL-example -srcIP 198.51.100.9 -protocol TCP -destport 22
Workaround: Disable SPDY in the Chrome browser.
Workaround: Use the command line interface.
Workaround: Before upgrading to 10.1, update the ns.conf file by removing the time parameter for these three alarms from the set snmp alarm command.