Jump to content
Welcome to our new Citrix community!

NetScaler version 13 Intranet Application Resource issue - stripping out config


Recommended Posts

All

 

I have an issue on NetScaler build 13.0 (47.24). Whilst adding in AAA Groups and assigning resources to those groups, i have found that when i assign an Intranet Application that has a space in the name, the running config strips out lines of code. If i then remove the Intranet Application binding, the running config code comes back:

 

 

Normal config which i applied

bind aaa user xenapp -policy MobileAccess -priority 100 
bind aaa group Citrix-NS-ExternalContractors -policy "Ext_Contractors Session Policy" -priority 100 
bind aaa group Citrix-NS-ExternalContractors -urlName ITSHare 
bind aaa group Citrix-NS-DRAdminOnly -policy MobileAccess -priority 50 
bind aaa group Citrix-NS-DRAdminOnly -policy ICA-NOAV_VPN -priority 100 
bind aaa group Citrix-NS-WCBCStaffXenApp -policy MobileAccess -priority 100 
bind aaa group Citrix-NS-WCBCStaffXenApp -policy ICA-AV -priority 200 
bind aaa group Citrix-NS-ExternalContractorsFileUpload -policy "Ext_Contractors Session Policy" -priority 100 
bind aaa group Citrix-NS-ExternalContractorsFileUpload -urlName ITSHare 
bind aaa group ctxmobilelibrary -policy NWPMobileAccess -priority 50 
bind aaa group ctxmobilelibrary -policy NWPICA-AV -priority 100 
bind aaa group Citrix-NS-AlwaysOnVPN -policy AlwaysOnVPN_Pol -priority 100 
bind aaa group Citrix-NS-SSLVPN -policy FullVPN_AlwaysOn -priority 10 
bind tunnel global ns_tunnel_nocmp

 

Config after applying an Intranet Application with a space in the name

bind aaa user xenapp -policy MobileAccess -priority 100
bind aaa group Citrix-NS-ExternalContractors -policy "Ext_Contractors Session Policy" -priority 100
bind aaa group Citrix-NS-ExternalContractors -urlName ITSHare
bind aaa group Citrix-NS-ExternalContractors -intranetApplication "External Contractor Fileshare" -urlName ITSHare
bind tunnel global ns_tunnel_nocmp

 

 

So once i bind the "External Contractor Fileshare" intranet application to a AAA Group, the other AAA Group bindings are removed from the config. The GUI still shows the correct policy binding etc for  the AAA Groups and the policies are still used as normal, but if the NetScaler is rebooted, the config is stripped out as per the running config.

 

I have done some testing on this, and adding a Intranet Application with a name without a space works without any issues. This also only looks to be effecting NetScaler version 13.0 (I have tested 12.1 builds 55.18 and 48.13 and these are fine).

 

Has anyone seen similar, or can I put this down to the versions NetScaler bug?

Link to comment
Share on other sites

Hi,

I've got a similar issue on 13.0 47.24nc. Binding parameters on AAA groups work on CLI/WEBUI but it's not reflected on running configuration (show ns run).

Issue occur with AAA groups with and without space in name. I do not have spaces on intranet app.

Parameters not propagated :

 - bind aaa group <group with or without spaces> -policy <session/auth policy without spaces>

 - bind aaa group <group with or without spaces> - intranetApplication <intranetapp without spaces>

 

Case in progress with Citrix support team. Seen on a fresh install (last friday). I try to reproduce the issue on lab.

I'll update this post asap.

 

Youenn.

 

Link to comment
Share on other sites

It's a strange one. I went back onto the customer config and tested with an "intranet application" name without a space and this still stripped config out (although not as much).

 

For now I have removed the intranet application binding and everything is working and in the config as expected.

 

I'd appreciate if you could re-post the findings from Citrix support as your issue looks to be identical to mine

 

Olly

Link to comment
Share on other sites

  • 5 weeks later...

Hi Olly,

No real update at this time. Since my last post, I realized that my Citrix ADC lab test have the same behavior (13.0 47.23nc). I do not have any intranet application nor policy / aaa group or everything else with space on name.

If I remove every intranet application from my running config and I rebind all other policies, their are correctly showed on my running conf. If I bound one intranet application on a aaa  group, I lost a part of my running configuration (policies, authorization, intranet IP, intranet application...) on some but not all aaa group.

Very strange behavior, I am waiting a feedback from Citrix support.

 

I did not update my NetScaler to the last build yet.

Link to comment
Share on other sites

1 minute ago, Youenn ALLAIN said:

Hi Olly,

Citrix support confirmed this is an known issue. It has been fixed on latest 13.0 release : 52.24nc. This issue is not publicy adressed (nothing on release note).

I just update one NetScaler, no issue anymore.

 

Thanks for keeping me updated....I'll give the newer build a bash and see how it gets on

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...