Jump to content
Welcome to our new Citrix community!

How to get detailed information related to "Established Client vs. Server Connections"

Recommended Posts

Hi All,


Due to a sick colleague, I'm trying to back him up by monitoring the netscaler environment for him.

One of the counters is getting my attention. It is the "Established Client vs. Server Connections" which is showing
a high amount of connection like > under established server connections.


Because the firewall is not providing me the same information, I like to investigate if it is triggered from the inside.

How can I get a overview in more details related to the connections. What IP address is top, etc. 

Now I'm stuck with just a total, and can't figure out what this connections are about.

We are using the Citrix ADC VPX 3000.


Hope some of you can help me with this.







Link to comment
Share on other sites

Hi Julian,


We are using a couple of features within the appliance. The ICA connections I can trace, but its "Established Client vs. Server Connections" what is making me curious. connections is a lot, but because I can't trace this amount back on my FW, my first guess it is internal traffic. I need to figure out what system (IP) is 

the source or what IP is the destination.


So if there are multiple commands related to showing the connections, no problem. Regarding the amount I can figure out what part of the Netscaler I need to look at.




Link to comment
Share on other sites

  • 2 years later...

Sander, I know it has been quite some time but were you able to determine anything about the "Established Server Connections" with your ADC?  I'm recently migrated off an ADC 13.0-58.32.nc to an ADC 13.1-17.42.nc as the original was setup with a lot of issues.  One of these issues was that when it was running for some time it would then show Established Server Connections 4,294,967,285 which is real close to 4,294,967,295 (which is the maximum value of a 32-bit unsigned integer :: hexadecimal FFFF,FFFF).  During testing before rolling out the ADC 13.1-17.42.nc this issue did not rear it's head, but once again we're seeing this issue.


Edited by Jeffrey Faulstich
Noticed I had a typo of showing the actual Maximum 32-bit unsigned integer value when it was actually displaying a slightly lower value.
Link to comment
Share on other sites

I'm not sure if this 100% related, but I recently made changes to the "FastReconnect" on our Citrix VDA Servers when trying to resolve a different issue and looking back later the "Established Server Connections" is way down to a reasonable 6-20 Connections.



Name: FastReconnect

Registry Entry Type: REG_DWORD

Data: 0x0000000


We're occasionally seeing issues when a user logs into the ADC, loads up StoreFront and then selects their VDA "Desktop" icon and then an "Unknown" error is displayed after the "Connecting..." display.  Looking at the VDA Server System Logs I spotted some "TdIca" Event ID 1019 entries that are occurring when this happens.


Example below:

Log Name: System

Source: TdIca

Event ID:1019

General: The Citrix ICA Transport Driver connection from {%ADC_SNIP_IP%}:28308 to port 2598 received an invalid packet during its CGP handshake phase.


{%ADC_SNIP_IP%}=The Citrix Resource Network ADC Subnet IP Address.


The "FastReconnect" has not solved the "Connecting..." "Unknown Error" or the TdIca 1019 entries occasionally occurring.  However, there is a strong correlation to this change and the "Established Server Connections" suddenly being a reasonable number being displayed.

Link to comment
Share on other sites

Days later and the "Established Server Connections" has been behaving.  The VDA Desktop server TdIca 1019 "... received an invalid packet during its CGP - handshake phase."
 Events are still occasionally occurring.  Disabling "FastReconnect" correlation to the "Established Server Connections" seems to be very strong to me.  I'm looking at the EnableSSL  for ICA settings on the  VDA desktop servers to see that can change up the situation and keep traffic more secure even with in my Citrix Environment.


Which as a NOTE for anybody out there who wants to update their RDP-Tcp to use a Certificate. 


NEVER use the following wmic on a Citrix VDA Server:  

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting  Set SSLCertificateSHA1Hash="{%UPPERCASE_SHA1_Thumpbrint%}"


ALWAYS be specific and use a WHERE Conditional to ensure only "RDP-tcp" is targeted: 

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting WHERE "TerminalName='RDP-tcp'" Set SSLCertificateSHA1Hash="{%UPPERCASE_SHA1_Thumpbrint%}"

Of course, BEFORE you update RDP-Tcp be sure to check what the Certificate Thumbprint is of the previous situation with:

Get-WmiObject "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'"

I made the mistake and wmic updated all the "ICA-*" values underneath within (see REGISTRY Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations ).  Even after resetting or removing the SSLCertificateSHA1Hash REG_BINARY value in the ICA-* entries things were not working for Citrix VDA Desktop.  I ended up deleting the ICA-* Registry Keys and then Importing a copy from another VDA Desktop server from the same configuration/delivery group to restore functionality.


Numerous posts on Microsoft do NOT include the WHERE Filter in the update command which is very dangerous to an ICA-* server.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...