Jump to content
Welcome to our new Citrix community!

LB LDAP not working after upgrade to 13.0.52.24


Recommended Posts

You’re not alone.

 

Errors that the vserver is reachable, but 389/636 are not?

 

Directly setting the DC works, from the same SNIP, this is internal stack on the ADC.

 

In the vserver give it a vacant but valid new IP and change the auth server and it may work.

 

Delete the VS completely and remove the IP, then recreate. This worked for me, but LDAPS fails intermittently.

 

I had substituted a new vServer with a new IP and 10 days later had a full fail.

 

Ticket open with Citrix, will let you know what I find. 

Link to comment
Share on other sites

1 hour ago, Omar Hempsall1709158465 said:

You’re not alone.

 

Errors that the vserver is reachable, but 389/636 are not?

 

Directly setting the DC works, from the same SNIP, this is internal stack on the ADC.

 

In the vserver give it a vacant but valid new IP and change the auth server and it may work.

 

Delete the VS completely and remove the IP, then recreate. This worked for me, but LDAPS fails intermittently.

 

I had substituted a new vServer with a new IP and 10 days later had a full fail.

 

Ticket open with Citrix, will let you know what I find. 

I also have a ticket open with Citrix, that's been escalated.

Link to comment
Share on other sites

Have you tried a nstrace? What's in it?

Does netscaler send an RST Package to the Request? Is there an error code in the WIN Frame?

I had a similar issue a few days ago with the latest version of Citrix ADC 13.0. LDAPS has stopped working (only the lb vserver, the members were reachable and also showing as UP in the service group and using the DCs directly did also work). 

If I delete the vserver and create it again it works and after about 3-4 days the error is the same. 

I would be curious what's in your trace and if this is similar.

 

Thanks,

Best Regards,

Mary

Link to comment
Share on other sites

On 5/3/2020 at 7:44 PM, Marion Bauer1709159214 said:

Does netscaler send an RST Package to the Request? Is there an error code in the WIN Frame?

I had a similar issue a few days ago with the latest version of Citrix ADC 13.0. LDAPS has stopped working (only the lb vserver, the members were reachable and also showing as UP in the service group and using the DCs directly did also work). 

If I delete the vserver and create it again it works and after about 3-4 days the error is the same. 

Sounds exactly the same, Mary... - Citrix Support took the traces away yesterday, said I'd be hearing back today.

 

Considering downgrading to 47.24 if Citrix can't turn this around quickly. - We were seeing unexpected failovers with earlier version though, but at least not full auth outages!

Link to comment
Share on other sites

In my case citrix told me that the error is there cause I have the same VLAN on two interfaces bound. Strange thing is that I can solve this issue by using another port for the vserver other than 636. Since I only need it for the authentication on netscaler (auth vserver and a citrix gateway) I simply took another port and so far it seems to be working but I am not done with testing yet.

 

I know that having a VLAN bound to two interface is not okay and I would never ever recommend to do so, but I don't see why this should be the cause here. It has worked before on what would be diffrent on another port!?

I consider downgrading to 12.1 ... 

I am curious what the result of your case will be!

 

Thanks!

 

 

Link to comment
Share on other sites

I have the same problem and also have a case open. I upgraded one node to 13.0.52.24, when this one is primary ldap isn´t working. When i make the old one primary it is working again, so this is my workaround for now. When I change ldap to ssl/636 it also works, but then password change isn´t working, so this is no solution.

I´m talking about about the ldap vserver here, the connection to the domain controllers are over ssl/636, only the connection from ADC to the ldap lb vserver (internal) has to be unencrypted on port 389.

 

Greetings

Link to comment
Share on other sites

  • 3 weeks later...
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...