Jump to content
Welcome to our new Citrix community!

recently instance backup are encrypted (*.enc files)


Recommended Posts


we made Instance backup over CitrixApplication Delivery Management -> Configure System and Instance backup

recently the files are encrypted (*.enc files).


earlier they were not encrypted (*.tgz files).

Does anybody know, how i the encryption disable? Or I decrypt the enc-files?

Release is




Link to comment
Share on other sites

The newer versions of Citrix ADM can encrypt the system backups:

https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/networks/instance-management/backup-restore-netscaler-instances.html#:~:text=In Citrix ADM%2C navigate to,from the Select Action list.


Under System Settings > Instance Backup Settings where you normally set the backup frequency for managed instances, the latest ADMs have a Password Protect option to encrypt the backup file. You should be able to disable the setting there.

Link to comment
Share on other sites

Hello Rhonda,

no matter if i enable or disable the Passwort Protect Checkbox, the backup files always encrypted.

So my Desaster-Recovery does not work!

The Backup files were on a safe place in our second data center.

Before I restore, I need to change the IP-Adresses in the nsconf. But now it is impossible.

For me, a encrypted backup is useless.

Now  I must build an own backup script without CitrixApplication Delivery Management.

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 year later...

Hi Tango_ball,
this discussion is at least some years old, but I want to share the way you can open the encrypted ADC/Netscaler Backup which was created from ADM/MAS. This is not supported, but it works perfectly.


You need OpenSSL. The best way to decrypt the backup is directly from the ADM, since there are definetly all libraries installed you need, but it should work with any other OpenSSL Installation too.


1. Copy your encrypted ADC Backup file (*.tgz.enc) to your ADM (/var/tmp/*.tgz.enc)
2. Open a CLI Session and insert User "nsrecover" and your nsroot password
3. Change Directory to /var/tmp
4. Decrypt the file and confirm with your encryption password


openssl enc -aes256 -d -in backup_192.168.0.1_24Jun2022_04_00_02.tgz.enc -out backup_192.168.0.1_24Jun2022_04_00_02.tgz


5. The backup file is now decrypted (*.tgz). You can use tar or 7Zip to unpack it (*.tar) and unpack it again. Now you will see the nsconfig folder of your backed up ADC with all the saved SSL Certificates, monitors, loginschema, license and ns.conf file.


Best regards,

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...