Timo Schroeter1709161088 Posted September 21, 2020 Share Posted September 21, 2020 Hi @all!! I have two Citrix ADM HA nodes configured, 13.0.64.35, and added two Netscaler VPX200 (Enterprise) in HA mode, 12.1.58.15. If I enable and configure the AppFlow / Analytics all instances will discover successful, but on the VPX under AppFlow the Collector is "Down". Licenses and analysis for vServer are enabled. "Collector is not reachable from 1 instance." "Please check if Citrix ADC is able to reach the collector through SNIP" Ping from and to Collector/VPX is possible, Firewall log shows many successful entries IPFX Port 4739 but I'm unable to get any metric data. Thanks for your help! Timo Link to comment Share on other sites More sharing options...
CarlStalhood Posted September 21, 2020 Share Posted September 21, 2020 I think AppFlow uses NSIP as source while the Collector check uses SNIP as source. You can do a "nstcpdump.sh host ADM_IP" to see the traffic. Link to comment Share on other sites More sharing options...
Timo Schroeter1709161088 Posted September 21, 2020 Author Share Posted September 21, 2020 nstcpdump.sh shows activity from node 1 ADC to ADM floating IP Address on Port 4739 UDP. sh ip | grep shows me a configured SNIP, but this SNIP is not in local LAN but in DMZ. PING -S SNIP -> floating IP failure, 100% packets lost. We have to configure that Citrix ADM floating IP reaches to SNIP in DMZ? Is this correct? Link to comment Share on other sites More sharing options...
CarlStalhood Posted September 21, 2020 Share Posted September 21, 2020 Try: System > AppFlow > Change AppFlow Settings > checkbox Log Stream Over Citrix ADC IP 2 Link to comment Share on other sites More sharing options...
Timo Schroeter1709161088 Posted September 22, 2020 Author Share Posted September 22, 2020 At this time now, under Analytics -> HDX Insight -> Users ( and Desktops, Licenses) or Gateway Insight, there are some tracking values, but the warn message "Diagnostics for No Data" is still there. "Collector is not reachable". It seems the we must open the SNIP we really have to open the needed ports to the DMZ. However does not fit into our security concept. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now