Collector is not reachable

[Timo Schroeter1709161088]

Hi  @all!!

 

I have two Citrix ADM HA nodes configured, 13.0.64.35, and added two Netscaler VPX200 (Enterprise) in HA mode, 12.1.58.15.

 

If I enable  and configure the AppFlow / Analytics all instances will discover successful, but on the VPX under

AppFlow the Collector is "Down". Licenses and analysis for vServer are enabled. 

 

"Collector is not reachable from 1 instance."

"Please check if Citrix ADC is able to reach the collector through SNIP"

 

Ping from and to Collector/VPX is possible, Firewall log shows many successful entries IPFX Port 4739 but I'm unable to

get any metric data. 

 

Thanks for your help!

Timo

 

[CarlStalhood]

I think AppFlow uses NSIP as source while the Collector check uses SNIP as source. You can do a "nstcpdump.sh host ADM_IP" to see the traffic.

[Timo Schroeter1709161088]

nstcpdump.sh shows activity from node 1 ADC to ADM floating IP Address on Port 4739 UDP.

 

sh ip | grep

shows me a configured SNIP, but this SNIP is not in local LAN but in DMZ.

 

PING -S SNIP -> floating IP failure, 100% packets lost.

 

We have to configure that Citrix ADM floating IP reaches to SNIP in DMZ? Is this correct?

 

 

[CarlStalhood]

Try: System > AppFlow > Change AppFlow Settings > checkbox Log Stream Over Citrix ADC IP

[Timo Schroeter1709161088]

At this time now, under Analytics -> HDX Insight -> Users ( and Desktops, Licenses) or Gateway Insight, there are some tracking values,

but the warn message "Diagnostics for No Data" is still there. "Collector is not reachable". It seems the we must open the SNIP we really have to open

the needed ports to the DMZ. However does not fit into our security concept.