Jump to content
Welcome to our new Citrix community!

App specific issues behind Netscaler

Kevin Kalis

Recommended Posts

So, I'm hoping someone can provide some guidance or wisdom on this, because we, as an organisation, are stumped.

We're migrating an application from behind a HAProxy to a Netscaler. We set it up with SSL front-end and HTTP backend.

Everything works on the Desktop website and Android tablet application, but iOS refuses to work. Just gets stuck on login page and eventually times out. This only happens behind the Netscaler, the HAProxy works fine.

We've tried bypassing SSL and doing it purely on HTTP basis, but that doesn't make any difference. Packet captures are no help either.

At this point, we just don't know, which is the worst place to be. We've created a support ticket for application, but I'm not holding my breath.

If anyone can give me some suggestions on where to look or any similar issues, I'd be eternally grateful.

Link to comment
Share on other sites

A couple of things to consider:

1) Which ADC Firmware?

2) Is this a WEB app or some other protocol (in case other considerations apply).


Next, for something that could affect all Mac but not win/mobile and SSL based, its possibly cert related:

1) either the ssl ciphers in use on the ADC compared to your previous proxy is supporting something the MAC doesn't like or not supporting something required.

2) the cert authority who signed your cert, may not be trusted or be built into the MAC OS, but is in the Win/Android.  This may also come down to version of Mac.

Also, clock or sync issues. Cookie type handling (if web again).


If it is a web app, see if different browsers on the Mac (as in not safari have different behaviors). So now is it mac vs. windows or safari vs other browsers.


Is this content that doesn't want to do ssl termination and expected ssl bridge instead? (or end to end ssl) Without know which app/protocol involves its hard to say if this is related. I doubt it but mentioning it.


Trace from the client to the netscaler to see if you have other information.


Link to comment
Share on other sites

Firmware is 13.1 build 49.13

This is a web app that uses HTTP protocol.

We've investigated the whole SSL/TLS process and found it not to be the issue. To confirm it, we added a HTTP frontend on the Netscaler without any SSL or certificates and we're getting the exact same behavior.

Additionally, we're only seeing it on the iOS app, browsers like Safari and Chrome on iOS work fine.

For reference, this is the app:

Problem is, the app works (with HAProxy) and doesn't (with the Netscaler) but we don't know why. We can't seem to trace anything either. We've now turned over the packet captures to the supplier, who's forwarded it onto their Devs, but we all know how that usually goes.

Link to comment
Share on other sites

If it is the app itself, you may want to check in with the vendor.


You could try turning off Private Wi-Fi and Limit IP Address Tracking.  If you have an access point that you can dedicate to the IOS device you could try doing a wireshark capture from that device.



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...