Jump to content
  • 0

Citrix Bot management - Default Bot Signature versions different in HA pair. Secondary will not upgrade from Base version 18 to 19


Josh Slaney

Question

Posted

I have an HA pair of netscalers running 13.1 code that seems to be having issues with the Bot signature download.   The feature is enabled on both appliances, but my primary has a base version of 19. My secondary has a base version of 18.  I have forced sync from the Primary to the secondary with success.   When I attempt to do the signature update from the secondary appliance I receive the following message:

> update bot signature "*Default Bot Signatures"
ERROR: The command was ignored.

Auto-update is configure on both appliances in the HA.  The /var/log/bot_auto_update.log shows:
2024-11-06 13:00:04,605 DEBUG Both pre and post SHA is same..
2024-11-06 13:00:04,605 DEBUG Default Bot Signatures are upto date

The var/log/ns.log file shows the same error message:
Command "update bot signature "*Default Bot Signatures"" - Status "ERROR: The command was ignored."

As a last ditch resort I've copied the following files and folders from the primary to the standby unit and reloaded the standby unit:

/nsconfig/bot_signatures/  -  I copied the whole bot_signatures folder to the standby appliance after removing the old folder
/netscaler/default_bot_id
/netscaler/default_bot_signatures.json
/netscaler/default_bot_signatures.schema

Even after copying these files from the primary to the standby manually I have yet to be able to get this to update to the base version of 19 for Bot signatures.

Heres the output from the appliances:
Primary:
> show bot signature
1)      Url: default_bot_signatures.json        Name: "*Default Bot Signatures"
        Creation Date: Wed Sep 18 10:00:07 2024
        Base Version: "19"      Size: 811064 bytes

Total signature Size:   0 bytes
Total Import Size:      2612024 bytes
 Done

Standby:
> show bot signature
1)      Url: default_bot_signatures.json        Name: "*Default Bot Signatures"
        Creation Date: Thu Aug  1 10:00:10 2024
        Base Version: "18"      Size: 820026 bytes

Total signature Size:   0 bytes
Total Import Size:      2612024 bytes
 Done

Is there another spot I should be looking for the default_bot_signatures.json?

4 answers to this question

Recommended Posts

  • 0
Posted

I was able to resolve this by copying the following files to the standby appliance:

/nsconfig/updated_bot_ids
/nsconfig/updated_bot_signatures.json
 

  • 0
Posted (edited)

Downloaded files in an HA pair will often not sync until an HA force sync has taken place.  Especially if your secondary device requires a SNIP to access internet locations, it wouldn't be able to personally download them until it is primary.

The next time you update the primary, try doing a force sync under HA and see if that moves the files.

Edited by Jeff Riechers
  • 0
Posted

Hi Jeff,

I was forcing an HA sync from the HA primary to the secondary.  I still couldn't get the base signature files to update to version 19 until I manually copied the files over and restarted the box.  The weird thing is that the HA sync was showing successful when i forced the sync. 

  • 0
Posted

Hi @Josh Slaney

Next time you notice the misalignment of the signatures, you can check the following:

You connect via CLI to the secondary node and run the command:

update bot signature

Then, check the event log of the secondary node to see what error is recorded.

As @Jeff Riechers mentioned, it’s likely that your secondary node doesn’t have internet access to perform the download due to missing permissions, firewall rules or because of the use of a route via NS SUBNET IP  (an IP owned only by the primary node)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...