Simon Cooper

Hector, no solution as yet. we have found that using HTTP for the LB vserver rather than HTTPS works just fine. would love to find a solution for HTTPS but as yet there is nothing. Simon

This worked a treat, many thanks Chris.

Have 2 x NetScaler VPX (different sites) each with a single gateway vserver. Originally configured as stand alone with SAML authentication to AzureAD. Result is I have 2 x URL's which resolve to individual NetScaler's with SAML actions that point to their own individual Azure enterprise applications. (ns1.corp.com and ns2.corp.com) I now a add GSLB (access.corp.com) configuration on top of this using the same gateway vservers. I have a new SAML action and Azure enterprise application. Each NetScaler has 2 x Authentication policies with expression of "true" and their own Authentication action configured for either ns1.corp.com or access.corp.com. How do I or can I change the expression "true" to one that allows for both of these authentication policies to be bound to the gateway vserver and the correct action to be applied based on the URL entered by user. I looked and tested expression HTTP.REQ.URL.CONTAINS("access.corp.com") and HTTP.REQ.URL.CONTAINS("access.corp.com").NOT but this didn't seem to work. I'm new to this expression writing and would appreciate some guidance from you guru's out there. thanks Simon

Help please. I have NetScaler v13.1 build 42.47 configured with NetScaler OTP. StoreFront server is a LB vserver on a NetScaler VPX on the LAN side of my gateway. We can authenticate fine, aaad.debug shows success. Then browser hangs at either tmindex.html or index.html I have googled these errors and the majority of suggestions are around the Theme being corrupted during upgrade. There is a nice piece "discussion.citrix.com" which suggests some cli commands to view the ns.log while testing authentication. One command (tail -F /var/log/ns.log | grep -v CMD_EXEC) has in the output the message "ns_aaa_login_handler: Login request is not expected to be encrypted" which when googled suggests issues with the Theme. But everything I find refers to old releases, v13.0 v12.1 etc. So questions? How do I resolve this issue as the version I am running is the latest? Do I go back to a previous v13.1 release? Anyone got any suggestions/pointers/hints? I would appreciate any help and guidance thanks Simon

Hi Terry, appreciate the response, but ADM shows nothing. There are no events showing for the time or even the date of the failover.

Chris, Yes, we uploaded the support bundle from the current Primary to CIS and it didn't show anything of note. We have issues with uploading the support bundle for the secondary, CIS reports it is corrupt and we have a ticket open for this with Citrix. I was wondering, as I can unzip the the support bundle and all looks fine, if there was anywhere within the files were I can look and maybe see why the failover happened? thanks for the response, appreciated Simon

I have a support bundle created 24hrs after a failover of an HA pair. ADM tells me there was a failover but nothing else. were in the logs can I go to find if there was any reason for the failover recorded? Can you point me at any KB articles ect. on the subject of Why my NetScaler failed over? thanks

Richard, thank you.

Question asked by customer. Not sure of version they are coming from. In SD-WAN there is a table, sure there was one for ADC but having trouble finding one. Any help appreciated thanks Simon