Blog, Citrix, Exchange, Load Balancing, NetScaler

Citrix NetScaler Console Commands to Load Balance Microsoft Exchange 2013 with Content Switching

NetScaler console commands to Load Balance Microsoft Exchange 2013 CAS Servers with Content Switching and advanced monitoring. Pre-requirements; NetScaler Server certificate exported and installed from Exchange CAS server.

It might take one full day and lot of coffee to configure this from NetScaler GUI, via console commands you’ll do it in couple of minutes.

You can just copy paste this whole script to your NetScaler console, remember to install cert first and you probably want to change IP addresses and server names before executing commands 🙂

More information about Load Balancing Exchange 2013:


add server EXCHANGE01
add server EXCHANGE02
add server EXCHANGE03
add serviceGroup service_group_cas_owa SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_rpc SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_ews SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_activesync SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_autodiscover SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_ecp SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_mapi SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_oab SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_smtp TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
add lb vserver exchange_v_cas_owa SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_rpc SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_activesync SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_ews SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_autodiscover SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_ecp SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_mapi SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_oab SSL 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_smtp TCP 25 -persistenceType NONE -Listenpolicy NONE -cltTimeout 9000
add cs vserver exchange-cs-cas-vserver SSL 443 -cltTimeout 180 -Listenpolicy NONE
add cs action exchange_cs_act_owa -targetLBVserver exchange_v_cas_owa
add cs action exchange_cs_act_activesync -targetLBVserver exchange_v_cas_activesync
add cs action exchange_cs_act_rpc -targetLBVserver exchange_v_cas_rpc
add cs action exchange_cs_act_ews -targetLBVserver exchange_v_cas_ews
add cs action exchange_cs_act_autodiscover -targetLBVserver exchange_v_cas_autodiscover
add cs action exchange_cs_act_ecp -targetLBVserver exchange_v_cas_ecp
add cs action exchange_cs_act_mapi -targetLBVserver exchange_v_cas_mapi
add cs action exchange_cs_act_oab -targetLBVserver exchange_v_cas_oab
add cs policy exchange_cs_pol_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/autodiscover")" -action exchange_cs_act_autodiscover
add cs policy exchange_cs_pol_ecp -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ecp")" -action exchange_cs_act_ecp
add cs policy exchange_cs_pol_mapi -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(“/mapi”)” -action exchange_cs_act_mapi
add cs policy exchange_cs_pol_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/oab")" -action exchange_cs_act_oab
add cs policy exchange_cs_pol_ews -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ews")" -action exchange_cs_act_ews
add cs policy exchange_cs_pol_activesync -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/Microsoft-Server-ActiveSync")" -action exchange_cs_act_activesync
add cs policy exchange_cs_pol_owa -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/owa")" -action exchange_cs_act_owa
add cs policy exchange_cs_pol_rpc -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/rpc")" -action exchange_cs_act_rpc
bind lb vserver exchange_v_cas_owa service_group_cas_owa
bind lb vserver exchange_v_cas_rpc service_group_cas_rpc
bind lb vserver exchange_v_cas_ews service_group_cas_ews
bind lb vserver exchange_v_cas_activesync service_group_cas_activesync
bind lb vserver exchange_v_cas_autodiscover service_group_cas_autodiscover
bind lb vserver exchange_v_cas_ecp service_group_cas_ecp
bind lb vserver exchange_v_cas_mapi service_group_cas_mapi
bind lb vserver exchange_v_cas_oab service_group_cas_oab
bind lb vserver exchange_v_cas_smtp service_group_cas_smtp
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_autodiscover -priority 100
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_ecp -priority 110
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_mapi -priority 120
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_oab -priority 130
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_ews -priority 140
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_activesync -priority 150
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_owa -priority 160
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_rpc -priority 170
add lb monitor monitor-owa HTTP -respCode 200 -httpRequest "GET /owa/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-ews HTTP -respCode 200 -httpRequest "GET /ews/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-activesync HTTP -respCode 200 -httpRequest "GET /Microsoft-Server-ActiveSync/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-rpc HTTP -respCode 200 -httpRequest "GET /rpc/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-autodiscover HTTP -respCode 200 -httpRequest "GET /Autodiscover/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-ecp HTTP -respCode 200 -httpRequest "GET /ecp/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-mapi HTTP -respCode 200 -httpRequest "GET /mapi/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-oab HTTP -respCode 200 -httpRequest "GET /OAB/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-smtp SMTP -scriptName -dispatcherIP -dispatcherPort 3013 -LRTM DISABLED -deviation 0 -interval 30 -resptimeout 5 -downTime 2 MIN
bind serviceGroup service_group_cas_owa EXCHANGE01 443
bind serviceGroup service_group_cas_owa EXCHANGE02 443
bind serviceGroup service_group_cas_owa EXCHANGE03 443
bind serviceGroup service_group_cas_owa -monitorName monitor-owa
bind serviceGroup service_group_cas_rpc EXCHANGE01 443
bind serviceGroup service_group_cas_rpc EXCHANGE02 443
bind serviceGroup service_group_cas_rpc EXCHANGE03 443
bind serviceGroup service_group_cas_rpc -monitorName monitor-rpc
bind serviceGroup service_group_cas_ews EXCHANGE01 443
bind serviceGroup service_group_cas_ews EXCHANGE02 443
bind serviceGroup service_group_cas_ews EXCHANGE03 443
bind serviceGroup service_group_cas_ews -monitorName monitor-ews
bind serviceGroup service_group_cas_activesync EXCHANGE01 443
bind serviceGroup service_group_cas_activesync EXCHANGE02 443
bind serviceGroup service_group_cas_activesync EXCHANGE03 443
bind serviceGroup service_group_cas_activesync -monitorName monitor-activesync
bind serviceGroup service_group_cas_autodiscover EXCHANGE01 443
bind serviceGroup service_group_cas_autodiscover EXCHANGE02 443
bind serviceGroup service_group_cas_autodiscover EXCHANGE03 443
bind serviceGroup service_group_cas_autodiscover -monitorName monitor-autodiscover
bind serviceGroup service_group_cas_ecp EXCHANGE01 443
bind serviceGroup service_group_cas_ecp EXCHANGE02 443
bind serviceGroup service_group_cas_ecp EXCHANGE03 443
bind serviceGroup service_group_cas_ecp -monitorName monitor-ecp
bind serviceGroup service_group_cas_mapi EXCHANGE01 443
bind serviceGroup service_group_cas_mapi EXCHANGE02 443
bind serviceGroup service_group_cas_mapi EXCHANGE03 443
bind serviceGroup service_group_cas_mapi -monitorName monitor-mapi
bind serviceGroup service_group_cas_oab EXCHANGE01 443
bind serviceGroup service_group_cas_oab EXCHANGE02 443
bind serviceGroup service_group_cas_oab EXCHANGE03 443
bind serviceGroup service_group_cas_oab -monitorName monitor-oab
bind serviceGroup service_group_cas_smtp EXCHANGE01 25
bind serviceGroup service_group_cas_smtp EXCHANGE02 25
bind serviceGroup service_group_cas_smtp EXCHANGE03 25
bind serviceGroup service_group_cas_smtp -monitorName monitor-smtp
set ssl serviceGroup service_group_cas_oab -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_mapi -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_ecp -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_autodiscover -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_activesync -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_ews -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_rpc -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_owa -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl vserver exchange_v_cas_owa -ssl3 DISABLED
set ssl vserver exchange_v_cas_rpc -ssl3 DISABLED
set ssl vserver exchange_v_cas_activesync -ssl3 DISABLED
set ssl vserver exchange_v_cas_ews -ssl3 DISABLED
set ssl vserver exchange_v_cas_autodiscover -ssl3 DISABLED
set ssl vserver exchange_v_cas_ecp -ssl3 DISABLED
set ssl vserver exchange_v_cas_mapi -ssl3 DISABLED
set ssl vserver exchange_v_cas_oab -ssl3 DISABLED
set ssl vserver exchange-cs-cas-vserver -ssl3 DISABLED
bind ssl vserver exchange_v_cas_owa -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_rpc -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_activesync -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_ews -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_autodiscover -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_ecp -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_mapi -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_oab -certkeyName mail_janikohonen_com
bind ssl vserver exchange-cs-cas-vserver -certkeyName mail_janikohonen_com
save ns config




Views: 2015

Read More
Citrix, News, XenMobile

Now Available: XenMobile 10.1 MAM and Enterprise Edition Upgrade Tool

Citrix is pleased to announce the availability of the XenMobile 10.1 MAM and Enterprise Edition Upgrade Tool.

This tool was designed to automate the process of upgrading XenMobile 9.X MAM (Advanced Edition and App Edition) and Enterprise Edition deployments to the new XenMobile 10.1 platform. This upgrade tool is required for existing customers running XenMobile 9.x with an App Controller.

Where can I download the upgrade tool?

The XenMobile 10.1 MAM and Enterprise Upgrade Tool is currently available for download Citrix ID required.

What resources are available to help customers with the upgrade process?

In addition to the technical resources available on the Citrix download page, XenMobile eDocs will provide detailed technical information and instructions to help navigate the upgrade process. Click HERE for the eDocs instructions.





Views: 224

Read More
Citrix, News, XenMobile

Citrix XenMobile 10 MDM Upgrade Tool released!

XenMobile 10 MDM Upgrade Tool and MDX Toolkit Updates

The new MDM Upgrade Tool is designed to automate the process of upgrading XenMobile 9.X MDM Edition to the new XenMobile 10.0 platform. This tool is for customers running XenMobile MDM Edition only. Additional resources and documentation to support the MDM Upgrade Tool can be found here.

Note: Additional upgrade tools for XenMobile Enterprise Edition and App (Advanced) Edition are currently scheduled for Q2 2015 availability.

An updated version of the MDX Toolkit is also available for download. Customers who have updated Xcode are required to use the new MDX Toolkit (v The Toolkit update also includes a fix for App Store submissions for App Gallery partners. For a complete listing of “What’s New” with the MDX Toolkit and additional details please click here.





Views: 430

Read More
Apple, Blog, Citrix, XenMobile

How to obtain Apple Distribution Account

Apple Distribution account is required to wrapping iOS applications for XenMobile. To obtain access to the app wrapping prerequisites for iOS, you must register for an Apple distribution account. There are two types: Enterprise and Developer. Citrix strongly recommends Enterprise accounts.

  • For Enterprise accounts: You can deploy and test apps, without an App ID, on an unlimited number of devices. Distribute your Developer Certificate to your developers so they can sign apps.
  • For Developer accounts: Testing is limited to 100 devices. You must specify an App ID when deploying apps.

I will show steps how to obtain Developer account for my personal and lab use, however obtaining Enterprise account for the e.g. your Company, practice is the same.

1. Head to the URL and press Continue.

2. Apple ID is required to continue.

3. I would suggest to use your own personal Apple ID only for the Apple Developer account for personal use and create a new Apple ID for Apple Enterprise account.

4. Choose to enroll as an Individual or Company.

5. Fill your contact information and Continue.

6. Review your details and Continue.

7. Select your program. Both iOS and Mac Developer Programs are fine for application wrapping, I’m going to register in iOS Program.

8. Read carefully what you need to agree and press I Agree. 🙂

9. And you’re finally ready to Buy Now.

10. And you’re done! Log in to the Member Center

11. You’re purchase might not show in Member Center right away, so you might need to give an another 15-30 minutes to Apple update your purchase.

12. After Apple has updated your membership, now you are able to create Certificates and Profiles needed to wrap iOS applications. I will go it thru on my next blog post!




Views: 739

Read More
Blog, Citrix, Clustering, XenMobile

XenMobile 10 – Configuration Series Part 4: Cluster Configuration

Long story short – how to create XenMobile 10 Cluster fast!

Documentation for XenMobile 10 clustering hasn’t been released yet (12/3/2015), so here is the steps to add second node quickly into XenMobile Cluster configuration. In XenMobile 10, clustering the XenMobile virtual appliances has been really simplified.

After you have configured your first XenMobile servers, you need to enable Clustering if you didn’t on First Time Use Mode configuration phase.

1. Log in to your XenMobile server console and enable Clustering:

In Main Menu choose [1] Clustering -> [2] Enable/Disable cluster -> press y and enter to enable clustering and reboot virtual appliance.

2. Log in back to the console and open firewall port 80:

In Main Menu choose [0] Configuration-> [2] Firewall -> press y when asked HTTP Service Enable Access. Press enter to all the other settings to accept default choices.

3. Shut down your XenMobile server to make a clone of it.

4. Depending what virtualisation vendor/product you’re using, choose to create full clone of your XenMobile Server. When the clone process is completed, start the new cloned virtual appliance.  Make sure to leave the initial virtual appliance powered off.

5. Go to the Network settings and change IP address and reboot virtual appliance.

6. Power up another XenMobile server as well and wait until both are up.

7. Check the cluster status.

8. Check the Hazelcast cluster status. (yes, console has a typing error 🙂 If other node is not visible on the Hazelcast cluster status, reboot the node and check back again.

9. Log in the XenMobile Web Console, the IP address can be either of the cluster members.

10. Click the wrench icon next to the username to get Support site open.


11. Click Cluster Information and check Cluster Members and Hazelcast Cluster Information and you’re done!





Views: 2439

Read More
1 2 3 4 7