Tag Archives: netscaler

Blog, Citrix, NetScaler

NetScaler 10.5 – Cannot login admin GUI after firmware upgrade

Normally before you upgrade NetScaler you should check if you have NetScaler Gateway theme customised and set theme to Default from the NetScaler Gateway Global Settings and Client Experience tab before doing upgrade. If you forgot to do that and already upgraded NetScaler you might find out that admin GUI login won’t work anymore. Here are the steps to fix that.

Go to NetScaler console.

Change to default theme:

>set vpn parameter -UITHEME DEFAULT

Save NetScaler configuration:

>save ns config

Reboot device:


After device comes up, you should be able to login via admin GUI again.


If you want to apply customised theme back again after firmware upgrade, change NetScaler Gateway UI theme back to Green Bubble from GUI. Make your customisations on it and when you are happy for the results, run the following commands in NetScaler shell:

Backup current configuration:

# cd /nsconfig
# cp ns.conf ns.conf.save

Create custom theme:

# mkdir /var/ns_gui_custom
# cd /netscaler
# tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*

This creates the file customtheme.tar.gz which are used by NetScaler Gateway and also makes sure the NetScaler Gateway customisation is retained after reboot. Now change Custom theme back from the NetScaler Gateway Global Settings and Client Experience tab.





Views: 3944

Read More
Blog, Citrix, Exchange, Load Balancing, NetScaler

How to configure NetScaler with Exchange 2013 Load Balancing via command line

Here is an example how to configure Microsoft Exchange 2013 Load Balancing on Citrix NetScaler appliance.

This guide assumes that you are already imported certificate on the NetScaler from the Windows Exchange CAS Servers (or any other)

As done in here:

Take a full backup of your current NetScaler configuration:

create system backup -level full

Add Exchange Client Access (CAS/SMTP) Servers:

add server EX2013-01
add server EX2013-02

Create Service Group for SSL:
(Do Not copy-paste “\”None”” commas!)

add serviceGroup service-EXCHANGE-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appf DISABLED
bind serviceGroup service-EXCHANGE-SSL EX2013-01 443 -CustomServerID “\”None\””
bind serviceGroup service-EXCHANGE-SSL EX2013-02 443 -CustomServerID “\”None\””

Bind default HTTP monitor to Service Group:

bind serviceGroup service-EXCHANGE-SSL -monitorName https

Create and Configure Virtual Server for SSL:

add lb vserver vserver-EXCHANGE-SSL SSL 443 -persistenceType SOURCEIP -cltTimeout 180
set ssl vserver vserver-EXCHANGE-SSL -tls11 DISABLED -tls12 DISABLED
bind lb vserver vserver-EXCHANGE-SSL service-EXCHANGE-SSL

Bind certificate to SSL Service Group and Virtual Server:

bind ssl serviceGroup service-EXCHANGE-SSL -certkeyName janikohonen.com
bind ssl vserver vserver-EXCHANGE-SSL -certkeyName janikohonen.com

Save your configuration:

save ns config


Create and modify SMTP monitor:

add lb mon smtp SMTP
set mon smtp SMTP -interval 30 seconds -resptimeout 5 seconds -downtime 120 seconds

Create Service Group for SMTP:
(Do Not copy-paste “\”None”” commas!)

add serviceGroup service-EXCHANGE-SMTP TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appf DISABLED
bind serviceGroup service-EXCHANGE-SMTP EX2013-01 25 -CustomServerID “\”None\””
bind serviceGroup service-EXCHANGE-SMTP EX2013-02 25 -CustomServerID “\”None\””

Bind SMTP monitor to Service Group:

bind serviceGroup service-EXCHANGE-SMTP -monitorName smtp

Create and Configure Virtual Server for SMTP:

add lb vserver vserver-EXCHANGE-SMTP TCP 25 -persistenceType SOURCEIP -cltTimeout 180
bind lb vserver vserver-EXCHANGE-SMTP service-EXCHANGE-SMTP

Save your configuration:

save ns config




Views: 10322

Read More
Blog, certificate, Citrix, NetScaler, Windows

How to create, export and install SSL certificate from the Windows Server to the NetScaler


This is an example how to create, export and install Windows Server Root CA signed certificate to the NetScaler appliance.

Create Certificate Request on Windows Server:


Choose Request a certificate on your Windows CA:

Choose advanced certificate request:

Choose Submit a certificate…:

Copy-Paste your Certification Request and choose Certificate Template Web Server:

Download and save your certificate:

Complete your Certificate Request:

Open Certificates MMC Snap-in, choose certificate and and export:

Log in to your NetScaler 10.1 and install certificate (for NetScaler 10.5 same method works, GUIs look is just a bit different)

Choose Import PKCS#12:

Choose Output file name whatever you want, browse PKCS#12 certificate file we just exported and type Password we created in certificate export phase:

Choose Manage Certificates / Keys / CSRs:

Download certificate .key file, change filetype association from .key to the .cer and upload it back to the NetScaler:

Choose Install…

Install certificate:

And that’s it! Now you have properly exported and installed certificate on your NetScaler.





Views: 3735

Read More
1 2