Upgrading NetScaler through GUI is not working

A customer asked me to upgrade a couple of High Available NetScaler pairs. If you’re familiar with
NetScalers and the upgrade process, you know that an upgrade trough the GUI is the easiest way to go. So after all the preparation (saving running config, backup config, snapshot. Blablabla…) I was ready to go.

The steps are very clear. Navigate to System – System Upgrade, choose the new firmware file and press Upgrade. After this a screen pops up saying “Uploading build…” (see below)

After the upload completes, normally the system upgrade window is coming up (see below)

But what if the system upgrade window is not coming up?? Is it spinning up the upgrade process, but not showing me the window?? Or is the operating system crashing?? Can I upload the new firmware again without braking something??
All those question where running through my head when this was happening to me. If you’re in the same situation like I was at that moment, don’t worry!

It seems like this is a bug and Citrix never fixed it. Some people say that it exists since version 10.x. You can try whatever browser you want, it won’t work. I’ve tested it on 2 more standalone NetScalers and 1 of them had the same bug. Normally after the upload the GUI triggers the “./installns” file, but in my case not. Also the “uploaded” firmware is nowhere to find on the appliance with WINSCP. With that in mind, for me, it’s not possible that the NetScaler is upgrading without notifying. So what now?

Citrix also made it possible to upgrade the NetScaler trough the CLI. Although this way isn’t efficient and is not adding anymore functionality for the upgrade process, it’s a good alternative in this case.

In a nutshell

  1. Use PuTTy to set up a SSH connection to your appliance.
  2. Type “shell” to go into the shell mode.
  3. Create a folder with the following command: “mkdir /var/nsinstall/<foldername>”
  4. Browse to that folder with the following command: “cd /var/nsinstall/<foldername>”
  5. With WINSCP, browse to that folder and upload the firmware update in that folder.
  6. Extract the firmware update with the following command: “tar –xvzf <filename>”
  7. Start the upgrade process with the following command: “./installns”
  8. When it’s finished press “Y” to reboot the appliance and you’re done.

For the Citrix version click here. Keep in mind that the GUI is way more efficient than the CLI. So if you ever want to upgrade from version 12.x to a higher version, first check if the luck is on your side by not having a buggy GUI.

Good Luck!

Blank WebInterface screen after updating SSL certificate on NetScaler

Since I’ve replaced a SSL certificate on the NetScaler of a virtual server, external users complained that after they logged in on the NetScaler, they see a blank screen and that’s it. The only change was the SSL certificate, and it was a valid certificate. The fact that users are able to see the login page of the NetScaler and are able to log in confirms that.

Rebooting at that moment was not an option because the NetScaler was doing a lot more than just acting as an access gateway. Removing and adding the particular SSL certificate on the virtual server did not fix the issue either. With no actual error message I quickly ran out of options.

After reproducing the login steps I noticed that after logging in, I was able to see the webpage of Web Interface with my available apps/desktops for less than a second–too short to start a session with a published app/desktop. But long enough to think that there was something wrong with the Web Interface.

I just opened the Web Interface Wizard to check if there was some option I could reconfigure, but just walking through the wizard was enough to repair the blank screen issue (see screenshots below).

  1. Introduction screen of the Web Interface Wizard.

  1. Web Interface Site settings. Should already be filled in. In case its not, switch
    the “Default Access Method” to the appropriate method.

  1. Customization screen of the Web Interface Site. Should already be filled in.

  1. This screen refers to the chosen default access method (screenshot 2). It should
    already be filled in.

  1. Give the XenApp/XenDesktop farm a name and add the IP address of the XML server.

  1. Summary.

After finishing the wizard, the Web Interface webpage should work correctly. The fix is that the newly uploaded SSL certificate binds to the virtual server of XenApp.

Citrix Service Provider (CSP) Portal and Citrix Licensing

One of our partners is using the CSP program from Citrix for their customers. Now, every month a CSP usage report must be made manually for all the customers and reported to Citrix.

With the Citrix Cloud Licensing Portal, that step is simplified. There are however a few guidelines for the Citrix Licensing servers that are hosted at the customer(s):

  • Naming convention

It is common to have a default name for a licensing server at the customers, for example “LIC01”. So if this name is used for all the customers, there is no way to differentiate in the new Licensing Portal.
So when you create the license, choose the FQDN of the license server as Hostname.

  • Minimum License Server version

Next is the version of the license server. This has to be Citrix Licensing 11.13.1 Build 16002
In this build the “Call Home” capabilities have been extended to detect CSP–licenses and report product usage to Citrix. This version is part of the Long Term Service Release (LTSR) version (XenApp 7.6)

  • Licensing Model

Now the confusing part. As part of the CSP Program, XenApp is required to be configured to use a usage-based licensing model. Therefore you cannot use concurrent licenses as part of the CSP program. But in the Licensing Model in Citrix Studio it is not possible to choose the User/Device Licensing option if you use XenApp as Edition. So you have to switch to XenDesktop and choose the edition that fits the need.

  • License Types

There are two types of licenses in the CSP Model, those are Premium and Base:

  • CSP Premium SKU – You can utilize XenApp Platinum components
  • CSP Base SKU – You are limited to utilizing XenApp Advanced components

In our case, the customers use “Base Licenses“ which means XenApp Advanced. The licenses that are created from the portal and based on the SKU’s already contain the XenDesktop license.

Next step is to change the Licensing Model matching license.
But wait, that is not possible from the GUI!

Powershell to the rescue!

  • Open a powershell window with the appropriate privilege and load the Citrix Snappin. Note that the Powershell SDK must be installed.
  • Here is the code:
    • Add-PSSnapinn Citrix*
    • Set-ConfigSite –ProductCode XDT –ProductEdition ADV –LicensingModel UserDevice

After these three steps the Citrix Licensing Server is reporting the correct usage to the new Cloud Portal and in an orderly fashion.

A trained Field Service Engineer who grew into the position of senior consultant at PepperByte. Enjoys the challenge of coming up with solutions for clients for their complex IT issues. Has plenty of experience with Microsoft, Citrix, RES and VMware products.

Core qualities
Professional, enthusiastic, pragmatic, sociable

Hobbies
Cycling, HiFi, going to concerts

Job description
Senior Consultant

Where did QFARM go in Xenapp 7.5, 7.6?

During the management of a xenapp 7 x environment I wanted a qfarm overview. I found out that this command no longer works. Why not?

This is because Xenapp 7.x uses the FMA protocol instead of the old IMA protocol.

How do I go to my qfarm overview?

Read more

Was once an enthusiastic PepperByte employee but is now working elsewhere. His blogs are still valuable to us and we hope to you too.

RES VDX 2014 with Citrix XenApp 6.5

res-vdx For a customer I’ve been asked to design a workstation with RES Virtual Desktop Extender (RES VDX) installed to deliver some problem applications in a proof of concept.

I am going to use RES VDX 2014 for my POC.

This customer is using Citrix XenApp 6.5 to deliver a published desktop. The user start menu is managed by the Citrix Program Neighborhood Agent. So all the start menu items are published applications.

Read more

Was once an enthusiastic PepperByte employee but is now working at Ivanti. His blogs are still valuable to us and we hope to you too.

Create a PowerShell Profile ready for XenDesktop Management

PowerShell_Logo Today I want to show you how to create a PowerShell instance that is all ready for managing a Citrix XenDesktop 7.1 environment.

We’ve all been there you want to check something quickly in your environment. You start up PowerShell, enter a command and you are presented with an error message that the command you just entered is not recognized by PowerShell.

Screenshot 2014-05-06 21.34.56

We get this error message not because of a typo but because the Citrix Snap-ins are not loaded in this PowerShell session.

Read more

Was once an enthusiastic PepperByte employee but is now working elsewhere. His blogs are still valuable to us and we hope to you too.

Dutch Citrix User Group (DuCUG) 2014 Experience

 

DuCUG

The atmosphere

DuCUG 1

This year the DuCUG Took place at the Dell Office in Amsterdam. The weather was great, the lunch was well cared for and the tickets were sold out. So it couldn’t be better. I experienced it as a tremendous day with a lot of informative sessions. In this article I will share my highlights of the day.

GPU-accelerated high-end graphics performance in Citrix XenServer / XenDesktop environments by Benny Tritch

GPU-accelerated high-end graphics performance in Citrix XenServer / XenDesktop environments This session was presented by Benny Tritsch (Chief Technology Officer with bluecue consulting). Benny has been working closely with Shaw Bass on testing the new GPU support of Citrix XenServer. Benny presented the possibilities between using different GPU Accelerating solutions on VDI environments. He showed us different example-movies and unbelievable results with these various examples. Some examples even showed better performance on your virtual desktop then a local computer. Read more at Benny’s own website.

Read more

Was once an enthusiastic PepperByte employee but is now working elsewhere. His blogs are still valuable to us and we hope to you too.

Citrix NetScaler 10.1: Where did the Configuration Wizard go?

Configuration WizardA vanilla Citrix NetScaler shows the configuration wizard right after a users authenticates using the GUI. The configuration wizard enables basic configuration like the NetScaler IP (NSIP), Subnet IP (SNIP), hostname, DNS, Time Zone and Administrator Password.

Sometimes it’s useful to open the configuration wizard after it is closed (for instance if you want to change the host name via the GUI). up to NetScaler 10.0 there was a Setup Wizard button on the System > System Information page.

Read more

Was once an enthusiastic PepperByte employee but is now working at Citrix. His blogs are still valuable to us and we hope to you too.

Citrix: NetScaler applet hangs at 99% “Logging in”

When a Citrix NetScaler is configured using a graphical interface a browser is used to connect to the Citrix NetScaler. Starting NetScaler release 10 a part of the configuration is migrated from Java Applets to HTML5, but most configuration are still depending on Java Applets.

When you open a more advanced configuration the Java Applet is loaded automatically., If it hangs at 1% “Downloading Applet…” you might want to read this article.If it hangs at 99% “Logging in” continue reading.

Logging in

Read more

Was once an enthusiastic PepperByte employee but is now working at Citrix. His blogs are still valuable to us and we hope to you too.

Citrix: NetScaler hangs at Downloading Applet….

With the release of Java Runtime Environment (JRE) 7 update 45  new security measurements are introduced. Oracle describes the impact of the updated security baseline in this blog. While security is an important topic (especially when web applications are involved) breaking applications due to raised security could result in the opposite.

In case you’re running JRE 7u51, please read this article with an update.

Downloading applet...Citrix NetScalers are managed with a web interface which uses HTML5 and Java applets. With new security measurements these applets hang at “Downloading Applet…”

At the moment of writing there are two features that need to be disabled to enable the Java Applets of the Citrix NetScaler (as described by Barry Schiffer in this article):

  • Disable Temporary Internet Files
  • Lower Security

While this solves the problem (of not being able to administer a Citrix NetScaler) is potentially creates a new: the security level is lowered for the entire JRE. While Oracle was trying to increase the security for Java Applets with this update the opposite is achieved Sad smile.  Fortunately there is a way to lower the security for specific addresses Smile

Read more

Was once an enthusiastic PepperByte employee but is now working at Citrix. His blogs are still valuable to us and we hope to you too.