Posts

Blank WebInterface screen after updating SSL certificate on NetScaler

Since I’ve replaced a SSL certificate on the NetScaler of a virtual server, external users complained that after they logged in on the NetScaler, they see a blank screen and that’s it. The only change was the SSL certificate, and it was a valid certificate. The fact that users are able to see the login page of the NetScaler and are able to log in confirms that.

Rebooting at that moment was not an option because the NetScaler was doing a lot more than just acting as an access gateway. Removing and adding the particular SSL certificate on the virtual server did not fix the issue either. With no actual error message I quickly ran out of options.

After reproducing the login steps I noticed that after logging in, I was able to see the webpage of Web Interface with my available apps/desktops for less than a second–too short to start a session with a published app/desktop. But long enough to think that there was something wrong with the Web Interface.

I just opened the Web Interface Wizard to check if there was some option I could reconfigure, but just walking through the wizard was enough to repair the blank screen issue (see screenshots below).

  1. Introduction screen of the Web Interface Wizard.

  1. Web Interface Site settings. Should already be filled in. In case its not, switch
    the “Default Access Method” to the appropriate method.

  1. Customization screen of the Web Interface Site. Should already be filled in.

  1. This screen refers to the chosen default access method (screenshot 2). It should
    already be filled in.

  1. Give the XenApp/XenDesktop farm a name and add the IP address of the XML server.

  1. Summary.

After finishing the wizard, the Web Interface webpage should work correctly. The fix is that the newly uploaded SSL certificate binds to the virtual server of XenApp.

Adding SSL certificates on the NetScaler

Note: This blogpost is also posted on my personal blog.

There are a lot of different certificate file formats that can be involved in a SSL certificate implementation as explained in my previous blogpost. This blogpost focused on the different methods to create and import these files onto the Citrix NetScaler and showing you how to assign the right SSL certificate to your virtual server for load balancing or gateway services. You can read all about the different certificate (and certificate archives) file formats in my previous post.

Read more

Citrix NetScaler 10.1: Where did the Configuration Wizard go?

Configuration WizardA vanilla Citrix NetScaler shows the configuration wizard right after a users authenticates using the GUI. The configuration wizard enables basic configuration like the NetScaler IP (NSIP), Subnet IP (SNIP), hostname, DNS, Time Zone and Administrator Password.

Sometimes it’s useful to open the configuration wizard after it is closed (for instance if you want to change the host name via the GUI). up to NetScaler 10.0 there was a Setup Wizard button on the System > System Information page.

Read more

Citrix: NetScaler applet hangs at 99% “Logging in”

When a Citrix NetScaler is configured using a graphical interface a browser is used to connect to the Citrix NetScaler. Starting NetScaler release 10 a part of the configuration is migrated from Java Applets to HTML5, but most configuration are still depending on Java Applets.

When you open a more advanced configuration the Java Applet is loaded automatically., If it hangs at 1% “Downloading Applet…” you might want to read this article.If it hangs at 99% “Logging in” continue reading.

Logging in

Read more

Citrix: NetScaler hangs at Downloading Applet….

With the release of Java Runtime Environment (JRE) 7 update 45  new security measurements are introduced. Oracle describes the impact of the updated security baseline in this blog. While security is an important topic (especially when web applications are involved) breaking applications due to raised security could result in the opposite.

In case you’re running JRE 7u51, please read this article with an update.

Downloading applet...Citrix NetScalers are managed with a web interface which uses HTML5 and Java applets. With new security measurements these applets hang at “Downloading Applet…”

At the moment of writing there are two features that need to be disabled to enable the Java Applets of the Citrix NetScaler (as described by Barry Schiffer in this article):

  • Disable Temporary Internet Files
  • Lower Security

While this solves the problem (of not being able to administer a Citrix NetScaler) is potentially creates a new: the security level is lowered for the entire JRE. While Oracle was trying to increase the security for Java Applets with this update the opposite is achieved Sad smile.  Fortunately there is a way to lower the security for specific addresses Smile

Read more

Citrix: Import NetScaler (10.1 Build 120.13) on Hyper-V Server 2012R2 / 8.1

Hyper-V did not find virtual machines to import from locationI tried importing a Citrix NetScaler Virtual Appliance on a Windows 8.1 machine and received the error “Hyper-V did not find virtual machines to import from location”. Importing the same appliance on Windows Server 2012 did work.

The cause of this error is that the virtual machine is exported from a Windows Server 2008R2 server (running Hyper-V 2) and Microsoft deprecated the WMI root\virtualization namespace v1 in Windows Server 2012 (Hyper-V 3) and removed it Windows Server 2012 R2 (see TechNet).  There’s no support for the old WMI format.

Read more

Netscaler X – Connection limit to CFE exceeded

Author: Ingmar Verheij

Connection limit to CFE exceededWhen you try to connect to the admin console (dashboard) of a NetScaler X you get the error “Connection limit to CFE exceeded”. If you login via SSH is seems the credentials are invalid.

Users with a different username are able to login. In this example vtsha_admin is unable to login, nsroot can login..

Read more

Manage Citrix NetScaler X with IE9

Author: Ingmar Verheij

NetScaler X

After an upgrade of a NetScaler from 9.3 to NetScaler X (NetScaler 10) I wasn’t able to manage it from Internet Explorer 9 (IE9).  All you would see is a grey bar on top and a white screen Bedroefde emoticon

I’’ve only been able to test this with a non-default (nsroot) username .

This is a known problem at Citrix, but unfortunately it isn’t solved (yet). Enabling or disabling the compatibility mode as described on this thread at Citrix forums didn’t solve the problem for a compete 100%. The ‘best’ workaround is to set the browser mode to Internet Explorer 8.

Read more