Connecting the world…


NetScaler VPX – upgrade firmware

I am fairly new to NetScaler to I tried to upgrade the software via CLI. This is what I if done.

  1. Download the upgrade firmware via
  2. Backup the configuration
  3. Upgrade the software to the NetScaler appliance (I used pscp.exe on a Windows machine to upload the software to the directory /var/nsinstall/11.0/63.16. I created the directories 11.0/63.16 before uploading the firmware)
  4. Untar the software
  5. Install the software (relax and take your time)
  6. Reboot the appliance
  7. Verify the upgrade (show version)

When everything goes according to plan, you would see the following output:

root@netscaler# tar zxvf build-11.0-63.16_nc.tgz
x .ns.version
x ns-11.0-63.16.gz
x ns-11.0-63.16.sha2
x Citrix_Netscaler_InBuilt_GeoIP_DB.csv.gz

root@netscaler# ./installns
installns: [94606]: BEGIN_TIME 1444387063 Fri Oct 9 12:37:43 2015
installns: [94606]: VERSION ns-11.0-63.16.gz
installns: [94606]: VARIANT v
installns: [94606]: No options
installns: [94606]: prompting for reboot
installns: [94606]: END_TIME 1444387469 Fri Oct 9 12:44:29 2015

Installation has completed.

Reboot NOW? [Y/N]

NetScaler VPX – management certificate

I would like to upgrade my current NetScaler VPX Express configuration via GUI. For some security reason Internet Explorer and FireFox aren’t able to access the GUI. They return the error message that the NetScaler is using a wrong SSL certificate.

The default SSL self-signed certificate is installed on the appliance. I have uploaded a “real” certificate to content switch and load balancing. I would like to use the same certificate for GUI management. To change the certificate, access the NetScaler via SSH.

Check the current certificate run the following command and you will get the following output.

sh run | grep “bind ssl service”
bind ssl service nshttps-::1l-443 -certkeyName ns-server-certificate
bind ssl service nsrpcs-::1l-3008 -certkeyName ns-server-certificate
bind ssl service nskrpcs- -certkeyName ns-server-certificate
bind ssl service nshttps- -certkeyName ns-server-certificate
bind ssl service nsrpcs- -certkeyName ns-server-certificate

If you would like to see all your available certificate enter the following command.

> sh run | grep “ssl certKey”
add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key
add ssl certKey wildcart-booches-nl -cert sslcert-wildcard-booches-nl.pem -key passwd-private-wildcard-1route-nl.pem -passcrypt “adfadf&*fU=”
add ssl certKey root-booches -cert cacert.pem

I would like to bind the certificate “wildcard-booches-nl”, so I use the following commands to bind the certificate to the different management services.

bind ssl service nskrpcs- -certkeyName wildcard-booches-nl
bind ssl service nshttps- -certkeyName wildcard-booches-nl
bind ssl service nsrpcs- -certkeyName wildcard-booches-nl

Citrix WebInterface 5.3 on IIS7

While configuring a Citrix NetScaler 9.2 in conjunction with WebInterface 5.3 I received the following error message when executing a published application.

An error occurred while trying to access the requested resource.

I thought to myself….no problemo, since I blogged about this problem before (source). This solution didn’t help. After changing the RequireLaunchReference value I still receive the error while opening an application. The only difference is that the event viewer message isn’t generated anymore.

After searching the internet I found another Citrix knowledge base article, called “Application Launch Failure in Web Interface 5.0 through 5.3”. This article provided me with the solution.

It looks like IIS 7 differs quite a lot from earlier versions. Citrix’s background on the problem:

It is currently suggested not to run .NET 1.1 or .NET 4.0 on a windows 2008 Web Interface server that is using Web interface 5.0 through 5.3. The .Net Framework 2.0 common language runtimes will be used in conjunction with the 3.0 and 3.5.

Don’t ask me what it is, because I don’t know. Switches, routers, firewall and other networking components don’t use Microsoft .NET…..

Citrix Web Interface 5.3: An error occurred while making the requested connection

I tried to configure a Citrix Web Interface 5.3 server in conjunction with Citrix Presentation Server / XenApp 4.0 and a NetScaler. It is possible to login, but I cannot launch an application. When trying to launch an application I receive the following error message:

An error occurred while making the requested connection

I found an related article on the Citrix website. This article applies to Web Interface 5.2, but also works for Web Interface 5.3 The symptoms in the EventViewer for Web Interface 5.3 are different, but gives me more specifications about the problem. In the event log of the Web Interface 5.3 server you will receive the following error message.


After changing the RequireLaunchReference parameter in \inetpub\wwwroot\Citrix\XenApp\Conf\WebInterface.conf applications can be launched without any problems.

Add On: if the above solution doesn’t work, then a second solution for this problem can be found here

NetScaler CAG Customisation

I wanted to change the login screen of a NetScaler CAG, but I didn’t know which files to change. Luckily my college from DigiPulse and member of the Dutch Citrix User Group (DUCUG) gave me the solution by pointing me to the following blog post.

Hey mensen,

Op verzoek van Edwin Houben hieronder een overzicht van aanpassingen die ik heb gedaan om de website van te maken zoals hij nu is:

Design van de site is aan te passen in deze bestanden:
– /netscaler/ns_gui/vpn/index.html  (taal aanpassingen)
– /netscaler/ns_gui/vpn/login.js  (taal aanpassing gemaakt en custom error page)
– /netscaler/ns_gui/vpn/nsshare.js    (layout aanpassingen voor "vakken")
– /netscaler/ns_gui/vpn/images/caxtonstyle.css   (style codes)

Let er wel op dat als je de pagina’s aanpast dat deze na een reboot weer terug gezet worden naar de oude (fabrieksinstellingen), dit kun je voorkomen door de volgende instructie aan te houden:

Copieer de aangepaste documenten naar /var/vpn/custom/vpn/ (ook de images directory als je eventueel nieuwe plaatjes hebt toegevoegd) en as het script /flash/nsconfig/rc.netscaler aan door onderstaand commando toe te voegen:- cp /var/vpn/custom/vpn/*.html /netscaler/ns_gui/vpn/
– cp /var/vpn/custom/vpn/images/* /netscaler/ns_gui/vpn/images

Hierdoor worden je wijzigingen wel meegenomen bij een reboot.

Mijn excuses voor de korte uitleg, als ik ooit tijd heb maak ik een nieuwe handleiding voor zowel de 8.1 als de 9.0 netscalers.

Mochten jullie toch nog vragen of problemen hebben plaats ze hier of mail me op