book

Troubleshooting NetScaler

by Raghu Varma Tirumalaraju

April 2016

Intermediate to advanced

270 pages

5h 47m

English

Packt Publishing

Read now

Unlock full access

eBooks, discount offers, and moreWhy subscribe?
What this book covers

ErrataPiracyQuestions
The NetScaler filesystemFolders on /flashFolders on /var
NetScaler IPVirtual IPMapped IPSubnet IPGSLB Site IP
GUICLIConsoleShellNitroSFTP
Endpoint and Nonend point modeANY, L4, or L7 modes
Modes that are enabled by defaultFast RampEdge ConfigurationUsing Subnet IPThe Layer 3 modePath MTU DiscoveryModes that are disabled by default
Load balancingConsiderationsStartup RR factorTo USIP or not to USIPChoosing a VIP typeSpecial considerations for load balancing Firewalls or CloudBridge appliancesPrefer Direct RoutevServer specific MAC – when daisy chaining FW VIPs or CloudBridge appliancesServices or ServiceGroupsCommon LB issuesTroubleshooting – unable to access a newly created VIPTroubleshooting application failures where VIP is UPTroubleshooting VIP performance issuesTroubleshooting VIP distribution issuesWhy is the table empty when I configure cookie persistency?What is the difference between established and open established?Troubleshooting intermittent issues
SSL deployment considerationsCertificatesUsing Wireshark to examine the handshakeSSL handshakeA session-reused handshakeSession reuse and troubleshootingDecrypting a trace using WiresharkWhat if I needed to share this key with the Citrix tech support for troubleshooting?Troubleshooting SSL issuesWireshark troubleshooting for SSL failuresSSL card failuresSSL security concernsEngaging with Citrix
Troubleshooting service unavailable errorsContent switching timeout errors
GSLB flowMetric Exchange ProtocolMEP versus monitorsRPC considerationsTroubleshooting GSLBDNS caching and GSLBMEP down issuesRPC related issuesTroubleshooting proximity-based methods
Integrated CachingUnderstanding HTTP headers as they relate to cachingEvaluating cache policiesA sample cache responseWhat kind of content should I cache and not cache?NetScaler's default caching behaviorHandling dynamic contentConsiderations for caching dynamic contentHow's my cache doing?Getting a closer look at objects in the cacheFlushing versus expiring an objectFlash cacheTroubleshooting caching issues
The NetScaler's default compression behaviorImpact of using CompressionVerifying and monitoring CompressionUnderstanding the packet flowTroubleshooting considerations
Lightweight Directory Access ProtocolAuthentication flowTroubleshooting LDAP
Authentication flowTroubleshooting RADIUS authentication
Client versus Server CertificatesAuthentication Flow when using Client Certificates
NTLM Authentication flowTroubleshooting NTLM
Authentication flow
Kerberos parties
Kerberos deployment optionsAuthentication flow
Troubleshooting Kerberos
Certificates in SAMLCanonicalization in SAMLSP Initiated SSOIDP initiated SSO
Troubleshooting
High Availability
HA Node state issuesHeartbeats not being seenIdentifying Failovers in eventsVLAN issues causing heartbeat failuresNew primary doesn't take over traffic after FailoverARP issuesStay secondary being setBoth nodes unhealthySplit brain issuesSynchronization and propagation issuesNetworking issuesNetScaler packet handlingError conditions that contribute to packet dropsNIC buffer issuesNetwork loopsVLAN issuesUnsupported SFPsLink aggregation issuesUSIP networking issuesNetwork issues from blocked source IPs
Deployment considerations
Cross-site scriptingTo protect against XSS attacksSQL injectionTo protect against SQL injection attacksForceful browsing attacksTo protect against forceful browsingAttacks based on Parameter tamperingCookie tamperingTo protect against cookie tamperingHidden field tamperingTo protect against hidden field tamperingBuffer overflow attacks via long URLs and queriesTo protect against buffer overflow attacksCross Site Request ForgeryTo protect against CSRF attacksXML protectionsSignatures
Identifying application Firewall blocksUsers reporting XXXX patterns in web pages
Ruling out AppFirewall as a potential cause
Basic and Smart Access ModesBasic modeSmart Access mode
Examining VPN session launch using WiresharkPhase 1 – The EPA exchangePhase 2 – The authentication exchangePhase 3 – Post-login exchangeTroubleshooting NetScaler Gateway™ VPNsCollecting debug logs from the client's PCDiagnosing EPA failuresUsing aaad.debug for authentication issuesUsing ns.log to see authorization and session informationUsing the pol_hits counter to examine policy hitsSeeing and managing the users who are logged inCapturing traces for troubleshooting
Published application/desktop launch processPhase 1 – steps involved in desktop enumerationPhase 2 – Steps leading to the launch of the published desktopTroubleshooting XenApp® and XenDesktop® launch issues
XenMobile componentsXenMobile launch process with NetScaler GatewayPhase 1 – Authentication and discoveryPhase 2 – App enumeration and Launch
Using the wizard for configurationUsing the connectivity checksKnowing where the logs areCommon integration issue areasLicensesNetwork settings for the applicationAccount services addressPersistence issues when Load Balancing XenMobile serversShareFile SSO issues
Licensing issues
Troubleshooting NTP synchronization
Troubleshooting SNMP on a NetScaler
Types of NetScaler CPUExploring high memory issuesTroubleshooting high memory issues
Understanding crashesWorking with crashesWorking with hang issuesDumping a core on a VPX/MPX when console is availableDumping a core when NetScaler is completely unresponsiveUnderstanding NetScaler Build names
The nsconmsg utilitynsconmsg syntax and options
Steps to run a trace
Running the utilityWhat does it contain?The shell directoryThe var directoryThe nsconfig directory
Troubleshooting tips
Troubleshooting insight center

Content preview from Troubleshooting NetScaler

Kerberos authentication

Kerberos, which started off as an MIT project, has grown in popularity to the point that it is now the default choice for enterprise authentication in a domain-based environment. It is considered to be fast (especially given the ability to cache and reuse tickets) and secure from a credential handling perspective, given that the User does not need to send the password over the network to authenticate. It is also open in a real sense, so as long as you can put the necessary keytabs (think of it as a key) in place, you can have a mixed Windows and Linux environment authenticating in perfect harmony.

Kerberos is a complex protocol (especially when you come across it for the first time), so to take this step by step, we will ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781782175353

Troubleshooting NetScaler

by Raghu Varma Tirumalaraju

Kerberos authentication

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Mastering Netscaler VPX

Using JMP 13

Implementing NetScaler VPX™ - Second Edition

Getting Started with Citrix XenApp?? 7.6

Publisher Resources

Kerberos authentication

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Mastering Netscaler VPX

Using JMP 13

Implementing NetScaler VPX™ - Second Edition

Getting Started with Citrix XenApp?? 7.6

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.