Product Documentation
ADC
14.1-Current Release 13.1 12.1
View PDF

Change an RPC node password

April 1, 2025
Contributed by: 
C S

To communicate with other NetScaler appliances, each appliance requires knowledge of the other appliances, including how to authenticate on NetScaler appliance. RPC nodes are internal system entities used for system-to-system communication of configuration and session information. One RPC node exists on each NetScaler appliance and stores information, such as the IP addresses of the other NetScaler appliance and the passwords used for authentication. The NetScaler appliance that contacts the other NetScaler appliance checks the password within the RPC node.

For enhanced security, we recommend you to enable the Secure and Validate Server Certificate options on RPC nodes. When you enable the Secure option, NetScaler encrypts all the RPC communication sent from one NetScaler to other NetScaler thus securing the RPC communication. This secure communication uses the port number 3008. If the firewall between the NetScaler appliances blocks the port number 3008, unblock it and proceed. Otherwise, configuration synchronization and configuration propagation might fail.

The Validate Server Certificate option allows server certificate validation for RPC communication such as Configuration Synchronization or Configuration Propagation between the nodes. To validate the server certificate, the CA /nsconfig/ssl/certs/ca.pem file must be configured. Therefore, configure the CA file /nsconfig/ssl/certs/ca.pem with the peer CA certificate, which is used to sign the server certificate for the nsrpcs-127.0.0.1-3008 service.

Note:

After you upgrade a NetScaler appliance to release 13.1 build 33.x or later from one of the following builds, the secure option for the RPC node is enabled or disabled on the basis of the TLS 1.2 setting (enabled or disabled) present for the internal RPCS and KRPCS services.

  • Release 13.0 build 64.35 or earlier
  • Release 12.1 build 61.18 or earlier

The RPC communication is encrypted between the NetScaler nodes of the following setups if the secure option is enabled:

  • High availability
  • Cluster
  • GSLB

The secure option uses secure protocol TLS1.2 and port numbers 3008 and 3009 for the RPC connection between the NetScaler nodes.

For ensuring secure RPC communication, Citrix recommends performing the following operations before upgrading these setups:

  • TLS 1.2 must be enabled for the internal RPCS and KRPCS services:
    • nsrpcs-127.0.0.1-3008
    • nskrpcs-127.0.0.1-3009
    • nsrpcs-::1l-3008
  • 3008 and 3009 must be unblocked in firewalls between the NetScaler nodes.

You can enable or disable the secure option using the NetScaler CLI or the GUI.

To change an RPC node password by using the GUI

  1. Navigate to System > Network > RPC.
  2. In the RPC pane, select the node and then click Edit.
  3. In Configure RPC Node, type the new password.

  4. In Source IP Address, type the existing node’s IP address to be used to communicate with the peer system node.

    configure RPC node

  5. Select Secure and Validate Server Certificate. Click OK.

To change an RPC node password by using the CLI

At the command line, type the following commands:

set ns rpcNode <IPAddress> {-password} [-secure ( YES | NO )] [-validateCert (YES | NO)]
show ns rpcNode

Example:

> set ns rpcNode 192.0.2.4 -password mypassword -secure YES -validateCert YES
 Done
> show rpcNode
.
.
.
 IPAddress:  192.0.2.4 Password:  d336004164d4352ce39e
     SrcIP:  *           Secure:  ON
     SrcIP:  *           validateCert:  YES
Done
>
Change an RPC node password
April 1, 2025
Contributed by: 
C S

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-2025 Cloud Software Group, Inc. All rights reserved.