ADC

System base operations

The following configurations enable you to perform system base operations on a NetScaler appliance.

How to view, save, and clear NetScaler configuration

NetScaler configurations are stored in the /nsconfig/ns.conf directory. For configurations to be available across sessions, you must save the configuration after every configuration change.

View running configuration by using the CLI

At the command prompt, type:

show ns runningConfig
<!--NeedCopy-->

View running configuration by using the GUI

  1. Navigate to System > Diagnostics and, in the View Configuration group, click Running Configuration.

View the difference between the two configuration files by using the CLI

At the command prompt, type:

diff ns config <configfile> <configfile2>
<!--NeedCopy-->

View the difference between the two configuration files by using the GUI

  1. Navigate to System > Diagnostics and, in the View Configuration group, click Configuration difference.

Save NetScaler configurations by using the CLI

At the command prompt, type:

save ns config
<!--NeedCopy-->

Save NetScaler configurations by using the GUI

  1. On the Configuration tab, in the top-right corner, click the Save icon.

View saved configurations by using the CLI

At the command prompt, type:

show ns ns.conf
<!--NeedCopy-->

View saved configurations by using the GUI

Navigate to System > Diagnostics and, in the View Configuration group, click Saved Configuration.

Clear NetScaler configuration by using the CLI

You have the following three options for clearing the NetScaler configuration.

Basic level. Clearing your configuration at the basic level clears all settings except the following:

  • Nsroot password
  • Time Zone
  • NTP server
  • ADM server connect
  • License fie information
  • NSIP, MIP(s), and SNIP(s)
  • Network settings (Default Gateway, VLAN, RHI, NTP, and DNS settings)
  • HA node definitions
  • Feature and mode settings
  • Default administrator password (nsroot)

Extended level. Clearing your configuration at the extended level clears all settings except the following:

  • NSIP and SNIP(s)
  • Network settings (Default Gateway, VLAN, RHI, NTP, and DNS settings)
  • HA node definitions

Feature and mode settings revert to their default values.

Full level. Clearing your configuration at the full level returns all settings to their factory default values. However, the NSIP and default gateway are not changed, because changing them can cause the appliance to lose network connectivity.

At the command prompt, type:

clear ns config -force
<!--NeedCopy-->

Example: To forcefully clear the basic configurations on an appliance.

clear ns config -force basic
<!--NeedCopy-->

Clear NetScaler configuration by using the GUI

Navigate to System > Diagnostics and, in the Maintenance group, click Clear Configuration and select the configuration level to be cleared from the appliance.

How to restart or shut down appliance for unsaved NetScaler configurations

The NetScaler appliance can be remotely restarted or shut down from the available user interfaces. When you restart or shut down a standalone NetScaler appliance, the unsaved configurations (configurations performed since the last save ns config command was issued) are lost.

In a high availability setup, when the primary appliance is rebooted or shut down, the secondary appliance takes over and becomes the primary. The unsaved configurations from the old primary are available on the new primary appliance.

You can also restart the appliance by only rebooting the NetScaler software and not rebooting the underlying operating system. This is called a warm reboot. For example, when you add a new license or change the IP address, you can warm reboot the NetScaler appliance for these changes to take place.

Note:

You can perform warm reboot only on a standalone NetScaler appliance.

Restart the appliance by using the CLI

At the command prompt, type:

reboot [-warm]
<!--NeedCopy-->

Restart a NetScaler appliance by using the GUI

  1. In the configuration page, click Reboot.
  2. When prompted to reboot, select Save configuration to make sure that you do not lose any configurations.

Note:

You can perform a warm reboot by selecting Warm reboot.

Shut down an appliance by using the CLI

At the shell prompt, type:

  • shutdown –p now: Shuts down the software and switches off the NetScaler. To restart NetScaler MPX, press the AC power switch. To Restart NetScaler VPX, restart the VPX instance.
  • shutdown –h now: Shuts down the software and leaves the NetScaler switched on. Press any key to restart the NetScaler. This command does not switch off the NetScaler. Therefore, do not switch off the AC power or remove the AC power cables.

Note:

You cannot shut down an appliance through the NetScaler GUI.

How to synchronize system clock with servers on the network

You can configure your NetScaler appliance to synchronize its local clock with a Network Time Protocol (NTP) server. This ensures that its clock has the same date and time settings as the other servers on your network.

You can configure clock synchronization on your appliance by adding NTP server entries to the ntp.conf file from either the GUI or the command line interface, or by manually modifying the ntp.conf file and then starting the NTP daemon (NTPD). The clock synchronization configuration does not change if the appliance is restarted, upgraded, or downgraded. However, the configuration does not get propagated to the secondary NetScaler in a high availability setup.

NetScaler GUI allows you to configure the time zone and the NTP server IP address required for clock synchronization on the first-time-user (FTU) screen.

Note:

If you do not have a local NTP server, you can find a list of public, open access, NTP servers at the official NTP site, <http://www.ntp.org>, under Public Time Servers List. Before configuring your NetScaler to use a public NTP server, be sure to read the Rules of Engagement page (link included on all Public Time Servers pages).

In NetScaler release 11, the NTP version has been updated from 4.2.6p3 to 4.2.8p2.

Pre-requisite

To configure clock synchronization, you must configure the following entities:

  1. NTP servers
  2. NTP synchronization.

Add an NTP server by using the CLI

At the command prompt, type the following commands to add an NTP server and verify the configuration:

  • add ntp server (<serverIP> | <serverName>) [-minpoll <positive_integer>] [-maxpoll <positive_integer>]
  • show ntp server

Example:

add ntp server 10.102.29.30 -minpoll 6 -maxpoll 11
<!--NeedCopy-->

Add an NTP server by using the GUI

Navigate to System > NTP Servers, and create the NTP server.

Enable NTP synchronization by using the CLI

When you enable NTP synchronization, the NetScaler starts the NTP daemon and uses the NTP server entries in the ntp.conf file to synchronize its local time setting. If you do not want to synchronize the appliance time with the other servers in the network, you can disable NTP synchronization, which stops the NTP daemon (NTPD).

At the command prompt, type one of the following commands:

enable ntp sync
<!--NeedCopy-->

Enable NTP synchronization by using the GUI

Navigate to System > NTP Servers, click Action and select NTP Synchronization.

Configure clock synchronization to edit a ntp.conf file by using the GUI

  1. Log on to the command line interface.
  2. Switch to the shell prompt.
  3. Copy the /etc/ntp.conf file to /nsconfig/ntp.conf, unless the /nsconfig directory already contains an ntp.conf file.
  4. For each NTP server you want to add, you must add the following two lines to the /nsconfig/ntp.conf file:

    server <IP address for NTP server> iburst
    
    restrict <IP address for NTP server> mask <netmask> nomodify notrap nopeer noquery
    <!--NeedCopy-->
    

    Note:

    For security reasons, there should be a corresponding restrict entry for each server entry.

    Example

    In the following example, an administrator has inserted # characters to “comment out” an existing NTP entry, and then added an entry:

    #server 1.2.3.4 iburst
    
    #restrict 1.2.3.4 mask 55.255.255.255 nomodify notrap nopeer noquery
    
    server 10.102.29.160 iburst
    
    restrict 10.102.29.160 mask 255.255.255.255 nomodify notrap nopeer noquery
    <!--NeedCopy-->
    
  5. If the /nsconfig directory does not contain a file named rc.netscaler, create the file.

  6. Add the following entry to /nsconfig/rc.netscaler: /bin/sh /etc/ntpd_ctl full_start

    This entry starts the ntpd service, checks the ntp.conf file, and logs messages in the /var/log directory.

    This process runs every time the NetScaler is restarted.

  7. Restart the NetScaler appliance to enable clock synchronization. Or, to start the time synchronization process without restarting the appliance, enter the following commands at the shell prompt:
rm /etc/ntp.conf
ln -s /nsconfig/ntp.conf /etc/ntp.conf
/bin/sh /etc/ntpd_ctl full_start
<!--NeedCopy-->

How to configure session timeout for idle client connections

A session timeout interval is provided to restrict the time duration for which a session (GUI, CLI, or API) remains active when not in use. For the NetScaler, the system session timeout can be configured at the following levels:

  • User level timeout. Applicable to the specific user.
Interface type Time out configuration
GUI Navigate to System > User Administration > Users, select a user, and edit the user’s timeout setting.
CLI At the command prompt, enter the following command: set system user <name> -timeout <secs>
  • User group level timeout. Applicable to all users in the group.
Interface type Time out configuration
GUI Navigate to System > User Administration > Groups, select a group, and edit the group’s timeout setting.
CLI At the command prompt, enter the following command:set system group <groupName> -timeout <secs>
  • Global system timeout. Applicable to all users and users from groups who do not have a timeout configured.

    Interface type Time out configuration
    GUI Navigate to System > Settings, click Change global system settings, and update the timeout value as required.
    CLI At the command prompt, enter the following command: set system parameter -timeout <secs>

    The timeout value specified for a user has the highest priority. If timeout is not configured for the user, the timeout configured for a member group is considered. If timeout is not specified for a group (or the user does not belong to a group), the globally configured timeout value is considered. If timeout is not configured at any level, the default value of 900 seconds is set as the system session timeout.

    Additionally, you can specify timeout durations for each of the interfaces you are accessing. However, the timeout value specified for a specific interface is restricted to the timeout value configured for the user that is accessing the interface. For example, let us consider an user “publicadmin” who has a timeout value of 20 minutes. Now, when accessing an interface, the user must specify a timeout value that is within 20 minutes.

    Note:

    You can choose to keep a check on the minimum and maximum timeout values by specifying the timeout as restricted (in CLI by specifying the restrictedTimeout parameter). This parameter is provided to account for previous NetScaler versions where the timeout value was not restricted.

  • When enabled, the minimum configurable timeout value is 5 minutes (300 secs) and the maximum value is 1 day (86400 secs). If the timeout value is already configured to a value larger than 1 day, when this parameter is enabled, you are prompted to change it. If you do not change the value, the timeout value will automatically be reconfigured to the default timeout duration of 15 minutes (900 secs) on the next reboot. The same will happen is the configured timeout value is less than 5 minutes.
  • When disabled, the configured timeout durations are considered.

  • Timeout duration at each interface:
Interface type Time out configuration
CLI Specify the timeout value on the command prompt by using the following command: set cli mode -timeout <secs>
API Specify the timeout value in the login payload.

How to set system date and time to synchronize the clock with a time server

To change the system date and time, you must use the shell interface to the underlying FreeBSD OS. However, to view the system date and time, you can use the command line interface or the GUI.

View system date and time by using the CLI

At the command prompt, type:

show ns config
<!--NeedCopy-->

View system date and time by using the GUI

Navigate to System and select the System Information tab to view the system date.

How to configure HTTP and HTTPS management ports for internal services

In a single-IP mode deployment of a NetScaler appliance, a single IP address is used as NSIP, SNIP, and VIP addresses. This single IP address uses different port numbers to function as NSIP, SNIP, and VIP addresses.

Port numbers 80 and 443 are well-known ports for HTTP and HTTPS services. Earlier, port 80 and 443 of the NetScaler IP address (NSIP) were dedicated ports for internal HTTP and HTTPS management services. Because these ports were reserved for internal services, you cannot use these well-known ports for providing HTTP and HTTPS data services from a VIP address, which has the same address as the NSIP address in a single-IP mode deployment.

To address this requirement, you can now configure ports for internal HTTP and HTTPS management services (of the NSIP address) other than port 80 and 443.

The following lists the default port numbers for internal HTTP and HTTPS management services in NetScaler MPX, VPX, and CPX (NITRO web service only) appliances:

  • NetScaler MPX and VPX appliances: 80 (HTTP) and 443 (HTTPS)
  • NetScaler CPX appliances (For NITRO APIs): 9080 (HTTP) and 9443 (HTTPS)

Configure HTTP and HTTPS management ports by using the CLI

You can configure an HTTP and an HTTPS port to any value on the NetScaler appliance to support the HTTP and HTTPS management service. However, by default, the NetScaler appliance uses 80 and 443 ports for HTTP and HTTPS connection.

To configure an HTTP port by using the CLI

At the command prompt, type:

set ns param –mgmtHttpPort<port>
<!--NeedCopy-->

Example:

set ns param -mgmtHttpPort 2000
<!--NeedCopy-->

To configure an HTTPS port by using the CLI

At the command prompt, type:

set ns param –mgmtHttpsPort<port>
<!--NeedCopy-->

Example:

set ns param -mgmtHttpsPort 3000
<!--NeedCopy-->

Starting from NetScaler 14.1-29.x release, the commands to configure HTTP and HTTPS ports are changed.

The set ns param command is changed to set mgmtparam.

To configure an HTTP port by using the CLI

At the command prompt, type:

set mgmtparam –mgmtHttpPort<port>

<!--NeedCopy-->

Example:

set mgmtparam -mgmtHttpPort 2000
<!--NeedCopy-->

To configure an HTTPS port by using the CLI

At the command prompt, type:

set mgmtparam –mgmtHttpsPort<port>

<!--NeedCopy-->

Example:

set mgmtparam -mgmtHttpsPort 3000
<!--NeedCopy-->

Configure HTTP and HTTPS management ports by using the GUI

Follow the steps given below to configure HTTP and HTTPS port values:

  1. Navigate to System > Settings > Change Management Parameters.
  2. On the Configure Management Parameters page, set the following parameters.

    1. Management HTTP Port - Set the port value to 2000. Default = 80, Min = 1, Max = 65534.
    2. Management HTTPS Port - Set the port value to 3000. Default = 443, Min = 1, Max = 65534.

Configure the internal HTTP GUI service by using NetScaler GUI, or NetScaler CLI, or NetScaler NITRO APIs

On a NetScaler appliance, the /etc/httpd.conf is the configuration file for the internal HTTP GUI service that manages connections to the NetScaler GUI.

Instead of using the httpd.conf file for configuring the internal HTTP GUI service, you can now use NetScaler GUI, or NetScaler CLI, or NetScaler NITRO APIs. For example, you can use the NetScaler CLI to modify the maximum number of clients that can connect to the internal HTTP GUI service at a time.

The internal HTTP GUI service has the following name format: nshttpd-gui-<loop back IP address>-80

Use the NetScaler service command operations to configure the internal HTTP GUI service.

To modify the internal HTTP GUI service by using the CLI:

  • Use the set service command. For more information, see set service.
  • Use the show service command to verify the configuration. For more information, see show service.

Sample configuration:

In the following sample configuration, the maxClient parameter is set to 300 for the internal HTTP GUI service.

> sh service nshttpd-gui-127.0.0.1-80
                nshttpd-gui-127.0.0.1-80 (127.0.0.1:80) - HTTP
                State: UP
                Last state change was at Wed Mar 16 20:16:16 2022
                Time since last state change: 0 days, 22:31:00.970
                Server Name: #ns-internal-127.0.0.1#
                Server ID : None               Monitor Threshold : 0
                Max Conn: 0       Max Req: 0          Max Bandwidth: 0 kbits
                Use Source IP: NO
                Client Keepalive(CKA): NO
                Monitoring Owner: 0
                Access Down Service: NO
                TCP Buffering(TCPB): NO
                HTTP Compression(CMP): NO
                Idle timeout: Client: 180 sec        Server: 360 sec
                Client IP: ENABLED cip-header
                Cacheable: NO
                SC: ???
                SP: OFF
                Down state flush: DISABLED
                Monitor Connection Close : NONE
                Appflow logging: DISABLED
                TCP profile name: nstcp_internal_apps
                HTTP profile name: nshttp_default_internal_apps
                Process Local: DISABLED
                Traffic Domain: 0

Done

> set service nshttpd-gui-127.0.0.1-80 -maxclient 300
Done

> sh service nshttpd-gui-127.0.0.1-80
                nshttpd-gui-127.0.0.1-80 (127.0.0.1:80) - HTTP
                State: UP

                ...

                Max Conn: 300  Max Req: 0          Max Bandwidth: 0 kbits

                ...

Done

<!--NeedCopy-->

Trigger memory recovery by using the CLI

You can trigger memory recovery from the CLI.

At the command prompt, type the following command:

start ns memrecovery [-percentage <positive_integer>]

Example:

start nsmemrecovery -percentage 30

To check the actual amount of memory recovered, use the following command at the command prompt:

stat system memory

How to allocate extra management CPU for data processing and monitoring

If you need better performance for configuration and monitoring of a NetScaler MPX appliance, you can allocate an extra management CPU from the appliance’s packet engine pool. This feature is supported on certain NetScaler MPX models and all VPX models except the VPX instances that run on NetScaler SDX appliances. It affects the output of the stat system CPU and stat system commands.

Supported NetScaler MPX models:

  • 25xxx
  • 22xxx
  • 14xxx
  • 115xx
  • 15xxx
  • 26xxx

Note:

For NetScaler MPX 26xxx models with more than 20 cores, the mandatory extra management CPU feature is enabled by default. For NetScaler VPX models, a license that supports at least 12 vCPUs is required to enable this feature.

Allocate an extra management CPU by using the CLI

At the command prompt, type one of the following commands:

  • enable extramgmtcpu
  • disable extramgmtcpu

Note:

After you enable and disable this feature, the NetScaler appliance displays a warning to restart the appliance, for the changes to take effect.

To show the configured and effective state of an extra management CPU.

At the command prompt, type:

show extramgmtcpu
<!--NeedCopy-->

Example:

> show extramgmtcpu
ConfiguredState:  ENABLED EffectiveState:  ENABLED
<!--NeedCopy-->

Note:

In this example, the show command is entered before restarting the appliance.

Allocate an extra management CPU by using the GUI

To allocate an extra management CPU by using the GUI, navigate to System > Settings and click Configure Extra Management CPU. From the Configured State drop-down menu, select Enabled and then select OK.

To check CPU usage, go to System > Settings > Dashboard.

Configure an extra management CPU by using the NITRO API

Use the following NITRO methods and formats to enable, disable, and show an extra management CPU.

To enable an extra management CPU:

HTTP Method: POST

URL: http://<NSIP>/nitro/v1/config/systemextramgmtcpu?action=enable

Payload: {"systemextramgmtcpu":{}}

curl -v -X POST -H "Content-Type: application/json" -u nsroot:nsroot http://10.102.201.92/nitro/v1/config/systemextramgmtcpu?action=enable -d '{"systemextramgmtcpu":{}}'
<!--NeedCopy-->

To disable an extra management CPU

HTTP Method: POST
URL: http://<NSIP>/nitro/v1/config/systemextramgmtcpu?action=disable
Payload: {"systemextramgmtcpu":{}}
curl -v -X POST -H "Content-Type: application/json" -u nsroot:nsroot http://10.102.201.92/nitro/v1/config/systemextramgmtcpu?action=disable -d '{"systemextramgmtcpu":{}}'
<!--NeedCopy-->

To show an extra management CPU

HTTP Method: GET
URL: http://<NSIP>/nitro/v1/config/systemextramgmtcpu
<!--NeedCopy-->

Example:

curl -v -X GET -H "Content-Type: application/json" -u nsroot:nsroot http://10.102.201.92/nitro/v1/config/systemextramgmtcpu
<!--NeedCopy-->

Statistics and monitoring before and after adding extra management CPU

The following examples show the differences in the output of the stat system CPU and stat system commands before and after adding an extra management CPU.

stat system cpu
<!--NeedCopy-->

This command displays statistics of CPUs.

Here is a sample output before adding an extra management CPU on one of the supported models.

Example

> stat system cpu

    CPU statistics

    ID         Usage

    8              1

    7              1

    11             2

    1              1

    6              1

    9              1

    3              1

    5              1

    4              1

    10             1

    2              1
<!--NeedCopy-->

Here is the output after adding an extra management CPU on the same MPX appliance.


    > stat system cpu

    CPU statistics

    ID         Usage

    9              1

    7              1

    5              1

    8              1

    11             2

    10             1

    6              1

    4              1

    3              1

    2              1
<!--NeedCopy-->
stat system
<!--NeedCopy-->

This command displays CPU use. In the following example, the output before adding an extra management CPU on one of the supported models is:

Mgmt Additional-CPU usage (%) 0.00

Example

    > stat system

    NetScaler Executive View

    System Information:

    Up since        Wed Oct 11 11:17:54 2017

    /flash Used (%)                        0

    Packet CPU usage (%)                1.30

    Management CPU usage (%)            4.00

    Mgmt CPU0 usage (%)                 4.00

    Mgmt Additional-CPU  usage (%)      0.00

    Memory usage (MB)                   2167

    InUse Memory (%)                    5.76

    /var Used (%)                          0
<!--NeedCopy-->

In the following example, the output after adding an extra management CPU on the same MPX appliance is:

Mgmt Additional-CPU usage (%) 0.80

> stat system


NetScaler Executive View

System Information:

Up since        Wed Oct 11 11:55:56 2017

/flash Used (%)                        0

Packet CPU usage (%)                1.20

Management CPU usage (%)            5.70

Mgmt CPU0 usage (%)                10.60

Mgmt Additional-CPU  usage (%)      0.80

Memory usage (MB)                   1970

InUse Memory (%)                    5.75

/var Used (%)                          0

<!--NeedCopy-->

How to backup and restore your appliance to recover lost configuration

When your appliance gets corrupted or needs an upgrade, you can back up your system configuration. The backup procedure is done either through the CLI or GUI interface. The appliance also enables you to import the backup file from an external source. However, you can do this only through the GUI interface and there is no support through the CLI interface.

Points to remember

You must remember the following points when your backup and restore your appliance.

  • There must be a support for network configuration on a new platform.
  • The new platform build must be same as the backup file or a later version.

Back up a NetScaler appliance

Depending on data and backup requirement, you can create a “basic” backup or a “full” backup.

  • Basic backup. You can perform this type of backup if you want to back up files that constantly change. The files that you can back up are in the following table.

For information about the basic backup details, see the Table topic.

  • Full backup. In addition to the files that are backed up by a basic backup, a full backup has less frequently updated files. The files that are backed up when you use the “Full” backup option are:
Directory Sub-Directory or Files
nsconfig ssl, license, fips*
/var/ netscaler/ssl/, wi/java_home/jre/lib/security/cacerts/, wi/java_home/lib/security/cacerts/*

The backed-up data is stored as a compressed TAR file in the /var/ns_sys_backup/ directory. To avoid issues due to non-availability of disk space, you can store up to 50 backup files in this directory. You can use the rm system backup command to delete existing backup files and create more backups.

Note:

When the backup operation is in progress, do not run commands that affect the configuration.

If a file that is required to be backed up is not available, the operation skips that file.

Back up a NetScaler appliance using CLI

Follow the procedure given below to back up a NetScaler appliance by using the NetScaler command interface.

At the command prompt, do the following:

  1. Save the NetScaler configurations.
save ns config
<!--NeedCopy-->
  1. Create the backup file.
create system backup [<fileName>] -level <basic | full> -comment <string>
<!--NeedCopy-->

Note:

If the file name is not specified, the appliance creates a TAR file with the following naming convention:backup_<level>_<nsip_address>_<date-timestamp>.tgz.

Example: To back up the full appliance using the default naming convention for the backup file.

> create system backup -level full
<!--NeedCopy-->
  1. Verify that the backup file was created.
show system backup
<!--NeedCopy-->

You can view the properties of a specific backup file by using the fileName parameter.

Restore a NetScaler appliance by using the CLI

Important:

You cannot successfully restore your appliance, if you rename or modify your backup file.

When you restore your appliance, the restore operation untars the backup file from the /var/ns_sys_backup/ directory. Once the files are untarred, the files are copied to the respective directories.

Restore the NetScaler from a local backup file by using the CLI

Note:

Citrix recommends you to back up the current configuration before restoring a previous configuration. However, if you do not want the restore command to automatically create a backup of the current configuration, use the –skipBackup parameter.

At the command prompt, do the following:

  1. Obtain a list of the backup files available on the appliance.

    show system backup
    <!--NeedCopy-->
    
  2. Restore the appliance by specifying one of the backup files.

    restore system backup <filename> [-skipBackup]

    Example: To restore by using a full backup of an appliance

    > restore system backup backup_full_<nsip_address>_<date-timestamp>.tgz

  3. Reboot the appliance.

    reboot

Backup and restore a NetScaler appliance by using the GUI

  1. Navigate to System > Backup and Restore.

  2. Click Backup/Import to start the process.
  3. In the Backup/Import page, select Create and set the following parameters.
    1. File Name. Name of the appliance backup file.
    2. Level. Select a backup level as basic or full.
    3. Comment. Provide a brief description for the backup.
  4. Click Backup.

  5. If you want to import a backup, you must select Import.

  6. Once backup is complete, you can select the file and click Download.
  7. To restore, select the backup file and click Restore.

  8. In the Restore page, verify backup file details and click Restore.

  9. After you restore, you must reboot the appliance.

For more information on how to backup and restore NetScaler instances, see Backup and Restore using NetScaler Console topic.

For more information on how to backup and restore an SDX appliance, see Backup and restore SDX appliance

For information about operations performed on system backup, see System Backup topic.

How to generate technical support bundle for resolving appliance issues

For help with analyzing and resolving any issues with a NetScaler appliance, you can generate a technical support bundle on the appliance and send the bundle to Citrix technical support. The NetScaler technical support bundle is a zipped tar archive of system configuration data and statistics. It collects the following data from the NetScaler on which you generate the bundle:

  • Configuration files. All files in the /flash/nsconfig directory.
  • Newnslog files. The currently running newnslog and some previous files. To minimize the archive file size, newnslog collection is restricted to 500 MB, 6 files, or 7 days, whichever occurs first. If older data is needed, it might require manual collection.
  • Log files. Files in /var/log/messages, /var/log/ns.log, and other files under /var/log and /var/nslog.
  • Application core files. Files created in the /var/core directory within the last week, if any.
  • Output of a few CLI show commands.
  • Output of a few CLI stat commands.
  • Output of BSD shell commands.

The technical support bundle is saved on the NetScaler appliance in an archive at the following location:

/var/tmp/support/support.tgz
<!--NeedCopy-->

The path is a symlink to the most recent collector for easy access. The full file name varies, depending on the deployment topology, but generally follows a format similar to:

collector_<P/S>_<NS IP>_<DateTime>.tgz.
<!--NeedCopy-->

You can use a single command to generate the technical support bundle and securely upload it to the Citrix technical support server. Starting from NetScaler 14.1-8.x release, you must generate an authentication token before you upload the technical support bundle. Previously, you used Citrix username and password to upload the technical support bundle.

To generate the authentication token:

  1. Launch a browser and enter the following URL - https://cis.citrix.com/auth/api/create_identity_v2/?expiration=3600
  2. Log in using multifactor authentication.

    Note:

    For information on how to enroll for multifactor authentication, see https://support.citrix.com/article/CTX461297/how-to-enroll-into-multi-factor-authentication-mfa.

  3. Click Copy to copy the authentication token displayed on the screen. The token is valid for 3600 seconds (1 hour). The maximum allowed length for the token is 1023 characters.

After copying the authentication token, use the CLI or GUI to upload the file.

To upload the technical support bundle using the CLI, run the following command:

showtechsupport -upload -file <string> -description <string> -authtoken <string>
<!--NeedCopy-->

Example:

showtechsupport -upload -file /var/tmp/support/callhome/collector_callhome_P_10.102.168.52_14Mar2022_12_50.tar.gz -description "test upload" -authtoken eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJDSVMiLCJpc3MiOiJidHMuY2lzLmNpdHJpeC5jb20iLCJqdGkiOiJkNDI4N*******
<!--NeedCopy-->

To upload the technical support bundle using the GUI:

  1. Navigate to Configuration > System > Diagnostics.
  2. In the Technical Support Tools section, click Generate support file.
  3. Use the Scope option to specify if you want to gather data on the present node, all cluster nodes, or for the specified partitions.
  4. Select Upload the Collector Archive.
  5. In the My Citrix Account section, enter the authentication token in the Citrix Authentication Token field.

If your NetScaler appliance does not have direct internet connectivity, you can use a proxy server to directly upload the technical support bundle to the Citrix technical support server. The basic format of the proxy string is:

proxy_IP:<proxy_port>
<!--NeedCopy-->

If the proxy server requires authentication, the format is:

username:password@proxsy_IP:<proxy_port>
<!--NeedCopy-->

Note:

For NetScaler appliances in a high availability pair, you must generate the technical support bundle on each of the two nodes.

For NetScaler appliances in a cluster setup, you can generate the technical support bundle on each node individually, or you can generate smaller abbreviated archives for all nodes by using the cluster IP address.

For NetScaler admin partitions, you must generate the technical support bundle from the default admin partition. To get the technical support bundle for a specific partition, you must specify the name of the partition for which you want to generate the technical support bundle. If you do not specify the name of the partition, data is collected from all admin partitions.

Generate the NetScaler technical support bundle by using the CLI

At the command prompt, type:

show techsupport [-scope <scope> <partitionName>] [-upload [-proxy <string>] [-casenumber <string>] [-file <string>] [-description <string>] [-authtoken <string>]]
<!--NeedCopy-->

Note:

Starting with NetScaler 14.1 release build 8.x, the username and password parameters used to upload the technical support bundle are removed. You must use the authtoken parameter to upload the technical support bundle.

Sr. No Task Command
1 Generate and upload the technical support bundle to the Citrix technical support server. show techsupport –upload -authtoken eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJDSVMiLCJpc3MiOiJidHMuY2lzLmNpdHJpeC5jb20iLCJqdGkiOiJkNDI4N***
2 Generate and upload the technical support bundle to the Citrix technical support server through a proxy server show techsupport –upload –proxy 1.1.1.1:80 -authtoken eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJDSVMiLCJpc3MiOiJidHMuY2lzLmNpdHJpeC5jb20iLCJqdGkiOiJkNDI4N***
3 Upload an existing technical support bundle to the Citrix technical support server. show techsupport –upload -file,/var/tmp/support/collector_P_10.102.29.160_9Sep2015_15_22.tar.gz -authtoken eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJDSVMiLCJpc3MiOiJidHMuY2lzLmNpdHJpeC5jb20iLCJqdGkiOiJkNDI4N***
4 Generate small, abbreviated archives for all nodes in a Cluster setup. Use cluster IP address to run this command. show techsupport –scope CLUSTER
5 Generate a technical support bundle specific to an admin partition. Run this command on the default admin partition. show techsupport –scope PARTITION partition1

How to collect the technical support bundle from SDX and VPX appliances for insight analysis

A NetScaler appliance has a built-in mechanism to collect log files. The log files are in turn sent to Citrix Insight Services for analysis.

Note:

All procedures are applicable for software release 9.2 or later.

Download technical support bundle from NetScaler MPX and VPX appliances

To run a collector file by using the NetScaler GUI, you must complete the following procedure:

Note:

The procedure is applicable for software release 9.2 or later.

  1. Navigate to System > Diagnostic.
  2. In the Technical Support Tools section, click Generate Support File link.
  3. In the Tech Support page, set the following parameters:

    1. Scope. To collect data from one or more nodes.
    2. Partition. Name of the partition.
    3. Citrix technical support load Options. Set all options such as proxy server, service case number, collector archive file name and a brief description of the archive file for uploading the technical support bundle.
    4. Citrix Account. Enter your Citrix credentials.
  4. Click Run.
  5. The Technical Support bundle is generated.
  6. Click Yes to download the Technical support bundle to your local desktop.

Obtain technical support bundle by using the CLI

  1. Download the file from the appliance using a Secure FTP (SFTP) or Secure Copy (SCP) utility, such as WinSCP, and upload it to Citrix Insight Services for analysis.

Note:

In the NetScaler software release earlier than 9.0, the collector script must be downloaded separately and run.

> show techsupport -scope CLUSTER
<!--NeedCopy-->
  1. The show techsupport -scope CLUSTER command collects show technical support information from all nodes in the cluster and compresses the files into a single archive.
  2. After the appliance generates the collector archive the location of the file is displayed as shown in the following screenshot.

    Location of the tech support bundle

The file is stored in /var/tmp/support and you can verify it by logging into a NetScaler appliance and running the following command from a shell prompt.

root@NS# cd /var/tmp/support/
root@NS# ls -l
<!--NeedCopy-->

Obtain diagnostic bundle from NetScaler SDX using the GUI

  1. Open the NetScaler SDX GUI.
  2. Expand the Diagnostics node.
  3. Select the Technical Support node.
  4. Click Generate Technical Support File.
  5. Select Appliance (Including Instances) from the drop-down menu.
  6. Click Add.
  7. Select one or more instances to add in.
  8. Click OK. Wait for the process to complete.
  9. Select the bundle name that was generated and then click Download
  10. Upload the bundle file to Citrix Insight Services.

More Resources

Watch a Video

Read another topic

Command Reference Doc