FAQs
This section provides the FAQ on the following Citrix Application Delivery Management (Citrix ADM) features. Click a feature name in the following table to view the list of FAQs for that feature.
Analytics | Authentication | Configuration Management |
---|---|---|
Certificate Management | Deployment | Deployment (Disaster recovery) |
Event Management | Instance Management | StyleBooks |
System Management |
Analytics
Is it required to enable EUEM virtual channel on Citrix Gateway instances deployed in single-hop mode?
EUEM virtual channel data is part of HDX Insight data that the Citrix ADM receives from Gateway instances. EUEM virtual channel provides the data about ICA RTT. If the EUEM virtual channel is not enabled, the remaining HDX Insight data are still displayed on Citrix ADM.
The EUEM virtual channel is a default service running on Citrix Virtual Desktop applications (VDA). If it is not running, start the “Citrix End User Experience Monitoring” process in VDA services.
How do I enable Citrix ADM to monitor web-application and virtual-desktop traffic?
-
Navigate to Infrastructure > Instances > Citrix ADC, and select the Citrix ADC instance on which you want to enable analytics.
-
From the Select Action list, select Configure Analytics.
-
In the Configure Analytics page that opens, select all the virtual servers on which you want to enable analytics, and click Enable AppFlow. For more details, see How to Enable Analytics on Instances.
Note
For Citrix ADC instances of 11.0 release, 65.30 build and later, there is no option on Citrix ADM to enable Security Insight explicitly. Ensure that you configure the AppFlow parameters on the Citrix ADC instances, so that Citrix ADM starts receiving the Security Insight traffic along with the Web Insight traffic. For more information on how to set the AppFlow parameters on Citrix ADC instances, see To set the AppFlow parameters by using the configuration utility.
After I add the Citrix ADC instances, does Citrix ADM automatically start collecting analytical information?
No. Enable analytics on the virtual servers hosted in Citrix ADC instances that are managed by Citrix ADM. For more details, see How to Enable Analytics on Instances.
Is it required to access the individual Citrix ADC appliance for enabling analytics?
No. All configuration is done from the Citrix ADM user interface, which lists the virtual servers hosted on the specific Citrix ADC instance. For more details, see How to Enable Analytics on Instances.
What are the types of virtual servers that can be listed on a Citrix ADC instance to enable analytics?
Currently, the Citrix ADM user interface lists the following virtual servers for enabling analytics:
- Load balancing virtual server
- Content switching virtual server
- VPN virtual server
- Cache redirection virtual server
How do I attach an extra disk to the Citrix ADM?
To attach an extra disk to Citrix ADM:
-
Shut down the Citrix ADM virtual machine.
-
In the hypervisor, attach an extra disk of the required disk size to the Citrix ADM virtual machine.
For example, Let us consider that you want to increase the disk space to 200 GB, in a Citrix ADM virtual machine of 120 GB. In this scenario, you must attach a disk space of 200 GB instead of 80 GB. Newly attached 200 GB of disk space will be used to store Database data, Citrix ADM log files. The existing 120 GB disk space is used to store core files, Operating System Log files, and so on.
-
Start the Citrix ADM virtual machine.
What do you mean by collectors are not configured on Citrix ADC instances?
A collector receives AppFlow records generated by the Citrix ADC appliance.
Citrix ADM receives Security Insight and Web Insight traffic from the Citrix ADC instances when the AppFlow feature is enabled. When you enable the AppFlow feature on a Citrix ADC instance, you must specify at least one collector to which the AppFlow records are sent. If the collectors are not configured on the Citrix ADC instances, Citrix ADM does not receive the traffic from the instances.
For example, five Citrix ADC instances are added to Citrix ADM. If collectors are not specified for two instances, no traffic flows to Citrix ADM. Self-service diagnostics detects the issue and displays the issue as “Collectors are not configured on 2 instances.”
For more information about how to configure the AppFlow Feature, see Configuring the AppFlow Feature.
What does enabling client-side measurements do?
With client side measurements enabled, ADM captures load time and render time metrics for HTML pages, through HTML injection. Using these metrics, admins can identify L7 latency issues.
Authentication
What is load balancing of authentication requests?
The authentication-server load balancing feature enables Citrix ADM to load balance the authentication requests that are directed to the external authentication servers. Load balancing the authentication servers ensures that the authentication load is split across multiple authentication servers and thus avoid an authentication server from being overloaded. You can create an authentication service to connect with and get user information from your existing external authentication server using the authentication protocols like LDAP, RADIUS, or TACACS.
Why do we need to cascade external authentication servers?
Cascaded external authentication servers provide uninterrupted authentication processing, allowing access to legitimate users if an authentication server fails. There is no limitation on which types of authentication servers you can cascade. You can have all RADIUS servers, or all LDAP servers, or a combination of RADIUS and LDAP servers.
How many external authentication servers can I cascade?
You can cascade up to 32 external authentication servers in Citrix ADM.
Do I have an alternative when external authentication fails?
There can be a situation when external authentication completely fails, even when you have cascaded several servers. For example, the external servers can become unreachable, or a new user’s credentials might not have been entered in any of the external authentication servers. To prevent locking users out in such a situation, you can enable fallback local authentication. For more details, see Fallback Local Authentication.
What is fallback local authentication?
Fallback local authentication is an option to authenticate your users locally when external authentication fails. If external authentication fails, Citrix ADM accesses the local user database to authenticate your users.
In Citrix ADM, navigate to System > Authentication > Authentication Configuration. On this page, you can add multiple external authentication servers in a cascade, and you can select the Enable fallback local authentication option.
What is an extraction of external user groups?
If you have added external servers for authenticating the users, you can import (extract) existing user groups into Citrix ADM. You have to import user groups once and provide a group permission to a user group rather than importing individual users and giving them individual permissions. You do not have to recreate the users on Citrix ADM.
Why do we need to assign group permissions?
When you are using the load balancing feature of Citrix ADC, you can integrate Citrix ADM with external authentication servers, and import user group information from the authentication servers. Log in to Citrix ADM and manually create the same group information in Citrix ADM and assign permission to those groups. The user and user group permission is managed in Citrix ADM and not in the external server. The users have different role-based access permissions on the external servers. Configure the same permissions for the users in Citrix ADM also. Instead of configuring permissions individually for each user, you can configure a group-level permission so that the user-group members can access specific services on the load balanced virtual servers. The typical permissions that you can assign are permissions to manage Citrix ADC instances, Citrix SDX instances, virtual servers, and so on, so that the users of that group can manage only those instances or virtual servers. You can later edit the permissions given to the users at the group level. You can even remove one or more user groups; other group users still function on Citrix ADM.
Configuration Management
Can I perform configuration across multiple Citrix ADC instances simultaneously using Citrix ADM?
Yes, you can use configuration jobs to perform configuration across multiple Citrix ADC instances.
What are configuration jobs on Citrix ADM?
A job is a set of configuration commands that you can create and run on one or more managed instances. You can create jobs to make configuration changes across instances, replicate configurations on multiple instances on your network, and record-and-play configuration tasks using the Citrix ADM GUI. You can also convert the recorded tasks into CLI commands.
You can use the Configuration Jobs feature of Citrix ADM to create a configuration job, send email notifications, and check execution logs of the jobs created.
Can I schedule jobs using built-in templates in Citrix ADM?
Yes! You can schedule a job by using the built-in template option. A job is a set of configuration commands that you can run on one or more managed instances. For example, you can use the built-in template option to schedule a job to configure syslog servers. You can choose to run the job immediately, or schedule the job to be run later.
You can save the configuration of a job that was previously created, and run the job again after modifying the commands, the parameters, the configuration source, and targeted instances. This is useful when the same set of commands has to be run on a different instance, or when the job encounters an error and stops further execution.
Certificate Management
Does the deletion of SSL certificates from Citrix ADM lead to the deletion of certificates from Citrix ADC instances?
No
Deployment
What is the default user name and password?
-
After you complete the initial network configuration, you can log on to Citrix ADM from the hypervisor or SSH console, using the default user name and password (nsrecover/nsroot).
-
The default user name and password to log on from the GUI is nsroot/nsroot.
How to change the default password?
To change the password:
-
In Citrix ADM, navigate to System > User Administration > Users.
The Users page is displayed.
-
Select the user name nsroot and click Edit.
The Configure System User page is displayed.
-
Select Change Password and create a password of your choice.
-
Click OK.
You can now use the new password to log on from GUI and hypervisor or SSH console.
Note
You cannot modify the user name.
How to reset the password?
You can see this documentation to reset the password.
In a HA pair, if the password is changed in the primary node and if the Break HA pair option is selected later, what is the behavior?
You can log on to both standalone nodes using your new password.
If two standalone servers have different passwords, what is the impact in deploying these two servers in HA pair?
It is recommended to have default password for both servers when you deploy two standalone servers to HA pair.
The HA configuration is complete, but the primary node GUI is not accessible. What can be the reason?
It takes a few minutes for the configuration to take effect. You can try accessing again after a few minutes.
The HA configuration is complete, but the floating IP address GUI is not accessible. What can be the reason?
After the HA configuration, you need to first access the primary node GUI and complete the deployment. For more information, see Deploy the primary and secondary node as a high availability pair. After the deployment is complete, the server reboots and gets ready for high availability deployment. You can then access the floating IP address GUI.
What DB is supported in Citrix ADM standalone and Citrix ADM HA?
Both Citrix ADM standalone and Citrix ADM HA support PostgreSQL.
What is the potential data loss to the secondary node?
The secondary node listens to the heartbeat messages that the primary node sends through the Citrix ADM database. If the secondary node does not receive the heartbeats for more than 180 seconds, then the secondary node performs an SSH-based check on the primary node. If the heartbeat and SSH-based check fail, the primary node is considered to be down.
In this scenario, the secondary node takes over as the primary node and the 180 seconds timeframe can be considered as the possible data loss to the secondary node.
What happens if the primary node is down?
The secondary node takes over and becomes the primary node.
How to reinstall the failed node?
It is recommended to install a fresh VM build. To reinstall:
-
Break the HA pair. Navigate to System > Deployment
The deployment page is displayed. Click Break HA
-
Delete the failed node from the hypervisor.
-
Import the .XVA image file to the hypervisor.
-
From the Console tab, configure Citrix ADM with the initial network configurations. For more information, see Register and deploy the first server (primary node) and Register and deploy the second server (secondary node).
Does Citrix ADM support SAN Storage?
Citrix recommends you to host the Citrix ADM VHD on a local storage. When hosted on storage devices in a SAN, Citrix ADM might not work as expected. So, ADM deployment on SAN is not supported.
Does Citrix ADM support an extra disk?
Yes. A new installation of Citrix ADM HA pair allocates 120 GB of storage by default. For more than 120 GB storage, you can add one extra disk for a maximum of 3 TB storage. Adding more than one extra disk is not supported.
After disabling the HA pair, what happens to the floating IP address configured?
The floating IP address is no longer accessible and you need to redeploy the high availability pair.
Can I give a different floating IP address while redeploy?
Yes. You can configure a new floating IP address.
Why is secondary node GUI not accessible?
Secondary node is only a read-replica server and acts as a primary node only if the primary node is down for any reason. Citrix recommends accessing either the primary node GUI or the floating IP address GUI.
If the primary node is down for a long duration, can the configurations still be done using the floating IP address GUI?
Yes. You can still continue to do configurations and the configurations get saved in the secondary node. After the primary node is back, all the configurations are synchronized.
If there is a necessity to change the primary node IP address or secondary node IP address or floating IP address in the future (for example, changing it to IPv6), what are the recommended solutions to follow?
Changing the IP addresses in HA pair is not supported without breaking the HA pair.
To update the primary node or the secondary node IP address:
-
Break the HA pair. Navigate to System > Deployment.
The Deployment page is displayed. Click Break HA
-
Log on to the primary node using an SSH client or from the hypervisor.
-
Use
nsrecover
as the user name and enter the password that you have set. -
Enter networkconfig. Perform the procedure from step 3 available at Register and deploy the first server (primary node).
During the initial network configuration, you can provide a different IP address.
-
Perform the same procedure for secondary node and continue with the procedure from step 3 available at Register and deploy the second server (secondary node).
-
To update the floating IP address:
-
Navigate to System > Deployment.
The Deployment page is displayed.
-
Click HA Settings.
-
Click Configure Floating IP Address for High Availability Mode.
-
Enter the floating IP address and click OK.
-
Does ADM support AMD processors?
No. ADM does not support AMD processors.
Deployment (Disaster Recovery)
How frequent does the replication happens between the primary site and disaster recovery site?
The replication between the primary site and the disaster recovery site is real time.
After initiating the backup script at the DR site, does the DR site becomes the temporary primary site, until the primary site is recovered and fully operational?
No. The DR site will now become the primary site. To revert the HA pair as the primary site, see Revert configurations to the original primary site
If the Break HA pair option is selected, both nodes operate as a standalone server. Since DR support is not applicable for standalone server, what happens to the DR site if Break HA pair is selected?
If you select Break HA pair option, the replication between the primary site and the DR site is terminated. You need to reconfigure the DR site as part of redeploying HA pair.
Event Management
How can I keep track of all the events that have been generated on my managed Citrix ADC instances using Citrix ADM?
As a network administrator, you can view details such as configuration changes, log on conditions, hardware failures, threshold violations, and entity state changes on your Citrix ADC instances, along with events and their severity on specific instances. You can use the Citrix ADM events dashboard to view reports generated for critical event severity details on all your Citrix ADC instances.
What are event rules?
Using Citrix ADM, you can configure rules to monitor specific events. Event Rules make it easier to monitor a large number of events generated across your Citrix ADM infrastructure.
You can filter a set of events by configuring rules with specific conditions and assigning actions to the rules. When the events generated meet the filter criteria in the rule, the action associated with the rule is run.
The conditions for which you can create filters are severity, Citrix ADC instances, category, and failure objects. The actions you can assign to the events are sending an email notification, forwarding SNMP traps from managed Citrix ADC instances to the Citrix ADM, and sending an SMS notification.
Instance Management
What happens if an ADC instance cannot connect to ADM after bandwidth allocation when you use Citrix ADC pooled capacity licensing?
If the heartbeat between the ADC instance and ADM fails, the instance enters a grace period of 30 days. And after communication is reestablished, pooled capacity licensing starts working. When in grace period, ADC functions are not affected. After 30 days of grace period, the ADC instance initiates warm restart and is unlicensed.
What are data centers in Citrix ADM?
A Citrix ADM data center is a logical grouping of the Citrix ADC instances in a specific geographical location. Each server can monitor and manage several Citrix ADC instances within a data center. You can use the Citrix ADM server to manage data such as syslog, application traffic flow, and SNMP traps from the managed instances. For more details on configuring data centers, see How to Configure Data Centers for Geomaps in Citrix ADM.
What are the different Citrix Appliances that are supported by Citrix ADM?
Instances are the Citrix appliances or virtual appliances that you want to discover, manage, and monitor from Citrix ADM. You must add these instances to the Citrix ADM server. You can add the following Citrix appliances and virtual appliances to Citrix ADM:
- Citrix MPX
- Citrix VPX
- Citrix SDX
- Citrix CPX
- Citrix Gateway
- Citrix SD-WAN WO
- Citrix SD-WAN PE
You can add instances either while setting up the Citrix ADM server for the first time or later.
What is an instance profile?
An instance profile is used by Citrix ADM to access an instance.
An instance profile contains the user name and password for access to one or more instances. A default profile is available for each instance type. For example, the ns-root-profile is the default profile for Citrix ADC instances. It contains the default Citrix ADC administrator credentials. When you change the credentials required for access to instances, you can define custom instance profiles for those instances.
Can we add unlimited SD-WAN instances in Citrix ADM? Can Citrix ADM handle all scalar and vector counters for SD-WAN?
Currently, there is no license limit on SD-WAN instances that can be added to Citrix ADM. Citrix ADM has a set of built-in reports that internally polls both scalar and vector counters.
Can I rediscover multiple Citrix VPX instances in Citrix ADM?
Yes, you can rediscover multiple Citrix VPX instances in Citrix ADM to learn the latest states and configurations of the instances.
Navigate to Networks > Instances > Citrix ADC > VPX, select the instances that you want to rediscover, and in the Action list click Rediscover. For more information, see How to Rediscover Multiple VPX Instances.
Can Citrix ADM be installed on Citrix SDX?
No
Can I add a Citrix ADC instance on the ADM software by using a public IP address?
Yes, you can by using network address translation (NAT).
-
For adding a single instance: use NAT IP of the public IP address of the ADC instance.
-
For adding an ADC HA pair: add the NAT IP addresses of the HA pair in this format:
<NAT public IP of the primary instance>#<NAT public IP of the secondary instance>
-
For adding an ADC cluster: add all the NAT public IP addresses of all the instances in the cluster, each separated by a comma, and add the NAT IP of the CLUSTER IP inside parentheses or round brackets. An example format: NAT1, NAT2, NAT3,(NATIP of CLUSTERIP).
For more information, see the following topics:
How to register a disaster recovery node if the DR node credentials are changed?
Reset the disaster recovery (DR) node credentials to nsrecover
/nsroot
using the following command:
./mps/change_freebsd_password.sh <username> <password>
<!--NeedCopy-->
To register a DR node, follow the steps in Deploy and register the Citrix ADM DR node using DR console.
StyleBooks
Can StyleBooks be used to configure different Citrix ADC instances running on different versions of the Citrix ADC software?
Yes, you can use StyleBooks to configure different Citrix ADC instances running on different versions if there is no discrepancy between the commands across different versions.
When a StyleBook is used to configure multiple Citrix ADC instances at the same time, and configuration of one Citrix ADC instance fails, what happens?
If applying the configuration to a Citrix ADC instance fails, the configuration is not applied to any more instances, and already-applied configurations are rolled back.
Do Citrix ADC backups made through Citrix ADC include configurations applied through StyleBooks?
Yes
System Management
Can I assign a host name to my Citrix ADM server?
Yes, you can assign a host name to identify your Citrix ADM server. To assign a host name, navigate to System> System Administration > System Settings, and click Change Hostname.
The host name is displayed on the Universal license for Citrix ADM. For more information, see How to Assign a Host Name to a Citrix ADM Server.
Can I back up and restore my Citrix ADM configuration?
Yes, you can back up configuration files (NTP files and SSL certificates), system data, infrastructure and application data, and all your SNMP settings. If your Citrix ADM ever becomes unstable, you can use the backed-up files to restore your Citrix ADM to a stable state.
To back up and restore your Citrix ADM configuration, navigate to System > Advanced Settings > Backup Files, and click Back Up or Restore as the case might be. For more information, see How to back up and Restore Configuration on Citrix ADM.
Citrix recommends that you use this feature before performing an upgrade or for precautionary reasons.
What are Thresholds and Alerts on Citrix ADM?
You can set thresholds and alerts to monitor the state of a Citrix ADC instance and monitor entities on managed instances.
When the value of a counter exceeds the threshold, Citrix ADM generates an alert to signify a performance-related issue. When the counter value returns to the clear value specified in the threshold, the event is cleared.
Can I generate a technical support file for Citrix ADM?
Yes. Citrix recommends that you generate an archive of Citrix ADM data and statistics before contacting technical support for debugging an issue. The archive is a TAR file that you can send to the technical support team.
You can generate a technical support file that contains debug logs, the duration for which debug logs were collected, and distinct and diverse logs from the Citrix ADM database.
To configure and send a technical support file, navigate to System > Diagnostics > Technical Support, and then, click Generate Technical Support File. For more information, see How to Generate a Tech Support File for Citrix ADM.
What is syslog purging?
Syslog is a standard protocol for logging. Syslog enables isolation of the system that generates information and the system that stores the information. You can consolidate logging information and derive insights from the collected data. You can also configure syslog to log different types of events.
To limit the amount of syslog data stored in the database, you can specify the interval at which you want to purge syslog data. You can specify the number of days after which all Generic Syslog data, AppFirewall data, and Citrix Gateway data will be deleted from Citrix ADM.
Can I configure NTP server on Citrix ADM?
You can configure a Network Time Protocol (NTP) server in Citrix ADM to synchronize the Citrix ADM clock with the NTP server. Configuring an NTP server ensures that the Citrix ADM clock has the same date and time settings as the other servers on the network.
To configure an NTP server, navigate to System > NTP Servers, and then click Add. For more information, see How to Configure NTP Server on Citrix ADM.
From which version is the Citrix ADM active-passive HA deployment supported?
The Citrix ADM active-passive HA deployment mode is supported from Citrix ADM version 12.0 build 51.24.
I had a Citrix ADM active-active HA setup and had configured a Citrix ADC appliance with load balancing virtual server on it for unified GUI access. How do I update this configuration?
After you upgrade the Citrix ADM HA pair to active-passive mode, you have to run the following command on the Citrix ADC appliance to update the load balancing configuration:
add lb monitor MAS_Monitor TCP-ECV -send “GET /mas_health HTTP/1.1\r\nAccept-Encoding: identity\r\nUser-Agent: NetScaler-Monitor\r\nConnection: close\r\n\r\n\”” -recv “{\“statuscode\“:0, \“is_passive\“:0}” -LRTM DISABLED
Can I configure load balancing of the Citrix ADM HA pair on a Citrix ADC Instance using port 443?
No, you cannot configure load balancing of the Citrix ADM HA pair on a Citrix ADC Instance using port 443.
When you configure the http-ecv
and https-ecv
monitors on Citrix ADC, it does not monitor the Citrix ADM HA nodes correctly.
Can a Citrix ADM server backup file be used to restore the configuration of another Citrix ADM server?
Yes
After Citrix ADM backs up a Citrix ADC instance, can that backup file be used to restore the configuration of another Citrix ADC instance through Citrix ADM?
Yes. Download the Citrix ADM backup file, upload it into another Citrix ADC instance’s backup repository, and restore that instance. Make sure that the network information and authentication information do not conflict. For example, check for IP-address or port conflicts, mismatched password profiles. Also make sure that the restored VPX instance has the same NSIP address and Citrix ADC license as the one that was backed up.
Before restoring an instance in a high availability pair, make sure the IP addresses and state (primary or secondary) stored in the backup file match those of the original HA configuration. Also verify that the new primary and secondary have the same type of Citrix ADC license.
Can we force Citrix ADM to use a SNIP address to communicate with the Citrix ADC instances, instead of using the NSIP address of the Citrix ADM server?
Yes, you can add a SNIP address (with management enabled) in Citrix ADM for communication with Citrix ADC instances.
When I back up Citrix ADC Instances in Citrix ADM, is the result a full back-up or a basic back-up?
Backups of Citrix ADC instances by Citrix ADM are full backups.
Is there a troubleshooting guide for Citrix ADM?
Yes. See https://support.citrix.com/article/CTX224502.
How are Citrix ADC instances managed when a Citrix ADM HA failover occurs?
If the heartbeat and SSH based check fails, the primary node is considered to be down and the secondary node takes over as the primary node. All the Citrix ADC instances are updated with the latest primary node details as their SNMP trap destination by default.
The new primary (active) Citrix ADM node checks to determine whether the previously active node was configured as the AppFlow collector or syslog server, if it was, the new primary adds the AppFlow collector or syslog server details to the information sent to the instances.
For syslog it replaces the old server details.
What happens when the Citrix ADM HA node that went down comes back up?
After returning to service, the Citrix ADM node remains passive unless the active node fails over
How are Citrix ADC instances distributed across Citrix ADM HA nodes?
All the Citrix ADC instances are managed by the primary Citrix ADM node.
How are virtual server licenses managed if there is Citrix ADM HA failover?
If the Citrix ADM primary node on which virtual server licenses are applied goes down, the new primary node manages the virtual server licenses for a grace period of 30 days. Reapply the licenses on the new primary before the end of the grace period. For alternatives, contact Citrix support.
Is a load balancer mandatory for a Citrix ADM HA setup?
No, but if there is no load balancer, Citrix ADM nodes must be accessed through their own IP addresses. The passive node is marked with the tag “Passive,” and Citrix recommends not to create any configurations on the passive node.
Does Citrix ADM support an external database?
No
Can a Citrix ADC instance that is being managed by Citrix ADM be used as a Load balancer for Citrix ADM HA?
Yes
What data is synchronized between Citrix ADM HA nodes?
Complete Citrix ADM database is synchronized, and the following folders are synchronized:
- /var/mps/tenants/root/
- /var/mps/ns_images/
- /var/mps/sdx_images/
- /var/mps/xen_nsvpx_images/
- /var/mps/cbwanopt_images/
- /var/mps/sdwanvw_images/
- /var/mps/mps_images/
- /var/mps/ssl_certs/
- /var/mps/ssl_keys/
- /mpsconfig/ssl/
- /var/mps/backup/
- /var/mps/esx_nsvpx_images/
- /var/mps/locdb/