Release Notes for NetScaler ADM 14.1–8.50 Release
This release notes document describes the enhancements and changes, fixed and known issues that exist for the NetScaler ADM release Build 14.1–8.50.
Notes
- This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
What’s New
The enhancements and changes that are available in Build 14.1–8.50.
Management and Monitoring
Support for identification and remediation of CVE-2023-4966 and CVE-2023-4967
Note:
You can view the CVE-2023-4966 and CVE-2023-4967 details only if you have enabled Security Advisory through ADM On-Prem Cloud Connector. For more information, see ADM On-Prem Cloud Connector
NetScaler ADM Security Advisory now supports the identification and remediation of CVE-2023-4966 and CVE-2023-4967.
- Identification requires a combination of version and configuration scan.
- Remediation requires an upgrade of the vulnerable NetScaler instances to a recommended build that has the fix.
Note:
Security Advisory does not support NetScaler builds that have reached End of Life (EOL). We recommend you upgrade to the NetScaler supported builds or versions.
For more information on how to use NetScaler ADM to upgrade NetScaler instances, see Use jobs to upgrade NetScaler instances.
For more information, see Security Bulletin.
[NSADM-101092]
Analytics
Support to configure the export of metrics from NetScaler to Prometheus through StyleBook
To export metrics from NetScaler to Prometheus, you must create an analytics profile in NetScaler and specify the schema file. For more information, see Monitoring NetScaler, applications, and application security using Prometheus.
In Applications > Configuration > Stylebooks > Default Stylebook, you can now use the Prometheus TimeSeries Analytics Configuration StyleBook and run the configuration to all managed instances.
For more information, see Prometheus analytics StyleBook.
[ NSADM-97698 ]
View the root cause for application latency
Application slowness is a major concern for any organization because it results in business impact or productivity. In Applications > Web Insight, you can now view a new metric called Applications with Response Time Anomalies. Using this metric, as an administrator, you can analyze whether the application latency arises from the following causes:
- Client network latency
- Server network latency
- Server processing time
For more information, see View the root cause for application latency.
[ NSADM-97530 ]
Configuration Job - Support to create a job for configuring export of metrics from NetScaler to Prometheus
To export metrics from NetScaler to Prometheus, you must create an analytics profile in NetScaler and specify the schema file. For more information, see Monitoring NetScaler, applications, and application security using Prometheus.
In Configuration Job, you can now create a job using the NSConfigurePrometheusAnalyticsProfile template from the Inbuilt Template, specify the required parameters, and run the job to all managed instances.
For more information, see Schedule jobs created by using built-in templates.
[ NSADM-97251 ]
Assign a Net Profile for the managed NetScaler from NetScaler ADM
When you enable analytics for the virtual servers in NetScaler ADM, the AppFlow data from the NetScaler is exported to NetScaler ADM through the NetScaler subnet IP address (SNIP). In some scenarios, the SNIP might be blocked because of the firewall in the network. In such scenarios, you might have to use a different IP address than the SNIP. For more information about net profile, see Use a specified source IP for back-end communication.
You can now assign net profiles to a NetScaler instance through NetScaler ADM. Navigate to Infrastructure > Instances > NetScaler, select the instance, and from the Select Action list, click Configure Net Profiles to assign a net profile for the instance.
Note:
Ensure that you have disabled analytics in all virtual servers before you assign a net profile for the instance.
With this enhancement, you can assign a net profile for exporting AppFlow data from NetScaler to NetScaler ADM.
[ NSADM-91836 ]
Infrastructure
Improvements to upgrade failure scenario
When an upgrade job (Infrastructure > Upgrade Jobs) fails, the failure job results in disk space issues due to the presence of the build files and other extracted files. As a result, the next upgrade job also fails.
The upgrade job failure scenario is now improved. If an upgrade job fails, NetScaler ADM removes the old build file from the NetScaler instance.
[ NSADM-97383]
Rebranding changes
Citrix ADM is now rebranded to NetScaler ADM. To align with the new branding, the ADM GUI is also updated.
[ NSADM-97365 ]
Access policy for on-prem agent
When you create an Access Policy with Edit access for ADM agent in Settings > Users & Roles > Access Policies, the users associated with this policy can now register agent with their credentials.
[ NSADM-97337 ]
Data Storage Management dashboard available in NetScaler ADM GUI
In Settings > Data Storage Management, you can now view and manage the data storage information across the different features in your current deployment. The Data Storage Management dashboard helps you visualize how the storage is consumed across the features and helps you monitor if storage consumption is within the specified threshold.
The dashboard offers the following features:
-
Data Ingestion, Storage Consumption, and Actions tiles: The tiles provide you:
- Status of the data ingestion activity
- Information about your consumed data and total available disk space
- Options to review data retention policy, perform data pruning and review your system notifications
- Storage Consumption Trend: Helps you visualize how the data is stored across the different features over a time period
-
Storage Consumption by features:
- Displays the distribution of data storage by different features
- Allows you to perform data prunes, view the history of data prunes, and view the features removed in each data prunes
For more information, see Use Data Storage Dashboard.
[ NSADM-97320 ]
Support for SSL certificate store in NetScaler ADM
You can now manage your SSL certificates in Infrastructure > SSL Dashboard > Certificate Store.
Use Certificate Store to:
- Add, update, and delete certificates
- Install certificates on NetScaler instances
- Import certificates from NetScaler instances
For more information, see How to use certificate store.
[ NSADM-97257 ]
User session limit changed to 40
In Settings > Users and Roles > Groups, you can configure up to 40 user sessions. By default, you are assigned 20 user sessions. However, if you belong to the admin and read-only user groups, you are assigned 40 user sessions by default and this value cannot be changed.
[ NSADM-95314 ]
Retry failed upgrade jobs
In Infrastructure > Upgrade Jobs, you can now select the failed upgrade job and do either of the following actions:
- Click Retry next to the failed upgrade job
- Go to Select Action > Retry Upgrade Job
For more information, see Retry failed upgrade jobs.
[ NSADM-93439 ]
ADM On-Prem Cloud Connector
You can use the Cloud Connector Feature to establish a connection between ADM On-Prem and ADM service. This connectivity enables you to leverage the Security Advisory feature in ADM On-Prem. Security Advisory enables you to track any new Common Vulnerabilities and Exposures (CVEs), assess the impact of CVEs, understand the remediation, and resolve the vulnerabilities. As an administrator, you can monitor the NetScaler instances for any new CVEs through the periodic scan or by manually scanning, and take required action for the remediation.
For more information, see ADM On-Prem Cloud Connector.
[ NSADM-92204 ]
Security Advisory on NetScaler ADM
You can configure ADM On-Prem Cloud Connector and enable Security Advisory to use the full version of the Security Advisory feature in ADM on-prem. Earlier, the Security Advisory was only available in the preview version.
For more information, see Security Advisory.
Note:
If you have not configured or if you have disabled the ADM On-Prem Cloud Connector, you can use the Security Advisory only as a preview version.
For more information about ADM On-Prem Cloud Connector, see ADM On-Prem Cloud Connector.
[ NSADM-91726 ]
Management and Monitoring
Authentication required for StyleBook operations to access NetScaler instances
As an administrator, you can now request users to provide credentials for all StyleBook and config pack operations performed on NetScaler instances. To enable this feature, follow these steps:
- Navigate to Settings > Administration > System, Time Zone, Allowed URLs, and Agent Settings > Basic Settings
- Select Prompt Credentials for Instance Login
- Select Prompt Credentials for Stylebook Operations
Alternatively, if you select Prompt Credentials for Instance Login and clear Prompt Credentials for Stylebook Operations, StyleBook and config pack operations performed on NetScaler instances are not prompted for a user name and password.
For more information, see How to enable shell access for non default users.
[ NSHELP-35432 ]
Read-only access to NetScaler ADM backup files and user sessions
Users with read-only access can now view the following pages:
Settings > Users & Roles > Sessions*
Settings > Backup Files
[ NSHELP-35431 ]
Configure data ingestion threshold
You can now configure a data ingestion threshold in Settings > Data Storage Management > Data Retention Policy > System > Data Ingestion Setting. With this setting, you can configure the system-level process to stop when the data storage reaches the threshold value. The accepted threshold values are 50% - 80%.
For more information, see Data retention policy.
[ NSHELP-35237 ]
ADM version and IP address available in the technical support filer
The ADM version and IP address is now available in the technical support file from Settings > Diagnostics > Generate Technical Support File.
[ NSHELP-33551 ]
StyleBooks
The following features are now available in StyleBooks:
- Data Sources: Use NetScaler instances as data sources or create custom data sources.
- GitHub Enterprise: Import and sync StyleBooks and config packs from your GitHub Enterprise Server.
- Built-in functions: The following built-in functions are added:
match()contains()select()hash_sha256()relate()splat()
- StyleBook definitions: Update custom StyleBook definitions directly from the NetScaler ADM GUI.
- Config packs from GitHub Repository: Import and synchronize config packs from a GitHub repository. Previously, only StyleBooks were allowed.
-
botinsightattribute: Configure thebotinsighttype in theinsightssection of StyleBooks.
[ NSADM-97841 ]
Support for additional attributes in StyleBooks analytics
The StyleBooks analytics section is now enhanced to:
- Accept parameters to configure Transport Mode (transport-mode)
- Configure HDX Insight for different types of traffic(enable-hdxinsight-for)
- Enable HTTP X-Forwarded-For option (http-x-forwarded-for)
- Enable Client side Measurements (client-side-measurements)
For more information, see StyleBooks grammar.
[ NSADM-97839 ]
Fixed Issues
The issues that are addressed in Build 14.1–8.50.
Analytics
-
The periodic pruning of the App Dashboard data did not function as expected. As a result, NetScaler ADM consumed more disk space.
[ NSHELP-36184 ]
-
When NetScaler ADM loses the virtual server licenses, the analytics status for the virtual servers using those licenses is expected to be disabled. This scenario was not working as expected for the VPN virtual servers.
[ NSHELP-36183 ]
Infrastructure
-
In Gateway > HDX Insight and Gateway > Gateway Insight, the X-axis of the graphs displays dates instead of time.
[ NSHELP-36043 ]
-
The NetScaler ADM HA pair fails to recover from the split-brain scenario due to a synchronization failure in heartbeat communication.
[ NSHELP-35934 ]
-
The Customer User Experience Improvement Program (CUXIP) feature is enabled for users and their usage data is collected even after the admin disabled CUXIP in Settings > Administration > CUXIP Settings.
[ NSADM-101771 ]
-
When you, as a root administrator, log on to NetScaler ADM GUI or API with default credentials for the first time, you were not prompted to change the default password. With this fix, you are forced to change the default password.
[ NSADM-95328 ]
-
When multiple SNMP users are created simultaneously using a script, the SNMP requests to ADM fail.
[ NSADM-83924 ]
Management and Monitoring
-
Folders created within the NetScaler ADM backup directory are not removed during the backup delete operation that is scheduled every 2 hours.
[ NSHELP-35911 ]
-
Authentication with external LDAP intermittently fails in NetScaler ADM and is resolved only by restarting NetScaler ADM.
[ NSHELP-35733 ]
-
ADM mas_perf subsystem crashes and an event message is displayed in Settings > ADM System Events.
[ NSHELP-35711 ]
-
Users are unable to view their authorized applications in Applications > App Dashboard. This issue is seen when users belong to many groups and each group has many applications.
[ NSHELP-35165 ]
-
A Qualys Scan performed on NetScaler ADM reported weak SSL/TLS key exchange active vulnerability on PostgreSQL ports.
[ NSHELP-34487 ]
-
If NetScaler disconnects from the license server and connects back within 10 minutes, the license checked out by the NetScaler might appear twice on the license server. Restart the license server to free this stale entry.
[ NSHELP-35420 ]
Provisioning
-
When you provision NetScaler VPX on Cloud (Infrastructure > Instances > NetScaler > VPX > Provision) using ESXi or VMware vCenter, the licensing configuration is ignored.
[ NSHELP-35984 ]
-
The NetScaler VPX provision on VMware vCenter (Infrastructure > Instance > NetScaler > VPX > Provision) fails because of the same name that was used in the previously deleted VPX instance.
[ NSHELP-35983 ]
StyleBooks
-
If you create a config pack from a StyleBook definition that has an authentication virtual server and built-in cache policy bindings, and then you delete the config pack, the deletion is successful. However, if you try to create the config pack again with the same parameters, the following error message appears:
Resource already exists.[ NSHELP-35646 ]
-
When you try to migrate a NetScaler configuration from a source NetScaler instance to a target instance in Applications > Configuration > Config Packs > Migrate NetScaler > Get Started > Specify Configuration, and click Next, the following error message is displayed intermittently:
No Job found.[ NSADM-97948 ]
Known Issues
The issues that exist in release 14.1–8.50.
Infrastructure
-
In Infrastructure > Instance Advisory > Security Advisory, when you select a vulnerable NetScaler instance with a CVE and click Proceed to Upgrade workflow, the following error message is displayed:
“Selected NetScaler instance does not require this remediation workflow”
Workaround: Manually upgrade the NetScaler instance from Infrastructure > Upgrade Jobs.
[ NSADM-103649 ]
-
After a new NetScaler ADM is configured, the following error message might appear:
Error in operation - Metrics not found.This issue occurs because the automatic data purge job has not been executed yet, resulting in the absence of data. The job is scheduled to run for 3 hours, and after it runs, the necessary data is generated, and the error message no longer appears.
[ NSADM-103157 ]
-
When a report from a scrollable page in NetScaler ADM is exported, the exported report may truncate content that extends beyond the visible window’s height.
[ NSADM-102765 ]
-
When you try to install a certificate on a NetScaler BLX instance, the installation fails and the Infrastructure > SSL Dashboard > SSL Audit Logs page displays the following error message:
SCP: Authentication by password fails on _<ip-address>_.[ NSADM-102202 ]
-
The NetScaler agent does not get registered to NetScaler ADM if either of their passwords has a %23 symbol.
[ NSADM-100613 ]
Management and Monitoring
-
In an ADM HA pair, the database status observed to be in Down status and not synchronizing even after trying with Sync Database option in the GUI for several times.
[ NSHELP-29626 ]