Users Intermittently Shown Blank Page After Upgrading NetScaler/Access Gateway Appliance to 10.0 Firmware
Article ID: CTX138301
Updated On:
Description
After upgrading to NetScaler/Access Gateway release 10 from 9.2 or 9.3 versions, users see a blank page intermittently when accessing NetScaler/Access Gateway logon page.
Resolution
Upgraded with Customizations in Place
You might observe this issue if customizations were performed to NetScaler in NetScaler software release 9.2 or 9.3. When upgrading from 9.2 or 9.3 to 10.0, these customization files remain the same causing this issue.
To resolve this issue, replace the nsshare.js file on the NetScaler which has the issue with the nsshare.js file from an upgraded NetScaler which did not have customization applied prior to being upgraded.Note: nsshare.js file is present in /netscaler/ns_gui/vpn directory.
A Session Already Exists for the User
When users try to log on to Access Gateway they get a blank page Intermittently after entering the credentials. If the admin runs the show aaa user command, they can find that the user had a session in the NetScaler appliance. When the user was trying to log on from a new client, the user was getting a blank page. After the admin terminates the user session in the NetScaler appliance, the user is able to log on without any problem.
When the user has a session already in the NetScaler appliance and is trying to log on from a new client, the Access Gateway should prompt for a TRANSFER logon. But a blank page is displayed. It is observed that setclient?agnt was getting HTTP/1.1 200 OK instead of HTTP/1.1 302 Object Moved.
GET /cgi/setclient?agnt HTTP/1.1Accept: text/html, application/xhtml+xml, */* Referer: https://example.com/vpns/choices.html Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: example.com Connection: Keep-Alive Cookie: domainvalue=ABC01; NSC_AAAC=12345678abcdefgh
HTTP/1.1 200 OK
Content-Length: 923 Cache-control: no-cache, no-store Pragma: no-cache Content-Type: text/html CONNECT urs.microsoft.com:443 HTTP/1.0 User-Agent: VCSoapClient Host: urs.microsoft.com:443 Content-Length: 0 Proxy-Connection: Keep-Alive Pragma: no-cache HTTP/1.0 200 Connection Established FiddlerGateway: Direct StartTime: 16:51:53.510 Connection: close GET /vpn/resources.js HTTP/1.1 Accept: application/javascript, */*;q=0.8 Referer: https://example.com/cgi/setclient?agnt Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept-Encoding: gzip, deflate Host: example.com Connection: Keep-Alive Cookie: domainvalue=ABC01; NSC_AAAC=12345678abcdefgh HTTP/1.1 200 OK Date: Thu, 14 Mar 2013 00:47:53 GMT Server: Apache Last-Modified: Wed, 13 Mar 2013 13:15:24 GMT ETag: "43a3-3cc9-4d7ce32e5d300" Accept-Ranges: bytes Content-Length: 15561 Keep-Alive: timeout=15, max=94 Connection: Keep-Alive Content-Type: application/javascript HTTP/1.1 200 OK Cache-Control: private, max-age=0 Content-Length: 255 Content-Type: text/xml; charset=utf-8 Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Wed, 13 Mar 2013 23:51:52 GMT Connection: close
RSA Token is in Next Token Mode
RSA next token code does not prompt and shows a blank page when RSA token is in next token mode. However, this was working before upgrading to NetScaler software release 10.
It should prompt for the New PIN for a first time user, as shown in the following screen shot:
It should then prompt for Next Token prompt, as shown in the following screen shot:
When logged on to the Radius server, the token status is NEXT TOKENCODE REQUIRED.
Issue/Introduction
Additional Information
