Error: "Failed sending epas" After Upgrading NetScaler Gateway to Version 10.5 59.11
Article ID: CTX204997
Updated On:
Description
NetScaler Gateway EPA scan fails with the following error after upgrading to version 10.5-59.11.
"Failed sending /epas"
This same configuration works when you roll backs to NetScaler Gateway 10.1 or any other 10.5 build.
Resolution
The fix for this issue is included in NetScaler Gateway 10.5-60.x and 11.0-64.2+ builds.
Problem Cause
The NetScaler Gateway EPA may fail if a high number of EPA scans are configured. The issue is caused due to the EPA encryption level on the plugin installed on client which is fixed in NetScaler Gateway 10.5-60.x and 11.0-64.2+ builds.
Issue/Introduction
Additional Information
The EPA scan may fail if a high number of EPA scans are configured as mentioned below:
Configuration for EPA is as below:
add aaa preauthenticationpolicy Pre-Auth-EPA-Windows-Devices "Required_Windows_OS && Required_Windows_AV && Required_Windows_FW" Pre-Auth-EPA-Action-Aw
bind vpn vserver nbs-s-censlb-ndc-ng-benorth -policy Pre-Auth-EPA-Windows-Devices -priority 100
add policy expression Required_Windows_OS "EPA_OS_Win7 || EPA_OS_Win8 || EPA_OS_Win81" -comment "Windows OSes"
add policy expression Required_Windows_AV "EPA_AV_WindowsDefender || EPA_AV_WindowsMSE || EPA_AV_Win_SymantecEP || EPA_AV_Win_Avast || EPA_AV_Win_AVG2 || EPA_AV_Win_AVG2015 || EPA_AV_Win_KasperskyAV || EPA_AV_Win_McAfeeAV || EPA_AV_Win_NortonAll" -comment "Antivirus on Windows OS"
add policy expression Required_Windows_FW "EPA_FW_Win_Firewall || EPA_FW_Win_SymantecEP || EPA_FW_Win_Comodo || EPA_FW_Win_KasperskyAV || EPA_FW2_Win_perskyAV || EPA_FW_Win_McAfeeAV" -comment "Firewall on Windows OS"
18:42:10.467 | EVENT | Making GET request to https://gateway.lab.com:443epas
18:42:10.467 | VERBOSE | [ Cookie: NSC_EPAC=********************************
CSEC: 9mMvLOfKfgojrmsGtCQH277x9h8ZARSsSR9RnYnEs4ebUnJsDf6Vxu0jzX/ATljxkZOFiUuEIpGR
lwg/7h9Em8znq2kgpTJKrCbfoVnp4GQu/5YBDwrrVIGgL+lSHo2vyn5wkQu/ZNWtqToIA9KvFA==
post body information is hidden >]
18:42:10.467 | ERROR | ns_GetLastError | 375 | HttpSendRequest -- Error 12150 The requested header was not found
18:42:10.467 | DEBUG | ns_HTTPrequest return value is: -4
18:42:10.467 | DEBUG | Failed sending GET epas. Return code: -4
18:42:10.467 | DEBUG | ns_start_epa returning Failed sending epas
18:42:10.467 | DEBUG | num_mallocPolicyBuffer=0
18:42:10.467 | DEBUG | releasing buffers
18:42:10.467 | DEBUG | ns_StopSSL called
18:42:10.467 | DEBUG | ns_UnloadSecurityLibrary done
18:42:10.467 | EVENT | EPA has successfully completed
When the scan passes with same expressions in 10.5-58.11 we see below in nsepa client logs:
17:44:34.458 ns_HTTPrequest: https://gateway.lab.com:443epas
17:44:34.458
<GET epas HTTP/1.1
Cookie: NSC_EPAC=********************************
CSEC: 33333333333333333333333300033333333333333333333333333333333333333333333333333333333333003333322232232222233
post body information is hidden >
17:44:34.474 HttpSendRequest -- Error 12057 unknown
17:44:34.490 downloaded total 118 bytes
17:44:34.490 ns_HTTPrequest return value is: 118
17:44:34.490 Received headers size 80
17:44:34.490 ns_start_epa returning passed
17:44:34.490 num_mallocPolicyBuffer=0
17:44:34.490 releasing buffers
17:44:34.490 ns_StopSSL called
17:44:34.490 ns_UnloadSecurityLibrary done
17:44:34.490 nsepa: DONE
If we take nstrace on NetScaler and reproduce the issue, we could not see the GET request for /epas reaching NetScaler.
But in working nstrace we do see /epas GET request reaching NetScaler and NetScaler responding with 200 OK:GET /epas HTTP/1.1Cookie: NSC_EPAC=d85b1108e690bf6ae4e4ab432e398573
CSEC: w8bcQVcSq9R9j1delqJdHVDbj3H9ytIf7ol4mDnEeR3CFyJECEtHMRRkBw9LQMqVkhExKLFUJx7CroT8JiCkGsK6i7Si2rW+EUaIGeWYtJng2dyWtcSBdMPLKAchCm84r+1TBrB3Rn55/qOgtSa1tA==
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; AGEE 8.0;)
Host: gateway.lab.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 24
Cache-control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
czOZP3hVfMTNBrZqaZkY3g==
