NetScaler Gateway uses Client IP as Source IP when contacting STA server, even after USIP is disabled
Article ID: CTX237527
Updated On:
Description
When USIP mode is enabled globally, we see NetScaler using Client IP to validate the ticket with STA server. This behavior is still present even if we disable USIP now.
NetScaler regularly monitors the STA servers configured on Gateway. They remain UP as NetScaler does not use Client IP to monitor them.
Reproduction steps:
- Enable USIP mode globally.
- Create new NetScaler Gateway VIP with ICA proxy.
- Try to launch an ICA Application/Desktop from any Receiver/Browser.
- App launch will fail at this point.
- Now disable USIP mode and still app launches fail.
Behavior:
New NetScaler Gateway Vserver's created after USIP mode was disabled work fine.
Resolution
Reboot the NetScaler or re-configure the NetScaler Gateway VIP with STA servers.
This is per NetScaler design.
It does not use USIP mode for STA scheduled monitoring as this is NetScaler generated traffic and USIP mode is not applicable here.
Problem Cause
STA servers are dynamic servers, and they inherit USIP configuration globally when they are created. After that, any modification to USIP global setting does not affect these services.This is per NetScaler design.
It does not use USIP mode for STA scheduled monitoring as this is NetScaler generated traffic and USIP mode is not applicable here.
Issue/Introduction
When USIP mode is enabled globally, we see NetScaler using Client IP to validate the ticket with STA server. This behavior is still present even if we disable USIP now.
Was this article helpful?
Yes
No
Powered by
