In a nutshell big picture idea is: Each GSLB VS in both sites should be linked the GSLB Service of the desired Active GSLB Site.

Say you have GSLB Site A and Site B with one App called "citrite" you'd like to provide GSLB service.

LB VIP and Services elements In Site A are:

=================

GSLB VServer name citrite

GSLB VServer name citrite-backup

Service name citrite-on-SiteA (local site citrite app ip)

Service name citrite-on-SiteB (remote site citrite app ip)

LB VIP and Services elements In Site B are:

=================

GSLB VServer name citrite

GSLB VServer name citrite-backup

Service name citrite-on-SiteA (remote site citrite app ip)

Service name citrite-on-SiteB (local site citrite app ip)

If you want to make Site A the Active site, then the config should look like this:

Site A

===========

GSLB VServer citrite linked to citrite-on-SiteA (local)

GSLB VServer citrite-backup linked to citrite-on-SiteB (remote)

Site B

===========

GSLB VServer citrite linked to citrite-on-SiteA (remote)

GSLB VServer citrite-backup linked to citrite-on-SiteB (local)

Testing

=============

To test this config, you can disable the service in the desired Active GSLB site and query the ADNS Service directly from any PC that have DNS access to it with 

#nslookup -type=A <domain-name> <adns_ip_siteA>

#nslookup -type=A <domain-name> <adns_ip_siteB>

These software applications are provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities.NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.

In some cases customer's security posture between GSLB sites won't allow RPC calls on port 3008 to traverse the network and only MEP traffic on port 3009 is allowed.

This condition will not allow GSLB config auto-sync, and the GSLB Wizard in the Web UI will fail to configure GSLB Active-Passive on the remote GSLB site.

The only solution then is to "go rouge" and configure GSLB manually on the remote site to act as Active-Active or Active-Passive. This article explain the process to create an Active-Passive GSLB deployment manually.