Cannot reach Netscaler Gateway Page (FIPS)
Not able to form any TLS handshake with any LB VIP on ADC

ADC sends REST with code :: 9811

Transmission Control Protocol, Src Port: 443, Dst Port: 62706, Seq: 4271, Ack: 860, Len: 0
    Source Port: 443
    Destination Port: 62706
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence number: 4271
    Sequence number (raw): 2995350224
    [Next sequence number: 4271
    Acknowledgment number: 860
    Acknowledgment number (raw): 29244033
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x014 (RST, ACK)
    Window size value: 9811
    [Calculated window size: 156976]
    [Window size scaling factor: 16]
    Checksum: 0x0000 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0

ADC counters observed during incidences
=================================
tcp_err_send_rst
ssl_err_card_process_fail_rst
ssl_err_cvm_cmd_timeout
ssl_err_cvm_cmd_timeout_recovered
ssl_err_ngfips_key_cmd_timeout

Problem Cause

Daylight savings time changed and NTP Servers out-of sync with ADC.

Time mismatch between client-server created by Daylight saving time 2020 began at 2:00 AM Time stamp mismatch in client-server created by Daylight Saving time change and out-of sync NTP server.

TLS is time sensitive, ADC detects a time mismatch and teardown TLS Session sending a RESET with Code 9811

Note regarding REST code 9811
=============================
As part of TLS handshake :: After a "Change Cipher Spec" message from Client machine, ADC should send back another "Change Cipher Spec" confirming the newly created TLS Session, but instead ADC sends a RESET message with RESET code :: 9811 because it detected a time stamps mismatch.

Reset code 9811 means :: NSDBG_RST_ERRHANDLER: This reset code is used with SSL. After sending a Fatal Alert, the NetScaler sends a RST packet with this error code. If the client does not display any supported ciphers to the NetScaler appliance, the appliance sends a Fatal Alert and then this RST packet.

In this case this error code is deceiving because the client machine did displayed ciphers available to ADC, but ADC found a mismatch in Time Stamp TLS Session-ID and invalidates the Session.

Cipher used on this Session was :: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

Handshake Protocol: Server Hello
    Handshake Type: Server Hello (2)
    Length: 87
    Version: TLS 1.2 (0x0303)
    Random: 5e66690d10ed940e434f5ef414065933aac401eaf2806ad7…
    Session ID Length: 32
    Session ID: 1a1ff2f6e4aaa45336d6c8f3454892b324fea21528474cce…
    Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
    Compression Method: null (0)
    Extensions Length: 15
    Extension: application_layer_protocol_negotiation (len=11)