After VPN tunnel established to NetScaler gateway, user encounter access issue s to backend server with error message:
"Websocket connection to 'ws:///ws/notification/site-msg/' failed: Connection closed before receiving a handshake responser"

1. Enable WebSocket support in http profile for VPN virtual server. Configuration guide, click Enable WebSocket on HTTP profile.
2. Diagnose and address potential networking block issues between the NetScaler (NS) and the backend server.
   1. To locate the failure point, you may collect packet trace on the intermediate networking devices to track the source of the RESET packet.

Problem Cause

It's a network issue involving a VPN virtual server and WebSocket connections between NetScaler(NS) and backend server:

• The VPN virtual server, as observed in network traces (nstrace), sent a RESET packet to the client with a reset code of 9872.
  • Reset code 9872 indicates that a WebSocket upgrade request was dropped because WebSocket was disabled in the HTTP profile.
  • The customer had not enabled WebSocket connections in the HTTP profile for the VPN virtual server.
• After enabling WebSocket connections in the HTTP profile for the VPN virtual server, the issue persisted.
  • According to the NS network trace, the NS sent a WebSocket upgrade request to the backend server, but the backend server responded with a RESET packet to the ADC.
  • It is advised to instruct the customer to investigate the backend server and network devices to further diagnose and resolve the issue.