Build 118.7

Release version: Citrix NetScaler, version 10.1 build 118.7

Replaces build: None

Release date: June 2013

Release notes version: 2.0

Language supported: English (US)

Note: Unless stated otherwise, an issue applies to all NetScaler build types (nCore and nCore VPX).

Enhancements

Oracle Monitor Support

ENH ID 0364085: You can now create a load balancing monitor for an Oracle DBMS server by using the new Oracle-ECV monitor type. The supported data types are BINARY_DOUBLE, BINARY_FLOAT, CHAR, DATE, INTERVALDS, INTERVALYM, NUMBER, NVARCHAR, TIMESTAMP, TIMESTAMP_WITH_LOCAL_TIME_ZONE, and TIMESTAMP_WITH_TIME_ZONE.

You can configure the monitor by using the NetScaler command line or the configuration utility.

To create and configure an Oracle-ECV monitor at the command line, type:
 add lb monitor <monitorName> oracle-ecv [ parameters... ]
Example:
 add lb monitor oracle-monitor5 ORACLE-ECV -userName hr -database xe -sqlQuery 
"select Name from testlb" -evalRule "ORACLE.RES.ATLEAST_ROWS_COUNT(1)"
Where:
  • username is the name of the database user.
  • database is the database for query
  • sqlQuery is the query to be sent to server
  • evalrule is the rule to be evaluated against the response
Note: Database user has to be configured using 'add db user hr -password passwd'

To create or configure an Oracle-ECV monitor by using the configuration utility, navigate to Traffic Management => Load Balancing => Monitors, and then click Add to create the monitor or select an existing monitor and then click Open to configure the monitor.

The new expressions that support the Oracle-ECV monitor are as follows:
  • ORACLE.RES.ATLEAST_ROWS_COUNT(n) Determines whether the query response contains at least the specified number of rows.
  • ORACLE.RES.ROW(i).NUM_ELEM(j).eq(n) Determines whether the value located at the specified row and column is equal to the specified number. You can substitute other valid numeric operations for "eq". ORACLE.RES.ROW(i).IS_NULL_ELEM(j) Determines whether the value located at the specified row and column is NULL.
  • ORACLE.RES.ROW(i).TEXT_ELEM(j).eq("pattern") Determines whether the value located at the specified row and column matches the specified pattern. You can substitute other valid text operations for "eq".

NetScaler and XenMobile Solution for Enterprise Mobility

ENH ID 0365382: Citrix NetScaler deployed with XenMobile Mobile Device Management (MDM) provides the ability to scale, ensure high availability for apps, and maintain security.

Use the XenMobile MDM Setup wizard on the NetScaler configuration utility to configure the following two deployment scenarios:
  • Load balance XenMobile Device Managers (MDM servers): In this scenario, the NetScaler appliance sits between the client and the XenMobile MDM servers to load balance encrypted data from mobile devices to the XDM servers.
  • Load balance MS Exchange servers with email filtering: In this scenario, the NetScaler appliance sits between the client and the XNC and CAS servers. All requests from the client devices go to the NetScaler appliance, which then communicates with the XNC to retrieve information about the device. Based on the response from the XNC, the NetScaler either forwards the request from a whitelisted device to the backend server, or drops the connection from a blacklisted device.

For more information, see the "NetScaler and XenMobile Solution for Enterprise Mobility" deployment guide.

Low Encryption Licenses for Russia

ENH ID 0349674: A NetScaler MPX appliance for customers in Russia initially ships with a low encryption license. After proper authorization from the Russian agency, customers can upgrade to a Standard, Enterprise, or Platinum software edition, which enables high-encryption SSL performance on the appliance.

Backing up and Restoring a NetScaler Appliance

ENH ID 0367021: You can now back up the NetScaler appliance at any time and then use the backup to restore the same appliance to that state.

For more information, see Backing Up and Restoring the NetScaler Appliance.

First Time User Wizard Changes

The look and feel of the first time user wizard has changed.

Provisioning Third-Party Instances on a NetScaler SDX Appliance

You can now provision the following third-party virtual machines (instances):
  • ENH ID 0329072: SECUREMATRIX® GSB—Provides a highly secure password system that eliminates the need to carry any token devices.
  • ENH ID 0329072: Websense® Protector—Allows enterprises to deploy a data loss prevention (DLP) solution to protect sensitive enterprise information.
  • ENH ID 0349549: BlueCat DNS/DHCP Server—Provides a DNS, DHCP, and IP Address Management software solution for enterprises.
Important: You must upgrade to XenServer version 6.1.0 before provisioning a third-party instance on the SDX appliance.

Upgrading the XenServer Software

ENH ID 0322368: You must upgrade the NetScaler SDX appliance to XenServer version 6.1.0 to enable functionality of some features, such as LACP and third-party virtual machines. The process of upgrading the XenServer software involves uploading the build file of the target build to the Management Service, and then upgrading the XenServer software.

Configure Link Aggregation from the Management Service

ENH ID 0257892: You can now configure link aggregation from the Management Service at the time of provisioning a NetScaler instance, or later by modifying an instance. An aggregated link is also known as a channel. The interfaces that form part of a channel are not listed in the Network Settings view shown when you add or modify a NetScaler instance. Instead of the interfaces, the channels are listed.

NetScaler Insight Center

  • ENH ID 0341904: NetScaler Insight Center supports clearing AppFlow configurations from a virtual server.
  • ENH ID 0381072: NetScaler Insight Center supports sending syslog messages to an external syslog server.
  • ENH ID 0388409: On the Dashboard > HDX Insight > Users > <user name> page, the application and gateway reports display the active applications by default.
  • ENH ID 0392732: The HTML Injection feature is now available for Web Insight data collection on platinum licenses of NetScaler 10.0 appliances and on all licenses of NetScaler 10.1 appliances.
  • ENH ID 0395659: The ICA AppFlow records of NetScaler Insight Center were previously available only with Platinum licenses of NetScaler appliances. This release supports the Enterprise licenses as well.

Changes and Fixes

AAA Application Traffic

  • Issue ID 0372362: When KCD is configured with a content switching virtual server, the NetScaler appliance might hang or crash. The cause is a GET request with multiple authorization headers. (Only one authorization header is expected.)
  • Issue ID 0387076: On a NetScaler appliance with AAA enabled and KCD single sign-on configured, after several single sign-on requests are successfully authenticated, the virtual server principle can unexpectedly become blank. When this happens, subsequent authentication requests fail.
  • Issue ID 0390037: After authentication, if AAA generates the URL redirect, it rewrites the query portions of certain URLs into base 8 ASCII string equivalents instead of passing on the original strings.
  • Issue ID 0391105: A NetScaler appliance that has AAA-TM configured for authentication with a RADIUS Server might generate intermittent logon failures with the error message HTTP/1.1 Internal Server Error 6.

Application Firewall

  • Issue ID 0351544: The application firewall now supports sessionless cookie proxying on NetScaler cluster configurations that do not use the spotted VIP feature.

Application Firewall Signatures

  • Issue ID 0376437: To improve performance, when processing buffer overflow signatures the application firewall now evaluates PCRE regular expressions only when the minLength parameter is set.
  • Issue ID 0384103: You can now configure the JSON content types for your application firewall in the Manage JSON Content Types dialog box in the global settings. The dialog box is nearly identical to the Manage XML Content Types dialog box.
  • Issue ID 0390804: If you configure an application firewall profile but do not bind any signatures to it, the NetScaler appliance becomes unresponsive or fails if a user sends a request with a JSON body to a web site protected by that profile.

Cluster

  • Issue ID 0370814: A newly added node cannot synchronize the cluster configuration, because it cannot establish a connection to the cluster configuration coordinator. This issue might arise if the configuration coordinator rpcNode password on the new node is not the same as that on the configuration coordinator.

Configuration Utility

  • Issue ID 0360163: You cannot configure a GSLB service for which a server is not configured on the NetScaler appliance. The configuration utility displays the message Server must be specified.
  • Issue ID 0369583: If you use the configuration utility to view a Responder action, the Responder Actions page is reloaded.
  • Issue ID 0369900: When search results do not fit onto one page, duplicate records might appear on the second and subsequent pages.
  • Issue ID 0387554: On NetScaler appliances that run the cluster OS, user-defined control policies are not listed in the control flow and therefore do not appear in the Policy Manager. After these policies are bound to Global or an appropriate bind point, they are listed in the data flow.

Content Switching

  • Issue ID 0397673: When you configure a content switching rule that is evaluated before the user authenticates with AAA-TM, and the rule is supposed to redirect users to a specific virtual server on the basis of the user name, the rule fails.

Documentation

  • Issue IDs 0395277 and 0395282: The PDF format of NetScaler product documentation is no longer packaged with the NetScaler MPX, VPX, and SDX software. NetScaler product documentation is available in HTML format on the eDocs product library web site. You can generate a PDF for any topic from eDocs.

    To access NetScaler documentation on eDocs, see http://support.citrix.com/proddocs/topic/netscaler/ns-gen-netscaler-wrapper-con.html.

Global Server Load Balancing

  • Issue ID 0394328: On a NetScaler appliance that has both a monitor and a GSLB view bound to a GSLB service, occasionally the view binding is not visible from the CLI and is not saved in ns.conf although the GSLB service is properly configured and UP.

Load Balancing

  • Issue ID 0376173: If two NetScaler appliances in a high-availability configuration have TCPB mode enabled globally, and you create a DNS TCP service, the service might be successfully created on the primary NetScaler appliance but fail on the secondary appliance.
  • Issue ID 0387253: When you create a new load balancing server on the configuration utility, occasionally a series of error messages appear indicating that the Load Balancing feature is not licensed, and you are unable to create the virtual server.
  • Issue ID 0391273: When you add a new server to an existing service group, the services in the group might be designated as DOWN even though monitoring probes succeed. To enable the services, unset the virtual server spillover method. They are then correctly designated as UP.

NetScaler Insight Center

  • Issue IDs 0377737 and 0365977: NetScaler Insight Center appliance fails to respond.
  • Issue ID 0378044: On the Configuration > Inventory > Application List page, the values for number of applications displayed and total number of applications can be incorrect.
  • Issue ID 0378652: The Page analysis button is in the wrong place and not functional on the Dashboard > Web Insight > URL page.
  • Issue ID 0381522: On the Dashboard > HDX Insight > Applications page, the Total Session Launch count displays an incorrect number of sessions launched.
  • Issue ID 0385895: The graph of user applications, which appears when you navigate to Dashboard > HDX Insight > Users <username> > <sessionID> >Applications > More <application name>, is incorrectly plotted.
  • Issue ID 0386543: No graph is plotted for users on the page that appears when you click the Dashboard > HDX Insight > Users <username> > <SessionID> > Applications > More button.
  • Issue ID 0387257: The introduction that appears when you log on to a new NetScaler Insight Center appliance provides only Web Insight information. It does not provide information about HDX Insight.
  • Issue ID 0388093: When the Dashboard tab displays reports, the text that appears when you on click the orange icon beside a metric does not accurately describe the licensing issue.
  • Issue ID 0388453: On the Configuration > Inventory > Application List page, after you right-click a VPN application and select Enable AppFlow, then clear the ICA check-box and click Enable AppFlow, AppFlow is shown enabled, but no data is collected and therefore no reports are displayed on the Dashboard > HDX Insight page.
  • Issue ID 0388650: NetScaler appliance crashes when AppFlow is enabled on the virtual servers from Netscaler Insight Center appliance.
  • Issue ID 0390581: On the Dashboard tab, in some cases, the breadcrumb navigation does not display any text for labels.
  • Issue ID 0391336: The HDX Insight node appears even if all NetScaler appliances have only standard licenses. The node is supposed to appear only when at least one appliance has an Enterprise or Platinum license.
  • Issue ID 0391477: You cannot enable Appflow on a VPN application for which you have specified an expression from the drop-down list.
  • Issue ID 0392515: Data collection cannot be enabled on virtual servers (load balancing, content switching, or VPN) that have space characters in their names.

NetScaler SDX Appliance

  • Issue ID 0385037: If the /var/mps/policy/mps_policy_backup.xml file is empty or corrupted, the appliance performs a core dump and the Management Service user interface is blank.

Networking

  • Issue ID 0359348: For an IPv6 load balancing virtual server that belongs to a traffic domain, and for which the persistence is set as cookieinsert, the NetScaler appliance does not insert the correct cookie in its response.

Platform

  • Issue ID 0360223: In certain cases, error messages on the console of an MPX 5550/5650 or MPX 8200/8400/8600 appliance continuously scroll if the physical registers are not correctly read.
  • Issue ID 0373125: The NetScaler hardware might sometimes report incorrect values for system health counters. The health counters are read over the SMBus, which is prone to reporting wrong or zero values.

SNMP

  • Issue ID 0246215: A new SNMP alarm, vridStateChange, indicates the change of the state of a VRID from backup to master in an active-active configuration. The NetScaler appliance in which the state of a VRID changes to master sends a trap message for each VIP address bound to that VRID to the configured SNMP managers, indicating that the NetScaler appliance is currently serving traffic for a particular VIP address bound to that VRID. If no VIP addresses are bound to that VRID, the appliance does not send any trap messages.

SSL

  • Issue ID 0392683: In some cases, parsing an incorrectly formatted client certificate might take more than a few seconds. The delay can trigger the monitoring logic to terminate the process and restart the appliance.

System

  • Issue ID 0384153: When selective acknowledgement (SACK) and partial buffering are enabled on the appliance, acknowledgements with incorrect TCP checksum are forwarded to the server.
  • Issue ID 0392293: The NetScaler wrongly advertises TCP buffer size to the client side when dynamic windows management is enabled and the service-side buffer size is greater than 40k. This issue is observed when two different TCP profiles are bound to the virtual server (buffer size is 8k) and the service (buffer size > 40k) and causes failure when the NetScaler is uploading files.

Known Issues and Workarounds

Application Firewall

  • Issue ID 0372768: If you use the default browser PDF plugin to view an application fIrewall report, embedded links might be inactive.

    Workaround: Use the Adobe PDF browser plugin.

  • Issue ID 0399596: When you update the application firewall signatures from the NetScaler command line, you must first update the deafult signatures, and then issue additional update commands to update each custom signatures file that is based on the default signatures. If you do not update the default signatures first, a version mismatch error prevents updating of the custom signatures files.

    For example, if you have two sets of custom signatures named "custom_signatures" and "custom_signatures_2" that are based on copies of the default signatures file, you would update the signatures on your NetScaler appliance by issuing the following commands:

    update appfw signatures "*Default Signatures"
    update appfw signatures "custom_signatures"
    update appfw signatures "custom_signatures_2"

Cluster

  • Issue ID 0395735: The NetScaler appliance dumps a core when creating a cluster or a high availability setup on an appliance that has a TFTP load balancing virtual server.

    Workaround: Make sure you delete existing TFTP load balancing virtual servers before creating the cluster or high availability setup.

Configuration Utility

  • Issue ID 0323213: In a cluster setup, globally bound DNS policies are listed multiple times in the Bind/Unbind DNS Policy(s) to Global dialog box.
  • Issue ID 0361793: The count of the number of load balancing virtual servers, which is shown in the configuration summary, includes the load balancing virtual server that is created during the configuration of EdgeSight Monitoring, even though that load balancing virtual server is not displayed in the Load Balancing > Virtual Servers pane.
  • Issue ID 0372535: The pagination count on the page listing SSL policies that can be bound does not display the correct values.
  • Issue ID 0374304: If you access the configuration utility through Internet Explorer 9 or 10 and rename a virtual server, a No such resource error message appears, even if the rename operation is successful.

    Workaround: Use the mouse to click the OK button instead of pressing the ENTER key on the keyboard.

  • Issue ID 0374437: If, when using the configuration utility to configure the NetScaler appliance, you press Alt+Tab to switch between programs, the current dialog box might disappear, hidden behind the main configuration utility screen. To reach the dialog box, press Alt+Tab a second time.
  • Issue ID 0387135: If you access the NetScaler configuration utility through Internet Explorer 8, an attempt to view more than 25 load balancing virtual servers per page results in an alert message about an unresponsive script.

    Workaround: Do not change the default pagination value (25). If you change the default pagination value and the appliance prompts you to stop running the script, choose to continue.

  • Issue ID 0388534: If you access the NetScaler configuration utility from the Start screen on a Windows 8 machine, the Java based configuration views are not displayed.

    Workaround: Switch to the Desktop screen to display Java based configuration views. Microsoft Windows 8 does not support plug-ins in the Start screen, and therefore Java cannot run in the Start screen. For information, see http://www.java.com/en/download/faq/win8_faq.xml.

  • Issue ID 0389328: If you use the Google Chrome browser to access the NetScaler configuration utility, and the monitor resolution is low, you might not be able to use the mouse to scroll the screen.

    Workaround: Use the arrow keys on the keyboard to scroll the screen.

Content Switching

  • Issue ID 0399575: When configuring load balancing virtual servers in a content switched environment, the service types of primary and backup virtual servers must be the same. If you have a load balancing virtual server with a service type of HTTP, and assign a backup virtual server with a service type of TCP to it, any content switching action bound to it fails.

Documentation

  • Issue ID 0370607: The configuration utility procedures in the NetScaler 10.1 documentation have not been updated to reflect the new top-level nodes.

    See Configuration Utility Changes, for information on the new node structure.

Domain Name System

  • Issue ID 0376662: The NetScaler appliance might fail in the following set of circumstances:
    • On the appliance, you have configured DNSSEC offload and enabled NSEC record generation for a zone.
    • The appliance receives a DNS NODATA/NXDOMAIN query for that zone, over TCP, and the DNSSEC OK bit in the query is set.

Global Server Load Balancing

  • Issue ID 0385305: In a GSLB setup, if you perform auto synchronization and the configuration file in your local site contains the add locationFile command, the command is not synchronized to the remote location.

Load Balancing

  • Issue ID 0383402: If a virtual server is UP by virtue of the service(s) being in Transition Out-Of-Service State (TROFS), the clients do not respond (instead of issuing 503 or RST) due to requests being queued at the virtual server rather than at the services.

Monitoring

  • Issue ID 0369946: If you bind an FTP user monitor to an IPv6 service, the state of the service is shown as DOWN.
  • Issue ID 0383812: A monitor of type CiTRIX-wi-EXTENDED fails if the script name and site path argument are not explicitly set.
    Workaround:
    1. Create a monitor of type CiTRIX-wi-EXTENDED.
    2. Set the script name.
    3. Set the site path.
    For example,
    add monitor wi-mon CiTRIX-wi-EXTENDED -userName administrator -password freebsd -domain xendt -sitePath "/Citrix/XenApp
    set monitor wi-mon CiTRIX-wi-EXTENDED -scriptname "nswi.pl"
    set monitor wi-mon CiTRIX-wi-EXTENDED -sitePath "/Citrix/XenApp

NetScaler Insight Center

  • Issue ID 0369664: In HDX Insight mode, data is sent to the AppFlow collector even when the policy rule is set to FALSE.

    Workaround: Start the session again.

  • Issue ID 0379876: The time values on the graphs display overlapping values, mostly in the 5-minute-interval view.
  • Issue ID 0385821: When an ICA session is initiated by launching XenDesktop, the user name is displayed along with the domain name (user-id@domain-name).
  • Issue ID 0386911: While launching n instances of an application, the NetScaler appliance sends n-1 termination records for the application. Consequently, the HDX Insight node displays only a single instance of this application as active.
  • Issue ID 0388096: In transparent mode, when you launch XenApp through Citrix Receiver (standard edition), the app launch duration is shown as zero.
  • Issue ID 0388875: If the number of load balancing virtual servers (including those associated with content switching virtual servers) exceeds 25, and the page size is set to 25, only the first 25 virtual servers are shown. The list does not continue on another page.
  • Issue ID 0394526: On the Dashboard > Web Insight > Applications page, the values shown when you select Response Time from the drop-down list can be incorrect.
  • Issue ID 0394613: The Total App Launch Count is not displayed when you navigate to Dashboard > HDX Insight > Gateways and view the summary for a particular user.
  • Issue ID 0395022: On the Dashboard > HDX Insight > Users page, the Active Apps count is not updated instantly on the left pane.

    Workaround: The correct value is displayed in the Dashboard > HDX Insight > Applications page.

  • Issue ID 0397236 :On the Dashboard > HDX Insight > Users page, the report for user sessions displays incorrect values. The left pane displays the average values for the entire session, but, the right pane displays the values for the period selected from the drop-down list.
  • Issue ID 0397258: On the Dashboard > HDX Insight > Users page, the line graph plots might not add up to the summary shown to the left of the line graph for average bandwidth.
  • Issue ID 0398844: On the Dashboard > HDX Insight > Users page, the report for a specific user does not display data for Total Application Launch count.
  • Issue ID 0399626: In transparent mode, after you initiate a session and launch an application through Citrix Receiver (Enterprise edition) from a Windows 8 client, the session terminates and resumes when you launch subsequent applications. Consequently, HDX Insight reports display session termination records.
  • Issue ID 0400545: The help page on the Graphical User Interface (GUI) displays incorrect information for enabling data collection.

    Workaround: To view the details, click the help icon in the graphical user interface when the help page opens, click on the TOC tab and navigate to NetScaler Insight Center 10.1 > Enabling Data Collection.

  • Issue ID 0400900: The HDX Insight node is not displayed for Enterprise licenses of NetScaler appliances.
  • Issue ID 0400665: The load time and render time metrics are not displayed for Standard Licenses of NetScaler appliances.

NetScaler SDX Appliance

  • Issue ID 0370574: After you create a channel on 1/x or 10/x interfaces, the status of the member interfaces might appear as Error-Disabled (in the command line) or DOWN (in the configuration utility) of the NetScaler instance.

    Workaround: After creating a channel by using the Management Service, restart the SDX appliance.

  • Issue ID 0384909: If you disable an interface of an LA channel configured on a NetScaler instance running on a NetScaler SDX appliance, the SDX appliance does not notify the peer device that the interface is disabled. Therefore, the peer device might send traffic to the disabled interface.

    Workaround: Disable the interface of the peer device so that it does not send traffic to the disabled interface of the SDX appliance.

  • Issue ID 0399057: If, when provisioning a SECUREMATRIX GSB instance, you configure the management IP address on a 1/x or 10/x interface, the instance is not reachable on the network.
  • Issue ID 0399630: If a new interface is bound to an LACP channel by using the Management Service, the member interfaces of the channel are reset. As a result, the traffic is not evenly distributed among the interfaces in the channel.
  • Issue ID 0399972: If you use the Management Service to delete a channel on which an L2 VLAN was created, the L2 VLAN setting on the NetScaler instance is not cleared. Therefore, the channel continues to be listed on the VLAN Settings page of the NetScaler instance modify wizard.

    Workaround: Modify the NetScaler instance and remove the non-existent channel from the VLAN settings page.

  • Issue ID 0400409: While modifying a NetScaler instance from the Management Service, binding 1/x and 10/x interfaces to an L2 VLAN fails.

    Workaround: Provision the NetScaler instance again.

  • Issue ID 0400502: If, when provisioning or modifying a NetScaler instance, you configure an L2 VLAN on a channel that was created by using the Management Service, the configuration fails.
  • Issue ID 0400607: If you create a static channel, you cannot use the Management Service to remove more than one member interface at a time from the channel.
  • Issue ID 0400651: If you create a channel on interfaces 0/1 and 0/2 by using the Management Service, and then provision a third-party instance and configure the management network for that instance on this channel, the third-party instance is not reachable on the network.

Networking

  • Issue ID 0371613: If you synchronize a high availability configuration with the network firewall mode set to BASIC on the current secondary node, the synchronization of configuration files from the primary to secondary node fails. The failure occurs with both the sync HA file command on the NetScaler command line and the Start HA files synchronization dialog box in the configuration utility.
    Workaround: Add the following extended ACL on each of the nodes of an HA configuration:
    add acl <aclname> -srcIP <NSIP of the peer node> -protocol TCP -destport 22

    For example, for an HA configuration in which the primary node's NSIP address is 198.51.100.9 and the secondary node's NSIP address is 198.51.100.27, you would run the following command on the primary node:

    add acl ACL-example -srcIP 198.51.100.27 -protocol TCP -destport 22

    and the following command on the secondary node:

    add acl ACL-example -srcIP 198.51.100.9 -protocol TCP -destport 22

  • Issue ID 0383958: $ is an invalid value for the port parameter of any extended ACL, but no error message appears if you specify this value. If, while configuring an extended ACL by using the configuration utility, you set the port parameter to $, no error message appears, but the ACL is not configured.
  • Issue ID 0399436: The NetScaler appliance does not create session entries for ICMPv6 error message that match a forwarding-session rule.

Platform

  • Issue ID 0385217: On the MPX 8200/8400/8600 and MPX 5550/5650 platforms, if a 1G data port is connected but disabled, the status of the peer port on the switch might be shown as UP after the MPX appliance restarts.

Policies

  • Issue ID 0390584: You cannot use the configuration utility to define classic SSL policies. You must use the CLI. However, you can use the configuration utility to bind and unbind classic SSL policies.

SSL

  • Issue ID 0343395: On the NetScaler appliance, TLS protocol version 1.2 does not support a client certificate with an RSA 4096-bit key.
  • Issue ID 0345883: On the NetScaler appliance, TLS protocol version 1.2 does not support ephemeral Diffie-Hellman cipher suites.
  • Issue ID 0400084: An attempt to establish an HTTPS connection to a NetScaler FIPS appliance through a Chrome browser fails, because the browser sends a SPDY-NPN extension by default, and the NetScaler FIPS appliance does not support the NPN extension.

    Workaround: Disable SPDY in the Chrome browser.

  • Issue ID 0400649: In the NetScaler configuration utility, the FipsKey parameter does not appear in the Install Certificate dialog box. As a result, you cannot add a certificate-key pair on an MPX FIPS appliance by using the configuration utility.

    Workaround: Use the command line interface.

System

  • Issue ID 0388481: When upgrading from release 9.3 to 10.1, the following SNMP alarms throw a time argument error: IP-CONFLICT, HA-LICENSE-MISMATCH, and HA-PROP-FAILURE. This issue occurs because, in version 10 and later, the time parameter is deprecated for these SNMP alarms.
    Note: The same error occurs if you try to set the time for one of these alarms.

    Workaround: Before upgrading to 10.1, update the ns.conf file by removing the time parameter for these three alarms from the set snmp alarm command.

  • Issue ID 0390257: SNMP returns incorrect values for the ifOutOctets and ifInOctets counters.

XML API

  • Issue ID 0363145: The following APIs are not available in version 10.1 or later:
    • bindservicegroup_state2
    • unsetnslimitidentifier_selectorname. Instead use unsetnslimitidentifier_selector.