Jump to content


Photo

Error adding instance

Started by Paul Gilpin , 20 April 2017 - 09:26 AM
6 replies to this topic

Best Answer Paul Gilpin , 20 April 2017 - 12:58 PM

GW are 5500 Enterprise license.  Same error, whether I use NSIP or SNIP.  MPX added using SNIP without a problem.

 

Without a suggestion that MAS is the cause, I'll take this up again with our Network Security Team.

 

Regards

Paul Gilpin Members

Paul Gilpin
  • 12 posts

Posted 20 April 2017 - 09:26 AM

Hello

 

I have deployed 11.1 52.15 appliance in corporate LAN.  When attempting to add NSGW hosted in DMZ, the following error is shown.

 

1 Error

Trying to connect to [SNIP]

Error: License cannot be retrieved.  Either the NetScaler is unrepsonsive or the login credentials are incorrect.

 

The NSGW is repsonsive and I can use the credentials in the profile to authenticate.  I have successfully added an MPX instance using the same profile.

 

Our Network Security Team have been provided with the documentation links that show the process and ports required.

https://docs.citrix.com/en-us/netscaler-mas/11-1/Adding-an-Instance-to-NetScaler-MAS.html

https://docs.citrix.com/en-us/netscaler-mas/11-1/Before-You-Begin.html#par_anchortitle_e2c3

 

Not likley that I could get a Martini rule to prove this is a problem with MAS.

 

So, without asking for how many steps from my home to my desk, the colour of my socks and my favourite screensaver, does this look like a firewall issue or a MAS issue?

 

Regards

 

 

Paul.



Paul Blitz Members

Paul Blitz
  • 3,915 posts

Posted 20 April 2017 - 10:09 AM

Stop... rewind... I'm having trouble understanding what your setup is, and what you are actually trying to do!

 

 

Let's check facts here: (1) you have an MPX appliance? an SDX appliance with a netscaler instance? A VPX? (2) you created a Netscaler gateway Vserver using MAS? Manually? (3) you have a license on the Netscaler? On MAS?



Paul Gilpin Members

Paul Gilpin
  • 12 posts

Posted 20 April 2017 - 10:36 AM

We have 2 MPX appliances.

We have 2 GW appliances in DMZ.

They are currently happily monitored by a Command Center installation.

I have deployed a new MAS appliance and successfully added the MPX instances.  When trying to add the GW I get the quoted error.

 

I want to know whether this is an indication of a firewall config issue or something that needs changing with the MAS config.

 

>10, black with blue heel and toe, BOINC.

 

Thanks



Carl Stalhood CTP Member

Carl Stalhood
  • 11,940 posts

Posted 20 April 2017 - 11:56 AM

I'm guessing you have the Gateway Enterprise (50 Mb) appliances. You definitely can't do AppFlow on those, but MAS should be able to discover them.

 

When running discovery, I assume you entered the NSIP and not the SNIP?

 

Otherwise, you might have to call Support.



Paul Gilpin Members

Paul Gilpin
  • 12 posts

Posted 20 April 2017 - 12:58 PM

GW are 5500 Enterprise license.  Same error, whether I use NSIP or SNIP.  MPX added using SNIP without a problem.

 

Without a suggestion that MAS is the cause, I'll take this up again with our Network Security Team.

 

Regards


Best Answer

Rhonda Rowland Members

Rhonda Rowland
  • 153 posts

Posted 20 April 2017 - 01:43 PM

To get a sense for what's happening, when you run the discovery from MAS to your NetScaler,

you can log on to the NetScaler shell and look at the events in syslog related to the mas discover process:

 

shell

cd /var/log

tail -f /var/log/ns.log | grep CMD_EXECUTED     #view configuration events only

alternate

tail -f /var/log/ns.log                                          # view all events

 

(Case-sensitive for CMD_EXECUTED)

 

This can help you see events related to the MAS discovery and maybe identify a failure if it is getting to the NetScaler



Ankur Pandita Citrix Employees

Ankur Pandita
  • 248 posts

Posted 04 May 2017 - 01:54 PM

Hello All,

 

Is this issue resolved ? If not please let us know.

 

--ankurp