Bob Geisler Posted September 18, 2017 Share Posted September 18, 2017 Netscaler Platform: SDX 11500 11.1.51.26 Netscaler firmware version: 11.1.51.26 Citrix Platform: XenDesktop 7.15 on Windows Server 2016 I'm currently investigating an issue with DTLS connectivity over the Netscaler Gateway. An active session will randomly freeze and while observing "nsconmsg -d current -g ssl_err" the following SSL error messages will generate at the exact same time the session is frozen: ssl_err_dtls_hvr_mismatch ssl_err_dht_deserialize ssl_err_dht_deserialize_failure ssl_err_mcmx_clone_session_vipsvc_not_found I'm wondering if anyone has a similar issue or has any information regarding the above SSL errors. I was unable to find any information regarding the above errors via search engine. Thanks in advance! Bob G. Link to comment Share on other sites More sharing options...
Andrzej Starmach1709152599 Posted October 5, 2017 Share Posted October 5, 2017 Hi Bob, Do you have "Hello Verify Request" enabled on your DTLS profile ? Link to comment Share on other sites More sharing options...
IT Ops1709155964 Posted November 1, 2017 Share Posted November 1, 2017 Be very careful of your memory usage while having DTLS enabled. We just ran into an issue/bug where these particular counter failures are not being flushed out properly and cause a memory leak with the Netscaler. I can tell you, when it runs out of memory, bad things happen. We observed this with 11.1 53.11. We're told by support that 11.1 56.x and 12.0 52.x fixes this, but it hasn't been released yet. Link to comment Share on other sites More sharing options...
Derek Black Posted November 5, 2019 Share Posted November 5, 2019 We are still seeing sessions freeze or users experience sub-optimal/degraded performance and other odd behavior such as duplicate/stale sessions that appear to be similar to port exhaustion DOS. We do have the 'Hello Verify Request' enabled 7.15 CU4 / ADC 12.1.52.15 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now