ADC

Change an RPC node password

To communicate with other NetScaler appliances, each appliance requires knowledge of the other appliances, including how to authenticate on NetScaler appliance. RPC nodes are internal system entities used for system-to-system communication of configuration and session information. One RPC node exists on each NetScaler appliance and stores information, such as the IP addresses of the other NetScaler appliance and the passwords used for authentication. The NetScaler appliance that contacts the other NetScaler appliance checks the password within the RPC node.

Note:

After you upgrade a NetScaler appliance to release 13.1 build 33.x or later from one of the following builds, the secure option for the RPC node is enabled or disabled on the basis of the TLS 1.2 setting (enabled or disabled) present for the internal RPCS and KRPCS services.

  • Release 13.0 build 64.35 or earlier
  • Release 12.1 build 61.18 or earlier

The RPC communication is encrypted between the NetScaler nodes of the following setups if the Secure option is enabled:

  • High availability
  • Cluster
  • GSLB

The secure option uses secure protocol TLS1.2 and port numbers 3008 and 3009 for the RPC connection between the NetScaler nodes.

For ensuring secure RPC communication, Citrix recommends performing the following operations before upgrading these setups:

  • TLS 1.2 must be enabled for the internal RPCS and KRPCS services:
    • nsrpcs-127.0.0.1-3008
    • nskrpcs-127.0.0.1-3009
    • nsrpcs-::1l-3008
  • 3008 and 3009 must be unblocked in firewalls between the NetScaler nodes.

You can enable or disable the secure option using the NetScaler CLI or the GUI.

To change an RPC node password by using the GUI

  1. Navigate to System > Network > RPC.
  2. In the RPC pane, select the node and then click Edit.
  3. In Configure RPC Node, type the new password.
  4. In Source IP Address, type the existing node’s IP address to be used to communicate with the peer system node.

    configure RPC node

  5. Select Secure and then click OK.

    Note

    For enhanced security, Citrix recommends you to enable the Secure option on RPC nodes. When you enable the Secure option, the appliance encrypts all the RPC communication sent from one ADC node to other ADC nodes thus securing the RPC communication. This secure communication uses the port number 3008. If the firewall between the ADC nodes blocks the port number 3008, unblock it and proceed. Otherwise, configuration synchronization and configuration propagation might fail.

To change an RPC node password by using the CLI

At the command line, type the following commands:

set ns rpcNode <IPAddress> {-password} [-secure ( YES | NO )]
show ns rpcNode
<!--NeedCopy-->

Example:

> set ns rpcNode 192.0.2.4 -password mypassword -secure YES
 Done
> show rpcNode
.
.
.
 IPAddress:  192.0.2.4 Password:  d336004164d4352ce39e
     SrcIP:  *           Secure:  ON
Done
>

<!--NeedCopy-->
Change an RPC node password