Release Notes for Build 47.22 of Citrix ADM 13.0 Release
April 23, 2020|Release notes version: 2.0
This release notes document describes the enhancements and changes, lists the issues that are fixed, and specifies the issues that exist, for the Citrix ADM release 13.0 Build 47.22. See Release history.
Notes
- This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
- This build includes fixes for the following 2 issues that existed in the previous Citrix ADM 13.0 release build: NSADM-42153, NSADM-42865.
- The known issues section is cumulative. It includes issues newly found in this release, and issues that were not fixed in previous Citrix ADM 13.0 releases.
- The [# XXXXXX] labels under the issue descriptions are internal tracking IDs used by the Citrix ADC team.
Additional Changes/Fixes Available in Versions
Version 2.0
- Enhancements: NSCONFIG-1974
What's New?
The enhancements and changes that are available in Build 47.22.
Analytics
- Enhanced infrastructure analytics with new indicatorsUsing the Citrix ADM Infrastructure Analytics, you can:- View a new set of operational issues that occur in Citrix ADC instances.- View error messages and check recommendations to troubleshoot the issues.As an administrator, you can quickly analyze the root cause of issues. Navigate to Networks > Infrastructure Analytics to view the following issues:- Port allocation failure- No default route configuration- IP conflict- VRID conflict- VLAN mismatch- TCP small window attack- GSLB site name mismatch- Rate controlled threshold- Malformed IP header- Bad L4 checksums- Increased CPU usage due to IP move- Excessive packet steering- Layer 2 loop- Tagged VLAN mismatch[# NSADM-30188]
- Intelligent App AnalyticsIntelligent App Analytics enables you to identify application performance issues. As an administrator, you can analyze performance issues faster. When you double-click an application, you can now view Session build-up events in the App Activity Investigator:[# NSADM-33674]
- View analytics for bot attacksYou can now view insights for the bot detection settings configured on your Citrix ADC instances. To view bot insights, you must enable Bot Insight. Navigate to Analytics > Bot Insight to view bot attacks for your Citrix ADC instances.[# NSADM-36648]
- WAF JSON parse support in Citrix ADMYou can now view the following JSON protection policies in security insight, which highlight violation patterns for Web Citrix Web App Firewall (WAF):- APPFW_JSON_DOS_MAX_DOCUMENT_LENGTH,- APPFW_JSON_DOS_MAX_CONTAINER_DEPTH,- APPFW_JSON_DOS_MAX_OBJECT_KEY_COUNT- APPFW_JSON_DOS_MAX_OBJECT_KEY_LENGTH- APPFW_JSON_DOS_MAX_ARRAY_LENGTH- APPFW_JSON_DOS_MAX_STRING_LENGTH- APPFW_JSON_SQL- APPFW_JSON_XSS[# NSADM-37728]
Application
- Service Graph for cloud native (Kubernetes) appsUsing the ADM Service Graph feature in Citrix ADM, you can:- Observe your application overall performance end to end.- Identify bottlenecks created by inter-dependency of different components of your applications.- Gather insights into the dependencies of different components of your applications.- Monitor services within a Kubernetes cluster.- Monitor which service has issues.- Check the factors contributing to performance issues.- View detailed visibility of service HTTP transactions.- Analyze the following metrics:- Total number of hits- Service response time- Data volume- Errors[# NSADM-34753]
Deployment
- VMotion support for Citrix ADMCitrix ADM now supports VMware VMotion that enables you to migrate an active virtual machine from one server to another server.Follow these usage guidelines:- VMware does not support the vMotion feature on virtual machines configured with PCI Passthrough and SR-IOV interfaces.- Only ADM version 13.0 build 47.x or later are supported.- For more information about how to migrate an instance by using VMware vMotion, see VMware documentation.[# NSADM-31898]
Licensing
- Update a licensing server IP addressYou can update the licensing server IP address in the VPX instance, without any impact on the allocated license bandwidth on the instance and data loss. For information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/license-server/adc-vpx-check-in-check-out.html#update-a-licensing-server-ip-address[# NSCONFIG-1974]
- Check out licenses from ADM for ADM autoscale groupsNow you can use the ADC licenses in the Citrix ADM software to the ADM autoscale groups provisioned Citrix ADC instances.A new License tab is available in the Create AutoScale Group page. This tab allows you to configure pooled capacity, VPX licenses, and virtual CPU licenses while creating the autoscale group. So, when a new instance is provisioned for autoscale group, the already configured license type is automatically applied to the provisioned instance.When the provisioned instances are destroyed or de-provisioned, the applied licenses are automatically returned to Citrix ADM.Earlier, you could only configure Citrix ADC licenses available in respective cloud marketplace while creating the autoscale group. So, when a new instance is provisioned for the autoscale group, the license is obtained from its cloud marketplace.For more information, see the below links:[# NSADM-33025]
Networks
- Customize rollback commands to create configuration jobsWhen you create a configuration job, you can now specify the desired rollback commands to execute on command failure. You can enable the customize rollback option by navigating to Networks > Configuration Jobs.[# NSADM-31710]
- Schedule autoscale group upgradeYou can schedule upgrade of ADC instances that are part of the ADM autoscale group, in Azure and AWS cloud.[# NSADM-34285]
- Authorize network function entities to a userAs an administrator, you can select specific network function entities and grant access to a user. With this option, you can manage the user access at an individual level of network function entities. You can dynamically assign specific permissions to the user or group at the entity level.Citrix ADM treats virtual server, services, service groups, and servers as network function entities.- Virtual server (Applications) - Load Balancing(lb), GSLB, Context Switching (CS), Cache Redirection (CR), Authentication (Auth), and Citrix Gateway (vpn)- Services - Load balancing and GSLB services- Service Group - Load balancing and GSLB Service groups- Servers - Load balancing Servers[# NSHELP-6078]
- Generate network reports for load balancing servicesYou can now create a network reporting dashboard for load balancing services. This dashboard can display the following reports for the selected services:- Connections: for the client and server connections counters.- Throughput: for request and response bytes counters.- Time to First Byte (TTFB): for average time taken to send a request packet to a service and receive the first packet from the service. This response time is called as TTFB.[# NSHELP-18228, NSADM-39859]
- View the file status audit reportsUsing the Citrix ADC File Status chart, you can monitor whether any files are added, modified or removed in the nsconfig folder. For example, if the license file is updated on an ADC instance, you can check when this file was last updated and take actions appropriately.[# NSADM-36469]
Orchestration
- Manage Kubernetes Ingress configurations on multiple clustersKubernetes uses the Ingress feature through which the client traffic accesses the microservices of an application. The Citrix ADC instances can act as Ingress to the applications running inside a Kubernetes cluster. The Citrix ADC instances become load balancer and proxy to the (North-South) traffic from the clients to the microservices inside the Kubernetes cluster. And, the instances update the endpoints for the microservices as and when they change in the Kubernetes environment.[# NSADM-40847]
StyleBooks
- Simplified migration of Citrix ADC application configuration using StyleBooksNote: This feature is in tech preview.The StyleBooks Configuration Builder helps you create a Citrix ADC application configuration StyleBook from an existing ADC configuration. This feature also automates the application configuration migration from one Citrix ADC instance to another instance. You start the migration by specifying one of the following configuration sources:- A Citrix ADC instance – This option discovers the active applications on the selected ADC instance.- A set of CLI commands – This option analyses the CLI commands and extracts the applications within.After the source is specified, ADM discovers all the applications found in the source. You can then select the application configuration that you want to migrate to the target ADC instance. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/migrate-citirx-adc-application-configuration-using-stylebooks.htmlAfter migration, a ConfigPack is created in Citrix ADM along with its corresponding StyleBook. To view the ConfigPack, navigate to Applications > StyleBooks > Configurations.[# NSADM-39471]
System
- Revert configurations from disaster recovery site to the original primary siteWhen your original primary site is free from disaster and you decide to move all operations to the primary site, reconfigure the original primary site to match the configurations from the DR node.By using Citrix ADM, you can reconfigure the original primary site. Run the “sync_adm_node.py” script to synchronize the changes between the DR site and the original primary site.[# NSADM-39647]
- Citrix ADM generates performance data and stores in a local file. The performance data is also collected as part of tech-support file. You can view this data using admconmsg.py script. This data helps you determine the system state and debug issues.[# NSADM-36800]
- Improvements to disaster recovery settings in the Citrix ADM GUICitrix ADM now displays the status of Disaster Recovery (DR) node deployment. Also, you can monitor the health of the DR node with improved UI. The Citrix ADM GUI display the database state, memory, CPU, and disk usage of the DR node.You can now change the password of the DR node using the following script:./mps/change_freebsd_password.sh <username> <password>[# NSADM-39728]
- Auto-generate ServiceNow incidentsYou can auto-generate ServiceNow incidents for Citrix ADC events, SSL certificate events, and Citrix ADM license events.- Citrix ADC events: Citrix ADM can generate ServiceNow incidents for selected Citrix ADC events from selected managed Citrix ADC instances- SSL certificate and ADM license events: Citrix ADM can generate ServiceNow incidents for SSL certificate expiry and ADM license expiry events.Important: This feature is supported only on ServiceNow Cloud.[# NSADM-41209]
- Dual NIC support in Citrix ADMYou can configure a second NIC for isolating management access to Citrix ADM. Using this second NIC feature, depending upon your requirement, you can choose how to want to isolate the traffic that is received and sent through the Citrix ADM.[# NSHELP-18149]
Fixed Issues
The issues that are addressed in Build 47.22.
Analytics
- When you enable analytics, Geo data collection is also enabled by default, but Geo maps were not displayed in Citrix ADM.[# NSADM-39543]
- In Bot Insight, you can view only the latest 1 million detailed transactions for bot attacks. The Bot Insight dashboard and Application Summary might not match the total transactions details.[# NSADM-41092]
- When you create CSV export reports for Gateway Insight and HDX Insight, by using the Schedule Export option, the ADM software generates blank reports.[# NSHELP-20311]
- Sometimes Citrix ADM fails to display analytics data on the ADM GUI. This issue occurs when the mas_afdecoder process becomes unresponsive.[# NSHELP-20621]
- In Gateway Insight, when you export CSV format report, the authentication_state displays incorrect value.[# NSHELP-20916]
- When you configure threshold in Analytics > Settings > Thresholds for Web insight, Citrix ADM does not send email notification even after the threshold value has exceeded.[# NSHELP-21024]
- When you enable analytics for Web Insight, the Client Side Measurement option is not displayed.[# NSHELP-21078]
- In Citrix ADM, the Security Insight data is not displayed, when logged in using nsroot credentials.[# NSHELP-21064]
Application
- In the App Dashboard page, the data volume appears incorrectly for some applications.[# NSHELP-20033]
Applications
- In App Summary Panel, under Applications > App Dashboard, the application metrics graphs appear distorted on the browser. This issue occurs when you resize the browser window.[# NSHELP-20500]
High Availability
- After a Citrix ADM high-availability failover, the communication between the high-availability nodes fail. This issue causes split-brain and recovery in the high-availability deployment. As a result, the Citrix ADM software fails to check-out ADC licenses.[# NSHELP-20631]
- If a Citrix ADC HA pair is added in Citrix ADM through NAT (public IP) and http/https of ADC are accessible through non-default ports, the secondary instance is not accessible because Citrix ADM use the default port(80/443) for communication.[# NSHELP-20225]
Licensing
- When you change the time zone in License Usage from local to GMT, it does not change the custom time to GMT. And, the License Usage report is not generated.[# NSADM-17670]
Networks
- The Citrix ADM GUI displays an incorrect status of the GSLB service group. This issue occurs if the GSLB service group trap has no events. The Citrix ADM software uses this trap to record the changes on the GSLB service group.[# NSADM-42747]
- The Citrix ADM GUI displays the following error if you add an ADC instance in Citrix ADM with the help of existing ADC instances:“Resource does not exist.”[# NSADM-39750]
- After you upgrade Citrix ADM, the Export Schedule option does not work for the pre-existing jobs in Citrix ADM.[# NSHELP-20908]
- The Citrix ADM software does not show virtual servers and applications for a managed ADC instance when both the following conditions are met:- The ADC instance has partitions.- The ADC instance is managed through an ADM agent.[# NSADM-41742, NSADM-41663]
- If an ADC pair deployed in high-availability mode has admin partitions, the ADM analytics data is not displayed for traffic on admin partition virtual server.[# NSADM-41750]
- After an ADM agent fails over, AppFlow is not automatically reconfigured to send traffic to the new agent.[# NSADM-41842]
- If a Citrix ADC instance is managed through an agent, the ADM software does not generate threshold notifications (email, slack, and PagerDuty notifications) for that instance.[# NSADM-42153]
- In the Citrix ADM GUI, the Citrix ADC instances that are managed by a Citrix ADM agent display an incorrect status.[# NSADM-42160]
- When you delete a partition from a managed Citrix ADC instance, the corresponding partition entities, under Network Functions, are not removed from the ADM software. This issue occurs if the ADC instance is added to the ADM through an agent.[# NSADM-42281]
- When you import audit log data in CSV format, instead of the filter-specific search results, all search results are captured in the CSV report. With this fix, you can import filter-specific search results in CSV format. By default, the timeline for the report is 30 days, and it is not customizable.[# NSADM-37581]
- After you remove a VPX instance from the SDX appliance, the network functions of the VPX instances are not cleared in the Citrix ADM GUI. This issue persists even after removing the VPX instance from Citrix ADM.[# NSADM-42782]
- If a Citrix ADC instance is managed through an agent, the ADM software does not generate events and syslogs for that instance.[# NSADM-42865]
- When an external user receives a scheduled report from the Citrix ADM GUI, the report might show the following error:“No views are available to show.”[# NSHELP-19995]
- When you schedule a filter to trigger the event rule with comma separated continuous ranges (for example: 19-21,21-23), the scheduled effect does not work as expected.[# NSHELP-20016]
- In Networks >Network Functions > Load Balancing, the Citrix ADM GUI takes longer time to display the virtual servers.[# NSHELP-20050]
- When you configure the Scheduled Time Interval (in the range X-Y and when X>Y) for an event rule, the configuration is displayed with an error and does not work as expected.[# NSHELP-20094]
- When you navigate to the Network Functions > Poll Now page, the Citrix ADM GUI becomes unresponsive. This issue occurs if the Citrix ADM server has discovered a large number of load balancing virtual servers.[# NSHELP-20143, NSHELP-20204]
- Citrix ADM reports high CPU usage due to an SQL Query execution shown in mps_service log files.[# NSHELP-20178]
- The Citrix ADM agent registration fails if the “Secure Access Only” option is enabled on the Citrix ADM GUI,[# NSHELP-20260]
- When Citrix ADC status is DOWN, an event is generated in Citrix ADM. When Citrix ADC status is back to UP, the clear event in Citrix ADM is not generated.[# NSHELP-20327]
- In Citrix ADM software, when you restore the Citrix ADC backup file, the files are not restored to a correct location.[# NSHELP-20372]
- When a non-nsroot user accesses the Citrix ADC HA instances, the virtual servers report is not generated as expected.[# NSHELP-20403]
- When you restore or upgrade a Citrix ADC SDX instance, Citrix ADM does an inventory during the restore or upgrade process. This results in loss of data in Citrix ADM.[# NSHELP-20405]
- When an RBAC user logs on to the ADM GUI, an error message appears if the user has access to any child menu but no to its parent.[# NSHELP-20409]
- In the Network Functions > Load Balancing page, the following issues occur on the Virtual Server tab for a user with limited permissions:- If a user has view-only permission to a service and full permission to a virtual server, the virtual server fails to bind with a service.- If a user has full permission to a service and view-only permission to a virtual server, the user is allowed to create a service. This action is allowed when a user is binding a service to a virtual server using the Configure option.[# NSHELP-20437]
- In Citrix ADM, the event rule does not apply if the length of <ip_address-partition_name> is greater than 32 characters.[# NSHELP-20451]
- When a user exports the Virtual Servers CSV report on the Network Functions > Load Balancing page, the report displays the virtual servers details that the user has no view or edit permission.[# NSHELP-20457]
- After you add a VPX instance running on an SDX appliance on the ADM software, some operations might fail. For example:- The instance does not appear under under Infrastructure Analytics Dashboard and App Dashboard.- You are unable to delete the instance from the ADM software.This issue occurs if you use an ADM agent to discover the instance.[# NSHELP-20539]
- You cannot remove the configuration template that contains the asterisk (*) symbol in its name. The Citrix ADM software allows only the following characters in the configuration template name:- Alphabets A-Z and a-z- Numbers 0-9- Special characters _ # @ = -[# NSHELP-20643]
- In Network Reporting dashboard, the slider used for customizing the duration has no impact on the graph.[# NSHELP-20772]
- When you export syslog message in CSV format, only the current messages (5000 messages) get exported.[# NSHELP-20805]
- If an ADC instance is managed through an ADM agent, the "Rediscover" option does not work.[# NSADM-39911]
Orchestration
- If you add a service package and the Shared Citrix ADC instance allocation option is selected, the Least Configured placement method does not work.[# NSADM-36818]
- If ADM orchestration fails, Citrix ADM executes the netstat command to check the status of the orchestration services infinitely. As a result, the startup script consumes high CPU memory to run the netstat command. With this fix, the netstat command check for the status only for 10 minutes.[# NSADM-43643]
StyleBooks
- From this release, StyleBooks support “nodefaultbindings” for load-balancing, content-switching, and authentication virtual servers.[# NSADM-42723]
System
- When you access ADM from Citrix Director in a browser and if you access a new ADM session in a different tab of the same browser, Citrix ADM in Director is displayed as session expired.[# NSHELP-20340]
- After upgrading to ADM 12.1 53.x, the value for automated data pruning changes to default 50.The value changes, because with this release, the diskUtilizationHigh alarm default value is set to 50 from previous 80. And both diskUtilizationHigh and data pruning are controlled internally by a single entity. As a result, the value for automated data pruning is also automatically adjusted to 50. The Citrix ADM software starts pruning data when the new threshold is met (50), therefore, you might lose data.[# NSADM-40698]
- In Citrix ADM, the Configuration subsystem crashes intermittently.[# NSHELP-20067]
- An SDX appliance fails to restore when you use the backed-up file from Citrix ADM. With this fix, the Repackage status is displayed on the Execution History page.[# NSHELP-20148]
- When the Citrix ADM software discovers an instance with the agent, the NITRO request uses HTTP protocol instead of the protocol configured in the profile. This NITRO communication occurs during scheduled inventory, statistics, or entity monitoring.[# NSADM-39555]
- In Citrix ADM, the Sysop subsystem might crash if the incoming threads in the queue become unresponsive. This issue occurs if Citrix ADM has many managed instances.[# NSHELP-20397]
- When the ADM software processes AppFirewall related syslogs, the event subsystem crashes.[# NSHELP-20484]
- When you repackage an SDX backup on the Citrix ADM GUI, the repackaged file size appears in a negative value.[# NSHELP-20486]
- In Citrix ADM, the Service subsystem crashes intermittently.[# NSHELP-20623]
- The GUI message "Done" is due to redis server got crashed. This crash was due to inconsistency caused in system due to mas_service crash, which got fixed now. Also control center code made more robust to avoid any future netstat issue.[# NSHELP-20819]
- After you upgrade Citrix ADM to 12.1.13.54, the Citrix Director integration with Citrix ADM fails.[# NSHELP-20889]
- The clear event notifications for streaming of Citrix ADM disaster recovery database are auto-generated for every five minutes until you delete the event in Citrix ADM.[# NSHELP-20924]
Known Issues
The issues that exist in release 13.0.
Analytics
- HDX and Gateway active sessions data do not display accurate insights.[# NSADM-34417, NSADM-34496, NSADM-43169]
- HDX latency metrics values are now displayed as <1ms, instead of 0ms[# NSHELP-19762]
High Availability
- Consider that there is a forced failover between two Citrix ADM servers deployed in high availability, or that the primary node is down. You then see a message that the database streaming channel is down between the two ADM nodes. But Citrix ADM still displayed the message even after the nodes are synced with one another. With this fix, you will now see a new message that says the database replication lag is now normal.[# NSADM-13889]
- When the secondary node of two Citrix ADM servers in high availability is down, you cannot perform manual failover in ADM.[# NSADM-30424]
- Citrix ADM HA pair goes to split-brain state if any ADM subsystem keeps crashing.[# NSHELP-20929]
Networks
- When you export the Audit Log report in a CSV format, the report is displayed blank.[# NSADM-40389]
Orchestration
- If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.Workaround:1. Create a pool with Load Balancing virtual server.2. Create a listener with the pool ID.If you already have a listener, update the listener with the pool ID.[# NSADM-36631]
System
- If you have configured a Citrix ADM as SNMP trap destination for SNMP V2 protocol, and then upgrade the ADM, SSL certificates expiry trap might not get forwarded to the external manager. And, the ADM is unable to send events created with SNMP V3 to the external SNMP trap manager.Workaround: Delete the existing SNMP trap destination and configure it again with V2.[# NSADM-34198]
- The following error might appear when a user tries to access an instance:“Not authorized to access.”This error appears even if the user has permission to that instance.[# NSADM-10606, NSADM-12260, NSADM-12409, NSADM-14914]
- SSO login from Citrix ADM to Citrix ADC does not work as expected.[# NSHELP-20734]
What's New in Previous Citrix ADM 13.0 Releases
The enhancements and changes that were available in Citrix ADM 13.0 releases prior to Build 47.22. The build number provided below the issue description indicates the build in which this enhancement or change was provided.
Analytics
- Highlight violation patterns for Web Citrix Web App Firewall (WAF)You can now get details of attacks such as http headers and http payload to troubleshoot or analyze the attacks. To get details of attacks, you must update the "VerboseLogLevel" in Citrix Web App Firewall profile, using the following command:"Set appfw profile <profile_name> -VerboseLogLevel (pattern|patternPayload|patternPayloadHdr)"- pattern - Only violation pattern is logged- patternPayload - Violation pattern + 150 bytes of payload are logged- patternPayloadHdr - Violation pattern + 150 bytes of payload + http request headers are loggedBased on the "VerboseLogLevel" configuration, Citrix ADM displays the detailed log expression records.For more information, see Highlight violation patterns for Web Citrix Web App Firewall (WAF) section in Security Insight topic.[From Build 41.28][# NSADM-37409]
Citrix ADC pooled capacity licensing
- New values for SDX minimum bandwidth and minimum instancesThe minimum bandwidth and minimum instances values for SDX appliances that support Citrix ADC pooled capacity have changed. For more information, see:[From Build 41.28][# NSSVM-2770]
High Availability
- Server statistics of the secondary ADM serverIn a Citrix ADM high-availability pair, like the primary server, now the secondary server also displays server statistics. You can monitor the CPU, memory, and disk usage of the secondary server. Navigate to System > Deployment to see the statistics of the high availability servers.[From Build 41.28][# NSHELP-18706]
Hybrid and Multi-Cloud
- Support for the autoscaling of Citrix ADC instances deployed in Microsoft AzureThe Citrix ADM autoscaling now supports scaling of Citrix ADC instances in Microsoft Azure. The Citrix ADM autoscaling adds or removes Citrix ADC cluster nodes deployed in Azure depending on the actual usage of network resources. The Citrix ADM collects statistics (CPU usage, memory usage, and throughput) from the autoscale provisioned clusters. These statistics are evaluated against the customer-configured threshold value. Depending on the statistics, scale out or scale in is triggered. Scale-out is triggered when the statistics exceed the maximum threshold. Scale-in is triggered when the statistics are operating below the minimum threshold.The advantages of the autoscaling features are:- Ensures that the application is up and running all the time irrespective of traffic demands.- Citrix ADC instances are added and removed dynamically making to a zero-touch manual configuration.- DNS management is automatic.- Enables better cost management.[From Build 41.28][# NSADM-24780]
Licensing
- Name changes for license typesThe existing license names, Standard, Enterprise, and Platinum have been changed to Standard, Advanced, and Premium respectively.[From Build 41.28][# NSADM-36694]
Networks
- Support to add Citrix ADC BLX instances in Citrix ADMNow you can manage Citrix ADC BLX instances by using Citrix ADM. Citrix ADC BLX appliance is a lightweight software package, which runs on your preferred server hardware.[From Build 41.28][# NSADM-29983]
- Automatic discovery of entitiesWhen you add an entity on a Citrix ADC instance configured on Citrix ADM, the entity is displayed on the ADM automatically within 10 minutes. And, any change in the entity is reflected on the ADM immediately.For this feature to work, SNMP must be enabled for the ADC instance through the ADM. To enable SNMP, from the ADM GUI, navigate to Networks > Instances > Citrix ADC. Select the instance, click the Select Action menu, and click Configure SNMP.Also, if you configure virtual servers in bulk on the Citrix ADC instance, some of the virtual servers appear automatically within 10 minutes. The other virtual servers might take longer time to appear (up to 20 mins).[From Build 41.28][# NSADM-23622]
- Enable analytics in partitions through Logstream as Transport ModeWhen you create admin partitions on your managed instances, you might want to view analytics reports on Citrix ADM for each admin partition separately. Citrix ADM earlier displayed consolidated analytics reports based on the IP address of the instances and used IPFIX as the Transport Mode. You can now select Logstream as the Transport Mode to get analytics reports for admin partitions.[From Build 41.28][# NSADM-30252]
- GSLB Service Groups tabThe Citrix ADM GUI now displays the Service Groups tab under Networks > Network Functions > GSLB. Under this tab, you can see all the service groups for the discovered instances on the ADM. By using the Service Groups tab, you can perform tasks such as enabling and disabling a service group entity, and checking the members and virtual servers bound to that entity. Also, you can poll the entity to get its latest status.[From Build 41.28][# NSADM-31514]
- Apply virtual server licenses and enable analytics in a single workflowThe process of licensing virtual servers and then enabling analytics on the licensed virtual servers has been simplified. Earlier, to enable analytics for any virtual server, you must navigate to Networks > Instances > Citrix ADC, and then select the virtual server to enable analytics. If virtual servers are not licensed for an instance:- You must first license the virtual server by navigating to Licenses > System Licenses.- Then, again navigate to Networks > Instances > Citrix ADC to enable analytics for the virtual server.Citrix ADM now eliminates this dual process and enables you to license virtual servers and apply analytics in a single workflow. For more information, see Enable analytics in Virtual Servers in documentation.[From Build 41.28][# NSADM-32893]
- New optional fields to view Citrix ADC instances from Citrix ADM.The following new optional fields are added for viewing Citrix ADC instances from Citrix ADM. To select these fields, go to Citrix ADM GUI > Networks > Instances > Citrix ADC, and click the settings icon.- HA Master State- HA Sync Status- Admin Profile- Health- Uptime- Model ID- Packet Engines- SSL Cards- CPU- Hardware Version- LOM Version- Host ID- Serial Number- Encoded Serial Number- UUID[From Build 41.28][# NSHELP-6170]
- Search audit log messages by using filtersNow you can use filters to search syslog messages and audit log messages to narrow down your results and find exactly what you are looking for and in real time.To search syslog messages for all ADC instances present in the ADM software, from the ADM GUI, navigate to Networks > Events > Syslog Messages. The new filter categories are instance, module, event, severity, and message.To search all ADM system audit log messages present in the ADM software, from the ADM GUI, navigate to navigate to Account > Audit Log Messages. The new filter categories are instance, module, event, severity, and message.To search audit log messages for all applications present in the ADM software, from the ADM GUI, navigate to Networks > Network Functions > Auditing. The new filter categories are source, event, severity, and message.To search audit log messages for the a specific application in the ADM, from the ADM GUI, navigate to navigate to Application >Dashboard and select the virtual server for which you want search the audit log messages. Next, click the Audit Log tab. The new filter categories are source, event, severity, and message.[From Build 41.28][# NSHELP-18369]
- Signature rule notification in Citrix ADMSignature-based threat indicates the detection of known threats based on the signature assigned. Whenever you add a signature object to the Citrix ADC Web AppFirewall, Citrix ADM sends notifications through email, slack, PagerDuty, event message, and security insight.When you create an event rule in Citrix ADM, you can now view a new category called appFwNewSignatureAdded. To enable notifications for new signature objects added to Citrix ADC Web AppFirewall, create an event rule by selecting appFwNewSignatureAdded as Category.[From Build 41.28][# NSADM-34153]
StyleBooks
- Support for adding labels to StyleBooksYou can now add labels to any StyleBook in Citrix ADM. Labels are key-value pairs that allow you to group StyleBooks using different criteria. You can use these labels while searching or filtering StyleBooks in Citrix ADM.[From Build 41.28][# NSADM-34877]
- Create Citrix ADC configurations using Citrix StoreFront StyleBookThis StyleBook helps you create and manage Citrix ADC configurations for Citrix StoreFront applications.[From Build 41.28][# NSADM-36094]
- Migrate an application configuration to a different StyleBook on App DashboardYou can now migrate a configpack from the existing StyleBook to another StyleBook on the App Dashboard page. This feature is applicable only for the applications created using a StyleBook.[From Build 41.28][# NSADM-37996]
System
- Option to enable or disable scheduling jobsNow you can enable or disable scheduling jobs such as instance backup, instance configuration audit, instance network reporting, and instance SSL certificates. Previously, these jobs were enabled by default, without any option to disable them.To enable or disable a scheduling job, from the Citrix ADM GUI, navigate to System > Administration > Configurable Features.[From Build 41.28][# NSADM-36650]
- Renamed GUI labelsOn the Citrix ADM GUI, under System, GUI labels are reorganized and renamed to improve navigation and usability:- Statics is renamed as Performance- System Administration is renamed as Administration- Under Administration, similar settings are categorized into single groups- Sessions is moved under User Administration- User Administration and Notifications have tab views[From Build 41.28][# NSADM-33545]
- Group information of external usersWhen an external user, who is a member of a configured user group, accesses the Citrix ADM GUI, the user group information is captured in the system audit log.To capture the user group information, select the “Log external group information” check box in the Authentication Settings page. To see audit logs in the Citrix ADM service, navigate to System > Audit Log Messages.[From Build 41.28][# NSADM-36651]
- Simplified application-based authorization for RBAC usersIn Citrix ADM, as an administrator, you can now authorize other administrators for the required applications without necessarily having to select instances. Previously, you must select the instances and then select the applications from those instances. And there might be cases where an administrator is not needed to know which Citrix ADC instance the application is hosted. With this feature, you can directly select the applications.[From Build 41.28][# NSADM-37213]
- Grant Enable-Disable permissions to usersIn this release, the Enable-Disable option is added only to the Network Functions features that allow enable or disable action. User can enable or disable the feature. And, user can also perform the Poll Now action.When you grant Enable-Disable permission to a user, the View permission is also granted. You cannot deselect this option.Note: Before upgrade, if you have granted Edit permission for a feature, then Enable-Disable and View permissions are also granted. You cannot deselect the auto-selected options.[From Build 41.28][# NSHELP-18635]
Fixed Issues in Previous Citrix ADM 13.0 Releases
The issues that were addressed in Citrix ADM 13.0 releases prior to Build 47.22. The build number provided below the issue description indicates the build in which this issue was addressed.
Analytics
- If you set data persistence values for storing hourly data for more than 14 days, the data for daily, weekly, and monthly reports might not appear in the Citrix ADM.[From Build 41.28][# NSADM-36541]
- If you upgrade or restart the Citrix ADC instances that are managed in a Citrix ADM, the Logstream data does not appear in the Citrix ADM.[From Build 41.28][# NSADM-37039]
- When you enable analytics, Geo data collection is also enabled by default, but Geo maps were not displayed in Citrix ADM.[From Build 41.28][# NSADM-39543]
- When you select the Show Diagnostics icon in the Analytics > Web Insight page, the SSL and SSL_TCP virtual server types are displayed along with the HTTP type.[From Build 41.28][# NSHELP-19607]
- The Web Insight report might miss some data in Citrix ADM. This issue occurs when Citrix ADM fails to insert the Citrix ADC metrics into the database that exceeds the limit of the long integer data type.[From Build 41.28][# NSHELP-20053]
- Threshold Email Notification template had limited information on the breach. This release the Email Notification template includes the breach location information with the breach value.[From Build 41.28][# NSHELP-6093, NSADM-15511, NSHELP-18719]
Application
- In the App Dashboard page, the data volume appears incorrectly for some applications.[From Build 41.28][# NSHELP-20033]
Applications
- Citrix ADM now allows you to include special characters in the application name while defining an application. To define an application:1. Navigate to Applications > App Dashboard.2. Click Define Custom App.[From Build 41.28][# NSADM-36834]
- When you try to enable AppFlow configuration for the Citrix ADC instance using the Citrix ADM agent, the AppFlow configuration might appear as disabled in Citrix ADM.[From Build 41.28][# NSHELP-18656]
- The App Dashboard in Citrix ADM and the command line of the Citrix ADC instance display different memory usage values.[From Build 41.28][# NSHELP-19627]
- The Application Dashboard page displays incorrect information for external users.[From Build 41.28][# NSHELP-19690]
- In Applications > Dashboard, when you click an application, the following error intermittently appears:“Either Application is deleted or no virtual servers are bound to this app".[From Build 41.28][# NSHELP-6402, NSADM-20206]
High Availability
- If you manually break high availability on the Citrix ADM servers, the configuration on the managed instances is not sent to the IP address of the primary node.[From Build 41.28][# NSADM-34478]
- If you shut down the Citrix ADM high availability server during FileSync process, the synchronization job is aborted. The job does not resume even after the server has restarted.[From Build 41.28][# NSHELP-19455]
- Both the nodes of a Citrix ADM high-availability pair running on VMware ESXi hypervisor might not work.[From Build 41.28][# NSHELP-19635]
Hybrid Multi-Cloud
- When you are creating an autoscale group if provisioning fails for one of the availability zones, the activity progress window might become unresponsive.[From Build 41.28][# NSADM-37255]
- Citrix ADM fails to trigger scale-out or scale-in action even after the configured-threshold values for Citrix ADC instances are breached.[From Build 41.28][# NSADM-37655]
Licensing
- When you change the time zone in License Usage from local to GMT, it does not change the custom time to GMT. And, the License Usage report is not generated.[From Build 41.28][# NSADM-17670]
- When auto licensing is off, and when you try to manually remove the license from some of the virtual servers, the warning message might not indicate the correct number of virtual servers that are not licensed.[From Build 41.28][# NSADM-34767]
- The incorrect pooled license information is displayed in Citrix ADM if the Citrix ADC instance uses a different Citrix ADM as a license server.[From Build 41.28][# NSHELP-19788]
- In the Pooled Capacity page, Citrix ADM might display incorrect license allocation values intermittently if the page is refreshed multiple times continuously.[From Build 41.28][# NSHELP-19789]
Networks
- When you try to export the logs in CSV format, Citrix ADM exports all command logs, irrespective of the selected ADC instances.[From Build 41.28][# NSADM-32733]
- When you try to execute an aborted config job, you might see an "Invalid Request" error.[From Build 41.28][# NSADM-34242]
- In Citrix ADM, when a non-nsroot user navigates to the Networks > Agents page and clicks View Details for the selected agent, the instances list might display the instances to which the user does not have access. However, when the user tries to access the instances, an error is displayed.[From Build 41.28][# NSADM-34794]
- When you import audit log data in CSV format, instead of the filter-specific search results, all search results are captured in the CSV report. With this fix, you can import filter-specific search results in CSV format. By default, the timeline for the report is 30 days, and it is not customizable.[From Build 41.28][# NSADM-37581]
- When a non nsroot user accesses the NITRO API call to ‘ns_lbvserver_service_binding’, the call fails to return the data.[From Build 41.28][# NSADM-37621]
- The Citrix ADC CPX instances of the version 13.0 are discovered as Citrix ADC MPX instances in Citrix ADM.[From Build 41.28][# NSADM-37725]
- Citrix ADM Event subsystem crashes due to high memory usage.[From Build 41.28][# NSADM-38264]
- The ADM GUI displays Analytics as Disabled even if it’s enabled on the Citrix ADC appliance.[From Build 41.28][# NSADM-38905]
- If an ADC instance is managed through an ADM agent, the "Rediscover" option does not work.[From Build 41.28][# NSADM-39911]
- The Citrix ADM software does not show virtual servers and applications for a managed ADC instance when both the following conditions are met:The ADC instance has partitions.The ADC instance is managed through an ADM agent.[From Build 41.28][# NSADM-41742, NSADM-41663]
- If an ADC pair deployed in high-availability mode has admin partitions, the ADM analytics data is not displayed for traffic on admin partition virtual server.[From Build 41.28][# NSADM-41750]
- After an ADM agent fails over, AppFlow is not automatically reconfigured to send traffic to the new agent.[From Build 41.28][# NSADM-41842]
- In the Citrix ADM GUI, the Citrix ADC instances that are managed by a Citrix ADM agent display an incorrect status.[From Build 41.28][# NSADM-42160]
- When you delete a partition from a managed Citrix ADC instance, the corresponding partition entities, under Network Functions, are not removed from the ADM software. This issue occurs if the ADC instance is added to the ADM through an agent.[From Build 41.28][# NSADM-42281]
- The Citrix ADM GUI displays an incorrect status of the GSLB service group. This issue occurs because there are no events on the GSLB service group trap. The Citrix ADM software uses this trap to record the changes on the GSLB service group.[From Build 41.28][# NSADM-42747]
- After you remove a VPX instance from the SDX appliance, the network functions of the VPX instances are not cleared in the Citrix ADM GUI. This issue persists even after removing the VPX instance from Citrix ADM.[From Build 41.28][# NSADM-42782]
- When an ADM agent goes down, though you can reassign the ADC instances to other agents, the reconfiguration of policies on the instances might fail intermittently. ADM will generate notification under System events for such cases.[From Build 41.28][# NSHELP-18760]
- In configuration audit, ADM is unable to create a configuration audit report and send through email.[From Build 41.28][# NSHELP-19089]
- While creating or configuring an instance group, GUI might display the IP addresses of high availability Citrix ADC instances twice. Selecting any one IP address adds both the instances to the instance group.This fix applies for creating a new instance group. For the groups that are created before upgrading, you must remove the duplicate entries from the group.[From Build 41.28][# NSHELP-19176]
- When you restore a standalone ADM or HA pair ADM, the SSL ciphers are not getting restored as expected.[From Build 41.28][# NSHELP-19284]
- Citrix ADM polls SSL certificate and configuration audit twice. This issue is fixed and now polls once for every cycle.[From Build 41.28][# NSHELP-19377]
- When the SNMP option is enabled on the partition of an instance and the Citrix ADC configuration is not saved, the SNMP configuration is lost and SNMP traps in Citrix ADM will disappear after restarting the instance.The fix applies only for the newly added instances or partitions. Ensure you have executed the “set snmp option -partitionNameINTrap ENABLED” command on all Citrix ADC partitions and the configuration is saved.[From Build 41.28][# NSHELP-19384]
- The Citrix ADM event subsystem crashes if the following conditions are met:- You delete the instance or device partition from which an event is received.- The event is configured to send a repeat email notification for a specified interval.[From Build 41.28][# NSHELP-19401]
- The temporary folders created to maintain the difference between configuration audit reports are not cleared from Citrix ADM regularly.[From Build 41.28][# NSHELP-19436]
- When a scheduled configuration audit and “Poll Now” action is triggered at the same time, the polling might fail because of a shortage of threads to complete the action.[From Build 41.28][# NSHELP-19454]
- If you modify the “event_filter” API using the Citrix ADM NITRO API, it resets the name of the event rule to empty or null.[From Build 41.28][# NSHELP-19474]
- When you restore the Citrix ADM server using the backup of a different Citrix ADM server, the restored Citrix ADM server displays an invalid “Host ID” in the Networks > License page.[From Build 41.28][# NSHELP-19485]
- While creating a configuration template, Citrix ADM does not check for the invalid characters given in the template name.[From Build 41.28][# NSHELP-19507]
- When you want to install an SSL certificate in the Citrix ADC appliance using the Import Certificate option from the Citrix ADM GUI, the "ns_ssl_keys" file is created instead of "ns_ssl_keys" directory. As a result, the installation fails in the Citrix ADC appliance.[From Build 41.28][# NSHELP-19525]
- An authorization error appears when the following conditions are met:- A user fetches and deletes configuration templates- The user belongs both to an admin group and a non-admin group without configuration templates.[From Build 41.28][# NSHELP-19622]
- The following error appears when you are saving a configuration template that contains a ‘$’ character in the command text:“Invalid Token Error.”[From Build 41.28][# NSHELP-19689]
- When an external user receive the scheduled report from the Citrix ADM GUI, the report might show the following error:“No views are available to show.”[From Build 41.28][# NSHELP-19995]
- When you schedule a filter to trigger the event rule with comma separated continuous ranges (for example: 19-21,21-23), then the scheduled effect does not work as expected.[From Build 41.28][# NSHELP-20016]
- When you enable or disable the entities under the Network Functions tab, the “Not authorized to access <PartitionName>” error is displayed. This issue occurs only when the selected partition for an entity has hyphen (-) in its name.[From Build 41.28][# NSHELP-20018]
- Citrix ADM does not allow whitespaces in the event rule name while creating an event rule.[From Build 41.28][# NSHELP-20035]
- In Networks >Network Functions > Load Balancing, the Citrix ADM GUI takes longer time to display the virtual servers.[From Build 41.28][# NSHELP-20050]
- When you configure the Scheduled Time Interval (in the range X-Y and when X>Y) for an event rule, the configuration is displayed with an error and is not working as expected.[From Build 41.28][# NSHELP-20094]
- Citrix ADM reports high CPU usage due to an SQL Query execution shown in mps_service log files.[From Build 41.28][# NSHELP-20178]
- The Citrix ADM agent registration fails if the “Secure Access Only” option is enabled on the Citrix ADM GUI,[From Build 41.28][# NSHELP-20260]
- After you add a VPX instance running on an SDX appliance on the ADM software, some operations might fail. For example:- The instance does not appear under under Infrastructure Analytics Dashboard and App Dashboard.- You are unable to delete the instance from the ADM software.This issue occurs if you use an ADM agent to discover the instance.[From Build 41.28][# NSHELP-20539]
- In Network Reporting dashboard, the slider used for customizing the duration has no impact on the graph.[From Build 41.28][# NSHELP-20772]
System
- If you create an application using an instance that is not in the scope of your authentication, the Citrix ADM does not display any error message.[From Build 41.28][# NSADM-17877]
- Change in system default settingsFrom this release, the following system settings have changed:- All the ADM system events are enabled by default. This change helps you avoid missing out enabling any required events.- Citrix ADM recommends you to configure system notifications. If there are no system notifications configured, Citrix ADM displays a warning message on the home screen.The system notifications help you to receive alerts on email, SMS, or Slack channel for system events. To configure the system notification, click Configure Now on the warning message.- The diskUtilizationHigh alarm default is set to 50. The changed threshold gives you more time to address the high disk usage issue. Previously, the default threshold was 80. Navigate to System > Alarms to view and edit the system alarms.- Citrix ADM stops processing the Citrix ADC traffic if the disk usage reaches 80% and above. In Citrix ADM, Syslog servers, SNMP, and analytics stop working. This change is made to avoid system failures. After you resolve the disk usage issue, ADM resumes to process the ADC traffic.Note: After the upgrade, all previously configured settings change to the default settings; however, you can reconfigure them if needed.[From Build 41.28][# NSADM-37407]
- When the Citrix ADM service discovers an instance with the agent, the NITRO request uses HTTP protocol instead of the protocol configured in the profile. This NITRO communication occurs during scheduled inventory, statistics, or entity monitoring.[From Build 41.28][# NSADM-39555]
- After upgrading to ADM 12.1 53.x, the value for automated data pruning changes to default 50.The value changes, because with this release, the diskUtilizationHigh alarm default value is set to 50 from previous 80. And both diskUtilizationHigh and data pruning are controlled internally by a single entity. As a result, the value for automated data pruning is also automatically adjusted to 50. The Citrix ADM software starts pruning data when the new threshold is met (50), therefore, you might lose data.[From Build 41.28][# NSADM-40698]
- Citrix ADM service subsystem crashes after you upgrade to 12.1-50.30. This issue occurs intermittently when there are many concurrent requests.[From Build 41.28][# NSHELP-18595]
- As a Citrix ADM user with view/edit permissions for Network functions, you are able to modify global poll interval settings.[From Build 41.28][# NSHELP-18688]
- You might intermittently see that the mas_inventory subsystem core dumps due to multithreading scenarios in libssh2 client.[From Build 41.28][# NSHELP-19042, NSHELP-20067]
- As a non-nsroot user, you might see an error when you try to retrieve client-side details in HDX Insight when you are not authorized to perform this action.[From Build 41.28][# NSHELP-19087]
- The temporary files created during Configuration Audit of templates were earlier stored in /tmp folder of the Citrix ADC file system. The files are now stored in /var/tmp folder.[From Build 41.28][# NSHELP-19346]
- When you upgrade Citrix ADM, the upgrade images are not cleaned up from the system even if you select the option to clean the images.[From Build 41.28][# NSHELP-19365]
- After restoring the backup of the Citrix ADM high availability server on to the standalone Citrix ADM server, the System > System Events page displays the loopback IP address as the source IP address.[From Build 41.28][# NSHELP-19465]
- The Citrix ADM configuration subsystem might crash because of an incorrect file permission given to the "/mpsconfig/cipher_settings.conf" file.[From Build 41.28][# NSHELP-19497]
- In the Citrix ADM, the registration of disaster recovery node fails with an error message "untar command failed".[From Build 41.28][# NSHELP-19623]
- During the Citrix ADM upgrade the migration subsystem might crash. This issue does not cause any functionality loss.[From Build 41.28][# NSHELP-19637]
- Citrix ADM reports the start-up errors “mas_hb_monit failed to start” in the logs repeatedly.[From Build 41.28][# NSHELP-19644]
- The Citrix ADM GUI takes longer time to display groups when a logged-in user is assigned to more than 200 groups in Citrix ADM[From Build 41.28][# NSHELP-19757]
- If the Client Side Measurements are enabled in Appflow on a Citrix ADC instance, the afdecoder process in Citrix ADM might crash for large transaction records.[From Build 41.28][# NSHELP-19791]
- In Citrix ADM with disaster recovery deployment, a false notification is generated for a database delay. This notification is generated even if the databases are synchronized.[From Build 41.28][# NSHELP-19876]
- The Citrix ADM GUI allows a user who has read-only permission to update ADC SSO.[From Build 41.28][# NSHELP-20378]
- When the ADM software processes AppFirewall related syslogs, the event subsystem crashes.[From Build 41.28][# NSHELP-20484]
Release history
For details of a specific release, see the corresponding release notes.
- Build 47.22 (2020-01-06) (Current build)
- Build 41.28 (2019-09-13) Replaces: 41.22