Release Notes for Build 49.16 of NetScaler MAS 11.1 Release

Updated: October 4, 2016 | Release notes version: 1.0
This release notes document describes the enhancements and changes, lists the issues that are fixed, and specifies the issues that exist, for the NetScaler MAS release 11.1 Build 49.16. See Release history.
What's New?
The enhancements and changes that are available in Build 49.16.
  • X-Forwarded-For HTTP Header Support for Security Insight Reports
    The X-Forwarded-For HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. NetScaler MAS uses X-Forwarded-For HTTP header to obtain the following details:
    - The address of the client which connected to the proxy.
    - The content of the host header the client sent to the proxy.
    Currently X-Forwarded-For support is available only for Web Insight and Security Insight.
    Note: You can only enable or disable the X-Forwarded-For feature using the NetScaler appliance's CLI.
    To enable this feature, at the command prompt, type: "set appflow param httpXForwardedFor ENABLED".
    [# 636390]
  • Comparing Graphs in NetScaler MAS Analytics
    You can now combine any two graphs in NetScaler MAS Analytics (Insight) to view and compare the selected parameters.
    [# 617967, 593755]
  • Support to Migrate NetScaler Insight Center to NetScaler MAS
    You can now migrate your NetScaler Insight Center deployment to NetScaler MAS without losing the existing configuration, settings, or data in NetScaler Insight Center. With NetScaler MAS you can not only view the various analytics data generated by the NetScaler instances associated to an application, but you can also manage, monitor, and troubleshoot the entire global application delivery infrastructure from a single, unified console. Note that you can only migrate a standalone NetScaler Insight Center deployment to a standalone NetScaler MAS deployment. For more information, see
    [# 632967, 649903]
  • Support to Integrate NetScaler MAS with Citrix Director
    NetScaler MAS is now integrated with Citrix Director. This enables Director to display HDX Insight reports from NetScaler MAS in the Network and the User details page and provides has user, applications, desktops, instances and license specific information. For more information, see
    [# 647135]
  • If a NetScaler high-availability failover occurs when ICA AppFlow is enabled, the session reliability feature will now restore the session. This capability is currently disabled by default and configurable via CLI. The CLI command to enable/disable the feature is
    set ica parameter EnableSRonHAFailover YES/NO
    [# 456218, 438710, 547601, 620411]
Application Management
  • Using Regular Expressions to Configure Load Balancing Virtual Servers in NetScaler MAS
    When defining an application from Applications > Dashboard > Applications > New Application, you can now use regular expressions to select multiple virtual servers. For example, the owa|lync expression selects all virtual servers that contain "owa" or "lync" in their names.
    [# 657447]
  • Editing the name of the application
    When you create an application (Applications > Dashboard > Applications), earlier there was no option to edit the name of the application. With this fix, you can edit the name of the application at any later time.
    [# 644896]
  • Configuring Load Balancing Virtual Servers From the Application Dashboard
    You can configure load balancing virtual servers and bind or unbind services and service groups from the Application Dashboard screen of the NetScaler MAS. For more information, see
    [# 653169]
  • Reusing Completed Configuration Jobs on NetScaler MAS
    You can now modify the commands, parameters, configuration settings, and instances in a completed or a scheduled job and execute the job again. This is useful when you want to execute the same set of commands on a different instance or when the job encounters an error and stops further execution. For more information, see
    [# 637401]
  • Wildcard Character Support for Failure Objects
    You can now use the wildcard character search for failure objects to apply to a rule. You can use * as a wildcard character in the Add field above the Failure Objects parameter in the Create Rule page, to search for similar failure objects that can be applied to the rule. For more information, see
    [# 653144]
  • Unrecognized Failovers in NetScaler MAS
    Earlier when failover occurred on NetScaler instances in a high availability mode, NetScaler MAS was unable to detect the state change until the next polling by the system. Now, when failover occurs on NetScaler instances in a high availability mode, NetScaler MAS updates the primary or secondary node's state based on SNMP traps received by NetScaler MAS when the instance state changes.
    [# 657297]
  • Email Notification Support to Send Configuration Audit Notifications for Saved v/s Running Config Differences
    You can now configure NetScaler MAS to send email notifications every time the saved configuration is different from the running configuration on managed NetScaler instances. A configuration might get changed when you manually poll your instances, or if you have scheduled a configuration to be run at a particular polling interval. For more information, see
    [# 653168]
  • View Instance User Information in Execution Logs
    Execution logs are generated when you create and execute a job that contains the NetScaler user (Instance User) whose credentials were used to perform the action. Previously, only the MAS user’s name was displayed in the execution log. In some cases, both the MAS user and the NetScaler user had the same system credentials, nsroot/ nsroot. In this situation, should your NetScaler profile be changed, you can rediscover the instance with its new user credentials and execute the job again. You can then see the new instance user credentials in the execution summary.
    To view execution logs with system and instance name, navigate to Infrastructure > Configuration Jobs. Select a job and click Details. Click Execution Summary to see the status of the instance on that executed the job and the instance user's name. For more information, see
    [# 653167]
  • Support to Send Email Notifications when Jobs are Executed
    Email notifications can now be sent every time a job is executed or scheduled. The notifications provide information such as the success or failure of the job, and include relevant details. If you have created a job in NetScaler MAS to perform specific configuration changes on a NetScaler appliance, and you want to know if the scheduled task has succeeded or failed, you previously had to log back on to NetScaler MAS and check the execution logs. You can now direct NetScaler MAS to send an email reporting on the success or failure of the task. For more information, see
    [# 652828]
  • Support to View Host Names with IP Addresses of NetScaler Instances
    You can now view the host name along with the IP address of your NetScaler instance across all tables and graphs in NetScaler MAS. Previously, only the IP address was displayed, making it difficult to keep track of thousands of instances. By assigning host names, you can now identify instances more easily.
    [# 649667]
  • Expiry Check Support for Virtual Server Licenses
    You can now view the status and set alerts for the virtual server licenses expiry in NetScaler MAS. This helps you plan your license upgrades on time. You can set the expiry notifications to be received through email or through SMS. To view the status of the licenses, navigate to Infrastructure > Licenses > System Licenses. Then, in the License Expiry Information section, you can find the details of the licenses that are going to expire. For more information, see
    [# 649426, 660051]
  • Management and Monitoring Support for Virtual Servers through NetScaler MAS
    You can now select the virtual servers to manage and monitor through MAS. To manage licensed virtual servers, navigate to Infrastructure > Licenses > System Licenses, and select Modify Licensed Virtual Servers to license/un-license the virtual servers. For more information, see
    [# 649425, 649591]
  • Port Configuration Support for License Server Client
    If your network firewall does not allow the using of ports above 10000 for communication between license server (port 27000) and NetScaler instances, you can use vendor daemon port (7279) for communication. For more information, see
    [# 649424]
  • Solution for Cisco ACI Hybrid Mode
    Citrix NetScaler now provides a hybrid mode device package for Cisco Application Centric Infrastructure (ACI). The hybrid mode device package in conjunction with NetScaler Management and Analytics System (MAS) enables you to perform network automation through the Cisco Application Policy Infrastructure Controller (APIC), while delegating the L4-L7 configuration to NetScaler MAS acting as a Device Manager in APIC. For more information, see
    [# 645660]
  • Configure Alerts and Collect Analytics Data on a Virtual Server Defined by Using a StyleBook
    You can now use the operations construct in StyleBooks to configure NetScaler MAS analytics alarms on any virtual server created through the StyleBook. The attributes in this construct are used to set thresholds to generate alarms and send notifications on the virtual server. For example, you can configure an alert to send notification if the total requests handled by a load balancing virtual server is greater than 25 and for a period defined by the user. For more information, see:
    [# 627838]
  • Support for File Uploads From StyleBooks by Using NetScaler MAS GUI
    To upload certificate file and certificate key file, two new types of parameters are now available, "certfile" and "keyfile". For these two parameter types, you can now upload the files directly from your local system when you are creating a StyleBook configuration using the NetScaler MAS GUI. The uploaded certificate file is stored in the directory /var/mps/tenants/<tenant_path>/ns_ssl_certs and the certificate key file is stored in /var/mps/tenants/<tenant_path>/ns_ssl_keys in NetScaler MAS. These uploaded certificates become part of the certificates managed by NetScaler MAS.
    For uploading any other type of file, you can use the parameter type "file". In this case, you have to first manually upload the file to /var/mps/tenants/<tenant_path>/ on NetScaler MAS, before you can use that file in a StyleBook configuration.
    When creating configurations from StyleBooks, you must provide only the name of the file you want to upload if you are using the API for any of the three parameters types or if the parameter type is "file" (from NetScaler MAS GUI or API). You must not provide the complete path of the files. The files are expected to be already available in the respective folders.
    [# 645248]
  • StyleBooks for NITRO Entities Available on NetScaler MAS
    Built-in StyleBooks corresponding to all NITRO entities for releases 10.5, 11.0, and 11.1 are now available on NetScaler MAS. You cannot access these StyleBooks from the NetScaler MAS GUI. To access these built-in StyleBooks, you have to use StyleBooks API requests.
    For example, to get the definition of a built-in StyleBook for lbvserver resource of NetScaler NITRO API, you have to use the following GET request:
    [GET] http://<mas_ip>/stylebook/nitro/v1/config/stylebooks/netscaler.nitro.config/<netscaler_release>/lbvserver
    To create a load balancing virtual server on the target instance with the specified attribute values, you have to use the following POST request:
    [POST] http://<mas_ip>/stylebook/nitro/v1/config/stylebooks/netscaler.nitro.config/<netscaler_release>/lbvserver
    "configpack": {
    "parameters": {
    "name": "test-lb",
    "servicetype": "HTTP",
    "ipv46": "",
    "port": 80
    "target_devices": {
    "<device IP>": {
    "id": "<device_id>"
    For more information on how to use APIs to create configurations from StyleBooks, see:
    [# 644498, 627895]
  • Compressing Core Files to Save Disk Space
    The NetScaler MAS server now compresses the backup files that are generated during the "backup and restore" process. This ensures that the backup files now occupy minimum storage within the server.
    [# 654672]
Fixed Issues
The issues that are addressed in Build 49.16.
  • When you upgrade the NetScaler appliance from 11.0 release to a newer release (11.1 or higher), Security Insight is set to disabled.
    [# 653626]
  • In a NetScaler MAS high availability setup, the Analytics configuration does not work.
    [# 642270, 644542]
  • NetScaler MAS Analytics displays the HA failover count per ICA session whenever HA failover happens, and a reconnect occurs using session reliability.
    [# 644975]
  • NetScaler Insight Center displays the VPN virtual server IP address in the Server IP Address field rather than the XenApp or XenDesktop server IP address.
    [# 635525]
  • If Appflow for ICA is enabled on a NetScaler appliance, the appliance might become unresponsive under certain circumstances during ICA capability negotiation in ICA PROXY mode.
    [# 653385, 655823]
  • If HDX insight is enabled on a NetScaler appliances in high availability mode, and if the nodes are set to STAY PRIMARY or STAY SECONDARY, session reliability fails when a failover happens.
    [# 653438]
  • When AppFlow for ICA is enabled on a NetScaler appliance in a multi core environment, the Netscaler appliance might become unresponsive.
    [# 647713]
  • If the frequency of a job is scheduled as "once" for a specific time and date, the job is executed immediately instead of getting executed at the scheduled time.
    [# 654763]
  • When an HA pair is created with different NetScaler MAS versions, an erroneous "Invalid Password" message is displayed.
    [# 647168]
  • During instance interface configuration for Orchestration, you can disable or enable the interface, or assign the VLAN range. After you update the setting, the GUI does not display the updated settings until the page is refreshed.
    [# 648363]
  • OpenStack LBaaS load balancing configurations are not supported on networks with IPV6 subnets.
    [# 648305]
  • The OpenStack LBaas V2 driver does not support network type VXLAN for autoprovisioning of NetScaler VPX instances on Nova.
    [# 648640]
  • In OpenStack integration, for an auto-provisioned NetScaler instance in NOVA, NetScaler MAS does not support a service package that specifies a partitioned isolation policy. Service package creation might succeed, but an error occurs when you configure the first load balancer.
    [# 654374]
  • During OpenStack orchestration, when you auto-provision a NetScaler VPX instance on NetScaler SDX in the NetScaler 11.1 release 48.10 build, an error is noticed during creation of the virtual IP address.
    [# 655535]
  • After selecting one of the cloud platforms and submitting the form with the required settings under Orchestration, you are redirected to the Cloud Platform Selection page instead of the Deployment Settings page. With this fix, when you now select one of the cloud platforms and submit the form, you are redirected to the Deployment Settings page.
    [# 648355, 648561]
  • Placement policies assigned to a service package are mutually exclusive. That is, placement policies should not overlap. If placement polices overlap, a placement policy might be assigned arbitrarily.
    [# 654267]
  • For NSX Integration, a VLAN is allotted for every VXLAN during service insertion. The VLANs do not get de-allotted when service insertion is disabled/deleted. Because of this VLANs might get exhausted.
    [# 648726]
  • In Orchestration, the Tasks page under the Request tab keeps refreshing even after the tasks are complete.
    [# 647517]
  • In NetScaler MAS, when you configure instance backup settings (System > Instance Backup Settings), the backup files are generated randomly and not at the set time interval. Also, the older backup files are not being deleted in the order that they were created.
    [# 661153]
  • Earlier, when trying to remove or edit a threshold, the following error message appeared even for an nsroot user: "Not authorized to perform this operation." Now, you can remove or edit previously created thresholds on NetScaler MAS.
    [# 654615]
Known Issues
The issues that exist in Build 49.16.
  • NetScaler Insight Center does not report an application-launch failure caused by a user trying to launch an application or desktop to which the user does not have access.
    [# 609604]
  • For HTML pages, the waterfall chart in the Page Analysis tab of the URL reports section is not displayed consistently.
    [# 435209]
  • The time interval for which data is displayed on the dashboard might not match the selected time interval. If no data is available for part of the selected time interval, NetScaler MAS shows data from the date on which it started receiving the AppFlow data.
    [# 601474]
  • There is no option to select the gateway device in a multi-hop deployment for NMAS. This does not allow us to bifurcate and report client and server side latency correctly.
    [# 658855]
  • When Appflow is enabled for a new VPN virtual server through NetScaler Insight Center, the NetScaler Insight Center stops reporting ICA session data for some sessions.
    [# 644748, 643704]
  • In Security Insight, on the Application Summary page, IP reputation is not displayed in the Violation Category drop-down list.
    [# 643629]
  • In Security insight, Search option drop-down list for Application Summary does not include all the filters.
    [# 630031]
  • In Security Insight, Safety Index filters display incorrect output.
    [# 640160]
  • For NetScaler SD-WAN, while using the "SetTrafficShapingPolicy" built-in template to execute Configuration jobs, you are required to specify values for all parameters, even if they are not mandatory.
    [# 613965, 613962]
  • If you select Enable URL Data Collection in the Web Insight URL Data Collection Settings, the NetScaler Insight Center virtual appliance's available memory reduces rapidly.
    [# 638324]
  • On the Security Insight dashboard, the time slider for custom time duration might not always work.
    [# 630524]
  • Geo location does not resolve from maxmind data base file GeoCity.dat.
    [# 655636]
  • Geo location does not resolve IP addresses from maxmind data base file GeoCity.dat for both Web and HDX Insight.
    [# 660424, 659826]
  • For a NetScaler appliance in multicore setup, reports from all cores were not getting generated except "0" core.
    [# 656225]
  • The field value for X-Forwarded-For HTTP header is not displayed as client IP in Security Insight violation logs.
    [# 645284, 636390]
  • ICA parsing uses a lot of memory, so the NetScaler appliance reaches its memory limit with a lower than expected number of connections.
    [# 459458]
  • Traps forwarded from the NetScaler MAS server when a "Send Trap" rule is configured on events, always have the Community set to "public" (the default).
    [# 647610]
NetScaler Insight Center
  • When you use LDAP for external authentication, you will receive a "Error: Resource does not exist" error message when you click Configuration tab.
    [# 658344]
  • In orchestration, if you perform "Cleanup" operation for requests on which rollback failed, the following error message is displayed: "Rollback is not allowed for successfully completed requests".
    Workaround: You can refresh the page to view if the failed rollback has succeeded.
    [# 601294]
  • In orchestration, when a NetScaler instance is unassigned from a service package, the interfaces configured for the instance are lost.
    Workaround: The interfaces should be reconfigured if the same NetScaler instance is assigned to another service package.
    [# 620635]
  • If a network gets disconnected while you are autoprovisioning NetScaler instances on NOVA, you should not perform other operations on the NetScaler instances. Doing so could result in the instance becoming unstable. In that case, you might have to ask Citrix technical support to reconfigure the instance.
    [# 590687]
  • In OpenStack integration, the installation files and scripts in the NetScaler driver bundle, and also the configurations in the neutron.conf file display NetScaler Control Center options instead of the required NetScaler MAS options.
    Workaround: When prompted for the IP address of the machine running NetScaler Control Center, enter the IP address of the machine running NetScaler MAS. For example, while installing the driver, specify the MAS IP address for the "--ip " option even though prompted for controlcenter_ip.
    [# 653696]
  • In a NetScaler MAS high availability setup, when you back up and restore the system, the instance backup settings (System > System Administration > Instance Backup Settings) do not get backed up and restored to the values that were set prior to taking the backup.
    [# 661049]
  • NetScaler MAS restarts as soon as you apply the required Cipher group and click "OK" even before you click "Done". The NetScaler MAS should restart after you click "Done". Also, NetScaler MAS should display a confirmation pop-up message before the system restarts.
    [# 660805]
  • In NetScaler MAS, when you apply the required Cipher group to configure the SSL settings, the system selects the last created cipher group by default even when you apply any other group created previously. The system should select the group that was applied.
    [# 660799]
Fixed Issues in Previous NetScaler MAS 11.1 Releases
The issues that were addressed in NetScaler MAS 11.1 releases prior to Build 49.16. The build number provided below the issue description indicates the build in which this issue was addressed.
  • In the NetScaler MAS Infrastructure dashboard, NetScaler SD-WAN is not split into two instance types: SD-WAN WO and SD-WAN-EE. The SD-WAN displays include both SD-WAN WO and SD-WAN-EE instances.
    [From Build 48.10] [# 648690]
  • For a service pack with an auto-provisioned instance, NetScaler MAS does not support an HA pair for SDX.
    [From Build 48.10] [# 648566]
  • When a tenant assigned to a service package with an isolation policy partition is unable to create a VIP on a shared network, rollback fails and the NetScaler MAS displays the following error message: "Nitro timed out: Invalid Argument [tagged]." Although the rollback fails, configurations are successfully configured on the NetScaler instance type.
    [From Build 48.10] [# 648514]
  • On the Application dashboard, for all virtual servers, the Search criterion generates a wrong count even if the data displayed in the GUI is accurate.
    [From Build 48.10] [# 648441]
  • During instance interface configuration for Orchestration, the user can disable/enable the interface or assign the VLAN range. After user updates the setting, the GUI does not display the updated settings, until the page is refreshed.
    [From Build 48.10] [# 648363]
  • After selecting one of the Cloud Platforms and submitting the form with the required settings under Orchestration, you is redirected to the Cloud Platform Selection page instead of Setting page.
    [From Build 48.10] [# 648355, 648561]
  • For a service pack with an auto-provisioned device, NetScaler MAS does not support an HA pair for NOVA.
    [From Build 48.10] [# 648298]
  • Enabling or disabling an entity from the Application Dashboard by using the State On-Off button does not create audit logs.
    [From Build 48.10] [# 646015]
  • Using the NetScaler MAS GUI, you might not be able to delete partitioned instances that have gone out of service.
    [From Build 48.10] [# 644750]
  • In NetScaler MAS, virtual servers and services takes a long time (~30 minutes) to be discovered on a HA setup.
    [From Build 48.10] [# 647904]
  • NetScaler MAS NITRO API documentation references "NetScaler SDX" instead of "NetScaler MAS".
    [From Build 48.10] [# 647686]
  • Events and syslog data are not sorted by date in the NetScaler MAS GUI.
    [From Build 48.10] [# 647576]
  • The Tasks page under the Request tab keeps refreshing even after the tasks are complete.
    [From Build 48.10] [# 647517]
  • The Desktop Director is not integrated with the NetScaler MAS.
    [From Build 48.10] [# 647135]
  • When the MAS receives a request from an OpenStack tenant, the name of the tenant does not appear in the Tenant Name field in on the Orchestration Request tab.
    [From Build 48.10] [# 637841]
Release history
For details of a specific release, see the corresponding release notes.

© 1999-2016 Citrix Systems, Inc. All rights reserved. | Terms of use.
Useful links

On this page

What's New? (22)
Fixed Issues (20)
Known Issues (25)
Fixed Issues in Previous 11.1 Builds (15)