Release Notes for NetScaler ADC 11.1-65.12 Release

This release notes document describes the enhancements and changes,fixed and known issues that exist for the NetScaler ADC release Build 11.1-65.12.


  • This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
  • Build 11.1-65.12 and later builds address the security vulnerabilities described in

What's New

The enhancements and changes that are available in Build 11.1-65.12.


  • Option to enable or disable access to Citrix Hypervisor on a NetScaler ADC SDX appliance You can now enable or disable access to the SDX Control Domain (Citrix Hypervisor) on a NetScaler ADC SDX appliance. With this enhancement, a user can directly access the SDX appliance and also change the configuration. Previously, access to the Citrix Hypervisor in the SDX appliance was enabled by default. Upon upgrade to 12.1-56.x, 13.0-52.x, and 11.1-65.x from a previous release, the access will be disabled.
    To enable this access, from the SDX GUI, navigate to System > Network Configuration. Under Appliance Supportability, select Configure Appliance supportability.
    [ NSPLAT-11065 ]

User Interface

Fixed Issues

The issues that are addressed in Build 11.1-65.12.

Authentication, authorization, and auditing

  • In rare cases, the counter for "vpnusers" parameter with value 0 is incorrectly decremented. This decrement resets the counter to a very high value, resulting in the license check failure.
    [ NSHELP-22558 ]
  • In some cases, a NetScaler ADC appliance dumps core because SYN packets going towards TACACS server are filled with wrong partition values.
    [ NSHELP-22030 ]
  • A NetScaler ADC appliance might dump core upon receiving a RESET command from the client while the appliance is handling VPN traffic requests.
    [ NSHELP-21817 ]
  • In rare cases, the NetScaler Unified Gateway appliance might fail when users are challenged for a one-time code.
    [ NSHELP-20967 ]

Load Balancing

  • After upgrading a NetScaler ADC appliance, the GSLB config sync might fail if the "/var/tmp/gslbsync" directory does not exist on the appliance.
    [ NSHELP-22796 ]
  • The packet engines (NSPPE) might crash when it receives the first RTSP data packet with an incomplete header, followed by an ACK before receiving the complete header.
    [ NSHELP-22099 ]
  • In a GSLB setup with gateway deployment, the NetScaler ADC appliance might fail to resolve the domain name for a GSLB service in the following condition:
    When the primary load balancing virtual server is DOWN, even if the backup load balancing virtual server is UP.
    [ NSHELP-21061 ]
  • The NetScaler ADC appliance might run out of memory when a client sends packets at regular intervals but the first packet is blocked in the appliance. As a result, packets are queued up and the appliance runs out of memory to store the packets.
    [ NSHELP-20871 ]
  • The Citrix NetScaler appliance might fail while removing a server, if the server is bound to a GSLB service and the service is used in a policy configuration.
    [ NSHELP-18969 ]
  • A NetScaler ADC appliance might crash when all of the following conditions are met:
    - A backend server is DOWN.
    - An ADC appliance collects information on server, such as RTT and proximity, for selecting a new backend.
    [ NSHELP-11969 ]

NetScaler ADC SDX Appliance

  • On a NetScaler ADC SDX 8900 appliance, the number of instances available for provisioning are reduced after you upgrade the appliance.
    [ NSHELP-23808 ]
  • A VPX instance hosted on a NetScaler ADC SDX 15000-50G or SDX 26000 appliance is unreachable from the Management Service after you change some properties, such as description and host name.
    [ NSHELP-23491 ]
  • If the IP address of a NetScaler ADC SDX appliance that is configured using pooled licensing is changed in SDX, the Citrix ADM managing the SDX appliance continues to show the old SDX IP address.
    [ NSHELP-23490 ]
  • You cannot modify the VPX instance name on the following platforms when the number of cores assigned to that VPX is greater than the number of free cores available on the appliance.
    - SDX 8900
    - SDX 14xxx-40G
    - SDX 14xxx-40S
    - SDX 14xxx FIPS
    - SDX 15xxx-25G
    - SDX 15xxx-50G
    - SDX 25xxx
    - SDX 26xxx
    - SDX 26xxx-50S
    - SDX 26xxx-100G
    [ NSHELP-22048 ]
  • On NetScaler ADC SDX 15xxx and SDX 26xxx platforms, you cannot provision multiple VPX instances in L2 mode.
    [ NSHELP-21367 ]

NetScaler Gateway

  • If you use a French keyboard on a VPN plug-in, characters entered using CTRL+ALT do not work.
    [ NSHELP-23556 ]
  • The authentication profile settings are lost if you modify the VPN virtual server configuration.
    [ NSHELP-22822 ]
  • The NetScaler Unified Gateway appliance crashes when the backend server opens an FTP connection to an intranet IP on port 21 and sends an FTP command 234 to initiate secure FTP.
    [ NSHELP-22672 ]
  • The NetScaler Unified Gateway appliance crashes when handling a server-initiated connection because of an error in connection linking.
    [ NSHELP-22598 ]
  • During a transfer logon, the NetScaler Unified Gateway appliance might crash when trying to store an invalid connection and then dereferencing the invalid connection.
    [ NSHELP-22568 ]
  • In some cases, the NetScaler ADC appliance crashes because the core receives a packet to send to the client but the IIP information is not yet available. in NSHELP-21522 we fix in ns_iip6.c, this is add fix in ns_iip.c
    [ NSHELP-22411 ]
  • The NetScaler Unified Gateway appliance might crash if you attempt to print over full VPN tunnel when Intranet IP address is assigned.
    This issue is observed in HP printers that use hp-status and WSDAPI protocols.
    [ NSHELP-22191 ]
  • In a full tunnel setup and classic client certificate authentication with RfWebUI, the appliance responds with a blank page or "Client not capable" error after login.
    [ NSHELP-22084 ]
  • The NetScaler Unified Gateway appliance might crash if there are multiple cores and Intranet IP address is enabled with RfWebUI theme.
    [ NSHELP-21722 ]
  • You might intermittently see a 403 access forbidden error for portal files.
    [ NSHELP-21620 ]
  • UDP applications performance might be affected sometimes because of traffic congestion.
    [ NSHELP-21599 ]
  • Sometimes, the NetScaler ADC appliance might crash while handling server initiated connection.
    [ NSHELP-21532 ]
  • In some cases, the NetScaler ADC appliance crashes because the core receives a packet to send to the client but the IIP information is not yet available.
    [ NSHELP-21522 ]
  • The NetScaler Unified Gateway appliance configured for global server load balancing does not work as intended in a parent-child topology.
    [ NSHELP-21381 ]
  • Sometimes, the NetScaler ADC appliance might crash during transfer login.
    [ NSHELP-21134 ]
  • The NetScaler Unified Gateway appliance might crash if the following conditions are met:
    - The client or server connection has a dangling pointer instead of a link.
    - The linked connection is already freed.
    - The appliance tries to flush the connection to free the link.
    [ NSHELP-20901 ]
  • A NetScaler Unified Gateway appliance configured for ICA Proxy might sometimes crash.
    [ NSHELP-20478 ]
  • In rare cases, the NetScaler ADC appliance might crash when a client plug-in sends data to another client plug-in.
    [ NSHELP-19002 ]

NetScaler Web App Firewall

  • A memory leak is observed on a NetScaler ADC appliance if you enable StartURL Closure protection check.
    [ NSHELP-21472 ]
  • XML validation fails if the XML content has nested reference to "APPFW_XML_VALIDATION_ERR_INVALID_ELEMENT" parameter.
    [ NSHELP-21128 ]
  • A NetScaler ADC appliance might crash if an error case was handled incorrectly for the credit card verification process.
    [ NSHELP-20562 ]


  • The BGP module in a NetScaler ADC appliance might crash if it accesses a null interface related information.
    [ NSHELP-22258 ]
  • In a cluster setup, the following behavior is observed when an ADNS service is bound to a node group:
    * RHI processing is not properly updated.
    * The IP address is not advertised.
    [ NSHELP-18567 ]


  • On the NetScaler ADC SDX 26000-100G platform, the interface might not come up after you restart the appliance.
    [ NSPLAT-11985 ]
  • During heavy traffic, Tx might stop working on NetScaler ADC platforms containing 50G interfaces.
    [ NSHELP-22221 ]
  • In some cases, provisioning a VPX instance on a NetScaler ADC SDX appliance containing Intel Coleto chips might fail because the SSL Coleto chip initialization failed.
    [ NSHELP-22033 ]
  • SDX 8900 appliances might crash while you are applying the SSL configuration to set client certificate verification to optional with policy-based client authentication.
    [ NSHELP-19297 ]


  • The “Current Client Est connections” and “Current client connections” counters for a load balancing virtual server display incorrect values if HTTP callout is configured on that virtual server.
    [ NSHELP-22491 ]


  • On the NetScaler ADC MPX 14000 FIPS platforms, all SSL virtual servers appear as DOWN on the non-management CPUs.

    [ NSSSL-8015 ]
  • The NetScaler ADC appliance might crash if the following conditions are met:
    1. Two OCSP responders are configured with the same host name.
    2. Both responders are bound to same root certificate-key pair.
    3. The request fails with the first responder.
    4. The appliance attempts to send the request to the second responder and the host name is unresolved.
    [ NSHELP-21278 ]
  • OCSP signature verification fails when an empty extension is received in the "SingleResponse" field of the OCSP response.
    [ NSHELP-20997 ]
  • For SNI enabled sessions, the ADC appliance can control how the host header is validated. A new parameter “SNIHTTPHostMatch” is added to SSL profile and SSL global parameters to have better control on this validation. This parameter can take three values; CERT, STRICT, and NONE. SNI must be enabled on the SSL virtual server or the profile bound to the virtual server, and the HTTP request must contain the host header.
    [ NSHELP-13370 ]


  • For synflood trap generation, if you do not reset the varbinding values, the appliance uses the old trap varbinding values instead of the current and threshold values.
    [ NSHELP-20653 ]
  • When a NetScaler ADC appliance sends a "tcpSynFloodAttack" SNMP trap, the "unackSynCount" log message has string characters instead of integer values.
    [ NSHELP-20401 ]

User Interface

  • Saved v/s Running config utility may display differences for 'bind serviceGroup' command even after saving the configuration.
    [ NSHELP-22459 ]
  • In a high availability setup, a synchronization issue might replace the secondary node's license file with the primary node's license file.

    The presence of the primary node’s license file cause a host ID mismatch for this file on the secondary node. Because of this host ID mismatch, all the NetScaler ADC features are disabled when the secondary node takes over as primary after a failover.
    [ NSHELP-21871 ]
  • If the SDX appliance is in grace period for pooled licensing, the remaining grace period shows zero instead of 30 days.
    [ NSHELP-19615 ]
  • A NetScaler ADC appliance becomes unstable if you use the -outfilename parameter in diffnsconfig command. As a result, the diffnsconfig output is large to completely fill the root disk.
    [ NSHELP-19345 ]
  • In a cluster setup, the certificate-key pair might sync to the non-CCO nodes with some delay. As a result, it is possible that the certificate-key pair is added to the CCO node but fails on the non-CCO nodes with no error message.
    [ NSHELP-12037 ]

Known Issues

The issues that exist in release 11.1-65.12.

Authentication, authorization, and auditing

  • In some cases, SAML authentication fails when Oracle is configured as an Identity Provider (IdP).
    [ NSHELP-23094 ]
  • The session establishment fails when accessed from the Citrix Workspace app using Webview if preauthentication EPA is configured along with nFactor authentication.
    [ NSHELP-22845 ]
  • In the SAML LogoutRequest parameter, the attributes SPNameQualifier and NameQualifier are missing from the NameID element when a SAML Service Provider (SP) receives an assertion from SAML Identity Provider (IdP).
    [ NSHELP-8018 ]
  • The Authentication, authorization, and auditing parameter configurations related to "set aaa parameter" command is lost if you execute the “force cluster sync” command manually.
    Workaround: Do not execute the “force cluster sync” command.
    [ NSAUTH-6274 ]


  • A NetScaler ADC appliance might randomly crash if the following conditions are observed:
    * Integrated caching feature is enabled.
    * 100 GB or more memory is allocated for integrated caching.

    Workaround: Allocate less than 100 GB of memory. 
    [ NSHELP-20854 ]
  • A NetScaler appliance might reboot while you try to modify the cache policy or action.
    [ NSHELP-15137 ]

Load Balancing

  • The show gslb domain command does not populate the correct MIR and ECS values between the GSLB virtual server and the GSLB domain bound to the same virtual server.

    [ NSHELP-11729 ]
  • If a service group member is assigned a wildcard port (port *), the monitor details for that service group member can be viewed from the Monitor Details page.
    [ NSHELP-9409 ]


  • If you have to set a domain wide cookie for an authentication domain, you must enable authentication profile on a load balancing virtual server.
    [ NSHELP-15356 ]

NetScaler Gateway

  • The user name in the ICA log message might be truncated if it contains character ' (single quote) in the user name.
    [ NSHELP-22814 ]
  • In rare cases, the NetScaler Unified Gateway appliance might crash when an intranet IP address that is already configured was previously used and freed incorrectly.
    [ NSHELP-22349 ]
  • The following error message appears when you import an SJIS file from AppExpert>Responder>HTML Page Imports.

    "URL malformed"

    Workaround: Save the SJIS file in UTF-8 format, and then import it.
    [ NSHELP-20711 ]
  • The "show audit messages" output does not display the latest logs if you modify the syslog server in the global syslog parameters.
    [ NSHELP-19430 ]
  • SOCKS Proxy CR virtual server configuration for a NetScaler Gateway appliance fails if you use a Fully Qualified Domain Name (FQDN) for Virtual Delivery Agent (VDA).
    Workaround: Use an IP address for VDA.

    [ NSHELP-8549 ]
  • In an outbound ICA proxy deployment, the NetScaler appliance closes the client connection if the following conditions are met:
    - A TCP service has the same IP address as the destination server.
    - The TCP service also has the same IP port as the destination server.
    The appliance closes the connection because it fails to establish a connection with the destination server.
    [ NSHELP-8469 ]
  • For command "add vpn intranetApplication", description for "protocol" parameter is incorrectly displayed in man page. The description has "BOTH" as a possible value instead of "ANY". However, the man page correctly displays the possible values required for configuration.
    [ NSHELP-8392 ]
  • An authentication, authorization, and auditing virtual server login page displays an error code number instead of a meaningful error message.
    [ NSHELP-7872 ]
  • After upgrading the NetScaler Gateway appliance to release 11.x or later, users might see a blank page upon log on. The blank page appears because the browser serves some of the files from its own cache, instead of requesting all the files from the upgraded appliance.
    Workaround: Clear the browser cache.
    [ NSHELP-6807 ]
  • A NetScaler appliance in a clustered setup displays a "Cannot allocate memory" error message if you use the set command to set the server domain name in a SYSLOG action.

    Workaround: Delete the SYSLOG action in which you set the domain name, and add a new SYSLOG action that specifies the server domain name instead of the server IP address.
    rm syslogaction
    add syslogaction -loglevel [-options ...]
    [ CGOP-6745 ]
  • If you use CVPN to edit the home page through CVPN, the embed code becomes corrupt.
    [ CGOP-4505 ]
  • If a Windows user name has non-ASCII characters, the user is unable to collect logfiles by using the Collect Log button.
    [ CGOP-3359 ]
  • If the Home Page Text labels are lengthy when you customize an RfWebUI based theme, the home-page user interface does not function properly. The following lengthy text labels can cause this problem:
    Apps Tab Label
    Desktop Tab Label
    Favorite Tab Label
    [ CGOP-1622 ]
  • If a VPN session profile and RfWebUI portal theme are in use, end users cannot log on if the following are set to OFF:
    - ICA Proxy
    - Clientless VPN Mode
    - Transparent Interception and Client Choices
    [ CGOP-1575 ]

NetScaler Web App Firewall

  • If you upgrade a NetScaler appliance in a high availability (HA) setup from version to version and skip 250 rules with active traffic, the GUI or CLI displays a "failed to skip some rules" error message and an operation time-out error message.

    Workaround: Turn off the Learning feature when skipping learned rules.
    [ NSWAF-1184 ]
  • The information that the GUI displays for the application firewall web services interoperability (WSI) check does not say that it is a prerequisite and cannot be disabled.
    [ NSWAF-679 ]
  • The NetScaler application firewall should bypass requests from application firewall processing after the system reaches a specified CPU/memory usage limit, but there is currently no policy for reviewing CPU and memory capacity and bypassing the application firewall.
    [ NSHELP-17352 ]


  • When a NetScaler appliance processes traffic at line rate, management CPU spike is observed on the appliance while configuring allowed VLAN list.
    [ NSNET-5689 ]
  • In some cases of FTP data connections, the NetScaler appliance performs only NAT operation and not TCP processing on the packets for TCP MSS negotiation. As a result, the optimal interface MTU is not set for the connection. This incorrect MTU setting results in fragmentation of packets and impacts CPU performance.
    [ NSNET-5233 ]
  • No Error or Warning is announced if a user tries to set trunk mode on the loopback interface.
    [ NSNET-4405 ]
  • The following error messages might appear if you configure more than 100 VLANs in the trunkallowedVlan list on an interface in the NetScaler ADC instance:
    ERROR: Operation timed out
    ERROR: Communication error with the packet engine
    [ NSNET-4312 ]
  • In a cluster setup, after a reboot, tagged VLAN configuration is lost on the vlan 1 interface.
    [ NSNET-4162 ]

  • The NetScaler ADC appliance allows configuration through NITRO APIs even before the protocol modules are not completely initialised. Because of this reason, the write memory command fail with the following error message:

    “save config denied – modules not ready”
    [ NSHELP-19431 ]


  • On a NetScaler ADC SDX appliance, Tx stalls might be reported for an interface on a VPX instance if the following conditions are met:
    - The VPX instance has more than one dedicated core.
    - Three or four reset operations are issued consecutively with JUMBO MTU traffic on a 10G, 25G, or 40G interface.
    - Malicious Driver Detected (MDD) event is observed for the interface in the Citrix Hypervisor (formerly XenServer) logs.
    [ NSPLAT-11798 ]
  • In an Openstack Environment, if a custom flavor with an Ephemeral Disk of size of less than 8GB is used to a start a NetScaler VPX or Cisco Nexus 1000v instance, the config drive is not attached to the instance.
    [ NSPLAT-7395 ]
  • Enabling trunk mode with tagged VLAN settings on an SR-IOV interface fails with the following error message:
    "ERROR: Maximum number of tagged VLANs bound to the interface exceeded or the binding of this VLAN is not allowed on the interface."
    However, trunk mode with tagged VLAN settings is shown as enabled in the output of the following command:
    show interface summary
    [ NSPLAT-3614 ]
  • On the NetScaler ADC SDX 15000-50G platform, some files from the NIC dump might not be cleared from the /tmp directory when the Citrix Hypervisor support bundle is collected multiple times. These files might disrupt a successful reboot of the appliance.
    Workaround: At the Citrix SDX XenServer shell prompt, run the "rm -f /tmp/mlxdump_snapshot.*" command to clear the temp files before rebooting the system to free the disk space.
    [ NSHELP-22903 ]
  • Upgrading a NetScaler ADC SDX appliance from release 11.1 build 61.112 to release 11.1 build 63.x fails.

    Workaround: Upgrade the appliance to release 11.1 build 64.x.
    [ NSHELP-22648 ]
  • VLAN filtering does not work on the VPX instances with LA interface and L2 mode configured because all the member interfaces in the channel are set to promiscuous mode. As a result, all the VPX instances with this LA interface see all the packets from all the VLANs.

    Workaround: Use a different LA channel for each VPX instance.
    [ NSHELP-22500 ]
  • On the NetScaler ADC MPX platform, a 50G port that is a member of a link aggregation group continues to be DOWN if the following actions are performed:

    1. The 50G port is disabled.
    2. The port on the peer switch is disabled.
    3. The port on the peer switch is enabled.
    4. The 50G port is enabled.

    The 50G port does not come up even after it is enabled. As a result, traffic cannot pass through the 50G port.
    [ NSHELP-20529 ]
  • On the following NetScaler ADC SDX platforms, connectivity to a VPX instance might fail if it receives heavy multicast traffic when a management port is not assigned to a VPX instance and instance management is done through the data ports.
    - SDX 8900
    - SDX 14000-40G
    - SDX 14000-40S
    - SDX 15000-50G
    - SDX 25000-40G
    - SDX 25000T
    - SDX 25000T-40G
    [ NSHELP-19861 ]


  • ECDHE support with SSLv3 protocol on the NetScaler appliance is not compatible with RFC 4492, because SSLv3 does not support extensions and ECDHE needs extension support.
    [ NSSSL-4724 ]
  • If you create a custom cipher group and bind it to an SSL entity, the profile name "SSL_EMBEDDED_PROFILE" incorrectly appears in the output of the "show ciphergroup" command. This error does not occur if you enable the Default profile before creating the custom cipher group and binding it to the SSL entity.
    [ NSSSL-4486 ]
  • Session Key Auto Refresh incorrectly appears as disabled on a cluster IP address. (This option cannot be disabled.)
    [ NSSSL-4427 ]
  • An expired session ticket is honored on a non-CCO node and on an HA node after an HA failover.
    [ NSSSL-3184 ]
  • In a cluster setup, some cluster nodes might not honor the reuse request of a session ticket, but the SSL full handshake succeeds.
    [ NSSSL-3161 ]
  • The SSL entities to which an SSL profile is bound do not appear when you run the show ssl profile <Default-Profile> command on a cluster IP (CLIP) address.
    Workaround: You can view the bound entities from the NetScaler IP (NSIP) address.
    [ NSSSL-2481 ]
  • In a cluster setup, if a client certificate is bound to a back-end SSL service or service group, it appears as a "Server Certificate" instead of a "Client Certificate" when you run the "show ssl service" or the "show ssl servicegroup" command on the CLIP address.
    [ NSSSL-1223 ]
  • An incorrect error message is displayed in both the following cases:
    1. Client authentication is enabled, root CA certificate is not bound to the SSL virtual server, and a request with a valid client certificate is sent to the virtual server.
    2. Client authentication is enabled, root CA certificate is bound to the SSL virtual server, and a request with a wrong certificate is sent to the virtual server.

    The error message that appears is "Handshake failure-Internal Error" instead of "No client certificate received."
    [ NSSSL-851 ]
  • In a cluster setup, the running configuration on the cluster IP (CLIP) address shows the DEFAULT_BACKEND cipher group bound to entities, whereas it is missing on nodes. This is a display issue.
    [ NSHELP-13466 ]


  • Event monitor logs are not displayed on the NetScaler ADC GUI dashboard.
    [ NSHELP-19965 ]
  • When capture buffers overflow it causes packets missing in the captured trace. This could be due to a high management CPU usage or high traffic rate with a large packet engine count.
    [ NSHELP-18345 ]
  • The Application Firewall policy for HTTP requests (HTTP.REQ.HEADER) does not detect a content type with multiple lines.
    [ NSHELP-11092 ]
  • The mptcp_cur_session_without_subflow counters incorrectly decrement to a negative value instead of zero.
    [ NSHELP-10972 ]
  • A NetScaler appliance sends a TCP fast open cookie instead of an MPTCP MP_CAPABLE option for MPTCP traffic.
    [ NSHELP-10909 ]
  • A NetScaler appliance might not honor persistence for a load balancing virtual server with a wildcard configuration if information about the back-end server is not available.
    [ NSHELP-10559 ]
  • Random packets on loopback interface are found missing if you capture nstrace on a NetScaler appliance.
    [ NSHELP-10166 ]
  • When you reboot your appliance, a mismatch between default TCP profiles and built-in profiles causes the Forward RTO-recovery (FRTO) option to be enabled on a TCP profile other of a node.
    [ NSHELP-9453 ]
  • A NetScaler appliance with connection chaining and SSL enabled might send more MTU data.
    [ NSHELP-9411 ]
  • Compression policies of classic policy type do not work as expected. NetScaler ADC recommends you to use the advanced policy infrastructure.
    [ NSHELP-9108 ]
  • If you set the AppFW profile post body limit to a value greater than 2 GB, client requests get dropped. The issue occurs because of TCP overflow for a window size variable.

    [ NSHELP-8860 ]
  • If multiple AppFlow policies are bound to the same bind point, only the last policy is chosen.
    [ NSBASE-4140 ]
  • The NetScaler appliance is unable to reuse an existing probe connection if an HTTP wildcard load balancing virtual server is configured in MAC mode with use source IP (USIP) mode enabled and the Use Proxy Port option turned off. As a result, the connection fails and client the receives a TCP reset.
    [ NSBASE-2785 ]
  • The initial probe connection that a NetScaler appliance makes with the back-end internet server to check for server availability is now reusable for actual server connection with the internet server.
    [ NSBASE-1185 ]

User Interface

  • In the Visualizer, some buttons might not work if you use Mozilla Firefox or Internet Explorer.

    Workaround: Use the Google Chrome browser.
    [ NSUI-8412 ]
  • When you import an UTF-8/S-JIS based HTML file type by using the NetScaler ADC GUI, the following error message appears:
    "URL malformed"

    Workaround: Before importing, save the file in UTF-8 format.
    [ NSHELP-19512 ]
  • The Events page in the NetScaler ADC GUI (Configuration > System > Diagnostics > View events > Events) does not display the "Start Date Time" field. The issue is observed only in the Firebox browser.
    [ NSHELP-12591 ]
  • When you run the set command on a NetScaler appliance, the ns.log file stores the command with all parameter values, including customer provided values.
    [ NSHELP-11291 ]
  • The NITRO .NET SDK get call for SNMP MIB resource snmpmib.get() fails with JSON deserialization errors.
    [ NSHELP-9032 ]
  • If you (system administrator) perform all the following steps on a NetScaler ADC appliance, the system users might fail to log in to the downgraded NetScaler ADC appliance.

    1. Upgrade the NetScaler ADC appliance to one of the builds:
    * 13.0 52.24 build
    * 12.1 57.18 build
    * 11.1 65.10 build

    2. Add a system user, or change the password of an existing system user, and save the configuration, and
    3. Downgrade the NetScaler ADC appliance to any older build.

    To display the list of these system users by using the CLI:
    At the command prompt, type:

    "query ns config -changedpassword [-config <full path of the configuration file (ns.conf)>]"


    To fix this issue, use one of the following independent options:
    * If the NetScaler ADC appliance is not yet downgraded (step 3 in above mentioned steps), downgrade the NetScaler ADC appliance using a previously backed up configuration file (ns.conf) of the same release build.
    * Any system administrator whose password was not changed on the upgraded build, can log in to the downgraded build, and update the passwords for other system users.
    * If none of the above options work, a system administrator can reset the system user passwords.

    For more information, see
    [ NSCONFIG-3188 ]