William Beckett

Citrix NetScaler Issue With Listener Policy and File Sharing

I came across a weird issue this week with a Citrix NetScaler that was load balancing a windows file share in active/failover mode. This particular vServer was loadbalancing a few services with CIFS being one of those services. The issue was simply that the CIFS file share was not available. All of the other load balanced services worked so I knew it wasn't an issue with the vServer. So I began digging.

A quick look at how this vServer was configured told me that it was setup with a Protocol of ANY, and a port of *. This particular vServer also had a Listener Policy defined so it wasn't open to everything. Everyhting in the listener policy looked correct and the vServer was definitely getting hits when trying to access the share but on the client side, I was still getitng an error as if the location of the share didn't exist.

I figured that there must be something wrong with the listener policy so I removed the policy altogether and left it as ANY:ANY (I know, a security risk however this was an internal NetScaler and it was only for testing. I had every intention of re-enabling the policy). With the Listener Policy now removed i attempted to access the share through the load balanced vServer - It worked!

Knowing now that the Listener Policy was the issue I decided to look more closely at it. I thought that maybe the policy was too large or that the request was timing out before the policy could be evaluated correctly I decided to remove the entire policy but only add in CLIENT.UDP.DSTPORT.EQ(445) and test. Still Working!.

So then I thought to myself, it must be positional. So I added the rest of the policies back in after the UDP(445) declaration. File shareing was still working but everyhing else seemed to break. No other load balanced services that were working on that vServer prior to this change were working anymore. So I had another look at the policies and noticed that they were all TCP based except for the File Share policy which was UDP based. Just taking a shot in the dark I changed the File Share policy form UDP to TCP (so the string was now CLIENT.TCP.DSTPORT.EQ(445)) and everything sprang to life.

From what I can gather, and I do'nt know if it's specific to port 445 or not, but hte NetScaler doens't like having a mix of both UDP and TCP ports defined in the listener policy. Perhaps it was just the NetScaler I was working on and there was a bit of a weird issue in there but that's what sorted the issue for me - making all the protocols in the listener policy the same (TCP in my case).