Release Notes for Citrix ADC 13.0–90.7 Release (2023)

January 30, 2023

Contributed by:


This release notes document describes the enhancements and changes, fixed and known issues that exist for the Citrix ADC release Build 13.0–90.7.


  • This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.

What’s New

The enhancements and changes that are available in Build 13.0–90.7.


  • VMware ESXi 7.0 update 3i support on Citrix ADC VPX instance

    The Citrix ADC VPX instance now supports the VMware ESXi version 7.0 update 3i (Build 20842708).

    [ NSPLAT-25160 ]

Fixed Issues

The issues that are addressed in Build 13.0–90.7.

Authentication, authorization, and auditing

  • On the Citrix ADC GUI, the Response Policies section on the Authentication Virtual Server page does not display the responder type cache policies.

    [ NSHELP-33111 ]

  • Kerberos SSO impersonation with advanced encryption types might fail when an incorrect user principal name is used in the SSO credentials.

    [ NSHELP-32890 ]

  • In some cases, “invalid credentials” error message is displayed during the RADIUS authentication process. The error is seen when the Citrix ADC appliance is accessed from a client device using the Google Chrome browser.

    [ NSHELP-27113 ]

Bot Management

  • In the Citrix ADC GUI, the user-defined bot signature displays an incorrect base version.

    [ NSHELP-33546 ]

Citrix Gateway

  • After upgrading a Citrix ADC appliance, the RDP proxy URLs do not work with the X1 portal theme and the message
    “Http/1.1 Object Not Found” appears.

    [ NSHELP-33676 ]

  • After upgrading a Citrix ADC appliance, the RDP proxy URLs become inaccessible and the error message “Http/1.1 Object Not Found” appears. This issue occurs when the custom parameters of the RDP URLs contain spaces.

    [ NSHELP-33333 ]

  • The EPA scan to check the CA certificate of a client device fails on the Citrix ADC appliance when the CA certificates are of different domains.

    [ NSHELP-32118 ]

Citrix Web App Firewall

  • The Citrix Web App Firewall learning engine learns the field format rules only when a violation is observed.

    [ NSWAF-7677 ]


  • In an HA setup of Citrix ADC VPX instance on AWS cloud, the content in the “cloud-ha-daemon.log” file that is stored in the /var/log/ location is printed twice instead of once.

    [ NSPLAT-25687 ]

  • From Citrix ADC release 13.0 build 90.x and later, link redundancy configuration is not supported on a Citrix ADC VPX instance hosted on a Citrix ADC SDX appliance.

    [ NSPLAT-25388 ]

  • On the SDX 26000 platform (SDX 26100-100G, 26160-100G, 26200-100G, 26250-100G), the maximum number of CPU cores that can be assigned to a single VPX instance is changed from 26 to 25 CPU cores.

    [ NSPLAT-21233 ]

  • When a Citrix ADC SDX appliance containing Mellanox NICs is upgraded from a build where VLAN filtering is disabled and the Management Service tries to disable VLAN filtering as part of the upgrade, the operation fails. As a result, VLAN filtering is enabled for all the interfaces and channels.

    [ NSHELP-32759 ]


  • In a Citrix ADC appliance, the content switching policies that are migrated from classic policies to advanced policies using the NSPEPI tool might not work when the following conditions are met:

    • The policies are bound to the content switching virtual server.
    • The “caseSensitive” parameter is set to OFF.

    [ NSHELP-31951 ]


  • After unbinding the DEFAULT cipher, when you disable a protocol version on a virtual server and later try to bind a cipher with this protocol listed in the description, the following error message appears.

    No usable ciphers configured on the SSL vserver/service

    This message is incorrect because the cipher is supported with other protocols that are enabled on the virtual server. For example,

    Cipher Name: TLS1-ECDHE-RSA-AES256-SHA
    Description: SSLv3 Kx=ECC-DHE Au=RSA Enc=AES(256) Mac=SHA1 HexCode=0xc014

    This cipher is supported for all the protocols starting from SSLv3 (SSLv3, TLS1, TLS11, TLS12). When you disable SSLv3 on a virtual server and then try to bind this cipher to that virtual server, the warning appears even though TLS1, TLS11, TLS12 protocols are still enabled on the virtual server.

    With this fix, the warning appears only when a cipher is not supported for the configuration.

    [ NSHELP-32739 ]

  • The Citrix ADC appliance does not allow configuring certificates with a notBefore date older than 1970.

    [ NSHELP-32677 ]

  • The Citrix ADC appliance might crash if the following conditions are met:

    • A client sends TLS1.3 early data in the Client Hello message to an SSL Insight virtual server.
    • ECDHE ciphers are enabled on this virtual server.

    [ NSHELP-31560 ]


  • A Citrix ADC appliance might crash when both of the following conditions are met:

    • The content inspection device sends a reset (RST) response to the ADC appliance and one of the Intrusion Prevention System (IPS) resources is not cleared properly.
    • The same IPS resource is accessed in further transactions.

    [ NSHELP-33691 ]

  • In some cases, a Citrix ADC appliance might crash while processing a corrective acknowledgment sent by a server connection that is in the TIME_WAIT state.

    [ NSHELP-33469 ]

  • The Citrix ADC appliance might crash if it processes a corrective ACK packet related to a server-side TCP connection.

    [ NSHELP-32290 ]

  • In a Citrix ADC appliance, the default value of the “maxHeaderFieldLen” parameter in the HTTP profile causes the following issue.

    • Traffic failure after upgrading to 13.0 build.

    [ NSHELP-32079 ]

  • Some SYSLOG messages are dropped when logging on to an external SYSLOG server using TCP protocol.

    [ NSHELP-24522 ]

User Interface

  • When you create a Citrix Web App Firewall profile of the JSON type and try to update the Profile Settings, the JSON Error Object displays an empty list.

    [ NSUI-18453 ]

  • After you create a profile for Citrix Web App Firewall and try to generate the configuration report of the application firewall in System > Reports, the following error appears:

    “Failed to load PDF document.”

    [ NSHELP-32469 ]

  • On the Citrix ADC GUI, the System Log Files page (Configuration > System > Auditing > Syslog messages) and the Logs page (Configuration > Authentication > Logs) fail to load the log files.

    [ NSHELP-30868 ]

  • On the Citrix ADC GUI, the Saved vs Running configuration screen (System > Diagnostics) incorrectly displays HTML tags instead of displaying plain text.

    [ NSHELP-27169 ]

Known Issues

The issues that exist in release 13.0–90.7.

Authentication, authorization, and auditing

  • Single sign-on (SSO) fails if SSO is enabled for the traffic that does not have the required bearer token to handle SSO.

    [ NSHELP-31362 ]

  • Non-ASCII characters are recorded in nsvpn.log when LDAP action is configured to an FQDN instead of an IP address.

    [ NSHELP-27281 ]

  • In certain scenarios, the Bind Authentication, authorization, and auditing group command might fail if policy name is longer than intranet application name.

    [ NSHELP-25971 ]

  • The Citrix ADC appliance dumps core when NOAUTH is configured as the first factor and Negotiate as the subsequent factor in the 401 based authentication flow.

    [ NSHELP-25203 ]

  • If the admin password for LDAP, RADIUS or TACACS services contains the double quotes (“) character, the Citrix ADC appliance strips it during the “Test Connectivity” check, resulting in connection failure.

    [ NSHELP-23630 ]

  • Administrators cannot perform custom logging for authentication failures that happen due to invalid credentials. This issue occurs because the Citrix ADC responder policies fail to detect errors for login failures.

    [ NSAUTH-11151 ]

  • ADFS proxy profile can be configured in a cluster deployment. The status for a proxy profile is incorrectly displayed as blank upon issuing the following command.
    show adfsproxyprofile <profile name>

    Workaround: Connect to the primary active Citrix ADC in the cluster and run the show adfsproxyprofile <profile name> command. It would display the proxy profile status.

    [ NSAUTH-5916 ]

Citrix ADC SDX Appliance

  • When you upgrade a Citrix ADC SDX appliance, in rare cases the following incorrect event appears in the Management Service GUI:

    “SVM version and Hypervisor version are not compatible”

    [ NSHELP-32949 ]

  • On a Citrix ADC SDX GUI, displaying the NTP servers can freeze the user interface if the NTP configuration file (ntp.conf) has only spaces in any of the lines.

    [ NSHELP-31530 ]

Citrix Gateway

  • The OS filtering rules are captured only when the Citrix Secure Access agent is running in Windows Filtering Platform (WFP) mode.

    [ NSHELP-33715 ]

  • Hostname-based Intranet applications with reverse split tunnel configuration only work in Windows Filtering Platform (WFP) mode.

    [ NSHELP-33711 ]

  • When Citrix Secure Access related registry values are greater than 1500 characters, then the log collector fails to gather the error logs.

    [ NSHELP-33457 ]

  • The Citrix Gateway appliance might crash if HDX Insight is enabled and a user logs in to StoreFront immediately after logging out.

    [ NSHELP-32907, NSHELP-33079, NSHELP-33289 ]

  • The Citrix Secure Access client, version and later, fails to upgrade to later versions for users with no administrative privileges. This issue is applicable only if the Citrix Secure Access client upgrade is done from a Citrix ADC appliance.

    [ NSHELP-32793 ]

  • When users click the Home Page tab on the Citrix Secure Access screen for Windows, the page displays the connection refused error.

    [ NSHELP-32510 ]

  • On a Mac device using Chrome, the VPN extension crashes while accessing two FQDNs.

    [ NSHELP-32144 ]

  • Debug logging control for Citrix Secure Access client is now independent of Citrix Gateway and it can be enabled or disabled from the plug-in UI for both machine and user tunnel.

    [ NSHELP-31968 ]

  • Sometimes, the Windows auto logon does not work when a user logs into the windows machine in an Always-On service mode. The machine tunnel does not transition to the user tunnel and the message “Connecting…” is displayed in the VPN plug-in UI.

    [ NSHELP-31357, CGOP-21192 ]

  • When Always on is configured, the user tunnel fails because of the incorrect version number ( in the aoservice.exe file.

    [ NSHELP-30662 ]

  • Users cannot connect to the Citrix Gateway appliance after changing the ‘networkAccessOnVPNFailure’ always on profile parameter from ‘fullAccess’ to ‘onlyToGateway`.

    [ NSHELP-30236 ]

  • The gateway home page is not displayed immediately after the gateway plug-in establishes the VPN tunnel successfully. To fix this issue, the following registry value is introduced.

    HKLMSoftwareCitrixSecure Access ClientSecureChannelResetTimeoutSeconds
    Type: DWORD

    By default, this registry value is not set or added. When the value of “SecureChannelResetTimeoutSeconds” is 0 or not added, the fix to handle the delay does not work, which is the default behavior. Admin has to set this registry on the client to enable the fix (that is to display the home page immediately after the gateway plug-in establishes the VPN tunnel successfully).

    [ NSHELP-30189 ]

  • The Windows VPN client does not honor the ‘SSL close notify’ alert from the server and sends the transfer login request on the same connection.

    [ NSHELP-29675 ]

  • Client certificate authentication fails for Citrix SSO for macOS if there are no client certificates in the macOS Keychain.

    [ NSHELP-28551 ]

  • Sometimes, a user is logged out of Citrix Gateway within a few seconds when the client idle timeout is set.

    [ NSHELP-28404 ]

  • The Citrix Gateway appliance might crash while processing server-initiated UDP traffic.

    [ NSHELP-27611 ]

  • The Citrix Gateway appliance might crash if async is blocked and you modify the content switching policy configuration.

    [ NSHELP-27570 ]

  • The Citrix Gateway appliance might crash if an unknown VPN client option is set in the session policy.

    [ NSHELP-27380 ]

  • While creating an RDP client profile using the Citrix ADC GUI, an error message appears when the following conditions are met:

    • A default pre-shared key (PSK) is configured.
    • You try to modify the RDP cookie validity timer in the RDP Cookie Validity (seconds) field.

    [ NSHELP-25694 ]

  • EPA plug-in for Windows does not use local machine’s configured proxy and connects directly to the gateway server.

    [ NSHELP-24848 ]

  • The “show tunnel global” command output includes advanced policy names. Previously, the output did not display the advanced policy names.


    New output:

    show tunnel global
    Policy Name: ns_tunnel_nocmp Priority: 0

    Policy Name: ns_adv_tunnel_nocmp Type: Advanced policy
    Priority: 1
    Global bindpoint: REQ_DEFAULT

    Policy Name: ns_adv_tunnel_msdocs Type: Advanced policy
    Priority: 100
    Global bindpoint: RES_DEFAULT

    Previous output:

    show tunnel global
    Policy Name: ns_tunnel_nocmp Priority: 0 Disabled

    Advanced Policies:

    Global bindpoint: REQ_DEFAULT
    Number of bound policies: 1


    [ NSHELP-23496 ]

  • Sometimes while browsing through schemas, the error message “Cannot read property ‘type’ of undefined” appears.

    [ NSHELP-21897 ]

  • The Windows OS option is not listed in the Expression Editor drop-down list for pre-authentication policies and authentication actions on the Citrix ADC GUI. However, if you have already configured the Widows OS scan on a previous Citrix ADC build using the GUI or the CLI, the upgrade does not impact the functionality. You can use the CLI to make changes, if required.


    Use the CLI commands for the configuration.

    • To configure advanced EPA action in nFactor authentication, use the following command.
      add authentication epaAction adv_win_scan -csecexpr “sys.client_expr(“sys_0_WIN-OS_NAME_anyof_WIN-10[COMMENT: Windows OS]”)”
    • To configure a classic pre-authentication action, use the following commands.
      add aaa preauthenticationaction win_scan_action ALLOW
      add aaa preauthenticationpolicy win_scan_policy “CLIENT.SYSTEM(‘WIN-OS_NAME_anyof_WIN-10[COMMENT: Windows OS]’) EXISTS” win_scan_action

    [ CGOP-22966 ]

  • Application launch failure due to invalid STA ticket is not reported in Gateway Insight.

    [ CGOP-13621 ]

  • The Gateway Insight report incorrectly displays the value “Local” instead of “SAML” in the Authentication Type field for SAML error failures.

    [ CGOP-13584 ]

  • In a high availability setup, during Citrix ADC failover, SR count increments instead of the failover count in Citrix ADM.

    [ CGOP-13511 ]

  • While accepting local host connections from the browser, the Accept Connection dialog box for macOS displays content in the English language irrespective of the language selected.

    [ CGOP-13050 ]

  • The text “Home Page” in the Citrix SSO app > Home page is truncated for some languages.

    [ CGOP-13049 ]

  • An error message appears when you add or edit a session policy from the Citrix ADC GUI.

    [ CGOP-11830 ]

  • In Outlook Web App (OWA) 2013, clicking Options under the Setting menu displays a Critical error dialog box. Also, the page becomes unresponsive.

    [ CGOP-7269 ]

Load Balancing

  • In a high-availability setup, subscriber sessions of the primary node might not be synchronized to the secondary node. This is a rare case.

    [ NSLB-7679 ]

  • In certain scenarios, servers bound to a service group display an invalid cookie value. You can see the correct cookie value in the trace logs.

    [ NSHELP-21196 ]

  • In a cluster setup, the GSLB service IP address is not displayed in GUI when accessed through GSLB virtual server bindings. This is only a display issue, and there is no impact on the functionality.

    [ NSHELP-20406 ]


  • The Citrix ADC appliance sets the buffer size for the web server logging feature to an incorrect default value of 3MB instead of 16MB.

    [ NSHELP-32429 ]

  • AlwaysOnAllow list registry does not work as expected if the registry value is greater than 2000 bytes.

    [ NSHELP-31836 ]

  • Citrix ADC CPX instance, running on a Linux system with 64-bit architecture and 1 TB of file storage, can load certificate and key files now.

    [ NSHELP-28986 ]


  • In a Citrix ADC BLX appliance, NSVLAN bound with tagged non-dpdk interfaces might not work as expected. NSVLAN bound with untagged non-dpdk interfaces works fine.

    [ NSNET-18586 ]

  • The following interface operations are not supported for Intel X710 10G (i40e) interfaces on a Citrix ADC BLX appliance with DPDK:

    • Disable
    • Enable
    • Reset

    [ NSNET-16559 ]

  • On a Debian based Linux host (Ubuntu version 18 and later), a Citrix ADC BLX appliance is always deployed in shared mode irrespective of the BLX configuration file (“/etc/blx/blx.conf”) settings. This issue occurs because “mawk”, which is present by default on Debian based Linux systems, does not run some of the awk commands present in the “blx.conf” file.

    Workaround: Install “gawk” before installing a Citrix ADC BLX appliance. You can run the following command in the Linux host CLI to install “gawk”:

    • apt-get install gawk

    [ NSNET-14603 ]

  • Installation of a Citrix ADC BLX appliance might fail on a Debian based Linux host (Ubuntu version 18 and later) with the following dependency error:

    “The following packages have unmet dependencies: blx-core-libs:i386 : PreDepends: libc6:i386 (>= 2.19) but it is not installable”

    Workaround: Run the following commands in the Linux host CLI before installing a Citrix ADC BLX appliance:

    • dpkg –add-architecture i386
    • apt-get update
    • apt-get install libc6:i386

    [ NSNET-14602 ]

  • In a large scale NAT44 setup, the Citrix ADC appliance might crash while receiving SIP traffic because of the following reason:

    • The LSN module does not find the service while decrementing the reference count or deleting the service.

    [ NSHELP-29134 ]

  • In a large scale NAT44 setup, the Citrix ADC appliance might crash while receiving SIP traffic because of the following reason:

    • Because of stale filtering entry.

    [ NSHELP-28895 ]

  • In a Large scale NAT44 deployment, the Citrix ADC appliance might crash while receiving SIP traffic because of the following reason:

    • The LSN module accessed the memory location of an already deleted service.

    [ NSHELP-28815 ]

  • The Citrix ADC appliance might not generate “coldStart” SNMP trap messages after a cold restart.

    [ NSHELP-27917 ]

  • In a high availability setup, dynamic routing enabled SNIP address is not exposed to VTYSH on reboot if the following condition is met:

    • A dynamic routing enabled SNIP address is bound to the shared VLAN in non-default partition.

    As part of the fix, the Citrix ADC appliance now does not allow binding a dynamic routing enabled SNIP address to the shared VLAN in non-default partition

    [ NSHELP-24000 ]


  • The high availability failover does not work in AWS and GCP clouds. The management CPU might reach its 100% capacity in AWS and GCP clouds, and Citrix ADC VPX on-premises. Both of these issues are caused when the following conditions are met:

    1. During the first boot of the Citrix ADC appliance, you do not save the prompted password.
    2. Subsequently, you reboot the Citrix ADC appliance.

    [ NSPLAT-22013 ]

  • Some python packages are not installed, when you downgrade the Citrix ADC appliance from 13.1-4.x version and higher versions to any of the following versions:

    • Any 11.1 build
    • 12.1-62.21 and earlier
    • 13.0-81.x and earlier

    [ NSPLAT-21691 ]

  • On the Citrix ADC SDX 8015/8400/8600 platform, you might see increased memory consumption on Xen Server.
    Workaround: Run the following command on Xen Server, and then reboot the appliance.
    /opt/xensource/libexec/xen-cmdline –set-xen “dom0_mem=1024M,max:1024M”

    [ NSHELP-32260 ]

  • During the Citrix ADC VPX HA failover, the Elastic IP address movement in the AWS cloud fails if you configure an IPset without binding the IPset to any IP address.

    [ NSHELP-29425 ]

  • The HA failover for Citrix ADC VPX instance on the GCP and AWS cloud fails when the password of an RPC node contains a special character.

    [ NSHELP-28600 ]


  • Connections might hang if the size of processing data is more than the configured default TCP buffer size.

    Workaround: Set the TCP buffer size to maximum size of data that needs to be processed.

    [ NSPOLICY-1267 ]


  • When a virtual server receives a TLS 1.3 record with invalid padding, it sends a fatal “decode_error” alert instead of an “unexpected_message” alert.

    [ NSSSL-11890 ]

  • On a heterogeneous cluster of Citrix ADC SDX 22000 and Citrix ADC SDX 26000 appliances, there is a config loss of SSL entities if the SDX 26000 appliance is restarted.


    1. On the CLIP, disable SSLv3 on all the existing and new SSL entities, such as virtual server, service, service group, and internal services. For example, set ssl vserver <name> -SSL3 DISABLED.
    2. Save the configuration.

    [ NSSSL-9572 ]

  • You cannot add an Azure Key Vault object if an authentication Azure Key Vault object is already added.

    [ NSSSL-6478 ]

  • You can create multiple Azure Application entities with the same client ID and client secret. The Citrix ADC appliance does not return an error.

    [ NSSSL-6213 ]

  • The following incorrect error message appears when you remove an HSM key without specifying KEYVAULT as the HSM type.
    ERROR: crl refresh disabled

    [ NSSSL-6106 ]

  • Session Key Auto Refresh incorrectly appears as disabled on a cluster IP address. (This option cannot be disabled.)

    [ NSSSL-4427 ]

  • An incorrect warning message, “Warning: No usable ciphers configured on the SSL vserver/service,” appears if you try to change the SSL protocol or cipher in the SSL profile.

    [ NSSSL-4001 ]


  • High RTT is observed for a TCP connection if the following condition is met:

    • a high maximum congestion window (>4 MB) is set
    • TCP NILE algorithm is enabled

    For a Citrix ADC appliance to use the NILE algorithm for congestion control, the conditions must exceed the slow start threshold, which is coupled with the maximum congestion window

    So, until the maximum configured congestion window is reached, the Citrix ADC continues to accept data and ends up with high RTT.

    [ NSHELP-31548 ]

  • A Citrix ADC appliance might crash when the following condition is met:

    • Both analytics profile and AppFlow policy are bound, and the profile has the “httpAllHdrs” option enabled.

    [ NSHELP-30628 ]

  • The Citrix ADC appliance reports a false SNMP alarm on the service SYN flood counters.

    [ NSHELP-28710, NSHELP-28713 ]

  • Increased packet retransmissions are seen in public cloud MPTCP cluster deployments if linkset is disabled.

    [ NSHELP-27410 ]

  • A Citrix ADC appliance might send an invalid TCP packet along with TCP options such as SACK blocks, timestamp, and MPTCP Data ACK on MPTCP connections.

    [ NSHELP-27179 ]

  • A mismatch in Logstream records is observed in the Citrix ADC appliance and the dataloader.

    [ NSHELP-25796 ]

  • When you install Citrix ADM on a Kubernetes cluster, it does not work as expected because the required processes might not come up.

    Workaround : Reboot the Management pod.

    [ NSBASE-15556 ]

  • In a cluster configuration, a node with CCO priority gets disconnected from Open vSwitch (OVS) because of network issues. After the node rejoins to the cluster configuration, it does not receive the latest SYN cookie.

    [ NSBASE-14419 ]

User Interface

  • In a Citrix ADC cluster setup, HDX Insight and Gateway Insight cannot be enabled simultaneously.

    [ NSUI-18564 ]

  • Create/Monitor CloudBridge Connector wizard might become unresponsive or fails to configure a cloudbridge connector.

    Workaround: Configure cloudbridge connectors by adding IPSec profiles, IP tunnels, and PBR rules by using the Citrix ADC GUI or CLI.

    [ NSUI-13024 ]

  • Modifying a static route by using the Citrix ADC GUI (system > network > routes) might incorrectly fail with the following error message:

    • “Required argument missing [gateway]”

    [ NSHELP-32024 ]

  • In an HA / Cluster setup, configuration synchronization fails if you have configured SSH keys other than RSA. For example, ECDSA or DSA keys.

    [ NSHELP-31675 ]

  • In a Citrix ADC appliance, binding the cache policy to override global or default global using the GUI interface fails with the following error:

    • Required argument missing.

    This error is not seen while binding the cache policy using the CLI interface.

    [ NSHELP-30826 ]

  • Due to an incorrect upgrade installation sequence, the following issue occurs in the Citrix ADC appliance.

    • The kernel image is updated first and after a few steps, encryption keys are copied. In between these steps some failure happens and the ADC appliance comes up with a new image. The missing encryption keys in the new image lead to decryption failure and missing configuration.

    [ NSHELP-30755 ]

  • Citrix ADC GUI might incorrectly generate a cluster technical support bundle of only one node instead of all the cluster nodes.

    [ NSHELP-28606 ]

  • Generating a cluster technical support bundle by using Citrix ADC GUI might fail with an error.

    [ NSHELP-28586 ]

  • After upgrading a high availability setup or a cluster setup to release 13.0 build 74.14 or later, config synchronization might fail because of the following reason:

    • Both “ssh_host_rsa_key” private and public keys are an incorrect pair.

    Workaround: Regenerate “ssh_host_rsa_key”. For more information, see

    [ NSHELP-27834 ]

  • You cannot bind a service or a service group to a priority load balancing virtual server using the Citrix ADC GUI.

    [ NSHELP-27252 ]

  • In a high availability setup, VPN user sessions get disconnected if the following condition is met:

    • If two or more successive manual HA failover operations are performed when HA synchronization is in progress.

    Workaround: Perform successive manual HA failover only after the HA synchronization is completed (Both the nodes are in Sync success state).

    [ NSHELP-25598 ]

  • Sometimes it takes a long time for the Application firewall signatures to sync to non-CCO nodes. As a result, commands using these files might fail.

    [ NSCONFIG-4330 ]

  • If you (system administrator) perform all the following steps on a Citrix ADC appliance, the system users might fail to log in to the downgraded Citrix ADC appliance.

    1. Upgrade the Citrix ADC appliance to one of the builds
      • 13.0 52.24 build
      • 12.1 57.18 build
      • 11.1 65.10 build
    2. Add a system user, or change the password of an existing system user, and save the configuration, and
    3. Downgrade the Citrix ADC appliance to any older build.

    To display the list of these system users by using the CLI:
    At the command prompt, type:

    query ns config -changedpassword [-config <full path of the configuration file (ns.conf)>]

    Workaround: To fix this issue, use one of the following independent options:

    • If the Citrix ADC appliance is not yet downgraded (step 3 in above mentioned steps), downgrade the Citrix ADC appliance using a previously backed up configuration file (ns.conf) of the same release build.
    • Any system administrator whose password was not changed on the upgraded build, can log in to the downgraded build, and update the passwords for other system users.
    • If none of the above options work, a system administrator can reset the system user passwords.

    For more information, see

    [ NSCONFIG-3188 ]


What is the latest version of Citrix NetScaler? ›

Citrix ADC/GW version 13.0 build 64.

Is Citrix ADC same as NetScaler? ›

Citrix NetScaler Rebranded

It consisted of the following products: NetScaler ADC: An application delivery controller is now called Citrix ADC.

How do I get Citrix security bulletins? ›

Sign up for security bulletin notifications at

How do I find my Citrix ADC firmware version? ›

Retrieve firmware information for a Citrix ADC appliance

You use the _nsversion_NITRO API object to find information about the firmware running on a Citrix ADC appliance,. The Citrix ADC appliance responds with the version and build number of the firmware running on the appliance.

When was the last Citrix update? ›

Release Date: Dec 19, 2022

Windows 11, 10 as well as Windows Server 2022, 2019, 2016. See the product documentation for the complete list of features.

How do I update my Citrix ADC? ›

Upgrade a Citrix ADC standalone appliance
  1. In User Name and Password, type the administrator credentials (nsroot/nsroot) and then click Log On.
  2. From the GUI, click System Upgrade.
  3. From the Choose File menu choose the appropriate option: Local or Appliance. ...
  4. Select the correct file and click Upgrade.
Jul 25, 2022

What are the two types of ADC? ›

Main Types of ADC Converters

Dual Slope ADC. Pipelined ADC.

What is the difference between Citrix ADC and Citrix Gateway? ›

Citrix Gateway is a subset of Citrix Application Delivery Controller (ADC), and because of that, customers can elect to add features that are inherent to other editions, such as Web App Firewall. Citrix Gateway Service is the cloud version, and a subscription to Citrix Cloud is required.

What does ADC stand for Citrix? ›

An application delivery controller (ADC) is a purpose-built networking appliance used to improve the performance, security, and resiliency of applications delivered over the web.

What is the latest Citrix vulnerability? ›

Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system.

What are the vulnerabilities in Citrix ADC? ›

The newly identified vulnerabilities, Citrix says, could be exploited to bypass authentication (CVE-2022-27510, CVSS score of 9.8), launch a phishing attack leading to remote desktop takeover (CVE-2022-27513, CVSS score of 8.3), and bypass brute force protections (CVE-2022-27516, CVSS score of 5.3).

How do I get Citrix to recognize my second monitor? ›

Citrix - Using Dual Monitors
  1. Open your VDI Desktop.
  2. In the middle top of the screen locate a half circle with three vertical lines, hover over this.
  3. Click on the Citrix icon that will appear.
  4. Click on the icon with two monitors.
  5. This will pop out a second screen, drag this over to your second monitor.

How can I check my firmware version? ›

At the top right, tap Settings. Device information. Under "Technical information," find Cast firmware: X. XXX.

How do I check current firmware version? ›

How to Find Your Firmware Revision for Windows ®
  1. Click on the Start menu.
  2. Open Control panel> System> Hardware.
  3. Select Device Manager.
  4. Expand Disk drives.
  5. Right-click on the drive and select Properties.
  6. Select the Details tab and select Hardware lds from the drop down menu.

How does Citrix ADC sync to NTP time? ›

You can configure your Citrix ADC appliance to synchronize its local clock with a Network Time Protocol (NTP) server. This ensures that its clock has the same date and time settings as the other servers on your network. NTP uses User Datagram Protocol (UDP) port 123 as its transport layer.

What is the difference between Citrix Workspace and Citrix Receiver? ›

Citrix Receiver was not a standalone app. It was included with XenApp and XenDesktop subscriptions. Workspace, on the other hand, can be installed independently of those subscriptions. The Workspace app provides support for all platforms previously associated with Citrix Receiver.

How do I check for Citrix updates? ›

Open Citrix Workspace app from the system tray. Navigate to Advanced Preferences > Citrix Workspace updates. In the Update Settings screen, select Release from the Update channel drop-down list and click Save.

Why is Citrix so unstable? ›

Sometimes Citrix itself is slow and typically that is a resource issue. (I.e. there is not enough memory in the server, there are too many virtual Citrix servers vying for too few resources on the host, NICs are not teamed correctly, etc.)

What is the default username and Password for Citrix ADC? ›

In User Name, type nsroot . In Password, if the earlier default password does not work, try typing the serial number of the appliance. The serial number bar code is available at the back of the appliance. Citrix recommends that you change the password after the first logon.

How do I upgrade Citrix ADC from ADM? ›

In Citrix ADM, navigate to Infrastructure > Configuration Jobs > Maintenance Jobs. Click the Create Job button. In Create Maintenance Jobs, select Upgrade Citrix ADC (Standalone/High-Availability/Cluster) and click Proceed.

Is Citrix ADC a load balancer? ›

Aside from routing traffic to your servers efficiently, software-based load balancers such as Citrix ADC provide other benefits, including the capability to analyze predictively potential traffic bottlenecks in your network.

What are the three 3 applications of analog to digital converter ADC? ›

Used in cell phones. Used in microcontrollers. Used in digital signal processing. Used in digital storage oscilloscopes.

Which is the most commonly used ADC? ›

The most common types of ADCs are flash, successive approximation, and sigma-delta.

Which ADC is mostly used in applications? ›

The successive-approximation ADC is by far the most popular architecture for data-acquisition applications, especially when multiple channels require input multiplexing.

Does Citrix use TCP or UDP? ›

With Citrix Workspace app for Windows, Mac, and iOS, EDT and TCP connections are attempted in parallel during the initial connection, session reliability reconnection, and automatic client reconnection. Doing so reduces the connection time if the underlying UDP transport is unavailable and TCP must be used instead.

Can Citrix spy on you? ›

A: NO, your employer cannot spy on your home computer through Citrix/Terminal Server sessions. Remote Desktop, Citrix, and Terminal server sessions are not designed to access your home computer. You do not need to worry about being spied on your personal computer via a remote desktop session.

Is Citrix ADC a firewall? ›

Did you know that Citrix ADC is officially certified by ICSA Labs as a modular firewall? This is the industry-accepted standard for all ADC products with firewall capabilities and ensures their networking equipment has been validated as a modular firewall.

What is SDX and VPX? ›

Instances can directly communicate with the virtual NIC's. SDX can support 64 virtual NIC's which can be allocated to the instances. Each VPX instance has dedicated VF (virtual function) and hence the performance is not impacted by other instances. VLAN filtering provides segregation of data between instances.

What are the different types of Citrix ADC? ›

Citrix ADC Platforms - MPX, SDX, VPX and Cloud Based Appliances - Citrix.

Is Citrix ADC hardware or software? ›

The Citrix ADC MPX is a hardware-based application delivery appliance offering performance ranging from 500 Mb/s to 200 Gb/s.

Is Citrix end of life? ›

Per our Product Lifecycle Matrix, Citrix XenApp and XenDesktop 7.15 is set to reach End of Life on August 15, 2022. Staying on this version can lead to the potential for compliance gaps and cause you to miss opportunities to apply the latest innovations to your business-critical workloads.

Which browser is best for Citrix? ›

Officially Supported Internet Browsers for Workspace

Support for Internet Explorer ended as of March 31, 2022. Citrix recommends using the latest versions of Edge, Chrome, Firefox, or Safari.

Can Citrix be hacked? ›

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems.

What are the 3 vulnerabilities? ›

There are three essential elements of vulnerability management viz. vulnerability detection, vulnerability assessment, and remediation.

Is Citrix ADC a VPN? ›

Citrix ADC pushes the Gateway Plug-in (aka VPN client) to client machines.

Is Citrix more secure than VPN? ›

Because of the limited data transmission, Citrix is much more secure than a VPN. The remote server protects you from external threats that can compromise your devices or data. Also, server administrators can control which data is allowed to leave the corporate network.

How do I force Remote Desktop to second monitor? ›

Using Remote Desktop to view multiple monitors

They will need to enter the relevant authentication credentials, and use the Show Options button to view connection settings. In the Display tab, make sure that the box which says “Use all my monitors for the remote session” is clicked on.

How do I get Citrix on 3 monitors? ›

Multiple monitors
  1. Open the Citrix Viewer. Note: ...
  2. From the menu bar, click View.
  3. Select one of the following options, based on your requirement: Enter Full Screen - Full screen on the primary monitor only. ...
  4. Drag the Citrix Virtual Desktops screen between the monitors. The screen is now extended to all monitors.
Sep 23, 2022

How many monitors can Citrix support? ›

You can use up to eight monitors with Citrix Workspace app for Windows. Each monitor in a multiple monitor configuration has its own resolution designed by its manufacturer. Monitors can have different resolutions and orientations during sessions.

What are the two types of firmware? ›

Types of firmware
  • Low-level firmware. Low-level firmware is considered an intrinsic part of a device's hardware. ...
  • High-level firmware. High level firmware does allow updates and is generally more complex than low-level firmware. ...
  • Subsystem firmware. Subsystem firmware often comes as part of an embedded system.

What is the difference between a firmware and software update? ›

You may conduct one or two software updates a month on a given device, whereas firmware updates are few and far between. Another key difference between firmware and software is that firmware is stored on non-volatile memory. Non-volatile memory refers to types of storage that retain data even when a device is not on.

Is it OK to update system firmware? ›

A Firmware update improves the functionality and features of your device. It can provide fixes to any performance issues that may occur. With the ever-changing advances in technology, a firmware update also helps a device remain competitive with newer models. Downloads are posted on your model support page.

Which command is used to update the latest firmware? ›

The update_firmware command allows you to update the firmware of the specified device.

Is firmware version and software version are same? ›

Firmware's are generally a type of software used to control hardware devices. 2. Software (application software) runs on top of the operating system and has no direct interface with hardware. Firmware is low-level software that stands between the hardware and the operating system.

How do I manually update firmware? ›

To update your router's firmware, type your router's IP address into your web browser and enter your login information. Then locate the Firmware or Update section and download the latest firmware update on your router manufacturer's website. Finally, upload the update and reboot the router.

What is the difference between Citrix ADC and NetScaler? ›

The NetScaler ADC and Gateway

Citrix NetScaler refers to their Application Delivery Controller, or ADC, line of products, while the NetScaler Gateway, formerly known as the Citrix Access Gateway, or CAG, is primarily used for secure remote access to XenDesktop and/or XenApp environments.

What is the difference between NTP and ntpd? ›

Following is a summary of the differences between these commands: ntpdate synchronizes the clock with an NTP server one time whereas ntp starts and stops the Network Time Protocol Daemon (ntpd) service, and the ntpd keeps Director's clock in synchronization constantly.

Do I have the latest version of Citrix? ›

Click Citrix Viewer or Citrix Receiver from the top menu and select About Citrix Viewer or About Citrix Receiver. The newly opened About window will show you the current version installed (NOTE: If your solutions resides in Microsoft Azure the recommended Citrix Receiver version for Mac users is 12.9.

What is Citrix ADC VPX 200? ›

Citrix ADC VPX provides a complete web and application load balancing, secure and remote access, acceleration, security and offload feature set in a simple, easy-to-install virtual appliance.

How do I find my NetScaler build version? ›

To retrieve the model number and serial number of NetScaler appliance from the NetScaler GUI, navigate to System > Hardware Information. If none of the methods display the required results, the last option is to refer to the invoice sent with the appliance, or the sticker located behind the appliance.

What is Citrix Gateway NetScaler? ›

Citrix Gateway consolidates remote access infrastructure to provide single sign-on across all applications whether in a data center, in a cloud, or if the apps are delivered as SaaS apps. It allows people to access any app, from any device, through a single URL.

How often does Citrix update? ›

The following Citrix Workspace app platforms follow a six-week release cadence: Linux. Mac. Windows.

What is MPX and VPX? ›

Citrix ADC VPX/MPX is an all-in-one service and application delivery solution that accelerates application performance, increases application availability and improves application security.

What happens when NetScaler license expires? ›

If the license file expires when the NetScaler or NetScaler Gateway appliance is running, then the appliance continues to function with the expired license. However, if the appliance is restarted, then after the appliance starts to run it detects that the license file has expired and all features are disabled.

What is the port range for Citrix ADC? ›

You can also configure a Citrix ADC appliance to open FTP connections on a controlled range of ports instead of ephemeral ports for data connections. This improves security, because opening all ports on the firewall is insecure. You can set the range anywhere from 1,024 to 64,000.

Is Citrix NetScaler a load balancer? ›

Clients within your network use this FQDN to access the StoreFront server group using the NetScaler load balancer. Example - resolves to the load balancing vServer virtual IP (VIP).

Top Articles
Latest Posts
Article information

Author: Zonia Mosciski DO

Last Updated: 11/10/2022

Views: 6102

Rating: 4 / 5 (71 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Zonia Mosciski DO

Birthday: 1996-05-16

Address: Suite 228 919 Deana Ford, Lake Meridithberg, NE 60017-4257

Phone: +2613987384138

Job: Chief Retail Officer

Hobby: Tai chi, Dowsing, Poi, Letterboxing, Watching movies, Video gaming, Singing

Introduction: My name is Zonia Mosciski DO, I am a enchanting, joyous, lovely, successful, hilarious, tender, outstanding person who loves writing and wants to share my knowledge and understanding with you.