January 12, 2016

Troubleshoot NetScaler Licensing

Over the last five years, Citrix NetScaler licensing has changed a bit. For the most part, these changes have been for the better. However, even with the new simplified licensing you may still run into issues. Let's talk about what happens when you do.  


How do I know if I have a licensing issue?

The last thing that will happen will be a nice error message somewhere saying your NetScaler is not licensed. That would be too easy. You are more likely to get an error from a website or service behind your NetScaler that relates to SSL or a problem with a certificate. To rule out licensing, you can easily logon to the management interface of your NetScaler. Before you even go to the licensing screen look on the top left and look for something similar to this:






Depending on the version of firmware you are running it may look slightly different. This example is from NetScaler v11.0. From this graphic we can deduce this is a NetScaler virtual appliance (aka VPX) model 1000 which means it is licensed for 1 Gbps of throughput. You may find you have a different model number that is smaller or larger. The specific model we do NOT want to see is (1). A NetScaler VPX (1) is how it comes out of the box (err, well, after you import it) but before you have uploaded a license file.

If you see a (1) on a NetScaler that has previously been working it maybe one of the following issues:
  • The license file has been deleted or has become corrupt.
  • The NetScaler hostname has changed.  Depending on the version of firmware this is set in one or two places.
  • The MAC address of the appliance has changed.
Prior to version 11, no license means SSL will not work for certificates higher than 512 bit which basically means everything.


Troubleshooting

Let us assume that you have allocated a license file using the right MAC address or hostname and uploaded it but you still only have a NetScaler VPX (1). You can find out more info by viewing the license.log file. Connect to your NetScaler IP (aka NSIP, aka NetScaler management IP) via an SSH tool like Putty.




After logon. Type:

shell [Enter]
cat /var/log/license.log 

You will get quite a bit of output and it may look like this:


  

Notice the line that says "Invalid hostid on SERVER line".  That is the problem.  The hostname of our NetScaler is different then what is specified in the license file.  While your actual problem may be different, the license.log is the way to find out the real problem and get your NetScaler licensed.

After changing the hostname and rebooting, here is the licenses screen indicating the NetScaler Gateway is licensed correctly:



FYI, you'll need a platinum license before you see all green check marks.

Here is another example of two license issues.  It is two because the NetScaler has two licenses loaded and neither work.  The top section shows an expired license and the bottom example has the wrong hostid.




Drop me a line in the comments if this works for you or if you have any questions,

Brian Olsen @sagelikebrian


Related post: Citrix NetScaler Troubleshoot Authentication

For more Citrix NetScaler posts check out:
 http://www.sagelike.com/search/label/netscaler


SageLike Post ID: SL0011

Applies to:
Citrix NetScaler

2 comments:

  1. I made a couple of updates to this article. The first is to use a more complete screenshot showing the license.log command. The second is to give another example of a license.log file showing two issues. Enjoy.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete