Home » KBArticles » Netscaler VPX load balancing of LDAPS broken

Netscaler VPX load balancing of LDAPS broken

Situation: After an upgrade of our VPX devices to FW  intermittent authentication issues appeared for the access gateway users. They would simply fail the LDAP bind, yet all monitors would be green with all services  up. Our radius and LDAP authentication point internally to a LB VIP on the Netscaler first before connecting to the individual servers.

Solution: At this stage Citrix support are investigating the issue, they have recognised it as a bug and their workaround solution was to bypass the netscaler load balancer for LDAPS going direct to a specific server, or to downgrade to The downgrade was not a solution for us as we already had issues with the previous version with the VPX network and LACP negotiation.

Once we removed the internal LDAPS load balancer the Netscalers started authenticating immediately.

We then added another policy for a secondary authentication policy and  server so we did not introduce a single point of failure.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.