Navigation
- Requirements
- Install Citrix NetScaler Pack 💡
- MP Agent Installation Account
- NetScaler Monitoring Account
- SCOM Device Discovery
- Install Citrix NetScaler Agent
- NetScaler Monitoring RunAs Account
- Use Management Pack
- Citrix SCOM Management Packs – XenApp/XenDesktop
💡 = Recently Updated
Requirements
- NetScaler Platinum Edition
- NetScaler 9.3 or newer
- System Center Operations Manager 2012 or newer
Citrix Blog Post SCOM NetScaler Management Pack Resource Consumption & Performance Overview:
- For 14,000 NetScaler objects, extra 3 GB of RAM is needed on the SCOM monitoring agent. CPU is minimal.
- For more than 14,000 NetScaler objects, the Agent started dropping data due to workflows.
- Performance overview at Citrix Docs
NetScaler Pack
Full documentation at http://docs.citrix.com/en-us/scom-management-packs/netscaler/1-17.html.
Install Citrix NetScaler Pack
- On the System Center Operations Manager server, go to the downloaded Citrix SCOM Management Pack for NetScaler, and run Citrix_SCOM_Management_Pack_for_NetScaler.1.17.93exe.
- In the Welcome to the setup wizard for Citrix SCOM Management Pack for NetScaler page, click Next.
- In the View Relevant Product Configuration page, click Next.
- If you see a page indicating that an older version is already installed, click Next.
- In the License Agreement page, check the box next to I accept the terms, and click Next.
- In the Choose Destination Location page, click Next.
- In the Configure Post-Install Actions page, check the box next to Automatically import the Management Pack, and click Install.
- In the Completed the setup page, click Next.
- In the All post-install actions were successfully completed page, click Finish.
MP Agent Installation Account
Configure the MP Agent Installation Account as detailed for the XAXD Pack.
NetScaler Monitoring Account
On the NetScaler appliances, run the following commands to add a local account, and bind it to a restrictive cmdPolicy. Replace the password with a secure password. If you leave the password off the command, then NetScaler will prompt you.
add system cmdPolicy polNetScalerMonitoring ALLOW (^show\s+system\s+\S+)|(^show\s+system\s+\S+\s+.*)|(^show\s+configstatus)|(^show\s+configstatus\s+.*)|(^shell\s+nsconmsg\s+-K\s+\S+\s+.*) add system user usrNetScalerMonitoring MyPassword bind system user usrNetScalerMonitoring read-only 1 bind system user usrNetScalerMonitoring polNetScalerMonitoring 1 show system user usrNetScalerMonitoring
SCOM Device Discovery
- System Center Operations Manager uses SNMP to communicate with NetScaler. If Windows Firewall is enabled on the SCOM server, enable some Inbound and Outbound rules.
- Inbound Rule: Operations Manager Ping Response.
- Inbound Rule: Operations Manager SNMP Response.
- Inbound Rule: Operations Manager SNMP Trap Listener.
- Outbound Rule: Operations Manager Ping Request.
- Outbound Rule: Operations Manager SNMP Request.
- Make sure the NetScaler is configured with an SNMP community string with ALL permission at System > SNMP > Community.
- If you have SNMP Managers configured, then make sure SCOM is in the list.
- In SCOM Console, go to the Administration workspace, right-click, and click Discovery Wizard.
- Select Network devices, and click Next.
- In the General Properties page, give the discovery rule a name. Select a SCOM server, and resource pool to run the discovery rule. Then click Next.
- In the Discovery Method page, select Explicit discovery, and click Next.
- In the Default Accounts page, if you are using SNMPv2 (instead of SNMPv3) to connect to NetScaler, then you can add the community string now. Click Create Account.
- In the Introduction page, click Next.
- In the General Properties page, give the community string a display name, and click Next.
- In the Credentials page, enter the community string, and click Create.
- Then click Next.
- In the Devices page, click Add.
- Enter the hostname of the device.
- Select the SNMP version.
- If SNMPv2, select the community string. If SNMPv3, you can add the user account now.
- Click OK when done.
- Add more devices. Then click Next.
- In the Schedule Discovery page, select how often you want this rule to run, and click Next.
- In the Summary page, click Create.
- Click Yes to distribute the accounts.
- In the Completion page, click Close. The rule will run now.
- You can also go to Administration > Network Management > Discovery Rules, and run the rule manually.
- And Network Devices Pending Management will show you discovery issues.
- The NetScaler appliance needs to be discovered and listed in the Network Devices node.
- You can use a SNMP Tester tool on the SCOM server to verify SNMP communication with NetScaler. 💡
- Also see CTX219765 Monitoring NetScaler with SCOM Management Packs – Understanding Discovery. 💡
Install Citrix NetScaler Agent
The Citrix SCOM Agent for NetScaler must be installed on the same SCOM server that is running the device discovery rule.
- If upgrading, uninstall the older Agent for NetScaler.
- On the SCOM servers that are running the SNMP Discovery Rule, go to \\scom01\CitrixMPShare\NetScaler MP, and run MPNSAgent.exe.
- In the Welcome to the setup wizard for Citrix SCOM Management Pack Agent for NetScaler page, click Next.
- If you see a page indicating that an older version is already installed, click Next.
- In the License Agreement page, check the box next to I accept the terms, and click Next.
- In the Destination Folder page, click Next.
- In the Destination Data Folder page, click Install.
- In the Completed the setup wizard page, click Finish.
NetScaler Monitoring RunAs Account
- In SCOM console, go to Administration workspace, right-click, and click Create Run As Account.
- In the Introduction page, click Next.
- In the General Properties page, change the account type to Basic Authentication.
- Give the account a display name and click Next.
- In the Credentials page, enter the credentials of the local monitoring account on the NetScalers, and click Next.
- In the Distribution Security page, best practice is to select More secure. But you’ll need to manually specify every agent that should receive these credentials. Click Create.
- In the Completion page, click Close.
- In the Administration workspace, go to Run As > Profiles.
- Double-click Citrix NetScaler Appliance Action Account.
- In the Introduction page, click Next.
- In the General Properties page, click Next.
- In the Run As Accounts page, click Add.
- Select the previously created NetScaler monitoring account.
- Change the selection to A selected class, group, or object. Then click Select > Object.
- Search for the NetScaler appliances these credentials apply to, click Add, and then click OK.
- Then click OK.
- Click Save.
- In the Completion page, if the Run As account is configured for Secure Distribution then click the link to specify Agents to receive the credentials.
Use Management Pack
In the Monitoring workspace, under Citrix NetScaler, your appliance should eventually show up. These views should give you an inventory of the NetScaler configuration, current health status, etc.
Hello, do i need a local NetScaler Account for SCOM? Or can I use an Account from Active Directory? Is there a guide for it? Thanx
Hi Carl,
I have six netscaler devices, I am able to discover completely only two devices in SCOM 2012 R2 and two are getting discovered only by ICMP and I am not able to discover the two.
Any help from your side
my Netscaler devices are not able to be discovered. 161 port is opened from SCOM management server and NSIP. do i need to open ICMP also. in the SNMP tester tool it showing no standard interface found. what will be the SNMP v3 run as account and what will be the password for community string is it public
Hi Carl,
I was able to discover Netscaler Device and Install MPNS agent. But the MPNS agent was not able to discover netscaler appliances. I found error in mpns_agt log and mpns module log. Firewall rule set properly.
[2018-04-16 13:57:12.967] Error NetScaler: X.X.X.X -connect-https- WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)
Warning GenericDiscoveryDataSource-X.X.X.X-MPNSNetScalerApplianceDiscovery-14400-5400 Request: Discovery:, NetScaler:, Parameter:, Priority:, ServiceCommand:, UrlBase:, Username:, Hostid:, Agent Errorcode: 101, Description: Request timeouted. netscaler: X.X.X.X
[2018-04-16 14:19:42.922] Warning GenericDiscoveryDataSource-X.X.X.X-MPNSNetScalerApplianceDiscovery-14400-5400 Discovery not success. device: X.X.X.X discovery: MPNSNetScalerApplianceDiscovery
Request you to guide me on this.
Thanks. We got last release trough our support.
Good day Carl.
We have Platinum license on NetScaler.
I can find only 1.14 version SCOM pack.
For link https://www.citrix.com/downloads/xenapp-and-xendesktop/components/citrix-scom-management-bundle-for-xenapp-and-xendesktop-2017_05_17.html, written on begin this article, we haven’t enough privileges because we have license only for NetScaler not for Xenapp and XenDesktop.
Where can we get last version of Citrix_SCOM_Management_Pack_for_NetScaler.
Hi Carl,
Your blogs showing step by step installation are really helpful. I appreciate your efforts to put these up.
I just wanted to confirm if the monitor high availability node – Master State is configured properly because we are getting many false positives from this monitor.
Regards,
Daya Ram
which ports need to be open between netscaler and scom?? 161/162 80/443? Do i also need 5723?
Do I have to install citrix netscaler agent on my scomgateway server? or just on management server itself?
Hello,
I am not able to see any ‘NetScaler Appliances’ in SCOM while I can see my NetScaler appliance under ‘NetScaler Devices’.
I have support case with citrix for couple months but this has not been fixed yet. I am running SCOM 2016 and I just upgraded the MP to this latest version.
Thanks,
Hi, we have exactly the same issue on our SCOM, did you found a way to solve it ?
Regards.
Have you carried out the steps in the instructions that add permissions/views on the NS? Without doing this the MP will only discover via SNMP and then give you very limited information beyond that. It certainly won’t dip into the rich data that it gets from the NS’s API once those permissions are added.
The section in the document is called “Configuring NetScaler for monitoring by NetScaler Management Pack”
It has the CLI commands needed to configure it and is immediately followed by how to do the same using the GUI if you are more comfortable with that.
Hi carl,
I am unable to get any discoveries for the Netscaler Service groups in the monitoring view(Citrix Netscaler->Load Balancing->Service Groups).I am able to see the network devices getting discovered.Do I need to make any separate configurations for the service groups ?Thanks for ur mail
I get the same issue. Everything is populated except Service Groups, Services and Virtual Servers, which is annoying as that is all I actually care about. We are running an Enterprise NS license though, wonder if that causes any issues. Nothing in the debug logs for the NS agent.
where can i download the mpnsagent
Citrix SCOM Management Pack Agent for NetScaler
It’s in the bundle – https://www.citrix.com/downloads/xenapp-and-xendesktop/components/citrix-scom-management-bundle-for-xenapp-and-xendesktop-2017_05_17.html
I don’t see a separate download page just for the NetScaler management pack.
Hi Carl, is there a way to get the SDX appliances to be monitored in SCOM? It is not included in the management pack. It only talks about the netscalers itself. Thanks in advance.
Hello Carl,
We have a load balanced sstem with 2 NetScaler appliances in an active/active setup. Even the newest Citrix NetScaler Management pack will only generate alerts for the appliance which is in state “Primary”. If we shutdown the appliance with state “secondary” there is no alert … do you know ho we can configure the Management pack to alert for both appliances?
Thank you for your help!
Is this the latest version still. Waiting on a fix for the erroneous AAA, HTTP and Non HTTP fail rate calculations?
There is a new version. I should probably update this article. Thanks for reminding me. https://docs.citrix.com/en-us/scom-management-packs/scom-management-pack-for-netscaler.html
Thanks and I can confirm that version does fix all the false positive fail rate calculations from the prior version. Just left with some bizarre “IP address lookups failure percentage” errors to track down now……
Did you ever resolve this please? We are getting the same issue on our NetScalers after monitoring with the SCOM management packs.
Hello Carl,
it is possible to install and run the Citrix SCOM Agent for NetScaler on a SCOM agent rather then on a SCOM Server. The NetScaler Devices is in the dmz Zone and I have only SCOM Agents in this Zone. How can I setup this.
Thank you!
Do you have an answer for that? I also jave this problem
Carl,
We have an array of netscalers in use, licensed without platinum. We have installed the MP downloaded from the Citrix website.
We have been able to discover the devices, but for some reason the netscalers are not being monitored. Checked the guide on every step without discovering any errors.
The agent server service runs, the action account is able to logon to the webpage, the runas netscaler profiles is populated correctly, firewall ports are opened on windows as well as between vlans.
Do you have any clue what we could check next?
If you post your question to discussions.citrix.com, more people will read it there, including the Product Managers. I suspect there are logs somewhere.
Hi Carl, do you know if the following deployment scenario is supported by the NetScaler Management Pack:
We source both our discovery *and* monitoring from a Gateway server. We created a dedicated Resource Pool for this gateway server and we referenced it in the Discovery rule.
We are dealing with strange behaviour from the MP NS Agent on the Gateway server. The log file of the MP NS Agent contains a lot of entries related to timed-out requests to the NetScaler:
[2016-06-30 13:44:04.624] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: system, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
[2016-06-30 13:44:04.734] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: service, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
[2016-06-30 13:44:04.734] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: protocolip, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
[2016-06-30 13:44:04.749] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: ssl, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
The output of MPNSSupport.exe on a Management Server (on wich the MP NetScaler Agent is not installed) is returning:
——————————————————————-
| Citrix Management Pack Agent for NetScaler |
| Check Requirements |
| Node: |
| OS version: Microsoft Windows NT 6.1.7601 Service Pack 1 |
| OS name: Windows Server 2008 R2 Standard |
| System type: 64-bit |
| Report time: 04/07/2016 2:49:24 PM |
——————————————————————-
.NET Framework Version [ OK ]
————————————————————–
MS .NET Framework 3.5 SP1 Found
SCOM Agent [ OK ]
————————————————————–
SCOM Agent Installed Yes
Product name
System Center Operations Manager 2012 Server
Agent version 7.1.10226.0
SCOM Management Server(s)
SCOM Services
Service name HealthService
Display name Microsoft Monitoring Agent
Status Running
Log on as LocalSystem
Version Store Size (16KB) 131072
Agent Queue Size (KB) (102400)
Citrix management packs found
Comtrade.Citrix.Library.453.xml v. 1.0.8.0
ComTrade.Citrix.NetScaler.Appliance.10.Monitoring.1324.xml v. 1.15.29.0
ComTrade.Citrix.NetScaler.Device.901.xml v. 1.15.29.0
ComTrade.Citrix.NetScaler.Library.903.xml v. 1.15.29.0
ComTrade.Citrix.NetScaler.Monitoring.1326.xml v. 1.15.29.0
All checks were successfully performed.
* * * * * * * * * * *
The output of MPNSSupport.exe on the Gateway Server (on wich the MP NS Agent is installed) is returning:
——————————————————————-
| Citrix Management Pack Agent for NetScaler |
| Check Requirements |
| Node: |
| OS version: Microsoft Windows NT 6.1.7601 Service Pack 1 |
| OS name: Windows Server 2008 R2 Standard |
| System type: 64-bit |
| Report time: 04/07/2016 2:57:02 PM |
——————————————————————-
.NET Framework Version [ OK ]
————————————————————–
MS .NET Framework 3.5 SP1 Found
SCOM Agent [ Failed ]
————————————————————–
SCOM Agent Installed No
One or more checks failed. Please correct the issues and re-run the tool again.
* * * * * * * * * * *
Thank you,
Benoit
FYI, we opened a ticket with Citrix and they fixed our issue (SCOM-1259) in the latest version of the MP (1.17.87).
Hi Carl, great write up. Question regarding the NS Agent install… If I intend to utilize our SCOM network resource pool which includes 2 SCOM Mgmt Servers to monitor our NetScalers, do I just enable FW Rules and install the NS Agent on both Mgmt Servers?
Thanks in advance
Yep.
I don’t think the platinum edition is a requirement, this should work with standard and enterprise licenses as well.
According to https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-data-sheet.pdf, the Comtrade Management Pack is only entitled to Platinum NetScaler.
Sure, but from version 11. For older version isn’t platinum version required.
There are two different SCOM packs. There’s the one that CITRIX developed for NetScaler. And there’s the one they acquired from Comtrade. It’s the Comtrade pack that requires Platinum Edition.
https://www.citrix.com/downloads/netscaler-adc/components/Citrix-SCOM-Management-Pack-for-NetScaler.html
Licensing: This is an Advanced SCOM Management Pack for NetScaler, which is only available with NetScaler Platinum license.
So is the non-Comtrade one, which doesn’t require Platinum, still available? If so, which version is it? I don’t see any steps to import or install a licence in the instructions here anyway, so wondering how this the Platinum Licence is checked after installing MPs and MPNS agent?
Step of management packs import in SCOM is missing.
Most of the installers do the import automatically. Can you be more specific?
BTW, I think the original version of the SCOM Pack required manual import of the Management Packs but now the new version does it automatically.
Hello Carl,
you wrote that the MP Agent Installation Account needs also to be configured for this Management Pack like also for the others bevore (XenApp, Storefront, PVS). But what needs to be configured exactly, because the Citrix NetScaler Agent is installed manually on SCOM Server in your documentation.
Thank you!
I think the agents use the account to download configurations from the file share on the SCOM server.