Citrix SCOM Management Pack – NetScaler (1.16.13)

Last Modified: Dec 27, 2016 @ 10:24 am

Navigation

Requirements

  • NetScaler Platinum Edition
  • NetScaler 9.3 or newer
  • System Center Operations Manager 2012 or newer

Citrix Blog Post SCOM NetScaler Management Pack Resource Consumption & Performance Overview:

  • For 14,000 NetScaler objects, extra 3 GB of RAM is needed on the SCOM monitoring agent. CPU is minimal.
  • For more than 14,000 NetScaler objects, the Agent started dropping data due to workflows.
  • White Paper

NetScaler Pack

Full documentation at http://docs.citrix.com/en-us/scom-management-packs/scom-management-pack-for-netscaler.html.

Install Citrix NetScaler Pack

  1. If upgrading, uninstall the older version first.
  2. On the System Center Operations Manager server, go to the downloaded Citrix SCOM Management Pack for NetScaler and run Citrix_SCOM_Management_Pack_for_NetScaler.exe.
  3. In the Welcome to the setup wizard for Citrix SCOM Management Pack for NetScaler page, click Next.
  4. In the View Relevant Product Configuration page, click Next.
  5. In the License Agreement page, check the box next to I accept the terms, and click Next.
  6. In the Choose Destination Location page, click Next.
  7. In the Configure Post-Install Actions page, check the box next to Automatically import the Management Pack, and click Install.
  8. In the Completed the setup page, click Next.
  9. In the All post-install actions were successfully completed page, click Finish.

MP Agent Installation Account

Configure the MP Agent Installation Account as detailed for the XAXD Pack.

NetScaler Monitoring Account

On the NetScaler appliances, run the following commands to add a local account, and bind it to a restrictive cmdPolicy. Replace the password with a secure password. If you leave the password off the command, then NetScaler will prompt you.

add system cmdPolicy polNetScalerMonitoring ALLOW (^show\s+system\s+\S+)|(^show\s+system\s+\S+\s+.*)|(^show\s+configstatus)|(^show\s+configstatus\s+.*)|(^shell\s+nsconmsg\s+-K\s+\S+\s+.*)

add system user usrNetScalerMonitoring MyPassword

bind system user usrNetScalerMonitoring read-only 1

bind system user usrNetScalerMonitoring polNetScalerMonitoring 1

show system user usrNetScalerMonitoring

SCOM Device Discovery

  1. System Center Operations Manager uses SNMP to communicate with NetScaler. If Windows Firewall is enabled on the SCOM server, enable some Inbound and Outbound rules.
  2. Inbound Rule: Operations Manager Ping Response.
  3. Inbound Rule: Operations Manager SNMP Response.
  4. Inbound Rule: Operations Manager SNMP Trap Listener.
  5. Outbound Rule: Operations Manager Ping Request.
  6. Outbound Rule: Operations Manager SNMP Request.
  7. Make sure the NetScaler is configured with an SNMP community string with ALL permission at System > SNMP > Community.
  8. If you have SNMP Managers configured, then make sure SCOM is in the list.
  9. In SCOM Console, go to the Administration workspace, right-click, and click Discovery Wizard.
  10. Select Network devices, and click Next.
  11. In the General Properties page, give the discovery rule a name. Select a SCOM server, and resource pool to run the discovery rule. Then click Next.
  12. In the Discovery Method page, select Explicit discovery, and click Next.
  13. In the Default Accounts page, if you are using SNMPv2 (instead of SNMPv3) to connect to NetScaler, then you can add the community string now. Click Create Account.
  14. In the Introduction page, click Next.
  15. In the General Properties page, give the community string a display name, and click Next.
  16. In the Credentials page, enter the community string, and click Create.
  17. Then click Next.
  18. In the Devices page, click Add.
  19. Enter the hostname of the device.
  20. Select the SNMP version.
  21. If SNMPv2, select the community string. If SNMPv3, you can add the user account now.
  22. Click OK when done.
  23. Add more devices. Then click Next.
  24. In the Schedule Discovery page, select how often you want this rule to run, and click Next.
  25. In the Summary page, click Create.
  26. Click Yes to distribute the accounts.
  27. In the Completion page, click Close. The rule will run now.
  28. You  can also go to Administration > Network Management > Discovery Rules, and run the rule manually.
  29. And Network Devices Pending Management will show you discovery issues.
  30. The NetScaler appliance needs to be discovered and listed in the Network Devices node.
  31. You can use a SNMP Tester tool on the SCOM server to verify SNMP communication with NetScaler.  💡
  32. Also see CTX219765 Monitoring NetScaler with SCOM Management Packs – Understanding Discovery.  💡

Install Citrix NetScaler Agent

The Citrix SCOM Agent for NetScaler must be installed on the same SCOM server that is running the device discovery rule.

  1. If upgrading, uninstall the older Agent for NetScaler.
  2. On the SCOM servers that are running the SNMP Discovery Rule, go to \\scom01\CitrixMPShare\NetScaler MP, and run MPNSAgent.exe.
  3. In the Welcome to the setup wizard for Citrix SCOM Management Pack Agent for NetScaler page, click Next.
  4. In the License Agreement page, check the box next to I accept the terms, and click Next.
  5. In the Destination Folder page, click Next.
  6. In the  Destination Data Folder page, click Install.
  7. In the Completed the setup wizard page, click Finish.

NetScaler Monitoring RunAs Account

  1. In SCOM console, go to Administration workspace, right-click, and click Create Run As Account.
  2. In the Introduction page, click Next.
  3. In the General Properties page, change the account type to Basic Authentication.
  4. Give the account a display name and click Next.
  5. In the Credentials page, enter the credentials of the local monitoring account on the NetScalers, and click Next.
  6. In the Distribution Security page, best practice is to select More secure. But you’ll need to manually specify every agent that should receive these credentials. Click Create.
  7. In the Completion page, click Close.
  8. In the Administration workspace, go to Run As > Profiles.
  9. Double-click Citrix NetScaler Appliance Action Account.
  10. In the Introduction page, click Next.
  11. In the General Properties page, click Next.
  12. In the Run As Accounts page, click Add.
  13. Select the previously created NetScaler monitoring account.
  14. Change the selection to A selected class, group, or object. Then click Select > Object.
  15. Search for the NetScaler appliances these credentials apply to, click Add, and then click OK.
  16. Then click OK.
  17. Click Save.
  18. In the Completion page, if the Run As account is configured for Secure Distribution then click the link to specify Agents to receive the credentials.

Use Management Pack

In the Monitoring workspace, under Citrix NetScaler, your appliance should eventually show up. These views should give you an inventory of the NetScaler configuration, current health status, etc.

Related Pages

20 thoughts on “Citrix SCOM Management Pack – NetScaler (1.16.13)”

  1. Hi Carl, is there a way to get the SDX appliances to be monitored in SCOM? It is not included in the management pack. It only talks about the netscalers itself. Thanks in advance.

  2. Hello Carl,
    We have a load balanced sstem with 2 NetScaler appliances in an active/active setup. Even the newest Citrix NetScaler Management pack will only generate alerts for the appliance which is in state “Primary”. If we shutdown the appliance with state “secondary” there is no alert … do you know ho we can configure the Management pack to alert for both appliances?
    Thank you for your help!

      1. Thanks and I can confirm that version does fix all the false positive fail rate calculations from the prior version. Just left with some bizarre “IP address lookups failure percentage” errors to track down now……

  3. Hello Carl,

    it is possible to install and run the Citrix SCOM Agent for NetScaler on a SCOM agent rather then on a SCOM Server. The NetScaler Devices is in the dmz Zone and I have only SCOM Agents in this Zone. How can I setup this.

    Thank you!

  4. Carl,

    We have an array of netscalers in use, licensed without platinum. We have installed the MP downloaded from the Citrix website.

    We have been able to discover the devices, but for some reason the netscalers are not being monitored. Checked the guide on every step without discovering any errors.

    The agent server service runs, the action account is able to logon to the webpage, the runas netscaler profiles is populated correctly, firewall ports are opened on windows as well as between vlans.

    Do you have any clue what we could check next?

    1. If you post your question to discussions.citrix.com, more people will read it there, including the Product Managers. I suspect there are logs somewhere.

  5. Hi Carl, do you know if the following deployment scenario is supported by the NetScaler Management Pack:
    We source both our discovery *and* monitoring from a Gateway server. We created a dedicated Resource Pool for this gateway server and we referenced it in the Discovery rule.
    We are dealing with strange behaviour from the MP NS Agent on the Gateway server. The log file of the MP NS Agent contains a lot of entries related to timed-out requests to the NetScaler:
    [2016-06-30 13:44:04.624] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: system, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
    [2016-06-30 13:44:04.734] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: service, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
    [2016-06-30 13:44:04.734] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: protocolip, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }
    [2016-06-30 13:44:04.749] PID:2652,TID:3 MPNSMonitorSvc WARNING NetScaler: , param: ssl, result: “errorcode”: -10, “message”: “DoneWithNSErrors – errorcode=1 message=Timeout when try to get response from .”, “NetScalerOutput”: { “errorcode”: 1, “message”: “Timeout when try to get response from .” }

    The output of MPNSSupport.exe on a Management Server (on wich the MP NetScaler Agent is not installed) is returning:
    ——————————————————————-
    | Citrix Management Pack Agent for NetScaler |
    | Check Requirements |
    | Node: |
    | OS version: Microsoft Windows NT 6.1.7601 Service Pack 1 |
    | OS name: Windows Server 2008 R2 Standard |
    | System type: 64-bit |
    | Report time: 04/07/2016 2:49:24 PM |
    ——————————————————————-

    .NET Framework Version [ OK ]
    ————————————————————–
    MS .NET Framework 3.5 SP1 Found

    SCOM Agent [ OK ]
    ————————————————————–
    SCOM Agent Installed Yes
    Product name
    System Center Operations Manager 2012 Server
    Agent version 7.1.10226.0
    SCOM Management Server(s)
    SCOM Services
    Service name HealthService
    Display name Microsoft Monitoring Agent
    Status Running
    Log on as LocalSystem
    Version Store Size (16KB) 131072
    Agent Queue Size (KB) (102400)
    Citrix management packs found
    Comtrade.Citrix.Library.453.xml v. 1.0.8.0
    ComTrade.Citrix.NetScaler.Appliance.10.Monitoring.1324.xml v. 1.15.29.0
    ComTrade.Citrix.NetScaler.Device.901.xml v. 1.15.29.0
    ComTrade.Citrix.NetScaler.Library.903.xml v. 1.15.29.0
    ComTrade.Citrix.NetScaler.Monitoring.1326.xml v. 1.15.29.0

    All checks were successfully performed.

    * * * * * * * * * * *

    The output of MPNSSupport.exe on the Gateway Server (on wich the MP NS Agent is installed) is returning:
    ——————————————————————-
    | Citrix Management Pack Agent for NetScaler |
    | Check Requirements |
    | Node: |
    | OS version: Microsoft Windows NT 6.1.7601 Service Pack 1 |
    | OS name: Windows Server 2008 R2 Standard |
    | System type: 64-bit |
    | Report time: 04/07/2016 2:57:02 PM |
    ——————————————————————-

    .NET Framework Version [ OK ]
    ————————————————————–
    MS .NET Framework 3.5 SP1 Found

    SCOM Agent [ Failed ]
    ————————————————————–
    SCOM Agent Installed No

    One or more checks failed. Please correct the issues and re-run the tool again.

    * * * * * * * * * * *
    Thank you,

    Benoit

  6. Hi Carl, great write up. Question regarding the NS Agent install… If I intend to utilize our SCOM network resource pool which includes 2 SCOM Mgmt Servers to monitor our NetScalers, do I just enable FW Rules and install the NS Agent on both Mgmt Servers?

    Thanks in advance

  7. I don’t think the platinum edition is a requirement, this should work with standard and enterprise licenses as well.

        1. There are two different SCOM packs. There’s the one that CITRIX developed for NetScaler. And there’s the one they acquired from Comtrade. It’s the Comtrade pack that requires Platinum Edition.

    1. BTW, I think the original version of the SCOM Pack required manual import of the Management Packs but now the new version does it automatically.

  8. Hello Carl,

    you wrote that the MP Agent Installation Account needs also to be configured for this Management Pack like also for the others bevore (XenApp, Storefront, PVS). But what needs to be configured exactly, because the Citrix NetScaler Agent is installed manually on SCOM Server in your documentation.

    Thank you!

    1. I think the agents use the account to download configurations from the file share on the SCOM server.

Leave a Reply