Updating NetScaler? Check your “valid till” date!

We had this little issue just recently, so I decided to blog this little reminder.

There are several reasons why you would want to update your NetScaler firmware to a more recent version. Be it security updates, added features or just your regular update cycle, one day you will run an update.

One thing you have to check during updating  is the “valid till” date. Open your license file(s) with a text editor of your choice and check line 6. It will look similar to this:

netscaler_update_0

The last shown date is the “valid till” date of your license file. Every firmware you use on your NetScaler has to be published prior to this date. Should you use a firmware that has been published after the given date, your NetScaler will come up as “unlicensed” after the next reboot which will lead to

  • All functions besides basic functions being disabled
  • Bandwidth being reduced to 1Mbit/s
  • And (this is most painful) all SSL certificates being unbound and uninstalled due to SSL not being licensed anymore
  • SSL profiles being disabled

server_certificates_0

server_certificates_2

netscaler_gateway_virtual_servers_0

Lucky you if you have a proper backup, a downloaded ns.conf or a primary machine that is still able to sync its config. If not so, you have just gained a few minutes till hours of work.

Preventing the issue is quite easy:

  • Check your “valid till” date as described
  • In case you have a valid Software Assurance (SA), re-download your license file(s) from your MyCitrix account, apply the license file(s), then update
  • In case you do not have a valid SA, either get one or use the most recent firmware according to the date displayed in your license file

Hope that helps if you ever find yourself in I similar situation.

Looking forward to your comments!

Sven

[Equipment used: NetScaler Version: VPX 1000 PLT – 11.1]