question

Raffaele T. avatar image
Raffaele T. asked ·

TCAM Troubleshooting

Hi all,

I’m performing the TCAM troubleshooting both on customer AMD and on (one) Citrix Server (I don’t have access to the Citrix (prod) Server..just performed some troubleshooting steps using customer PC in a 5 mins window).

I’ve asked again the customer to assure the UDP port 514 is open on the AMD. They confirmed the successful configuration of firewall rules, the port should be open.

So, here’s the recap of what seems to be good and what seems not at the minute.

Any suggestion on the next troubleshooting step to be performed will be appreciated.

Thanks in advance for your help.

Raff

nam servernam probecitrix
tcam1.png (100.0 KiB)
tcam2.png (106.0 KiB)
tcam-amd.png (117.9 KiB)
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Adam P. avatar image
Adam P. answered ·

In this particular scenario, the problem was because HTTP analyzer was returning users like DOMAIN\user, where Citrix like domain.net\user and operations made by the same users cannot be matched. The following configuration followed by CAS restart in Advanced Configuration Manager can do the trick:

MAP_IPUserForce-map = usergroupmap.properties

MAP_CLASS_UserGroup-map = 

MAP_CLASS_IPUserForce-map = adlex.rtm.repository.ClientForceRegexMap

ClientGroupMapLeaveIfNotMatches = 1

ClientGroupMapLeaveIsGroupFirst = 1

ClientGroupMapRegex = (.+)\\(.+)

by simply removing all the domain names. Removed domain name can be optionally stored in DMI's Client group dimension. Properties not existing shoudl be added.

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Thanks again for your help Adam!

0 Likes 0 · ·
Wojciech K. avatar image
Wojciech K. answered ·

Raff,

Please ensure the below settings (highlighted) are configured correctly:

Also verify which process is actually listening on UDP port 514:

netstat -panu | grep 514

The netstat output should show a java process as the one listening on port 514. There might be a conflict with the syslog service - in such case either syslog should be disabled or the communication port should be changed from 514 to some different value both in RUM Console and TCAM config.

Wojtek.


citrix-config.png (79.4 KiB)
8 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hi @Wojciech Kurek,

thanks for your reply.

The current configuration seems correct as you've shown:

The netstat output is the following:

It doesn't seem to be conflicting, does it?

Thanks in advance,

Raff

0 Likes 0 · ·
currentconf.png (64.7 KiB)
netstatoutput.png (2.8 KiB)

Another thing to check is whether the routing configuration somehow does not reject the packets and if the P-CTXDATA license is present on the AMD (see rcmd show licenses).

0 Likes 0 · ·

Hi @Wojciech Kurek,

yes the P-CTXDATA license is present on the AMD. I should check with customer the routing configuration.

Btw now I can "magically" see some sessions being mapped:

But I still don't see the operations in the Citrix dashboard, but just the Citrix channels used.

Any suggestions?

Thanks a lot again,

Raff

0 Likes 0 · ·
mapping.png (45.7 KiB)

What do you mean by operations in the Citrix dashboard? In the ICA decode channels are the operations and it's not related to data provided by TCAM. Perhaps you are referring to Citrix performance metrics like CPU or disk usage?

0 Likes 0 · ·

Sorry Wojciech probably I wasn't clear enough: I mean the mapped backend operations of the Citrix users. I'd like to see what applications are the Citrix servers contacting on behalf of users and the related operations.

Thanks,

Raff

0 Likes 0 · ·

How many Citrix servers are connected to the AMD? The show mapstats byagent shows only one. Could you try creating a custom DMI report with two dimensions: internal client IP and username, with the Citrix server's IP set as a filter for the internal client IP dimension? Does the report show any usernames?

You'll probably need to create a support ticket anyway...

0 Likes 0 · ·

Thanks Wojciech,

currently just one TCAM is working that's why you see just one Citrix server.

I've created the DMI report with the internal client IP filter and it is showing the correct usernames...

Raff

0 Likes 0 · ·

So it looks like the AMD provides the correct data. Some CAS expert should take a look at it...

0 Likes 0 · ·
Jakub G. avatar image
Jakub G. answered ·

Hi Raffaele,

Im dont know what version of CAS you are using (I assume 12.4.x, because earlier only Citrix Landing Page report was available), but you must understand that Citrix dashboard data is limited to analyzers Citrix ICA or Citrix ICA over SSL, so if you are looking for "what applications are the Citrix servers contacting on behalf of users and the related operations" you have to look on different reports e.g. User Explorer or create one from scratch in DMI e.g User Name + Software Service + Server IP on Subject Data tab and User name and Analyzer as filter in Benchmark Data tab with Citrix ICA or Citrix ICA over SSL as filter values and marked "Use benchmark values as dimension filter" checkbox. This will only work if you have Citrix data on the CAS. If not then more work with DMI is needed (maybe filtering by specific software service not the analyzer to get proper usernames in the Benchmark Data tab). I would start from that.

Jakub

2 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hi Jakub,

thanks for your reply. If I'm not mistaking, since the 12.x release, there should be the possibility to see the User Activity details for the Citrix Users, mapping the Citrix sessions to the backend servers thanks to the installed TCAMs. Not sure if something changed on the 12.4.x releases, I will look into it and find out.

By the way, I've created the DMI as you suggested but no Citrix usernames are showing up..

Thanks again,

Raff

0 Likes 0 · ·

Jakub,

from the User Explorer filtering on a recognized Citrix user name I just get data related to the Citrix software service and not the other backend software services..so I can't see the actual user activity of the Citrix Users...

Any help will be appreciated!

Thanks a lot again,

Raff

0 Likes 0 · ·
userexplorer.png (33.3 KiB)