Interview question: All the services assigned to Netscaler vserver are up. But still, vserver is showing as “DOWN” state. Why?
This article contains the probable reasons for the status of a virtual server being marked as DOWN on NetScaler.
Status of NetScaler Virtual Servers
The virtual servers on a NetScaler appliance can have any of the following state:
- OUT OF SERVICE
When the status of the virtual server is marked as UP, it is operational and ready to service requests.
You can use the URL Redirection feature of the NetScaler appliance or configure backup virtual servers to provide continuous service if the status of the main virtual server is marked as DOWN, unexpectedly.
The status of a virtual server might be marked as OUT OF SERVICE when you disable the virtual server but do not delete it.
View Status of NetScaler Virtual Servers
To view the status of a virtual server navigate to Traffic Management > Load Balancing > Virtual Servers. Alternatively, you can run the following command from the command line interface of the appliance to view the status of the virtual servers:
Probable Reasons for the Status of NetScaler Virtual Server Being Marked as DOWN
No service is bound to the virtual server
A service provides the connections between the NetScaler appliance and the back end servers. Each virtual server must have atleast one service bound to it. Each service has a name and specifies an IP address, a port, and the type of data that is served.
To verify if services are bound to a specific virtual server, run the following command from the command line interface of the appliance:
> show vserver <VServer_Name>
If there are no services listed at the end of the output, then the reason for the status being marked as DOWN is because no service is bound to the virtual server.
For information on types of services and how create a service refer to Citrix Documentation.
All services bound to the virtual server are not available
To verify the status of the services bound to a specific virtual server, run the following command from the command line interface of the appliance:
> show vserver <VServer_Name>
The following is a sample output of show vserver command, when all services being not available is the reason for the status of a virtual server being marked as DOWN:
> show vserver example_down_vip example_down_vip (0.0.0.0:0) - HTTP Type: ADDRESS State: DOWN Effective State: DOWN ARP:DISABLED ... 1) Blue (10.198.4.43: 80) - HTTP State: DOWN Weight: 1 Done
In this scenario, the status of the virtual server is marked as DOWN because the only bound service is not available. A virtual server must have at least one service bound and should be available, to ensure that the status of the virtual server is marked as UP.
A service might not be available because of multiple reasons, such as communication failure between the NetScaler appliance and the server hosting the service. You can use the following options to troubleshoot a service that is not available:
Run the following command to verify if any non-default server monitor is bound to the service:
> show service <Service_Name>
The following is a sample output for your reference:
> show service Blue Blue (10.198.4.43:80) – HTTP State: DOWN Last state change was at Mon Sep 15 14:46:29 2008 (+845 ms) Time since last state change: 1 days, 05:00:01.790 Server Name: 10.198.4.43 Server ID : 0 Monitor Threshold : 0 ... 1) Monitor Name: tcp-default State: DOWN Weight: 1 Probes: 10371 Failed [Total: 10371 Current: 10371] Last response: Failure - TCP syn sent, reset received. Response Time: N/A Done
In this scenario the service is not available because the monitor tcp-default fails indicating that the service is not accepting TCP connections. Consider the following points when troubleshooting such issues:
- The status of a service is marked as UP only if probes from all monitors bound to the service are successful.
- If probes fail, then verify network connectivity to the back end servers on the port hosting the application.
- Troubleshooting should be performed for failed probes from specific monitor types depending on the configured monitor type.
- If network connectivity can be established, but monitoring probes are failing, then unbind the non-default monitors from the service by running the following command:
> unbind monitor <Monitor_Name> <Service_Name>
Note: Different default monitors are defined for different service types.
If only default monitors are bound to the service and the service is not available, then verify the network connectivity between the NetScaler appliance and the back end servers.
Bind Certificate if vserver has SSL service:
If a virtual server hosts a Secure Socket Layer (SSL) service, then the status of the virtual server is marked as DOWN if an SSL cerkey is not bound to the virtual server. To resolve this issue, run the following command to bind an SSL certkey to the virtual server:
> bind ssl certkey <VServer_Name> <Certkey_Name>
The NetScaler Features are not enabled
You can configure NetScaler feature (load balancing, content switching and so on) entities such as services and virtual servers when a feature is disabled, but they will not function until you enable the feature. For information on enabling a feature of NetScaler refer to Citrix Documentation – Enabling or Disabling a NetScaler Feature.
The NetScaler Features are not licensed
Before using a feature, make sure that your license supports the feature.To verify the licensed features refer to Citrix Documentation –Verifying the Licensed Features.