[BUG] ERROR: Feature(s) not licensed [AAA]

This week I was implementing a pair of Citrix NetScaler Standard Edition appliances, mostly to be used for Access Gateway features. As always I started of with the latest Citrix NetScaler firmware which is 73.5 as of this writing. I was configuring Pre-Authentication Policies within GUI, later on I was testing HA failover and noticed that the Pre-Authentication policies were missing after doing a HA Failover.

netscaler_bug

There seems to be a problem in this particular firmware build that denies use of aaa commands when done through CLI, however they do seem to work through GUI. Through CLI you will get the below licensing error statement.

image

The problem being that command propagation works through CLI, so if you make these changes through GUI, NetScaler will in turn try to propagate these command to the other HA pair appliance (when making use of HA of course) which will fail because AAA is not licensed.

It seems that the aaa command is first checking it’s licensing status and then executes the command although the aaa command is also used for adding/setting Access Gateway Enterprise Users/Groups and Pre-Authentication Policies.

Citrix Support has acknowledged this bug and is working on a fix. For now it would be best to use build 71.6 which does not have this issue if you are using Citrix NetScaler Standard Edition, Access Gateway Enterprise in conjunction with aaa Users/Groups and/or Pre-Authentication Policies (These are also the same aaa command that are affected).

Update: Citrix Support has confirmed the issue will be resolved in the upcoming 10.0.75.x maintenance firmware release which ETA will be late March.

About Henny Louwers
I work as a Consultant specialized in Application Delivery, Virtualization of Servers, Desktops and Apps.

Comments are closed.

%d bloggers like this: