NetScaler VPX Kinda Quick Start

Using a NetScaler within home lab is beneficial, mostly because you can use the same IP over and over for different services. Imagine providing VPN, Lync Autodiscover, Exchange Autodiscover, and SharePoint all over port 443. That’s what a NetScaler VPX can do for you, for free.

Below is a tutorial that will help you get started with NetScaler. For everyday admins who haven’t done this before, it takes some time to understand, but here are a few important things to note:

  • The NetScaler VPX is free, but you have to get a license and renew it annually. The license just requires you pasting in your FlexNet Host ID (which you get from command line later on in a tutorial), downloading the license, then uploading the license to your VPX.
  • You will need to allocate at least two IP’s to your NetScaler. One to manage from (MIP), and one subnet IP (SNIP). This subnet IP isn’t a subnet mask, it’s just another IP within the subnet that allows your NetScaler to monitor the servers within the subnet. In my lab, my management IP is and my subnet IP is If you forget to set your subnet up, your monitors will fail, and everything will show as down.

This section is mostly text. If you’d like to see a deployment with step-by-step screenshots, visit Phillip Jones’ NetScaler VPX tutorial.

Download, Deployment, Basic Configuration and License

  • First, go get the Citrix NetScaler VPX Express and License.
  • Scroll down to the middle until you see Download. I downloaded: NetScaler VPX for ESX 10.5.e.
  • Once the file has finished downloading, extract it to C:\temp. Keep this tab open, we’ll return to it later.
Deployment & Basic Configuration
  • Figure out what IP you’ll give your NetScaler, then add it to your local DNS.
  • Deploy your OVF
  • Don’t Power On after Deployment
  • Right-click VM -> Edit Settings -> Remove Network Adapter 2
  • Right-click VM -> Upgrade Virtual Hardware
  • Power on
  • Wait for the NetScaler to boot up, then enter in your IP information.
  • Open up a new tab in your browser, and load up your NetScaler by IP or hostname. My DNS is, so I point to http://netscaler
  • Login with nsroot and password nsroot
  • Next, you’ll be prompted to enter a few things: Subnet IP address, Host/DNS Server/Time Zone and License. Again, my Subnet IP is just the next available IP within my subnet (MIP:, SNIP:


  • Once you’re finished entering your SNIP, hostname/DNS/Time Zone, we need to do two things: 1. Get to the licensing page within your browser and 2. Get the host information needed to download your license.
  • Go back to the Citrix browser tab I referenced not closing in the first section, and scroll down a little more to License. Expand the + and click Get License.

  • Then click Allocate License.
  • Next, you’ll see a popup with your serial number. Click the serial number, and you’ll be brought to the license allocation page. Click Continuewhen prompted.
  • See that blank Host ID? We need to go get it from the NetScaler.


  • Fire up putty and connect to your NetScaler via SSH. This is required to get the information needed for your license.
  • Login with username nsroot and password nsroot
  • Type shell and enter.
  • Once at the shell prompt, type lmutil lmhostid -ether
  • Copy the FlexNet Host ID and go back to your browser. Paste it into the form box titled Host ID


  • Go back to the Citrix tab and paste that Host ID.
  • Click Continue -> Confirm -> OK
  • Your license will be downloaded and saved as a .lic file
  • Back to your NetScaler tab (http://netscaler), upload your license.
  • Click reboot
  • Now that your license is setup, and you’ve rebooted, HTTPS will work! Login to your netscaler via HTTPS and change the nsroot password: System  -> User Administration -> Users -> nsroot -> Change Password.
  • Now enable some features: System -> Settings -> Configure Basic Features, then check all these boxes:


  • Optional: Configure Advanced Features -> Web Logging, IPv6 Protocol Translation, EdgeSight Monitoring, AppFlow, Responder, vPath.
  • Since the VPX is a virtual machine, it’s prone to time drift. Add an NTP Server to ensure AD authentication will work if you eventually set it up. System -> NTP Servers, add your DC’s NTP server. Once you’re done, hit Save*.
    * Hit Save a lot. I once lost a few hours worth of configuration because I forgot to save and the machine shut down unexpectedly.

  • Optional: Follow this step-by-step guide to setup Active Directory authentication
  • Optional: If you’d like to replace the SSL cert on the web management interface, use this tutorial which is way easier than the method Citrix provides.

In the next post, Using NetScaler VPX in your Home Lab, I’ll demonstrate how to use Content Switching within NetScaler to support a number of services over one SSL port/IP. It may be a little while, though.

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Security

Leave a Reply

Your email address will not be published. Required fields are marked *


Migrating SQL Server?

dbatools is an awesome PowerShell module that helps you migrate entire instances with a single command.

Available from and github

SqlServer Needs You

SqlServer now has a dedicated engineer and Microsoft is asking for our input!

Upvote priorities and cmdlets now


Chrissy LeMaire

Brandon Abshire
View Brandon Abshire, MCDBA's profile on LinkedIn


Chrissy has been awarded the Microsoft MVP for her work in the PowerShell community.

Join us!

Belgian PowerShell
User Group

  SQL PASS PowerShell
Virtual User Group


Upvotes Needed

Help persuade Microsoft to open source SQL Server's PowerShell module, SQLPS.

Upvote now on Microsoft Connect