NetScaler VPX Kinda Quick Start

Using a NetScaler within home lab is beneficial, mostly because you can use the same IP over and over for different services. Imagine providing VPN, Lync Autodiscover, Exchange Autodiscover, and SharePoint all over port 443. That’s what a NetScaler VPX can do for you, for free.

Below is a tutorial that will help you get started with NetScaler. For everyday admins who haven’t done this before, it takes some time to understand, but here are a few important things to note:

  • The NetScaler VPX is free, but you have to get a license and renew it annually. The license just requires you pasting in your FlexNet Host ID (which you get from command line later on in a tutorial), downloading the license, then uploading the license to your VPX.
  • You will need to allocate at least two IP’s to your NetScaler. One to manage from (MIP), and one subnet IP (SNIP). This subnet IP isn’t a subnet mask, it’s just another IP within the subnet that allows your NetScaler to monitor the servers within the subnet. In my lab, my management IP is and my subnet IP is If you forget to set your subnet up, your monitors will fail, and everything will show as down.

This section is mostly text. If you’d like to see a deployment with step-by-step screenshots, visit Phillip Jones’ NetScaler VPX tutorial.

Download, Deployment, Basic Configuration and License

  • First, go get the Citrix NetScaler VPX Express and License.
  • Scroll down to the middle until you see Download. I downloaded: NetScaler VPX for ESX 10.5.e.
  • Once the file has finished downloading, extract it to C:\temp. Keep this tab open, we’ll return to it later.
Deployment & Basic Configuration
  • Figure out what IP you’ll give your NetScaler, then add it to your local DNS.
  • Deploy your OVF
  • Don’t Power On after Deployment
  • Right-click VM -> Edit Settings -> Remove Network Adapter 2
  • Right-click VM -> Upgrade Virtual Hardware
  • Power on
  • Wait for the NetScaler to boot up, then enter in your IP information.
  • Open up a new tab in your browser, and load up your NetScaler by IP or hostname. My DNS is, so I point to http://netscaler
  • Login with nsroot and password nsroot
  • Next, you’ll be prompted to enter a few things: Subnet IP address, Host/DNS Server/Time Zone and License. Again, my Subnet IP is just the next available IP within my subnet (MIP:, SNIP:


  • Once you’re finished entering your SNIP, hostname/DNS/Time Zone, we need to do two things: 1. Get to the licensing page within your browser and 2. Get the host information needed to download your license.
  • Go back to the Citrix browser tab I referenced not closing in the first section, and scroll down a little more to License. Expand the + and click Get License.

  • Then click Allocate License.
  • Next, you’ll see a popup with your serial number. Click the serial number, and you’ll be brought to the license allocation page. Click Continuewhen prompted.
  • See that blank Host ID? We need to go get it from the NetScaler.


  • Fire up putty and connect to your NetScaler via SSH. This is required to get the information needed for your license.
  • Login with username nsroot and password nsroot
  • Type shell and enter.
  • Once at the shell prompt, type lmutil lmhostid -ether
  • Copy the FlexNet Host ID and go back to your browser. Paste it into the form box titled Host ID


  • Go back to the Citrix tab and paste that Host ID.
  • Click Continue -> Confirm -> OK
  • Your license will be downloaded and saved as a .lic file
  • Back to your NetScaler tab (http://netscaler), upload your license.
  • Click reboot
  • Now that your license is setup, and you’ve rebooted, HTTPS will work! Login to your netscaler via HTTPS and change the nsroot password: System  -> User Administration -> Users -> nsroot -> Change Password.
  • Now enable some features: System -> Settings -> Configure Basic Features, then check all these boxes:


  • Optional: Configure Advanced Features -> Web Logging, IPv6 Protocol Translation, EdgeSight Monitoring, AppFlow, Responder, vPath.
  • Since the VPX is a virtual machine, it’s prone to time drift. Add an NTP Server to ensure AD authentication will work if you eventually set it up. System -> NTP Servers, add your DC’s NTP server. Once you’re done, hit Save*.
    * Hit Save a lot. I once lost a few hours worth of configuration because I forgot to save and the machine shut down unexpectedly.

  • Optional: Follow this step-by-step guide to setup Active Directory authentication
  • Optional: If you’d like to replace the SSL cert on the web management interface, use this tutorial which is way easier than the method Citrix provides.

In the next post, Using NetScaler VPX in your Home Lab, I’ll demonstrate how to use Content Switching within NetScaler to support a number of services over one SSL port/IP. It may be a little while, though.

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Security

Leave a Reply

Your email address will not be published. Required fields are marked *