Tag Archives: API

NetScaler PowerShell function to get nsmode “mediaclassification”

In version 11. build 64.34 there is a bug with NetScaler mode “MediaClassification” that can potentially crash a NetScaler appliance if AppFlow is enabled. Additionally, there is a separate bug that enables the “mediaclassification” mode on the NetScaler. This can occur when Insight Center (or a specific Nitro API call) communicates with the NetScaler appliance to add AppFlow policies. This means that if running this particular build, and someone uses Insight Center to create a new policy, it can potentially enable the “mediaclassification” mode, thus potentially causing the NetScaler appliance to encounter the bug with said mode, and ultimately crash the appliance. I have seen this real world, and it can put an HA pair into an infinite boot loop. Be warned, HA will not save the day with this particular issue. The bug specifically crashes a NetScaler when “mediaclassification” is enabled, and the NetScaler receives a http request that does not contain a host header (HTTP 1.0 anyone?). The workaround for this is to disable the mode. However, as previously mentioned, a seperate bug can and will re-enable this mode. So here is a PowerShell Script to check the mode on NetScaler(s) and send an SMTP message if the mode is discovered to be enabled. This could be modified to suit other alert\notification needs as well.

 

 


Function Get-NSmode
{
Param
(
[array]$nsip

)

# Choose protocol for contacting the NetScaler, http:// or https://
$nsprotocol = "http://"
# NetScaler account authorized to a least show ns mode. Recommend full read only account for ease of use.
$nsuser = "ns_read_only_account"
# Password for account defined in $nsuser
$nspass = "SomeCrazyPasswordForReadOnlyServiceAccount" | ConvertTo-SecureString -asPlainText -Force
# SMTP server address
$psemailserver = "mymail.local.com"
# Mail to address
$mailto = "NetScalerGuy@local.com"
# Mail from address
$mailfrom = "NetScalerMaintenanceScript@local.com"
# Do not modify unless you know what you are doing
$cred = New-Object System.Management.Automation.PSCredential($nsuser,$nspass)

### MAIN ###

if (Invoke-RestMethod -Method GET -Credential $cred -Uri ($nsprotocol + $nsip + "/nitro/v1/config/nsmode") | ?{$_.nsmode -lik e "*MediaClassification=False*"}) {$mediaclassification = $false}
else {
$report = Invoke-RestMethod -Method GET -Credential $cred -Uri ($nsprotocol + $nsip + "/nitro/v1/config/nsmode") | select -Exp andProperty nsmode | select mediaclassification
$body = ("MediaClassification Mode is enabled on $nsip. This mode can cause the NetScaler to crash. Investigate if this was
intentional.
$report
"
)
Send-MailMessage -smtpserver $psemailserver -to "$mailto" -from $mailfrom -Subject "*** NetScaler $nsip MediaClassification Mode Enabled ***" -body $body }

}

Get-NSmode NetScaler1.local.com
Get-NSmode NetScaler2.local.com
Get-NSmode NetScaler3.local.com
Get-NSmode NetScaler4.local.com

###  END   ###

This script is best run as a scheduled task. Leave your comments below.

Thanks