Richard, any luck with this? I have CSA 5.1 on Citrix, and we have had some real perf problems. The CPU appears to get super busy, so much so that even keyboard and mouse events are ignored (but without blue screen). Heavily loaded Citrix servers at about 40-50 users using all sorts of applications (but no engineering apps or crazy stuff).
After TAC suggested removing csauser.dll from reg key AppInit_DLLs we are now removing all groups except one to carry UI policy and test mode, etc. We will measure our relative success with this after a week's time. Total number of rules now == 40-50.
Avg CPU util on these servers pre-CSA was 25-50% with spikes going much higher. To me this reflects the classic CPU spinlock problem. But what is at fault here? CSA, Citrix, or something else? These are HPQ DL360 and DL380 servers. It ocurred to me that it could be mgmt software.
About 2 yrs ago there was a *major* problem between CSA and Dell mgmt software. Both products installed separate versions of MSVC70.DLL or something similar, but into separate directories. Once CSA rewrote the reg key to point to _its_ version of the file, the servers would blue screen. Boy was that awesome, let me tell you. To be fair, I don't this think this exhibits the same symptoms.
Interesting. We're using 188.8.131.52 with VMS and we have similar issues. We run Citrix Presentation Server 4 and W2003 SP1. We get our application that only runs on one cpu (CPU0), and eventually the machine just locks up. We have to do a hard reboot to get it usable again. This happens with 4 or 40 users. But CSA is the catalyst. If CSA isn't on the server (completely uninstalled), the server runs fine, indefinitely. If CSA exists (loaded, but doesn't even have to be running), it's pretty much guaranteed that we'll have to reboot at least once a day under normal load.
This first started happening to us with CSA 4.5. 4.0 we had no problems with. 5.0.0.x, we have to reboot the servers multiple times per day. Anymore, we can't even use CSA.
Also, we are using Dell Poweredge 1750's and 1850's WITH the Dell OpenManage stuff on all the servers. You say there was a conflict? Do you have any additional documentation for that? We're getting desperate here.
Mike, it's been two years since I had that problem. It was with CSA 4.0 (if memory serves), so I have no documentation on it. I think it was MSVC70.DLL but I just can't remember.
If CSA is stopped but you still have problems with it, then probably one of two things is going on. 1) shims are causing problems (entries in HKLM\SYSTEM\CurrentControlSet\Services\CSAxyzabc) or 2) some file installed with CSA that conflicts with an existing file. This was the case two years back that I referred to previously. If it is the first case then you can probably set each shim reg entry to Enable==0x0000 (FALSE) so to see if that makes a difference. Check with Cisco, though, to see which of these shim entries are valid with this value set to false. I know that CSAnet is.
I was told there was a citrix related bug that was fixed in 184.108.40.2065, so I tried the latest release of 220.127.116.117. A few servers worked better with this, but then it introduced more bugs with NICs. It seems that no matter what version of 4.5 we try to run on a Citrix server, there is always some kind of performance or communication related problem.
I don't believe it's the netshim, and I wouldn't disable the other CSA components just yet.
You folks may want to check your list of Untrusted applications on your machines. If you double-click on the flag, it is under System Security > Untrusted applications. This list can grow enormous (>1000) on servers with a lot of file writes. I believe performance can suffer as the list grows.
If the list is huge, you can reset it from the MC. Then change your untrusted applications tagging rules to prevent the lists from growing uncontrollably in the future.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...