NetScaler HA Configuration – Best practise

This post will detail the Netscaler HA configuration. Its seems an easy way to just add the secondary Netscaler from primary from configuration utility however in my past i have seen many people faced issues if below listed best practices are not followed. It might work initially but will fail at some point or failover may not work in real production situation.

In some cases if GUI is used both Netscalers will show secondary and none will become primary, below steps will solve that issue.

My infrastructure details:
Primary Netscaler NSIP:
Secondary Netscaler NSIP:


  1. Always recommend to update firmware on both Netscalers before HA configuration.
  2. Disable all unused network adapters on both netscalers. ( Configuration – System – Network – Interfaces – Select unused interfaces – Disable)

HA configuration steps:

Step 1: SSH to both Netscalers using Putty or other ( Default user is nsroot or other user with admin access)

Step 2: primary NetScaler appliancee – NetScaler IP (NSIP) address of the secondary appliance:
add node <id> <ipAddress>

add node 1

Note: the id can be anything from 1-64, but there is no standard rule for it, we can use any no in 1-64.

Step 3: secondary NetScaler – NetScaler IP (NSIP) address of the primary appliance:
add node <id> <ipAddress>

add node 1

Step 4: run on primary & Secondary NetScaler appliance – Run same commands on both appliances –  this will set rpc password.

set ns rpcnode <ipAddress> -password <string>
set ns rpcnode <ipAddress> -password <string>

set ns rpcnode -password nsrootpwd
set ns rpcnode -password nsrootpwd

Note: the rpcnode password should be same as nsroot account, keep the nsroot password same on both netscalers. After HA anyways they will sync.

Step 5: check the RpcNode setting, run on both netscalers and verify.

show ns rpcnode

Note: this should show both Netscalers details on primary and secondary as well, if not showing run above commands again.

Step 6: verify HA node status, run on both Netscalers

show ha node

Note: this should show both Netscalers details on primary and secondary , One role as Primary and Other as secondary.

Step 7: Run on Primary Netscaler – force file synchronization from the primary appliance to the secondary appliance.
sync ha files all

Step 8: Run below commands on both the primary and secondary NetScaler appliances:
set ha node -hastatus ENABLED

Step 9: Primary Netscaler: Test HA failover
force HA failover

Failback after HA testing, Run same command on secondary which is currently primary.

Step 10: after testing on secondary
set node -hastatus STAYSECONDARY

Note: this command will make sure this Node stay secondary if primary is up, in the event primary is down secondary will become primary and serve users, But when primary comes up secondary node will handover primary role to primary NS and switch to secondary role.

Hope this post is useful, leave your comments and feedback below.


Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Automation,Network Virtualization, Digital Workspace, VDI, HCI and Virtualization products from VMWare, Citrix and Microsoft.

One thought on “NetScaler HA Configuration – Best practise

  • October 3, 2021 at 4:52 pm

    Thank you for the details.
    Can you help with below query –
    While configuring HA I would like to use two separate interfaces (port channel) delicately instead of using mgmt interface. How I can configure this ?


Leave a Reply

Your email address will not be published.

Show Buttons
Hide Buttons