Problems with Netscaler and Hyper-V NIC teaming ICA error 1110

Had a customer case where they had troubles with ICA sessions being terminated when connecting via Netscaler. They had a regular MPX pair setup in HA which then serviced XenApp servers which were located on a cluster of Hyper-V hosts. These hosts were running Windows Server NIC teaming switch independent Dynamic mode.

The Citrix sessions were terminated with an failed status of 1110. What they also noticed is that when the Netscaler were trying to connect to the XenApp host they used the MAC adress of the XenApp virtual machine, when the traffic was to return to the Netsacler, the MAC adress changed from the XenApp host to the MAC adress of the Hyper-V host.

This makes the Netscaler drop the traffic and the ICA session was terminated.

From the deployment guide of NIC teaming (http://www.microsoft.com/en-us/download/details.aspx?id=30160)

Dynamic mode has this as a “side effect”

3.11    MAC address use and management
In switch independent / address hash configuration the team will use the MAC address of the primary team member (one selected from the initial set of team members) on outbound traffic.  MAC addresses get used differently depending on the configuration and load distribution algorithm selected.  This can, in unusual circumstances, cause a MAC address conflict.

This is because is the world of Ethernet, an endpoint can only have one MAC-adress and with the use of switch-independant there can only be one physical adapter that is active that allows inbound traffic.

Therefore If you are having issues with Netscaler and Hyper-V NIC teaming you should change from Dynamic to Hyper-V port nic teaming because then the NIC teaming will not do any source MAC adress replacement.

 

image

But note that Hyper-V distribution load balancing has its own issues, which you can read about in the LB document.