Setting up WebSocket access on Citrix NetScaler

When setting up my internal Rancher Master Service I noticed that I was getting some wierd timeout values in the UI, the management console acted gray and it went extremly slow when accessing it externally. After starting up Developer mode in Google Chrome I noticed right away that I was getting some websockets timeouts.

WebSockets Connection to “ws://” failed error during websocket handshake: Unexpected response code 404


When I tried to connect to the Rancher master server internally I noticed that things were working alot smoother then when I was connecting to it externally.

I noticed pretty quickly that it was the NetScaler which was not allowing WebSocket connections as part of of the virtual server that I had configured.

Now there are something that you need to be aware of, WebSockets is not equal to HTTP, it is an entirely different protocol, so in my case I had configured a HTTP based load balanced vServer which of course did not regonize the websocket request that my client made to the Rancher Master server.

Now this is of course something that is easy to fix on a NetScaler. First we need to configure a HTTP Policy, which is found under System –> Profiles –> HTTP Profile, the easiest thing is the mark the default profile and click add.

Inside the profile settings window, there is only one setting we need to define


That is the “Enable WebSocket” connections, which allow WebSocket connection over HTTP based vServers. After we have created this HTTP profile we just have to bind it to a virtual server.

Go into Traffic Management –> Load Balance –> Then into the virtual server we want to enable websockets, and click edit. Choose Profile on the right side and click edit on HTTP profile


And voila you are done! WebSockets is now enabled over existing HTTP load balaced virtual servers.(Note: Storefront HTML5 based Citrix client also uses WebSockets)

0 thoughts on “Setting up WebSocket access on Citrix NetScaler”

  1. Hey,

    I’m struggling with this same kind of problem and I’ve tried to enable the HTTP profile as you did but the users are still getting errors from their content management software saying that real-time updates failed (due to those needing WebSocket connection).

    There is a little information about NetScaler and WebSockets apart from just enabling it. Do you know if the port has to be same externally & internally? At the moment my CS VC receives 443 connections for the application and internally forwards it to a web server in port 80. SSL offload is done on the CS VS. For this LB VS I’ve enabled the default HTTP profile which has WebSocket connections enabled but it’s not working.

    Thanks for your comments.

Leave a Reply

Scroll to Top
%d bloggers like this: