Skip to content

How to use Citrix Cerebro – XenMobile Troubleshooting Tool

As I'm always thankful for any tool that might come in handy during troubleshooting sessions I thought that this might be interesting for you NetScaler/XenMobile guys as well. Just recently I stumbled upon this neat little article: CTX141060 - Citrix Cerebro - XenMobile Troubleshooting Tool and the tool it provides: Citrix Cerebro (what kind of name is that actually?):


This quite comprehensive article explains the tool's core functionality pretty well, so there's not much to add right now. Therefore I simply share my experience here while using this tool in order to troubleshoot some XenMobile issues I had just recently: Access to your company network is not currently available while setting up WorxMail.


Citrix Cerebro is a diagnostic tool developed to help analyze and debug XenMobile deployments. The tool can perform an analysis of the NetScaler Gateway configuration (ns.conf) file. Citrix Cerebro can also perform online connectivity checks with the back-end servers that are configured with the NetScaler Gateway server. To achieve this, Citrix Cerebro needs to be run on a Windows machine that can communicate with a NetScaler Gateway Server.

The analysis of ns.conf file validates the configuration for XenMobile setup and can point to missing policies, syntax issues and consistency issues.


  • Administrative permissions to your NetScaler
  • Your NetScaler's NSIP (aka Management IP)
  • Microsoft Excel installed on the same platform as Citrix Cerebro in order to successfully export the results to a XLS file
  • Open required ports from source IP to NSIP on your firewall:

Network Connectivity – Verify that you can ping and/or SSH into the NetScaler appliance.
Java Ports – Verify that you can connect to the ports used by Java. If you’re accessing the NetScaler GUI over HTTP then the Java port is TCP/3010. If you’re accessing the GUI over HTTPS then the Java port is TCP/3008. A simple telnet to the correct port should verify no firewalls are blocking communication.

Following the instructions pointed out in the article I launched Cerebro, connected to and analyzed my NetScaler configuration. Cerebro catches the configuration file ns.conf from your NetScaler (in read-only mode) and starts analyzing your environment (i.e. an Online Analysis). Make sure to enter your NetScaler's NSIP while connecting (as referred to as Management IP), your administrative credentials, and click Start Analysis:


In case you don't have direct online access to your NetScaler you could chose an Offline Analysis, i.e. obtaining the ns.conf file, saving it on your local machine, and pointing Cerebro in the right direction.

My first results looked something like this:


I even opted to enable some Advanced Results by enabling ShareFile, Web Receiver, and ShareFile Auth:


You will be presented with the status of configuration checks and “Recommended Configurations” in case if there are any issues. When there are configuration issues, you will see the status as RED. The results of the connectivity checks are displayed as below. If there is some problem with the server’s connectivity, it will be shown as RED. You can see the status of the faulty server on the right side.

For instance the tool pointed out that my LDAP authentication configuration was missing the corresponding credentials in order to access my AD:


Thus I verified and adjusted the corresponding settings in NetScaler:


Furthermore it told me that some settings regarding my Session Policy and Profile for Receiver for Web are missing or plain wrong (though they were being configured by NetScaler's own wizard):


I adjusted them accordingly as well:

cerebro_8 cerebro_9

Verdict: All in all it seems quite a handy tool for troubleshooting purposes and can be considered a useful addition to your troubleshooting and analysis methodology.

For more things XenMobile read my blog XenMobile 10.x and NetScaler 10.x - A Comprehensive HowTo Guide including more troubleshooting tips.

Further reading:

Leave a Reply