The issue suggests that you do not have persistence configured properly on the Netscaler LB.  See Cisco Live session BRKSEC-3699 (reference version) posted to ciscolive.com (requires one-time free registration) for additional details on persistence as well as Citrix examples.  Direct link:

https://www.ciscolive.com/global/on-demand-library/?search=brksec-3699&search.event=ciscoliveus2018#/session/1511296160606001Af1J

This is an example based on Calling Station ID:

add lb vserver radius-auth RADIUS 172.16.0.16 1812 -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)" -cltTimeout 120
add lb vserver radius-acct RADIUS 172.16.0.16 1813 -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)" -cltTimeout 120
set lb group RADIUS-Calling-Station-ID -persistenceType RULE -rule "CLIENT.UDP.RADIUS.ATTR_TYPE(31)

Craig