2017-01-01 04:04 AM
Happy New Year
Windows server 2012 R2
I am trying to run my powershell script over https but I got the below error:-
Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel. The error may be resolved by generating a new certificate on the storage controller, with a longer key length. At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6 + Connect-NaController $netapp -Credential $cred -HTTPS + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController
I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.
|httpd.log.format common (value might be overwritten in takeover)|
|httpd.timeout 300 (value might be overwritten in takeover)|
|ssl.v2.enable off (same value required in local+partner)|
|ssl.v3.enable on (same value required in local+partner)|
If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.
I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?
Your help is appriciated.
2017-01-03 12:03 AM
happy new year!
Can you access the webfrontend by browser over https ?
Does it produce a warning ?
I guess that the powershell Toolkit uses .net Components for HTTPS Communication.
so you could try out the .NET Foundation to test the connection.
And try if you can get more information out of it.
To help in Troubleshooting.
2017-01-03 09:42 PM
Thanks for your replay
Can you access the webfrontend by browser over https ? Does it produce a warning ?
I got the below error:-
I have checked TLS1.1 and TLS 1.2 and both are enabled.
As for the code in the link provided, I got the below error:
However, in the test lab both tests works fine.
Could it be that some group policy is forced via AD that's causing the issue seen on the production environment ?
2017-01-05 07:33 AM
make sure TLS 1.2 is actually enabled on your windows boxes
There were eveidently some "patches" that turned of TLS.
Verify these registry keys:
you can also check out htis link: https://portal.chicagonettech.com/kb/a187/maximizing-ssl-security-for-windows-server-2012-ssl-tls.aspx