2011-05-12 01:45 PM
Running DataONTAP PowerShell v 220.127.116.11 on Windows 2008 SP2 with .NET 3.5
If registry entry "HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled" is set to "1", enabled,
and I run the Invoke-NaSSH command on a controller, I get the following .NET error
Session.connect: System.NullReferenceException:Object reference not set to an instance of an object.
at Tamir.SharpSsh.jsch.jce.HMACMD5.update(Int32 i)
at Tamir.SharpSsh.jsch.Session.read(Buffer buf)
at Tamir.SharpSsh.jsch.UserAuth.start(Session session)
at Tamir.SharpSsh.jsch.UserAuthNone.start(Session session)
at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout)]
In our test environment, setting it to "0" yields no such error.
Unfortunately, this registry entry is set by our security group in the 2008 images we deploy out in the field
and disabling it is a no-no.
Is this a problem with Tamir.SharpSsh.jsch package or with how a call is made or something else?
Solved! SEE THE SOLUTION
2011-05-12 04:01 PM
Hello, Jose. The released build of Toolkit 1.3 was 18.104.22.168. How did you get such an early build?
The FIPS algorithm issues were reported during internal beta testing of Toolkit 1.3, and I fixed them before release. In any case, with FIPS enabled on my development system (Windows Server 2008 R2), Invoke-NaSsh in Toolkit 1.3 and later works. Would you please download Toolkit 1.4 and report whether that works for you?
2011-05-13 10:10 AM
Looks like going to v1.4 broke my storage configuration script.
That early build toolkit given to us also included a "Invoke-NaSystemCli" cmdlet which I used extensively throughout my configuration script.
Any chance of putting that cmdlet back?
If not, I'll have to go back to the toolkit I was using. I'm thinking I can just disable then enable that registry entry
Set-ItemProperty -path $RegKey -name FIPSAlgorithmPolicy -value 0 (or 1)
2011-05-13 10:17 AM
The system-cli API is unsupported, so I'm afraid we can't ship that cmdlet. But all is not lost. v1.4 adds a more generic cmdlet, Invoke-NaSystemApi, from which you could roll your own script cmdlet fairly easily. Just be careful using unsupported APIs!