SSL/TLS Secure channel error suddenly.

[ Edited ]



Im looking at writing a powershell script to manage taking snapshots for my volumes that are not ran on the hour. Im running OnTap 8.1.4P9 7-Mode and have a few scripts running via powershell already which all work fine.


Basically what i need to do is connect to the a specified filer and create a snapshot of a volume/s at say 15 minutes pas the hour. I can connect to the filer no problem (via RPC i believe?) and cmdlets work like Get-NaVol etc but when i try the following command 

New-NaSnapshot -Volume <volume_name> -SnapName snapshot.1 -Controller <filer>

I get the following error:

New-NaSnapshot : Connection to <filer_name> using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.

If i remove the parameters for -controller it works fine, but i may have multiple connections open to other filers, so i would need to specify the controller would i not?


To me it seems like using the -Controller parameter forces the connection to use HTTPS.


Any ideas or am i doing this totally wrong?





Re: SSL/TLS Secure channel error suddenly.

Hi Mike,


Looking at the help documentation for the CmdLet the -Controller parameter is not mandatory, as it's optional you should not have to specifiy the parameter as the the controller object will default to the global variable "CurrentNaController" which is set when you invoke "Connect-NaController"


    -Controller <NaController>
        The Data ONTAP controller object, embodied by an NaController object.  This parameter is returned by the Connect-NaController cmdlet.  If not specified, the value in the global variable CurrentNaController is used.
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false

Assuming you are interating through a loop of controller names to connect to each of them that will reset the value of "CurrentNaController" variable. I would advise some caution on using a script to create your snapshots though. If the host the script is running from is unavailable for any reason then you won't have any snapshots for the period the host is unavailable. I guess it depends on how critical having a snapshot of the data is? Assuming there is a good reason you can't use the "snap sched" command to schedule hourly snapshots?



If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: SSL/TLS Secure channel error suddenly.

Hi Mbeattie,


The need to do snapshots off the hour has stemmed from an issue that has only recently become apparent. The NetApp serves University data for students and lecturers etc. We recently changed the start time for lectures to start on the hour. This gives us high CPU for about 5 5 minutes, along with snapshots taking places and the Kahuna process running what i assume is a space reclaim?


We disabled the snapshots on all volumes as a test for 1 hour and the high CPU went away. So we are thinking along the lines of moving the snapshots to be 15 minutes past the hour.


Hope that makes sense.





Re: SSL/TLS Secure channel error suddenly.

[ Edited ]



We are encountering the same error but with the NetApp Management Pack for SCOM 2012 R2:


The PowerShell script failed with below exception

System.Management.Automation.MethodInvocationException: Exception calling "InvokeMethod" with "6" argument(s): "Execution of OC.Cluster.OM.Server.Monitoring.StorageMonitoring.InsertVolumePerformanceData method resulted in exception being thrown. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> NetApp.Ontapi.NaException: API invoke failed. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at NetApp.Ontapi.NaServer.sendHTTP(Object req)
--- End of inner exception stack trace ---
at NetApp.Ontapi.NaServer.sendHTTP(Object req)
at NetApp.Ontapi.NaServer.Invoke(Object req, Type resultType)
at NetApp.Ontapi.NaApi`1.Invoke(INaServer server)
at OC.OM.Library.ZAPI.VserverConnection.GetVserverConnection(NcController vServer, String userName, String password, SystemGetVersionResult& result)
at OC.OM.Library.ZAPI.VserverConnection.GetVserverConnection(IPAddress vServerIPAddress, String userName, String password)
at OC.OM.Library.ZAPI.VserverConnection.GetVserverConnection(VserverCredentials vServerCredentials)
at OC.OM.Library.ZAPI.VserverConnection.GetVserverConnection(ClusterVserver vserver)
at OC.OM.Library.ZAPI.VserverConnection.GetVserverConnection(ClusterDataVserver dataVserver, ManagementGroup mg)
at OC.Cluster.OM.Server.Monitoring.StorageMonitoring.InsertVolumePerformanceData(String dataVserverUuid)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at OC.Cluster.OM.AppDomainInvoker.AppDomainInvoker.InvokeMethod(Assembly assembly, String typeName, Object[] constructorParameters, String methodName, Object[] parameters)
at OC.Cluster.OM.AppDomainInvoker.AppDomainInvoker.AppDomainCallback()"At line:64 char:5
+ $result = [OC.Cluster.OM.AppDomainInvoker.AppDomainInvoker]::InvokeMethod($a ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
at System.Management.Automation.ExceptionHandlingOps.ConvertToMethodInvocationException(Exception exception, Type typeToThrow, String methodName, Int32 numArgs, MemberInfo memberInfo)
at CallSite.Target(Closure , CallSite , RuntimeType , AppDomain , String , String , Array , String , Array )
at System.Dynamic.UpdateDelegates.UpdateAndExecute7[T0,T1,T2,T3,T4,T5,T6,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2, T3 arg3, T4 arg4, T5 arg5, T6 arg6)
at System.Management.Automation.Interpreter.DynamicInstruction`8.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)

Script Name: Monitoring.ps1

One or more workflows were affected by this.

Workflow name: DataONTAP.Cluster.Monitoring.InsertVolumePerformanceData.Rule

Instance name: Storage virtual machine xxxxxx.

Instance ID: {E7D263FE-07F2-4359-8CC7-0AE235282138}

Management group: XXXXXXX


Other workflows are working fine.


We recently patched our management servers with KB3172614 and had to disable web application monitoring for a few sites which don't have TLS 1.1/1.2 compatibility yet. I'm wondering if it's a similar issue here.


cDOT version is 8.3.1P2, management pack is 4.1.1.