Subscribe

Re: OnCommand System Manager recieves error 500

[ Edited ]

regarding my last version:

------------------------------------------------------------------------

  - a clean Windows-7 64 bit

  - Java 7u25  64 bit version

  - Firefox 32  (as default browser)

  - OnCommand version 3.0

 

    options httpd.admin.enable off

    secureadmin disable all
    secureadmin setup ssl
    secureadmin enable ssl
    secureadmin enable ssh2

    options tls.enable on

 

   a simple password only with characters

 

with that version i successfully connect to my old FAS 2040 and my new FAS 2240 without any error - puah

----------------------------------------------------------------------------

 

i did some additional testing:

 

a) Firefox version 35 is fine

b) an non-complex password is not needed

c) OCSM 3.0 or 3.1.1. does not make a difference

 

BUT:

 

d) JAVA does

 

i tried different versions (thanks to ESX and SNAPSHOTs) in which i upgraded java step by step

6u45 is fine

7u25 is fine

even 7u75 32 bit and 7u25 64 is fine,

but 7u75 32 AND 64 bit installed causes the well known problem

and just to complete: 8u31 32bit uninstalls 7u25 64 bit and therefore is does NOT work

 

=> my best guess: 7u25 64 bit (in 64 bit environment) iss essential

      maybe there are some versions between 7u25 and 7u75 that will work as well

     but i do know that 7u25 DOES work, whereas 7u75 DOES NOT

 

and to complete my research i re-installed 7u25 64 bit after 8u31 de-installed it - and - guess - YEPP , everything is fine

 

=>  install whatever version you prefer, but have 7u25 64 bit installed as well

 

that directly points me to a question to you Chuck:  did you have different versions installed ?

    something like : the 32bit version is java 8 but the 64 bit version is an elder java 7 ?

 

Cheers

  Hilmar

Re: OnCommand System Manager recieves error 500

I can confirm that java 8 64bit is the problem.

I approved the java updater lately and it updated to  java 8u31 32bit and 64bit

The behaviour then was the following when I tried to login to our filers

7.3.7P3 FAS3020   => security question => OK  (I know the system is out of support)
8.1.3P1 FAS3210   => security question => OK
8.1.3P1 FAS3220   => error 500
8.1.3P1 FAS3270   => error 500

 

After struggling a while with different solutions from this thread I uninstalled the 64bit version and reverted to java 7u55 64bit which I had been running before the update.

Now on all filers there is  no security question anymore and all logins work OK

Re: OnCommand System Manager recieves error 500

[ Edited ]

I am running 8.31 64-bit and using the steps I provided in my earlier post, I have everything work with SSL/TLS.

Now, granted, there is no 100% garuntee that it works for 100% of everyone.  There are other considerations such as individula security settings in the JAVA.  I have all of my filers (both by IP address and by host name) as trusted sites in my browser and in JAVA.

 

Re: OnCommand System Manager recieves error 500

That's odd--I am running it just fine with 8u31.  I only needed to have 7 present to get through the System Manager installation, which will stop if you do not have 7 installed.  After installation, I removed 7 completely and it is still running.

 

The steps to turn off unsecure http admin, reset the certificate setup, and enable TLS made the difference for us.

Re: OnCommand System Manager recieves error 500

/!\ Security Hole /!\

 

You must modify the file "C:\Program Files\Java\jre1.8.0_31\lib\security\java.security" and disable the last line "jdk.tls.disabledAlgorithms=SSLv3" with #.

 

The last Java disable SSLv3, you must reactivate him.

Re: OnCommand System Manager recieves error 500


SRay wrote:

/!\ Security Hole /!\

 

You must modify the file "C:\Program Files\Java\jre1.8.0_31\lib\security\java.security" and disable the last line "jdk.tls.disabledAlgorithms=SSLv3" with #.

 

The last Java disable SSLv3, you must reactivate him.


This worked for me thanks SRay.   I'll have to make do with toggling it on and off when required until a fix is released. 

 

Re: OnCommand System Manager recieves error 500

[ Edited ]

 

OK, what do we have learned the last days ?

 

With Java 8 there came a new security structure.

Regarding the flaws in SSL  (Heartbleed, Poodle) Java completely disabled SSL in the usable protocols list with version 8

 

Thats why elder versions (like my preferred 7u25) work with OCSM, but newer doesnt.

 

We found a workaround to run OCSM with Java 8  (Thanks to my Java Admin Josua):

- open a DOS Box

- jump to the OCSM-directory:

    cd "\Program Files\NetApp\OnCommand System Manager"

- start OCSM with parameter "i am sure what i do and i will run my OCSM with unsafe protocols" :

    java -Dsun.security.ssl.allowUnsafeRenegotiation=true -Djdk.tls.client.protocols="TLSv1, SSLv3" –jar SystemManager.jar

 

and everything is fine

 

hope that works for you as well

  Hilmar

Re: OnCommand System Manager recieves error 500

I think what the industry should have learned a long time ago is that Java on the client side is an absolute mess for many of the reasons already stated here. It is not a system to be able to allow any device any software to be able to work. I would have to have 5-10 vm's just for the different software that requires different versions. Netapp and others please upgrade to other tech. One that comes to mind would be HTML 5 .net or just pick something beside the proven to fail java! Don't care if this is what you call "political". It's not its a call for using tech that works. 

Re: OnCommand System Manager recieves error 500

For System Manager 3.1.2 to manage storage systems running Data ONTAP 7.3.x , 8.1.x and 8.2.x operating in 7-Mode ,TLS protocol must be enabled

If TLS protocol is not setup , System Manager 3.1.2 will display an error while adding to home page that TLS is not setup

TLS protocol is enabled by default for storage systems running Data ONTAP in Cluster mode.

Refer to https://kb.netapp.com/support/index?page=content&id=9010008

 

The next version of 3.1.2, targeted for end of March or early April, will officially support Java 8

 

 

Re: OnCommand System Manager recieves error 500

[ Edited ]

Java on client side is a pita. I also wish they would drop it.

First version of the software needed Adobe Flash Player. Go figure!