Subscribe

ESX 4 NetApp storage systems OS versions FAILED

Hi,

I have a few esx servers that versions are 4.0

# vmware -v
VMware ESX 4.0.0 build-208167

I installed FC Host Utilities 5.2 ,

When I configure HBA I get

"Determining NetApp storage systems OS versions....................FAILED"

error.

How can I solve this problem without open all ports of firewall?

# /opt/netapp/santools/config_hba --configure --secure --access ntp1:root:xxx --access  ntp2:root:xxx
Secure connection enabled
Checking for installed HBAs.......................................DONE
Verifying firewall port are open..................................DONE
Determining NetApp storage systems OS versions....................FAILED
Setting QFull Tunables............................................DONE
Setting HBA timeout setting for lpfc820...........................DONE
Updating BOOT RAM disk............................................DONE

WARNING:
   The script was unable to determine the OS version
   of the following NetApp storage system(s).
   The script could not determine the correct settings for your
   configuration.
   One possible cause is SSL might not be configured properly.
   Please login to your NetApp storage controller
   and run 'secureadmin setup ssl'.  Once you have verified SSL
   is configured properly, run the following commands to ensure
   the correct settings are being used:
      /opt/netapp/santools/config_hba --configure --secure --access <controller>:<login>:<password>

# config_mpath --primary --policy rr --loadbalance --secure --access ntp1:root:xxx --access  ntp2:root:xxx
Secure connection enabled
Verifying firewall port is open...................................DONE

Determining Primary/Proxy paths for LUN=naa.60a9800043346d705234563441524447
   Secure connection enabled

Error: SSL might not be configured properly or your username and password are incorrect.
Please login to your NetApp storage controller and run 'secureadmin setup ssl',
then retry the command again
Exiting...

Determining Primary/Proxy paths for LUN=naa.60a9800043346d71434a613135726f54
   Secure connection enabled

Error: SSL might not be configured properly or your username and password are incorrect.
Please login to your NetApp storage controller and run 'secureadmin setup ssl',
then retry the command again
Exiting...

....................


WARNING:
   The script encountered a problem and was to unable to connect
   to the following NetApp storage system(s):
      ntp1
      ntp2
   The script was unable to set the correct path settings
   for your configuration.
   One possible cause is SSL might not be configured properly.
   Please login to your NetApp storage controller
   and run 'secureadmin setup ssl'.  After you have verified that SSL
   is configured properly, run the following command to ensure
   the correct settings are being used:
      /opt/netapp/santools/config_mpath --primary --secure --loadbalance --persistent --access <controller>:<login>:<password>

I am sure that Username and password are correct and I run secureadmin setup ssl before run this command.

Also I added host ip address and user name in /etc/hosts.equiv file of filers.

# esxcfg-firewall -q
Chain INPUT (policy DROP 21967 packets, 1926K bytes)
pkts bytes target     prot opt in     out     source               destination
  135 21834 ACCEPT     tcp  --  *      *       10.3.1.222          0.0.0.0/0           tcp
  262 46298 ACCEPT     tcp  --  *      *       10.3.1.221          0.0.0.0/0           tcp
15983   11M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
3932 1108K valid-tcp-flags  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
4076 1116K valid-source-address !udp  --  *      *       0.0.0.0/0            0.0.0.0/0
25244 2261K valid-source-address-udp  udp  --  *      *       0.0.0.0/0            0.0.0.0/0
    1    60 valid-source-address  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02
  144  8064 icmp-in    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
3931 1108K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:902 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
   12  3953 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:67:68 dpts:67:68
3267  331K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:427
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:427 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5989 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5988 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:514
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:544
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
15983   11M ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
5503 2661K valid-tcp-flags  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
  122  6832 icmp-out   icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:53
5442 2657K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:902 state NEW
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:67:68 dpts:67:68
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:427
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:427 state NEW
   41  2460 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:902 state NEW
  167 52550 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:902 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:749 state NEW
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:88 state NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:514
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:544
   20  1200 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain icmp-in (1 references)
pkts bytes target     prot opt in     out     source               destination
  122  6832 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4
   22  1232 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmp-out (1 references)
pkts bytes target     prot opt in     out     source               destination
  122  6832 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain log-and-drop (7 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 6 level 7
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain valid-source-address (2 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       127.0.0.1            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/8            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            255.255.255.255

Chain valid-source-address-udp (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       127.0.0.1            0.0.0.0/0
    1   368 DROP       all  --  *      *       0.0.0.0/8            0.0.0.0/0

Chain valid-tcp-flags (2 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x11/0x01
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x18/0x08
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x30/0x20
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x06
    0     0 log-and-drop  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x05/0x05


Incoming and outgoing ports blocked by default.
Enabled services: CIMSLP VCB CIMHttpsServer vpxHeartbeats kerberos CIMHttpServer sshServer webAccess

Opened ports:
        port21              : port 21 tcp.out
        portrsh             : port 514 tcp.in tcp.out
        port443             : port 443 tcp.in tcp.out
        port544             : port 544 tcp.in tcp.out
        web                 : port 80 tcp.in tcp.out
        port23              : port 23 tcp.out
        port20              : port 20 tcp.in
Added Iprules:
        ntp1_ip_rule    : host 10.3.1.221 cport 0:65535 ACCEPT tcp
        ntp2_ip_rule    : host 10.3.1.222 cport 0:65535 ACCEPT tcp

Re: ESX 4 NetApp storage systems OS versions FAILED

Hi,

I figure out the problem,

It has been defined trusted.hosts options.

I added esx ip address in this option, then problem solved.

Regards