https://community.netapp.com/t5/Microsoft-Virtualization-Discussions/Set-NcSecurityConfig-for-restricting-protocol-versions/m-p/148562#M6008 <P>Team,</P> <P>&nbsp;</P> <P>A customer want's to automate the internal security hardening process. He works with the PowerShell Cmdlet "Set-NcSecurityConfig", but it allways throws an error, when limitting the allowed protocols. I have veryfied it internally with different versions of PowerShell and ONTAP:</P> <P>&nbsp;</P> <PRE>Z:\&gt; Set-NcSecurityConfig -Interface ssl -SupportedProtocols tlsv1_2 Set-NcSecurityConfig : Unexpected array element: security-supported-protocols At line:1 char:1 + Set-NcSecurityConfig -Interface ssl -SupportedProtocols tlsv1_2 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (xxx.xxx.xxx.xxx.com:NcController) [Set-NcSecurityConfig], EINVALIDINPUTERROR + FullyQualifiedErrorId : ApiException,DataONTAP.C.PowerShell.SDK.Cmdlets.Security.SetNcSecurityConfig</PRE> <P>&nbsp;</P> <P>I assume, a wrong attribute name is sent here ("security-supported-protocls" instead of "supported-protocols"). The ZAPI call works:</P> <PRE> &lt;security-config-modify&gt; &lt;interface&gt;ssl&lt;/interface&gt; &lt;supported-protocols&gt; &lt;string&gt;TLSv1.2&lt;/string&gt; &lt;/supported-protocols&gt; &lt;/security-config-modify&gt;</PRE> <P>Also, submitting it via "Invoke-NcSystemApi" works without any problem:</P> <PRE>PS Z:&gt; $xml = Invoke-NcSystemApi "&lt;security-config-modify&gt;&lt;interface&gt;ssl&lt;/interface&gt;&lt;supported-protocols&gt;&lt;string&gt;TLSv1.2&lt;/string&gt;&lt;/supported-protocols&gt;&lt;/security-config-modify&gt;" PS Z:&gt; $xml.results status ------ passed</PRE> <P>&nbsp;</P> <P>Maybe anybody can provide a simple fix <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>Thanks,</P> <P>Adrian</P> Wed, 04 Jun 2025 12:31:12 GMT badrian 2025-06-04T12:31:12Z https://community.netapp.com/t5/Microsoft-Virtualization-Discussions/Set-NcSecurityConfig-for-restricting-protocol-versions/m-p/148562#M6008 <P>Team,</P> <P>&nbsp;</P> <P>A customer want's to automate the internal security hardening process. He works with the PowerShell Cmdlet "Set-NcSecurityConfig", but it allways throws an error, when limitting the allowed protocols. I have veryfied it internally with different versions of PowerShell and ONTAP:</P> <P>&nbsp;</P> <PRE>Z:\&gt; Set-NcSecurityConfig -Interface ssl -SupportedProtocols tlsv1_2 Set-NcSecurityConfig : Unexpected array element: security-supported-protocols At line:1 char:1 + Set-NcSecurityConfig -Interface ssl -SupportedProtocols tlsv1_2 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (xxx.xxx.xxx.xxx.com:NcController) [Set-NcSecurityConfig], EINVALIDINPUTERROR + FullyQualifiedErrorId : ApiException,DataONTAP.C.PowerShell.SDK.Cmdlets.Security.SetNcSecurityConfig</PRE> <P>&nbsp;</P> <P>I assume, a wrong attribute name is sent here ("security-supported-protocls" instead of "supported-protocols"). The ZAPI call works:</P> <PRE> &lt;security-config-modify&gt; &lt;interface&gt;ssl&lt;/interface&gt; &lt;supported-protocols&gt; &lt;string&gt;TLSv1.2&lt;/string&gt; &lt;/supported-protocols&gt; &lt;/security-config-modify&gt;</PRE> <P>Also, submitting it via "Invoke-NcSystemApi" works without any problem:</P> <PRE>PS Z:&gt; $xml = Invoke-NcSystemApi "&lt;security-config-modify&gt;&lt;interface&gt;ssl&lt;/interface&gt;&lt;supported-protocols&gt;&lt;string&gt;TLSv1.2&lt;/string&gt;&lt;/supported-protocols&gt;&lt;/security-config-modify&gt;" PS Z:&gt; $xml.results status ------ passed</PRE> <P>&nbsp;</P> <P>Maybe anybody can provide a simple fix <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>Thanks,</P> <P>Adrian</P> Wed, 04 Jun 2025 12:31:12 GMT https://community.netapp.com/t5/Microsoft-Virtualization-Discussions/Set-NcSecurityConfig-for-restricting-protocol-versions/m-p/148562#M6008 badrian 2025-06-04T12:31:12Z