Active IQ Unified Manager Discussions

Failed to connect to cluster node

HenkJ_Snel
6,618 Views

Hi,

 

I've a problem  to connect to a cluster-node (ontap 83.2P1):

 

 

12:37:30.792 INFO  [Create volume] ### Command 'Create volume' in 'POWER_SHELL' ###
12:38:02.199 INFO  [Create volume] Get-WfaCredentials -Host xxx.xxx.xx.xx
12:38:02.230 INFO  [Create volume] Credentials successfully provided for 'xxx.xxx.xx.xx'
12:38:02.246 INFO  [Create volume] Connect-Controller -Type CLUSTER -Name xxx.xxx.xx.xx -Credential System.Management.Automation.PSCredential -Vserver
12:38:02.277 INFO  [Create volume] Credentials successfully provided for xxx.xxx.xx.xx
12:38:02.324 INFO  [Create volume] Connect-NcController (with credentials) -Name xxx.xxx.xx.xx -Timeout 60000 -ErrorAction Stop -Port 443 -SSLVersion TLSv1.2
12:38:02.558 ERROR  [Create volume] Failed to connect to cluster node: xxx.xxx.xx.xx
12:38:02.668 ERROR  [Create volume] Command failed for Workflow 'Dictu - FCP LUN: Create HP-UX (ONTAP 8.3)' with error : Failed to connect to cluster node: xxx.xxx.xx.xx.
12:38:02.668 INFO  [Create volume] ***** Workflow Execution Failed *****

 

We are running WFA 4.2 (RC1).

 

It looks like that the cluster-node does not suppor TLSv1.2.

 

Does anybody know how to fix this problem?

 

Thanks.

Henk Snel

8 REPLIES 8

sundarea
6,607 Views

Hi Henk Snel,

As part of security fix now the connections are only through TLS,

to solve this issue Either upgrade to new Ontap which has TLS or try using Perl instead of Powershell.

All the Ontap 9.0 will support TLS

 

Regards,

Sundar

yannb
6,588 Views

What is the output of "system services web show" and "system services web node show" ?

HenkJ_Snel
6,585 Views

xxxxxx::> system services web node show

                                                     Total         Total

Node          External HTTP Port HTTPs Port Status   HTTP Requests Bytes Served

------------- -------- --------- ---------- -------- ------------- ------------

xxxxxx-01   true            80        443 online            6135    414543673

xxxxxx-02   true            80        443 online              17        11630

2 entries were displayed.

 

xxxxxx::> system services web show

External Web Services: true

                Status: online

    HTTP Protocol Port: 80

   HTTPs Protocol Port: 443

         TLSv1 Enabled: true

         SSLv3 Enabled: false

SSL FIPS 140-2 Enabled: false

 

sinhaa
6,549 Views

@HenkJ_Snel

 

The error is caused due to attempt to use TLSv1.2 needed by ONTAP 9.X FIPS enabled systems. But the part that got missed is that the old ONTAP 8.X like yours do not support TLSv1.2 and hence will fail to connect. 

 

This is a regression is identified in WFA4.2RC1 and will be fixed in GA.

 

Now you can fix it yourself too:

 

1. Go to WFA\PoSH\Modules\WFAWrapper and Open the file WFAWrapper.psm1 for edit.

2. Find the line: $SSLversion = "TLSv1.2"

3. Modify it to : $SSLversion = "TLSv1"

4. Save.

 

5. Done. No need to restart any services.

 

Re-try your command/workflows, it will work.

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

HenkJ_Snel
6,489 Views

 

Hi Sinhaa,

 

Thanks for your help. Unfortunately, now I am facing  another error:

 

 

 

07:32:35.333 INFO  [Modify Volume Efficiency] ### Command 'Modify Volume Efficiency' in 'POWER_SHELL' ###
07:33:06.630 INFO  [Modify Volume Efficiency] Using cached cluster connection
07:33:06.677 INFO  [Modify Volume Efficiency] Enabling volume efficiency: Set-NcSis -ErrorAction Stop -Name V_hpux_dictu_p_5536_002 -VserverContext fv102943 -Policy default
07:33:10.990 INFO  [Modify Volume Efficiency] Updating existing volume efficiency: Set-NcSis -ErrorAction Stop -Name V_hpux_dictu_p_5536_002 -VserverContext fv102943 -Policy default
07:33:11.052 ERROR  [Modify Volume Efficiency] Failed to update existing volume efficiency: V_hpux_dictu_p_5536_002. Message: Connection to xxx.xxx.xx using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.
07:33:11.318 ERROR  [Modify Volume Efficiency] Command failed for Workflow 'Dictu - FCP LUN: Create HP-UX (ONTAP 8.3)' with error : Connection to xxx.xxx.xx.xx using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.
07:33:11.318 INFO  [Modify Volume Efficiency] ***** Workflow Execution Failed *****

 

The command recommends to create a new certificate with a longer key lenght. The current certificate was created with a key lenght of 2048 bits.

Do we really to create a new certificate with a longer key lenght?

sinhaa
6,484 Views

@HenkJ_Snel

 

I think connection cache is cauing this. Can you try the below.

 

1.  go to \WFA\jboss\standalone\tmp\wfa\controllers_cache 

2. And delete all the files present there.

 

3. Retry your command.

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

HenkJ_Snel
6,469 Views

Hi Sinhaa,

 

I deleted all the files as per your request. I restarted the WFA services for sure. But the previous error comes up again.

 

 

 

Connection to 10.54.16.35 using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length. Location: Row '1' step 'Modify Volume Efficiency'.

HenkJ_Snel
6,466 Views

Hi Sinhaa,

 

Do you happen to know when 4.2 (GA) will be available?

Public