Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Harvest Unable to set tls.enable on


Harvest requires TLS to be enabled, however when running tls.enable on on a 7-mode 8.02P6 I receive the following error:

Setting invalid option tls.enable failed.

is TLS not supported in this version of ONTAP? according to the harvest install/admin guide ONTAP 8.0 is supported by harvest. 



Hi, @shem,


Because vulnerabilities were discovered in SSL v3 you can no longer guarantee communications using it are secure.  As a result the SDK was also adapted to require TLS and I added the instructions to enable TLS in Data ONTAP.  If you have controllers that don't support TLS and you can't or don't want to upgrade them to a release that does, as a workaround you could use an older version of the SDK, such as v 5.3, that still allows non TLS connections.


Here are the steps:

1) Download http://mysupport.netapp.com/NOW/download/software/nmsdk/5.3/ from the support site and copy to your poller host in /tmp.


2) Extract it:

cd /tmp

unzip netapp-manageability-sdk-5.3.zip netapp-manageability-sdk-5.3/lib/perl/NetApp/*


3) Stop the poller:

/opt/netapp-harvest/netapp-manager -stop


4) Rename current lib and create new empty one:

mv /opt/netapp-harvest/lib /opt/netapp-harvest/lib-old

mkdir /opt/netapp-harvest/lib 


5) Copy 5.3 lib in place:

mv netapp-manageability-sdk-5.3/lib/perl/NetApp/* /opt/netapp-harvest/lib


6) Start poller:

/opt/netapp-harvest/netapp-manager -start


Please post if this allows collection or not, and kudos if it is indeed a solution for you.


Chris Madden

Storage Architect, NetApp EMEA (and author of Harvest)

Blog: It all begins with data


If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO


Hi Chris

I had follow your steps (on 7-Mode 8.0.2P4 TLS dosen't exist) and it still doesn't work


Error message :



[WARNING] [sysinfo] Update of system-info cache DOT Version failed with reason: No response received from server; Recommend to verify TLS is enabled (7-mode: options tls.enable) and/or setup ssl again (7-mode: secureadmin setup ssl)

[WARNING] [main] system-info update failed; will try again in 10 seconds.



Upgrade DataOntap is not possible.

Do you have an alternate solution ?


Best regards



With regards to the option of reverting back to 5.3 to allow non-TLS connectivity.  Would this library make the poller vulnerable to any SSL vulnerability?




Hi @mattbowden


From the SDK 5.3.1 release notes:

Default disablement of SSLv3 protocol for HTTPS transport, because of the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability


More on the vulnerability is here: https://www.us-cert.gov/ncas/alerts/TA14-290A


Since the vulnerability is in the design of SSLv3 itself you should not assume your communications using it are secure.  Updating Data ONTAP to a release with TLS support is the answer.  If it isn't possible then you could take steps to reduce the risk such as (a) using RBAC so that the user login details that could be compromised is capable of only read-only actions, (b) modify options httpd.admin.access  so that a small set of hosts are allowed to manage the system.


If you have an environment with a mix of systems, some supporting TLS and some not, you could still use the 5.3 SDK and just make sure that SSLv3 is disabled on the systems that support TLS.  In this way you are vulnerable only on the systems where there is no alternative.


Chris Madden

Storage Architect, NetApp EMEA (and author of Harvest)

Blog: It all begins with data


If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO



NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner