Community maintenance is complete. Thank you for your patience!

Active IQ Unified Manager Discussions

Host Services 1.1

drewmoganias

I am troubleshooting the new Host Service 1.1 on vSphere5 and
having trouble registering it.

Just says “Failed to configure DataFabric Manager server IP
address: 172.16.3.32 and port: 8488 on the Host Service”

  

When I look on the vCenter server (where host services is
installed) I see it trying on the log...says
Communication failure between
HostAgent and DFM server: Could not establish trust relationship for the
SSL/TLS secure channel with authority 'dfm-32:8488'.  Please make sure DFM
server is up running.

DFM server is up and running with no problems.

Windows Firewalls are turned off on both servers.

DNS is working both forward/reverse on both hosts.

I have re-installed Host Services on vcenter server, but no change and installer completes with no errors on both initial and reinstall.

Any ideas?

Thanks,

drew

34 REPLIES 34

JANDREWARTHA

So by default the DFM certificate is valid for two years, which means for me it just expired. Fortunately I found this thread again and the following worked:

dfm ssl service setup -f (setting the expiry to 3650 days this time)

dfm ssl service reload

And it was all good. I did run Configure-HostService -options authorize::false but I don't think it was needed or had any effect.

DOMINIC_WYSS

had the same issue after updating to OnCommand Core 5.2 and HostPackage 1.3

the solution was unregister, recreate the HS cert (not the dfm cert) and reregister.

on dfm server:

dfm hs list

dfm hs unregister -f <hs-id>

on hs server in powershell:

Configure-HostService -options authorize::false

New-HSCertificate

on dfm server:

dfm hs register -i <dfm-IP> <hs-IP>

dfm hs list (hs should still have the same id)

dfm hs authorize <hs-id>

dfm hs discover <hs-id>

dfm hs diag <hs-id>

zmizmizmi

ocum 5.2, hostpackage 1.3, same problem. But I can't get it working. Even re-installed hostpackage now. Diag says this:

Network Connectivity
IP Address                    <hidden>, but OK
FQDN                         <hidden>, but OK
Admin Port                    8699
HTTPS                         Failed
Plugin Reachable              Unknown

DataFabric Manager server configuration
Port                          Unknown
IP Address/DNS                Unknown
DFM Reachable                 Unknown

Acording to:                  DataFabric Manager server              Host Service
Management Port               8799                                   Unknown

Host Service version          1.3.0.1537                             Unknown

Plugin Information
Plugin version                1.1.0.0                                Unknown
Plugin Type                   OnCommand Host Service VMware Plug-in  Unknown

Why is HTTPS=failed? What does it mean? Also, "dfm hs list" says Status=down, and the TZ should be GMT+2 (where to fix?):

Id         Host Name                                Host Address         Version    Status                 Timezone
---------- ---------------------------------------- -------------------- ---------- ---------------------- ----------------------------------------
184       <hidden>                           <hidden>                  1.3.0.1537     down                   GMT-2:00(2 hours East of UTC).

# dfm hs configure -i <hidden> 184

Error: Failed to configure Host Service. Reason: Host Service status is down. Please check if Host Service is running.

There's something wrong - I originaly came here because in the web interface of oncommand, I cannot edit a dataset:

Error:     The task: Push dataset xxx (1450) configuration to host service VCENTER (184) cannot be done at this time.

Action:   Push dataset xxx (1450) configuration to host service VCENTER (184).

Reason:  The Host Service is down at this time.

Suggestion: Resolve the problem with the Host Service.

The service is running - what is the problem?

zmizmizmi

I think the problem is with the certificate. I created it new as suggested above, still always get this in the oncommandhostsvc.log:

10.17.2013 06:00:48:442  :  ProcessID= 10024 ThreadID= 6 CheckHostServiceCertificate: Certificate [E=hostmaster@zmi.at, CN=vCenter.hosting.zmi.at, OU=Storage Management, O=Proteger, L=Korneuburg, S=Korneuburg, C=AT] received. Errors [RemoteCertificateChainErrors]

10.17.2013 06:00:48:445  :  ProcessID= 10024 ThreadID= 6 CheckHostServiceCertificate: Certificate validation failed. Denied

10.17.2013 06:00:48:451  :  ProcessID= 10024 ThreadID= 6 invoke has CommunicationException, details: Es konnte keine Vertrauensstellung für den sicheren SSL/TLS-Kanal mit Autorität 10.127.4.10:8488 eingerichtet werden.

(the last line means "couldn't create trust relationship for secure SSL/TLS"

Any ideas how to fix?

arunchak

See if you can find "Mark this answer as correct" at the bottom of the post where there is like and reply button.

malcolmpenn

Hi Arunchak,

I am having exactly the same problem and have been for the past week... could you please detail for me how the following step is done, ideally I would like to avoid re-installing the Host software on our vCenter server.

  1. Force HS to exchange certificate with DFM again using following command in HS powershell : Configure-HostService -options authorize::false

I can't seem to find where the powershell cmdlets are located or can "Configure-HostService" be run from just entering powershell on the Host Service server.

Many thanks

Malcolm

arunchak

HI,

Download the powershell cmdlets from below location in your dfm server:

[a@shoemaker-rhel6x64-01 clients]$ pwd

/opt/NTAPdfm/web/clients   (should be similar directory navigation for windows DFM -> c:\Program Files\NetApp\DataFabricManager ---- )

[a@shoemaker-rhel6x64-01 clients]$ ls | grep -i cmdlets

occmdlets-setup-mainN_110707_2100-winx86.exe (Install this on HS machine)

If your DFM is lunux you can download this file using winscp or such software.

Then powershell should be installed in HS navigate to it from start menu and run the above command. Let me know if it worked for you.

-Arun

arunchak

Also, what does this command say:

Add-PSSnapin hostservices.ps

malcolmpenn

I've left the office for today but I will check first thing in the morning

Thanks for getting back to me so quickly

arunchak

okay.. np.

AFAIK, the snapin should load properly. then you will be able to execute the commands.

malcolmpenn

Hi Arun,

Trying to add "hostservices.ps" using Add-PSSnapin show that hostservices.ps is not installed on our machine.

But when I open "Start" "All Programs" "NetApp" it shows the " On-Command Windows Powershell Cmdlets" and "Host Service Powershell"

Many thanks

svijay

Hi Malcolm,

Please follow these steps:

1. On the system you have installed the Oncommand HostPackage:

Go to Start- Programs-NetApp- OnCommand Host Service PowerShell

Or

Browse to this location: C:\Program Files\NetApp\OnCommand Host Package\Host Service

Find & Run this file 'OnCommandHostSvc.psc1'

In the CLI windows it would open Type this command:

" Configure-HostService -options authorize::false"

the output should be displayed like this example:

PS C:\Program Files\NetApp\OnCommand Host Package\Host Service> Configure-HostSe

rvice -options authorize::false

Messages           :

OperationId        :

OperationType      :

OperationStatus    : Success

ResultCode         :

ResolutionGuidance :

Detail             :

ExtensionData      : System.Runtime.Serialization.ExtensionDataObject

MessageId          : 0

LogLevel           : 0

Source             :

Category           :

MessageDetail      :

TimeStamp          : 12/14/2011 5:51:55 AM

Sample:

PS C:\Program Files\NetApp\OnCommand Host Package\Host Service> Get-HSConfigurat

ion

HostServiceId       :

HostServiceVersion  : 1.1.0.1512

HostServiceTimeZone : Eastern Standard Time

HostDNSName         : 2k8-Sample

HostOperatingSystem : Microsoft Windows NT 6.1.7600.0

DFMNameOrIPAddress  : 10.10.10.10

EndpointAddress     : https://10.10.10.10:8488/apis/soap/v1

Port                : 8488

PluginName          : OnCommand Host Service VMware Plug-in

PluginID            : 0122AC9E-ACE9-4958-AF1D-F6C0057F8597

PluginVersion       : 1.1.0.0

PluginResourceTypes : Virtualization.VMware.Vsphere;Virtualization.VMware.SFR;V

                      irtualization.VMware.Datacenter;Virtualization.VMware.Hyp

                      erVisor;Virtualization.Network;Virtualization.VMware.Data

                      store;Virtualization.VMware.VM;FCP.WWN;ISCSI.Initiator;FC

                      P.WWPN;Storage.ONTAP.LUN;Storage.ONTAP.NFSExport;Virtuali

                      zation.VMware.VMConfig;Virtualization.VMware.VDisk;Storag

                      e.ONTAP.Volume;Storage.ONTAP.StorageSystem;

Namespaces          : VMwareManagement

Hope it helps.

Best Regards,

Vijay

malcolmpenn

Hi Vijay,

Thanks very much for your instructions, below is my output:

PS C:\Documents and Settings\snapdrive> Configure-HostService -options authorize
::false


Messages           :
OperationId        :
OperationType      :
OperationStatus    : Success
ResultCode         :
ResolutionGuidance :
Detail             :
ExtensionData      : System.Runtime.Serialization.ExtensionDataObject
MessageId          : 0
LogLevel           : 0
Source             :
Category           :
MessageDetail      :
TimeStamp          : 14/12/2011 11:27:51

PS C:\Documents and Settings\snapdrive> Get-HSConfiguration


HostServiceId       : 536
HostServiceVersion  : 1.1.0.1512
HostServiceTimeZone : GMT Standard Time
HostDNSName         : csovmvc01.xx.xxxx.xx
HostOperatingSystem : Microsoft Windows NT 5.2.3790 Service Pack 2
DFMNameOrIPAddress  : 10.11.8.31
EndpointAddress     : https://10.11.8.31:8488/apis/soap/v1
Port                : 8488

PluginName          : OnCommand Host Service VMware Plug-in
PluginID            : 0122AC9E-ACE9-4958-AF1D-F6C0057F8597
PluginVersion       : 1.1.0.0
PluginResourceTypes : Virtualization.VMware.Vsphere;Virtualization.VMware.SFR;V
                      irtualization.VMware.Datacenter;Virtualization.VMware.Hyp
                      erVisor;Virtualization.Network;Virtualization.VMware.Data
                      store;Virtualization.VMware.VM;FCP.WWN;ISCSI.Initiator;FC
                      P.WWPN;Storage.ONTAP.LUN;Storage.ONTAP.NFSExport;Virtuali
                      zation.VMware.VMConfig;Virtualization.VMware.VDisk;Storag
                      e.ONTAP.Volume;Storage.ONTAP.StorageSystem;
Namespaces          : VMwareManagement

Cheers

Malcolm

arunchak

After setting authorization to false. go to DFM console and run "dfm hs authorize <hsid>"

-Arun

malcolmpenn

I've removed and re-installed the host agent on our vCenter box now as we have been changing things for over a week now and wanted a fresh start.

After following the commands:

owse to this location: C:\Program Files\NetApp\OnCommand Host Package\Host Service 

Find & Run this file 'OnCommandHostSvc.psc1'

In the CLI windows it would open Type this command:

" Configure-HostService -options authorize::false"

Going back to the DFM console and running "dfm hs list" it is still showing the host as down and the same error messages are being shown in the D:\Program Files\NetApp\OnCommand Host Package\Host Service\OnCommandHostSvc.log

One thing I have noticed since the re-install when I open "Start" "All Programs" "NetApp" it doesnt show " On-Command Windows Powershell Cmdlets" anymore.....

arunchak

Can you try the following?

1. dfm hs unregister -f <hsid>  (from your dfm console)

  2. dfm hs list (confirm that HS is not listed.

  3. dfm hs register <ip>

Let me know what happened...

malcolmpenn

C:\Windows\system32>dfm hs unregister -f 536
Successfully un-registered Host Service '536'.

C:\Windows\system32>dfm hs list
There are no Host Services.

C:\Windows\system32>dfm hs register 192.168.3.42
Successfully registered host service '192.168.3.42(536)'.
The host service needs to be authorized to enable
backups(local and remote) and restore operations on
virtual infrastructure managed by the host service.

Retrieving SSL certificate presented by host service ...

The SHA256 fingerprint of the SSL certificate presented
by the host service is :
F0:EC:BB:91:C5:1C:A4:B1:DB:DA:DE:20:E0:48:8D:05:F6:A8:CC:94:F1:8F:1C:BF:95:DE:68
:A6:93:22:BB:13

Do you trust the SSL certificate and authorize the host service
to use this server {y(yes), n(no), v(to view full certificate)} ? [y]y
Successfully authorized host service '536'. Started job 1081 to discover virtual
inventory.

C:\Windows\system32>
C:\Windows\system32>dfm hs list
Id         Host Name                                Host Address         Version
    Status                 Timezone
---------- ---------------------------------------- -------------------- -------
--- ---------------------- ----------------------------------------
536        csovmvc01.xx.xxxx.xxx                    192.168.3.42         1.1.0.1
512 up

C:\Windows\system32>dfm hs diag csovmvc0
Unable to free SQL environment.
^C
C:\Windows\system32>dfm hs diag csovmvc01

Network Connectivity
IP Address                    192.168.3.42
FQDN                          csovmvc01.uk.cruk.net
Admin Port                    8699
HTTPS                         Failed
Plugin Reachable              Unknown

DataFabric Manager server configuration
Port                          Unknown
IP Address/DNS                Unknown
DFM Reachable                 Unknown

Acording to:                  DataFabric Manager server              Host Servic
e
Management Port               8799                                   Unknown

Host Service version          1.1.0.1512                             Unknown

Plugin Information
Plugin version                                                       Unknown
Plugin Type                                                          Unknown

From protection manager the following error message is shown for the Discovery job:

SOAP 1.2 fault: SOAP-ENV:Sender[no subcode]

"SSL_ERROR_SSL

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

Detail: SSL_connect error in tcp_connect()

Now that the host agent on the vCenter has been re-installed i don;t see the "On-Command Windows Powershell Cmdlets" shown from "Start" "All Programs" "NetApp" is this needed before I start the discovery - i thought previously it was - if so can you let me know how this is added to the host.

Many thanks

"Start" "All Programs" "NetApp" it doesnt show " On-Command Windows Powershell Cmdlets" anymore.....

JANDREWARTHA

Hi Malcom,

Did you find a fix to the

"Error 403 fault: SOAP-ENV:Server[no subcode]

"HTTP Error"

Detail: HTTP/1.1 403 Forbidden

problem?

Thanks

arunchak

Can you try this?

1. Dfm hs unregister -f

2. dfm ssl service setup -f (To create new certificate in dfm)

3. dfm ssl service reload (To use this new certificate on DFM)

4. now freshly install HS

malcolmpenn

Hi Arun,

Thanks for all your assistance with this issue.

I have tried the above but we are still seeing the same issues, we have an open case with NetApp support to investigate the issue - it seems whatever we try and results are the same

12/13/2011 12:03:18:716 PM : ProcessID= 1996 ThreadID= 8

StateChangeEventProcessor::ProcessEventMessages-Exit

12/13/2011 12:03:18:716

PM : ProcessID= 1996 ThreadID= 8 EventManager::ProcessEvents-Exit

12/13/2011

12:03:19:904 PM : ProcessID= 1996 ThreadID= 6 CheckHostServiceCertificate:

Certificate [E=support@NetApp.com, CN=CSONETAPPMGR01.uk.xxx.net, OU=Storage

Management, O=NetApp, L=San Jose, S=California, C=US] received. Errors

[RemoteCertificateChainErrors]

12/13/2011 12:03:19:904 PM : ProcessID= 1996

ThreadID= 6 CheckHostServiceCertificate: Certificate validation failed.

Denied

12/13/2011 12:03:19:920 PM : ProcessID= 1996 ThreadID= 6 invoke has

CommunicationException, details: Could not establish trust relationship for the

SSL/TLS secure channel with authority '10.11.8.31:8488'.

12/13/2011

12:03:19:920 PM : ProcessID= 1996 ThreadID= 6 ApiDispatcher failed to call dfm

with DfmSoapProxyException exception : Could not establish trust relationship

for the SSL/TLS secure chan

We are also seeing this error from protection manager:

"Error 403 fault: SOAP-ENV:Server[no subcode]

"HTTP Error"

Detail: HTTP/1.1 403 Forbidden

I belive that it's burt 507569 but this was fixed in 1.1 and we are using 1.1

When we have a fix I will post how this problem was resolved.

Cheers

Malcolm

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public