Community maintenance is complete. Thank you for your patience!

Active IQ Unified Manager Discussions

Incorrect credentials error even after making connection

Vikramjeet_Singh

WFA Powershell code:

 

param (
[parameter(Mandatory=$true, HelpMessage="Cluster name or IP address")]
[string]$Cluster
)

# connect to controller
Connect-WfaCluster -Node $Cluster

if($Cluster)
{
Get-WFALogger -Info -message $("Setting Security Audit on: " + $Cluster)
Set-NcAudit -CliSet $true -OntapiSet $true -Controller $Cluster
}

 

Above is a simple code to manipulate the audit setting.

The code is pretty straight forward but I am not sure why I keep on getting the below error even after making connection.

please advice!!!

 

15:38:48.959 INFO [TSS Cluster Settings] ### Command 'TSS Cluster Settings' in 'POWER_SHELL' ###

15:39:21.068 INFO [TSS Cluster Settings] Get-WfaCredentials -Host ABCD

15:39:21.115 INFO [TSS Cluster Settings] Credentials successfully provided for 'ABCD'

15:39:21.162 INFO [TSS Cluster Settings] Connect-Controller -Type CLUSTER -Name ABCD -Credential System.Management.Automation.PSCredential -Vserver -SSLversion TLSv1

15:39:21.209 INFO [TSS Cluster Settings] Credentials successfully provided for 'ABCD'

15:39:21.271 INFO [TSS Cluster Settings] Connect-NcController (with credentials) -Name ABCD -Timeout 60000 -ErrorAction Stop -Port 443 -SSLVersion TLSv1

15:39:22.381 INFO [TSS Cluster Settings] Connected to cluster node

15:39:22.443 INFO [TSS Cluster Settings] Setting Security Audit on: ABCD

15:39:28.303 ERROR [TSS Cluster Settings] Command failed for Workflow ' TSS Cluster Settings cDOT' with error : Incorrect credentials for ABCD

15:39:28.318 INFO [TSS Cluster Settings] ***** Workflow Execution Failed *****

1 ACCEPTED SOLUTION

mbeattie

Hi,

Have you tried it without passing the -Controller variable. The "global:CurrentNcController" variable is already set by the "Connect-WFACluster" function, you shouldn't need to pass the -controller parameter. Have you tried commenting out the line that contains -Controller and replacing the command to omit the -Controller parameter. EG:

 

#'------------------------------------------------------------------------------
#'Set-NcAudit -CliSet $true -OntapiSet $true -Controller $Cluster
#'------------------------------------------------------------------------------
Set-NcAudit -CliSet $true -OntapiSet $true 
#'------------------------------------------------------------------------------

Also have you tried it externally to WFA? If you do a "get-help set-ncaudit -full" you'll notice many of those parameter are specific to ontap versions. I noticed there were error warnings, you might want to check the paramaters apply to the version of ONTAP that your cluster is running.

 

Import-Module DataONTAP
$credentials = Get-Credential -Credential admin
connect-nccontroller -name cluster1.testlab.local -https -Credential $credentials | Out-Null
Set-NcAudit -CliSet $true -OntapiSet $true
WARNING: CliSet, HttpSet, OntapiSet, SnmpSet are not supported in Data ONTAP 9.0 and later. Ignoring value(s).

/Matt

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

3 REPLIES 3

mbeattie

Hi,

Have you tried it without passing the -Controller variable. The "global:CurrentNcController" variable is already set by the "Connect-WFACluster" function, you shouldn't need to pass the -controller parameter. Have you tried commenting out the line that contains -Controller and replacing the command to omit the -Controller parameter. EG:

 

#'------------------------------------------------------------------------------
#'Set-NcAudit -CliSet $true -OntapiSet $true -Controller $Cluster
#'------------------------------------------------------------------------------
Set-NcAudit -CliSet $true -OntapiSet $true 
#'------------------------------------------------------------------------------

Also have you tried it externally to WFA? If you do a "get-help set-ncaudit -full" you'll notice many of those parameter are specific to ontap versions. I noticed there were error warnings, you might want to check the paramaters apply to the version of ONTAP that your cluster is running.

 

Import-Module DataONTAP
$credentials = Get-Credential -Credential admin
connect-nccontroller -name cluster1.testlab.local -https -Credential $credentials | Out-Null
Set-NcAudit -CliSet $true -OntapiSet $true
WARNING: CliSet, HttpSet, OntapiSet, SnmpSet are not supported in Data ONTAP 9.0 and later. Ignoring value(s).

/Matt

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

Vikramjeet_Singh

Thanks Mbeattie, you were right SET command is not supported in 9.0, my bad. Should have looked carefully at Get-NcAudit parameters, silly mistake.

 

Thanks again 🙂

 

mbeattie

Hi Vikramjeet,

 

Here is the command code that contains all input parameters for the "Set-NcAudit" cmdlet and tests the ONTAP version

 

 

Param(
   [Parameter(Mandatory=$True, HelpMessage="The Cluster name or IP address")]
   [String]$Cluster,
   [Parameter(Mandatory=$True, HelpMessage="The DataONTAP version number running on the cluster")]
   [String]$Version,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of CLI set operations. If false, disable auditing of CLI set operations. If not specified, the setting will remain unchanged")]
   [Bool]$CliSet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of CLI get operations. If false, disable auditing of CLI get operations. If not specified, the setting will remain unchanged")]
   [Bool]$CliGet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of HTTP set operations. If false, disable auditing of HTTP set operations. If not specified, the setting will remain unchanged")]
   [Bool]$HttpSet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of HTTP get operations. If false, disable auditing of HTTP get operations. If not specified, the setting will remain unchanged")]
   [Bool]$HttpGet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of SNMP set operations. If false, disable auditing of SNMP set operations. If not specified, the setting will remain unchanged")]
   [Bool]$SnmpSet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of SNMP get operations. If false, disable auditing of SNMP get operations. If not specified, the setting will remain unchanged")]
   [Bool]$SnmpGet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of ONTAPI set operations. If false, disable auditing of ONTAPI set operations. If not specified, the setting will remain unchanged")]
   [Bool]$OntapiSet,
   [Parameter(Mandatory=$False, HelpMessage="If true, enable auditing of ONTAPI get operations. If false, disable auditing of ONTAPI get operations. If not specified, the setting will remain unchanged")]
   [Bool]$OntapiGet,
   [Parameter(Mandatory=$False, HelpMessage="The maximum number of ZAPI retry attempts")]
   [Int]$ZapiRetryCount
)
#'------------------------------------------------------------------------------
#'Connect to the cluster.
#'------------------------------------------------------------------------------
Connect-WfaCluster -Node $Cluster
#'------------------------------------------------------------------------------
#'Set the command to enable security auditing.
#'------------------------------------------------------------------------------
[Int]$versionComparisionValue900 = Compare-OntapVersions $Version "9.0.0"
[String]$command = "Set-NcAudit "
If($CliSet){
   If($versionComparisionValue900 -ne -1){
      Get-WFALogger -Warn -Message "The ""CliSet"" parameter is not supported in Data ONTAP 9.0 and later. Ignoring value"
   }Else{
      [String]$command += "-CliSet `$True "
   }
}
If($CliGet){
   [String]$command += "-CliGet `$True " 
}
If($HttpSet){
   If($versionComparisionValue900 -ne -1){
      Get-WFALogger -Warn -Message "The ""HttpSet"" parameter is not supported in Data ONTAP 9.0 and later. Ignoring value"
   }Else{
      [String]$command += "-HttpSet `$True "
   }
}
If($HttpGet){
   [String]$command += "-HttpGet `$True " 
}
If($SnmpSet){
   If($versionComparisionValue900 -ne -1){
      Get-WFALogger -Warn -Message "The ""SnmpSet"" parameter is not supported in Data ONTAP 9.0 and later. Ignoring value"
   }Else{
      [String]$command += "-SnmpSet `$True " 
   }
}
If($SnmpGet){
   [String]$command += "-SnmpGet `$True " 
}
If($OntapiSet){
   If($versionComparisionValue900 -ne -1){
      Get-WFALogger -Warn -Message "The ""OntapiSet"" parameter is not supported in Data ONTAP 9.0 and later. Ignoring value"
   }Else{
      [String]$command += "-OntapiSet `$True "
   }
}
If($OntapiGet){
   [String]$command += "-OntapiGet `$True " 
}
If($ZapiRetryCount){
   [String]$command += "-ZapiRetryCount $ZapiRetryCount " 
}
[String]$command += "-ErrorAction Stop"
#'------------------------------------------------------------------------------
#'Ensure an input parameter was providied.
#'------------------------------------------------------------------------------
If(($command.Contains("true")) -Or ($command.Contains("false"))){
   [Bool]$enable = $True
}Else{
   [Bool]$enable = $False
}
#'------------------------------------------------------------------------------
#'Set security auditing.
#'------------------------------------------------------------------------------
If($enable){
   Get-WFALogger -Info -message "Setting security audit on cluster ""$Cluster"" running DataONTAP version ""$Version"""
   Try{
      Invoke-Expression -Command $command -ErrorAction Stop
      Get-WFALogger -Info -Message "Executed Command`: $command"
   }Catch{
      Get-WFALogger -Error -Message $("Failed Executing Command`: $command. Error " + $_.Exception.Message)
      Throw  "Failed setting security audit on cluster ""$Cluster"""
   }
}Else{
   Get-WFALogger -Info -Message "No input parameters were provide to set security auditing on cluster ""$Cluster"" running DataONTAP version ""$Version"""
}
#'------------------------------------------------------------------------------

/Matt

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public