Re: OnCommand System Manager recieves error 500 - Page 4

atinivelli · ‎2014-10-20

Good day, i am running OnCommand System Manager ver 3.1.1 on Windows.

Today, for the very first time, i have seen this issue: i can connect to my 3210 running DataONTAP 8.0.3P2 7-mode, but when i try to reach my new 2240 running DataONTAP 8.1.3P3 7-mode i recieve an error 500 "connection refused".

I have found this workaround: on the 2240s i have issued the command >options httpd.admin.enable on ;

after this the OnCommand System Manager probably still tries a secure connection, on the console i see errors like

[hostname: HTTPPool03:warning]: HTTP XML Authentication failed from MyClientIP .

But now i guess OnCommand System Manager falls back to a non secure connection, i see the question "do you want to set up a secure connection or continue without...", i answer "continue without" and i'm able to manage my filers again.

What's happened? Maybe something java updates related? Thanks in advance.

Alessandro

brgsstm · ‎2015-04-22

It installs but gives me a connection refused 500 when logging onto one of the filers.

Doc_Poulson · ‎2015-04-22

Is the storage controller a 7-mode system?

TLS is not enabled by default on 7-mode systems. since SSL is not enabled in any of the Java8 versions TLS must be enabled on the storage controller for secure communication

brgsstm · ‎2015-04-22

Thankyou, sorted. I can't help but feel this should be made more obvious during the install though.

yuvaraju · ‎2015-04-22

Hi,

System Manager 3.1.2 RC2 description page informs on TLS protocol. http://mysupport.netapp.com/NOW/download/software/systemmgr_win/3.1.2RC2/

Relevant section attached for reference.

Dragon · ‎2015-05-21

Now SSLv3 is disabled by default in updated versions of JDK.
As alternative you can update the /lib/security/java.security file and comment the line #jdk.tls.disabledAlgorithms=SSLv3

Resolved my '500 connection refused' problem.

ekashpureff · ‎2015-07-22

All -

With a total of 55 replies I think this post may have set a record here on NetApp Community !

Maybe the community team should tag this as being the next featured post ?

: )

I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)

Alex-R · ‎2015-09-17

Performing

options httpd.admin.enable on

on both heads worked for me.

LPrice · ‎2015-10-05

Just to pass this on, I am using a thin client as a management workstation, Win7-E, JRE 7.11, OnCommand 3.1.1 working fine.

My filer is a pair of V3240s running OnTap 8.2.3P3

Doc_Poulson · ‎2015-10-08

I posted this KB that I wrote way early in the discussion. I decided to bring it up again since it has been updated a few times.

KB 2021507 - https://kb.netapp.com/support/index?page=content&id=S:2021507&actp=null

cbdallas79 · ‎2015-11-10

Is anyone having problems after upgrading to Java 8 Update 65? After I updated to Update 65, OnCommand System Manager v3.1.2 would not connect to my filers. It worked fine before on Java 8 Update 60.

"options tls.enable on" was already enabled on both my filers before. Per suggestion in this thread, I also enabled "options httpd.admin.enable on" on both filers and now I'm able to connect but I get warned that TLS is not setup on my filers and that the connection will not be secure if I proceed with connecting. I'm not sure why I'm getting this warning when I know for a fact that TLS is enabled on both filers. Does anyone have any suggestions?

Here are the options on both my filers:

-tls.enable on

-httpd.access legacy

-httpd.admin.access legacy

-httpd.admin.enable on

-httpd.admin.hostsequiv.enable off

-httpd.admin.ssl.enable on

-httpd.enable on

-ssl.enable on

-ssl.v2.enable off

-ssl.v3.enable off

Firefoxthebomb · ‎2015-11-10

Yes I too encountered the problem after updating to the latest Java 8 Update 65.

I had to revert back to Java 8 Update 60 to get it back to working order.

Mark_Strovink · ‎2015-11-10

Don't know why, but turning on httpd.admin.enable does make System Manager 3.1.2 work with Java 1.8.65.

Guess we'll hope another releases fixes this and we can turn httpd.admin.enable off again.

aborzenkov · ‎2015-11-10

It was mentioned recently that the latest Java requires larger key size (at least 1024 bits). Try to reconfigure SSL on filet specifying larger size.

cbdallas79 · ‎2015-11-11

Thank you aborzenkov for that info, that fixed my problem. I had to run through the secureadmin setup ssl process again on both my filers and specify a key size of at least 1024 bits as you mentioned, was able to connect with OCSM just fine after that.

For other's having the same problem, here's the info from the KB ID: 2025623

OnCommand System Manager displays error message: The storage system is not configured for secure management with TLS after upgrading to Java 8u65 and later

KB ID: 2025623 Version: 6.0 Published date: 11/03/2015 Views: 219

Environment

OnCommand System Manager (OCSM) 3.1.2
Java 8u65+

Symptoms

While attempting to manage a storage system through HTTPS using System Manager while on Java 8u65 or later version, the following error message is displayed:
The storage system is not configured for secure management with TLS.
When selecting No at the prompt, another error message is displayed: TLS is not set up.

The storage system configuration has TLS enabled (both partners for Data ONTAP 7-Mode).
The Java configuration has TLS 1.0, 1.1, and 1.2 enabled.
The browser being used has TLS 1.0, 1.1, and 1.2 enabled.

Attempts to connect to the same storage system succeed on earlier versions of Java (less than 8u65).

Cause

Starting with version 8u65, Java requires certificates with a key length of at least 1024.

Solution

To resolve the issue, regenerate the SSL certificate on the storage system running the secureadmin setup ssl command and specifying a key length of at least 1024.

SCOTT_V_RONTALE · ‎2015-11-11

Hi ,

after running secureadmin setup ssl and changing key length (bits) (512) to 1024. How can I know if that took effect? because running again the command gives me still 512.

seilogramp · ‎2015-11-14

Went thru all sorts of combinations of java versions. Reinstalling system commander multiple times. No version of java made this work without the "connection refused" error.

Then tried this...

options tls.enable on

I'm back in business. Thanks!

TedGordon · ‎2015-11-18

Thank you seilogramp, that worked for me!

Set the following on each node to resolve the issue:

options tls.enable on

mzaragoza · ‎2015-11-18

I have to day. the error

Error : 500

CHUCK_SAUNDERS · ‎2015-11-18

Make sure to run this command on the controller(s)

options tls.enable on

Tow other things that may need to happen to make this work as well

1.) In addition, you may need to run through the secure admin setup again as well on your filers

2.) In the Java Control panel on the security tab, the controllers should be added as trusted hosts/sites or Java may reject the certificate and block the connection.

I have had this working very well for me through all of the 8uX updates.

CHUCK_SAUNDERS · ‎2015-11-18

Here are the orignal steps I used.

Make sure the httpd.admin is off (on is not secured)

options httpd.admin.enable off

Re-Run the setup for Secure Admin
secureadmin disable all
secureadmin setup ssl
secureadmin enable ssl
secureadmin enable ssh2

Enable TLS (in older version of ONTAP, this off by default)
options tls.enable on

Close any open OCSM Session and try again.

This resolved the 500 Connection Refused erros for me and I am running Java 8x (Currently 8u51 and working great)

BLAINE · ‎2015-12-07

Java 8u66 brings back the 500 error.

I am running 3.1.2 and it was working fine with older versions of Java but as soon as Java updated to 8u66 that brought back the 500 error. I had to remove Java and install an older version to get it working again.