Active IQ Unified Manager Discussions

OnCommand System Manager recieves error 500

atinivelli
153,693 Views

Good day, i am running OnCommand System Manager ver 3.1.1 on Windows.

 

Today, for the very first time, i have seen this issue: i can connect to my 3210 running DataONTAP 8.0.3P2 7-mode, but when i try to reach my new 2240 running DataONTAP 8.1.3P3 7-mode i recieve an error 500 "connection refused".

 

I have found this workaround: on the 2240s i have issued the command >options httpd.admin.enable on ;

after this the OnCommand System Manager probably still tries a secure connection, on the console i see errors like 

[hostname: HTTPPool03:warning]: HTTP XML Authentication failed from MyClientIP . 

 

But now i guess OnCommand System Manager falls back to a non secure connection, i see the question "do you want to set up a secure connection or continue without...", i answer "continue without" and i'm able to manage my filers again.

 

What's happened? Maybe something java updates related? Thanks in advance.

Alessandro

 

 

95 REPLIES 95

brgsstm
24,157 Views

It installs but gives me a connection refused 500 when logging onto one of the filers.

Doc_Poulson
24,873 Views

Is the storage controller a 7-mode system? 

TLS is not enabled by default on 7-mode systems.   since SSL is not enabled in any of the Java8 versions TLS must be enabled on the storage controller for secure communication

brgsstm
24,870 Views

Thankyou, sorted.  I can't help but feel this should be made more obvious during the install though.

yuvaraju
24,852 Views

Hi,

 

System Manager 3.1.2 RC2 description page informs on TLS protocol. http://mysupport.netapp.com/NOW/download/software/systemmgr_win/3.1.2RC2/ 

Relevant section attached for reference.TLS info.jpg

 

Dragon
19,137 Views

Now SSLv3 is disabled by default in updated versions of JDK.
As alternative you can update the /lib/security/java.security file and comment the line #jdk.tls.disabledAlgorithms=SSLv3

Resolved my '500 connection refused' problem.

ekashpureff
17,956 Views

 

All -

 

With a total of 55 replies I think this post may have set a record here on NetApp Community !

 

Maybe the community team should tag this as being the next featured post ?

 

: )


I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)

Alex-R
15,072 Views

Performing

options httpd.admin.enable on

on both heads worked for me.

LPrice
14,823 Views

Just to pass this on, I am using a thin client as a management workstation, Win7-E, JRE 7.11, OnCommand 3.1.1 working fine.

 

My filer is a pair of V3240s running OnTap 8.2.3P3

 

 

 

Doc_Poulson
14,801 Views

I posted this KB that I wrote way early in the discussion.   I decided to bring it up again since it has been updated a few times.

 

KB 2021507 - https://kb.netapp.com/support/index?page=content&id=S:2021507&actp=null

cbdallas79
13,928 Views

Is anyone having problems after upgrading to Java 8 Update 65? After I updated to Update 65, OnCommand System Manager v3.1.2 would not connect to my filers. It worked fine before on Java 8 Update 60.

 

"options tls.enable on" was already enabled on both my filers before. Per suggestion in this thread, I also enabled "options httpd.admin.enable on" on both filers and now I'm able to connect but I get warned that TLS is not setup on my filers and that the connection will not be secure if I proceed with connecting. I'm not sure why I'm getting this warning when I know for a fact that TLS is enabled on both filers. Does anyone have any suggestions?

 

Here are the options on both my filers:

-tls.enable on

-httpd.access legacy

-httpd.admin.access legacy

-httpd.admin.enable on

-httpd.admin.hostsequiv.enable off

-httpd.admin.ssl.enable on

-httpd.enable on

-ssl.enable on

-ssl.v2.enable off

-ssl.v3.enable off

Firefoxthebomb
13,915 Views

Yes I too encountered the problem after updating to the latest Java 8 Update 65.

 

I had to revert back to Java 8 Update 60 to get it back to working order.

Mark_Strovink
13,905 Views

Don't know why, but turning on httpd.admin.enable does make System Manager 3.1.2 work with Java 1.8.65.

 

Guess we'll hope another releases fixes this and we can turn httpd.admin.enable off again.

aborzenkov
15,190 Views
It was mentioned recently that the latest Java requires larger key size (at least 1024 bits). Try to reconfigure SSL on filet specifying larger size.

cbdallas79
18,631 Views

Thank you aborzenkov for that info, that fixed my problem. I had to run through the secureadmin setup ssl process again on both my filers and specify a key size of at least 1024 bits as you mentioned, was able to connect with OCSM just fine after that.

 

For other's having the same problem, here's the info from the KB ID: 2025623

 

OnCommand System Manager displays error message: The storage system is not configured for secure management with TLS after upgrading to Java 8u65 and later

KB ID: 2025623 Version: 6.0 Published date: 11/03/2015 Views: 219
 
Environment

OnCommand System Manager (OCSM) 3.1.2
Java 8u65+

Symptoms

While attempting to manage a storage system through HTTPS using System Manager while on Java 8u65 or later version, the following error message is displayed:
The storage system is not configured for secure management with TLS.
When selecting No at the prompt, another error message is displayed: TLS is not set up.

The storage system configuration has TLS enabled (both partners for Data ONTAP 7-Mode).
The Java configuration has TLS 1.0, 1.1, and 1.2 enabled.
The browser being used has TLS 1.0, 1.1, and 1.2 enabled.

Attempts to connect to the same storage system succeed on earlier versions of Java (less than 8u65).

Cause

Starting with version 8u65, Java requires certificates with a key length of at least 1024.

Solution

To resolve the issue, regenerate the SSL certificate on the storage system running the secureadmin setup ssl command and specifying a key length of at least 1024.

SCOTT_V_RONTALE
17,300 Views

Hi , 

after running secureadmin setup ssl and changing key length (bits) (512) to 1024. How can I know if that took effect? because running again the command gives me still 512.

seilogramp
18,494 Views

Went thru all sorts of combinations of java versions. Reinstalling system commander multiple times. No version of java made this work without the "connection refused" error.

 

Then tried this...

 

       options tls.enable on

 

I'm back in business. Thanks!

TedGordon
18,377 Views

Thank you seilogramp, that worked for me!

 

Set the following on each node to resolve the issue:

 

options tls.enable on

mzaragoza
18,341 Views

I have to day. the error

Error : 500 NetApp-Error.PNG

CHUCK_SAUNDERS
18,340 Views

Make sure to run this command on the controller(s)

options tls.enable on

 

Tow other things that may need to happen to make this work as well

1.)   In addition, you may need to run through the secure admin setup again as well on your filers

2.)  In the Java Control panel on the security tab, the controllers should be added as trusted hosts/sites or Java may reject the certificate and block the connection.

 

I have had this working very well for me through all of the 8uX updates.

CHUCK_SAUNDERS
18,329 Views

Here are the orignal steps I used.

Make sure the httpd.admin is off (on is not secured)

options httpd.admin.enable off

 

Re-Run the setup for Secure Admin
secureadmin disable all
secureadmin setup ssl
secureadmin enable ssl
secureadmin enable ssh2

 

Enable TLS (in older version of ONTAP, this off by default)
options tls.enable on

 

Close any open OCSM Session and try again.

 

This resolved the 500 Connection Refused erros for me and I am running Java 8x (Currently 8u51 and working great)

BLAINE
17,750 Views

Java 8u66 brings back the 500 error.

 

I am running 3.1.2 and it was working fine with older versions of Java but as soon as Java updated to 8u66 that brought back the 500 error.    I had to remove Java and install an older version to get it working again.

 

 

Public