Active IQ Unified Manager Discussions

OnCommand System Manager recieves error 500

atinivelli
130,138 Views

Good day, i am running OnCommand System Manager ver 3.1.1 on Windows.

 

Today, for the very first time, i have seen this issue: i can connect to my 3210 running DataONTAP 8.0.3P2 7-mode, but when i try to reach my new 2240 running DataONTAP 8.1.3P3 7-mode i recieve an error 500 "connection refused".

 

I have found this workaround: on the 2240s i have issued the command >options httpd.admin.enable on ;

after this the OnCommand System Manager probably still tries a secure connection, on the console i see errors like 

[hostname: HTTPPool03:warning]: HTTP XML Authentication failed from MyClientIP . 

 

But now i guess OnCommand System Manager falls back to a non secure connection, i see the question "do you want to set up a secure connection or continue without...", i answer "continue without" and i'm able to manage my filers again.

 

What's happened? Maybe something java updates related? Thanks in advance.

Alessandro

 

 

95 REPLIES 95

PeterSun
12,743 Views

I  have the same problem, after upgrading to java 8u65 or java 8u66, I get a error 500 message.

yuvaraju
21,245 Views

Refer to KB 2025623 and public report on BURT 960004

 

Details:

If you are running System Manager and if you upgrade the Java version to JRE 8u65, you might no longer be able to log into the storage system using System Manager. The connection to the storage system is refused because JRE 8u65 version requires a certificate with a key length of at least 1024.

 

Perform the following steps:

  1. If TLS is not enabled, Run the following command to enable TLS on the storage system: option tls.enable on
  1. Regenerate the SSL certificate on the storage system running the secureadmin setup ssl command and specifying a key length of at least 1024. (Advanced mode)  secureadmin setup -f -q ssl t <country> <state> <locality> <organization> <unit> <fqdn> <email> 1024
  1. After updating the certificates on the storage systems, ensure that there is no java processes related to System Manager running and then relaunch System Manager.

PeterSun
20,764 Views

I regenerate new SSL cert. by using OnCommand System Manager, but it was failed.

 

I try to regenerate SSL cert. from CLI, and it works!

 

Thank you, yuvaraju.

 

abailly
20,681 Views

This is how I resolv 500 connection refused with lastest version of java-8  on Debian :

 

Latest java version refuse small RSA key size (<1024)

 

To get arround, edit /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security

 

and change

 

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

 

to

 

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 128

 

No very safe but OnCommand is working

SLC_TAYLOR
20,083 Views

@abailly wrote:

This is how I resolv 500 connection refused with lastest version of java-8  on Debian :

 

Latest java version refuse small RSA key size (<1024)

 

To get arround, edit /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security

 

and change

 

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

 

to

 

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 128

 

No very safe but OnCommand is working


 

I did the same on Windows, but used 512 instead of 128 since I think that is the old key size.  512 should be a bit more secure than 128!  

 

Works now.   Thanks for the tip.  I spent 2 hours monkeying with Java and I already had all the TLS settings, etc,  enabled

 

 

 

 

 

fedaynnetapp
20,343 Views

The options from this reddit post worked for me:

 

 

options TLS

 

For TLS to take effect on HTTPS, ensure that the httpd.admin.ssl.enable option is also set to ON. options tls.enable on options httpd.admin.ssl.enable on

 

Regards.

edwardmou
19,683 Views

So after being trying to fix this for a few hours I thought I would share. My version of java had updated to the 8u73 when it stopped working.

OCSM version 3.1.2 on Windows 10 (obiously 64bit)

Getting 500 error when trying to connect to all filers.

Solution, uniinstall all versions of java and install version jre-8u51-windows-x64.exe. Java must recognise this as the system version for it to work. This seems to be the highest version of Java that works.

Also ensure TLS is enabled on filers as per previous posts.

Ed

SLC_TAYLOR
19,681 Views

@edwardmou wrote:

So after being trying to fix this for a few hours I thought I would share. My version of java had updated to the 8u73 when it stopped working.

OCSM version 3.1.2 on Windows 10 (obiously 64bit)

Getting 500 error when trying to connect to all filers.

Solution, uniinstall all versions of java and install version jre-8u51-windows-x64.exe. Java must recognise this as the system version for it to work. This seems to be the highest version of Java that works.

Also ensure TLS is enabled on filers as per previous posts.

Ed


The reason you need the old version is that they started forcing a larger minimum key size after that.  If you edit Java.security to allow a 512 Key size as a I mentioned above, it should work on the newer versions. 

LPrice
19,413 Views

I have a related issue. I am applying STIGs and hardening my filers. Here is an overview of the equipment.

 

FAS2050 running 7.3.5.1 7-Mode

V3240 running 8.2.3P3 7-Mode

FAS2240-4 running 8.2.3P3  7-Mode

 

I thought I had everything running perfect on my V3240 filers but security scans (HBSS with NetApp Plugin) still find several SSL findings. I was hoping switching to TLS would eliminate them but it seems not.

 

Question is, how can I check to ensure that TLS is being used and SSL is being refused?

 

I am not talking about just checking "options tls" and seeing what it is set to. I mean how can I verify that TLS is in fact working, and SSL connections are being refused?

 

For Cluster DataOnTap I saw something about a command like "Services Web Show" I think there is a 4th word to the command. I do not know how to perform this similarly in 7-Mode.

 

 

 

EricLotgerink
15,482 Views

In our case we had to run:

 

secureadmin setup ssl

 

And we had to change the key length from 512 to 2048.

All other options were already activated (see the KB article named in this thread) and tried.

This solved it.

namil7869
15,263 Views

For System Manager 3.1.2 to manage storage systems running Data ONTAP 7.3.x , 8.1.x and 8.2.x operating in 7-Mode ,TLS protocol must be enabled

If TLS protocol is not setup , System Manager 3.1.2 will display an error while adding to home page that TLS is not setup

TLS protocol is enabled by default for storage systems running Data ONTAP in Cluster mode.

Refer to https://kb.netapp.com/support/index?page=content&id=9010008/WebForPC

 

The next version of 3.1.2, targeted for end of March or early April, will officially support Java 8

PASSION_RUGBY
7,660 Views

Quelqu 'un a trouve la solution a ce problème. Merci pour votre aide

Public