Active IQ Unified Manager Discussions

OnCommand cannot manage

Dry_Den
6,951 Views

Hi,

First time poster just getting to grips with NetApps.

I have an odd situation: We have two pairs of FAS2240, one pair at each of our two sites. The two sites are linked by a leased line. One of our Hyper-V hosts at 'Site1' has OnCommand System manager 3.0 installed on it and can manage the filers at both sites (though it cannot make an SSH connection to the filers at 'Site2'). I have just installed OnCommand System manager 3.1.2 on my laptop and I can only connect to the Filer at 'Site1' where I am located. I can add the filer at 'Site2' to the initial screen (the one with Login and Discover on it) but when I try to connect I get a timeout.

Initially I thought it was due to being unable to SSH traffic on port 22 to traverse the leased line, but since the host can connect in OnCommand despite not being able to make an SSH connection I have discounted this. I also tried to connect on port 23 using telnet but neither the host nor my laptop can do this across the leased line. Can anyone suggest what might be going on here? The leased line is managed by a third party so before I start requesting config changes I'd like to be reasonably confident it will fix the problem.

Thanks.

4 REPLIES 4

ekashpureff
6,940 Views

 

Dry_Den -

 

System Manager primarily uses port 443 for making API calls to the storage systems.

It doeas also use port 161 with UDP for some SNMP traffic.

 

You may wish to take a look at the documentation here: http://mysupport.netapp.com/documentation/docweb/index.html?productID=61997&language=en-US


I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)

 

yuvaraju
6,925 Views

Hi,

 

Did you check if TLS is enabled on controller

 

To manage storage systems running Data ONTAP 7.3.x , 8.1.x and 8.2.x operating in 7-Mode using System Manager 3.1.2 release –TLS protocol must be enabled.

TLS is not enabled by default on 7-mode systems.   Since SSL is not enabled in any of the Java8 versions TLS must be enabled on the storage controller

If TLS protocol is not setup , an error displayed while adding to System Manager 3.1.2

CLI command: options tls.enable on

 

 

Regards,

Yuvaraju

 

PIYUSHBANSAL198722
6,643 Views

Hi,

 

Try adding the controller with ip address instead of discovering and enter the credentials with adding options instead of snmp.

Also, check following options:

"options snmp.enable"

"options httpd.admin.enable"

"options httpd.admin.access"

"options httpd.admin.ssl.enable"

"options httpd.timeout"

snmp/httpd.admin/ssl options should be enabled

TLS level on your browser should not be 1 could be 1.2 or higher (but not sure however, you could easily check easiliy in your environment by unchecking all options and then checking one option at a time)

timeout option is by default 300 but I dont feel comformtable suggesting this options since you have leaseline connectivity between two sites however, still getting request timeout error

One more important thing - you also need to check if any software locally on your laptop is disrupting the access (like checkpoing vpn software/mcaffee - logs would be good option to check) 

 

Thanks,

Piyush

Dry_Den
6,583 Views

Thanks for the replies; I'm just now getting a chance to look at this again.

 

I'm pretty sure its something between the sites, I just can't figure out what. I have installed OnCommand SM 3.1 on on of the Hosts at Site2 and it's the same deal, can manage the local filer but not the one at the other site. I have also since discovered that the Host at Site1 is connecting to the Filer at Site2 over the storage network rather than the data LAN, so that explains why that works. The 3rd party that manage the link said that nothing was blocked but that their traffic analysis suggested the default gateway was incorrectly configured. Surely this would prevent even the initial connection (when I add the system to System Manager)?

Public