Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Powershell error : The server committed a protocol violation
2020-11-24
08:11 AM
4,853 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
Since 5.1 upgrade and switch to sectigo certificates, we have problems with all of our workflows.
They all fail with :
Cannot get credentials for cluster XXXXX
Cause : The server committed a protocol violation
Since we did WFA & Cluster certificates upgrades at the same time, we cannot say whether the problem comes from one or another.
I tried removing and adding back cluster credentials in WFA configuration, all successfully.
WFA is running on Windows Server 2012 Standard (upgrade from WFA previous..... previous... versions)
Any ideas ?
Thanks,
GS.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi StockageUSA,
You are receiving the "protocol violation" error because the header in the negotiation request is considered "unsafe," resulting in the rejection. Please check the certificates on the WFA host and the NetApp Cluster were installed correctly. In addition, you must stop the WFA Database and WFA Server services prior to replacing the certificates and restarting the services afterward.
Here is a reference document walking you through how to update the WFA certificates:
Managing digital certificates for server or client authentication
Regards,
Team NetApp
Team NetApp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you for your answer.
The clusters certificates (we have 5 clusters here) are OK in my web browser (System Manager Web Access), and OK in openssl command :
> openssl s_client --connect cluster.fqdn:443
> ... Verify return code: 0 (ok)
the WFA certificate is expired (more than 1 year), but since WFA acts as a client here, why is it involved ?
WFA was restarted mutiple times since certificates were renewed. Also, credentials were deleted and added back to WFA successfully (I guess a HTTPS connections is made at this time)
Is there any logfile we could check ?
Thanks,
GS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
Accessing the log through the web interface, in wfa.log show recurring Java error :
2020-11-26 05:56:45,751 WARN [com.netapp.wfa.common.io.ExecutionUtils] (Thread-157 (ActiveMQ-client-global-threads)) Exception while getting password from Vault:: org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer
I won't paste the full stack but some interesting lines (IMO) :
Caused by: java.lang.IllegalArgumentException: Null input buffer at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2198) at org.picketbox//org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134) at org.picketbox//org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)
If it can help...
