Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Powershell error : The server committed a protocol violation


Hello all,

Since 5.1 upgrade and switch to sectigo certificates, we have problems with all of our workflows.

They all fail with :


Cannot get credentials for cluster XXXXX

Cause : The server committed a protocol violation


Since we did WFA & Cluster certificates upgrades at the same time, we cannot say whether the problem comes from one or another.


I tried removing and adding back cluster credentials in WFA configuration, all successfully.


WFA is running on Windows Server 2012 Standard (upgrade from WFA previous..... previous... versions)


Any ideas ?





Hi StockageUSA,


You are receiving the "protocol violation" error because the header in the negotiation request is considered "unsafe," resulting in the rejection. Please check the certificates on the WFA host and the NetApp Cluster were installed correctly. In addition, you must stop the WFA Database and WFA Server services prior to replacing the certificates and restarting the services afterward.


Here is a reference document walking you through how to update the WFA certificates:

Replacing WFA Certificate 

Managing digital certificates for server or client authentication 





Team NetApp

Team NetApp


Hello, thank you for your answer.

The clusters certificates (we have 5 clusters here) are OK in my web browser (System Manager Web Access), and OK in openssl command :


> openssl s_client --connect cluster.fqdn:443 

> ... Verify return code: 0 (ok)


the WFA certificate is expired (more than 1 year), but since WFA acts as a client here, why is it involved ?


WFA was restarted mutiple times since certificates were renewed. Also, credentials were deleted and added back to WFA successfully (I guess a HTTPS connections is made at this time)


Is there any logfile we could check ?





Hi all,


Accessing the log through the web interface, in wfa.log show recurring Java error :


2020-11-26 05:56:45,751 WARN  [com.netapp.wfa.common.io.ExecutionUtils] (Thread-157 (ActiveMQ-client-global-threads)) Exception while getting password from Vault:: org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer

I won't paste the full stack but some interesting lines (IMO) :


Caused by: java.lang.IllegalArgumentException: Null input buffer
	at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2198)
	at org.picketbox//org.picketbox.util.EncryptionUtil.decrypt(EncryptionUtil.java:134)
	at org.picketbox//org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:293)

 If it can help...

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner