Active IQ and AutoSupport Discussions
Active IQ and AutoSupport Discussions
For the past 2 weeks our filers are unable to connect to AutoSupport to post it's Autosupport.
Sun Feb 19 01:04:29 GMT [FAS3210C-1: asup.post.host:info]: AutoSupport (HA Group Notification from FAS3210C-1 (PERFORMANCE DATA) INFO) cannot connect to url https://216.240.18.16/asupprod/post/1.0/postAsup (couldn't connect to host)
Sun Feb 19 01:04:29 GMT [FAS3210C-1: asup.post.retry:info]: AutoSupport message (HA Group Notification from FAS3210C-1 (PERFORMANCE DATA) INFO) was not posted to NetApp for host (0). The system will retry later to post the message
Nothing has changed that I'm aware of and I can traceroute to the IP. If I change it to SMTP it works OK.
Any one got any ideas?
Thanks
Hi,
As far as I know, ports used by SMTP are usually/always open by default.
For security reasons ports used by https are not open by default.
Br.
Ismo.
When you say not open by default do you mean on the filers? If you mean our Firewall then I've already checked that and its still open for HTTPS.
I ment from firewall.
Sometimes people uses proxy servers when using http/https.
I don't have too much experience about those..
But, mail addresses specified in autosupport.to and autosupport.partner.to fields receives autosupports always via smtp
you have three options in field: options autosupport.support.transport http | https | smtp
If you pick http/https filer will send autosupports to netapp using options autosupport.support.url
And with smtp filer will use options autosupport.support.to
So if it works with smtp, just use it
Br.
Ismo.
Thanks. I guess I'll have to set it to SMTP.
Strange how HTTPS has stopped working though. I preffered HTTPS because if our mail server was down then it could still post an Autosupport.
I have to admit, that i haven't seen filers sending mails via http/https "Usually" filers do not have access to internet.
Maybe if you have couple weeks old weekly_logs, where asup were sent to netapp via https? Then you can compare example ssl options and autosupport options if theres any changes happened.
Br.
Ismo.
I can believe that Data ONTAP hasn't changed. I suspect the network in the middle has changed.
Have you tried using Windows, Mac or Linux machine to telnet to port 80 or port 443 and see if it connects? Maybe there have been firewall changes elsewhere or something?
The error will help shed insight into the problem and one can work with the networking folks to resolve. When this works then most likely Data ONTAP will start working.
I think I may have found the problem.
When I check the firewall logs the only activity trying to access support.netapp.com is from our vif2 (192.168.3.3) which is only used for iSCSI traffic.
It looks like the routing isn't right. It should come from vif1 (172.16.2.203). Will this be to do with the "Trusted" option on the vif?
Also, if I traceroute from the filer command line to support.netapp.com it works but this goes via vif1.
Good catch on the firewall issue. I have heard of routing issues over undesired interfaces for issues including AutoSupport.
I don't know what release of Data ONTAP this is nor am I comfortable with my knowledge of IP routing inside of Data ONTAP.
I can comment that AutoSupport is blind to what interface it is assigned (it doesn't pick) and local IP address it uses. AutoSupport depends on the IP routing to do the right thing for the resultant IP address that is returned by the DNS/NIS/local host tables.