Re: Proxy error

wedmund · ‎2018-05-21

Hi there,

Does anyone has this problem where Cloud Manager suddenly could not accept any proxy? I tried to save the proxy setting using Chrome, IE, and Firefox, all of them having issue -- unable to connect to proxy.

The cloud manager is version 3.4.3. It was working before and all of sudden we have this problem.

Thanks.

Wilfred

yaronh · ‎2018-05-22

This is likely a Red Herring (a misleading notification).

It means that in general your Cloud manager fails to connect to the internet services it requires.

I’d check here for prerequisites here:
http://clouddocs.netapp.com/occm/en/reference_networking_azure.html
(We have an AWS version as well)

I’d start by updating the manager to 3.4.5 and then ssh to the instance and see whether you can access netapp-cloud-account.auth0.com

That might be a first step to figure what are you missing

Yaron Haimsohn
Manager, Cloud Solutions Architecture

wedmund · ‎2018-05-22

Hi Yaron,

Thanks for your reply.

I forgot to tell you that I'm not using cloud manager in AWS, but it's a linux cloud manager.

I did not have any issue before and if I used 'curl' to test the Internet connectivity, it was working fine.

Is the new version available to download from the support website?

Thanks.

Wilfred

wedmund · ‎2018-05-22

Hi Yaron,

I tested the URL you mentioned (netapp-cloud-account.auth0.com) and I got the http status code 302. This does not seem correct to me. It should be HTTP 200.

Thanks & Regards,

Wilfred

yaronh · ‎2018-05-22

I have to disagree.

Error is only in the 400 range while 302 means temporary move or redirect.

The apps (OCCM in this case), redirect the user to the hosted login page served in the netapp-cloud-account.auth0.com domain with additional headers and url parameters.

It does not support direct browsing to https://netapp-cloud-account.auth0.com.
The 302 (temporarily moved) response is not an error (400 and above is) and is part of the normal flow.

Cheers,
Yaron

yaronh · ‎2018-05-22

Regardless, I’d suggest you talk to us over the intercom and we’d be happy to look at the logs for you.

wedmund · ‎2018-05-23

Hi Yaron,

I found the problem. We have SSL decryption in our firewall and it has been implemented recently. This explains why Cloud Manager was working before.

SSL decryption requires the host -- in this case Cloud Manager linux host -- to have the trust certificate installed (.crt file).

Although the trust certificate has been installed, Cloud Manager still prompt me "proxy error". So it looks like Cloud Manager software cannot tolerate SSL decryption.

So for now, I have disabled SSL decryption and now Cloud Manager is back to normal.

I can perform SSL decryption exclusion, however, I need to have the list URL that Cloud Manager is using. If you have the list of URL, that would be great.

Thanks.

Wilfred

AvivDegani · ‎2018-05-29

Hi,

Here you go:

AWS: http://clouddocs.netapp.com/occm/us-en/reference_networking_aws.html

Azure: http://clouddocs.netapp.com/occm/us-en/reference_networking_azure.html

Best,

Aviv Degani

michael9 · ‎2018-06-04

You can load the CA cert to OCCM's trust-store (which I believe is differen't than the OS' trust-store you already tried loading the cert to) using the http://<occmip>/occm/api-doc/#!/occm:key-store/installTrustedCertificateFile_post_7 api.

I believe we're running into the same issue with a proxy doing SSL decyrption using a cert issued by a custom CA. The question is though... how to upload the CA cert to the OCCM trust-store when you don't have any credentials setup for OCCM yet?

Proxy error

Get ready to power on