Data Infrastructure Management Software Discussions

Highlighted

Re: OnCommand System Manager recieves error 500

You, sir, are a genius!  This resolved the problem I was having!

Highlighted

Re: OnCommand System Manager recieves error 500

While removing newer version of Java and installing older versions probably fixes this in most cases, do you really want to run version of software that have known vulnerabilities in them?

 

I think that companies like NETAPP, EMC, DELL, HP, etc, etc., need to be accountable for staying current.  They need to upgrade the applications regularly to stay compatible with the platforms they develop in.  The days of write it once and forget it are long gone.  The threat vectors have changed and continue to change on a daily basis.

 

If I had machine that was dedicated to doing nothing other managing storage, network and servers, that never saw any portion of the production network and was isolated 100% from the internet, perhaps leaving archaic versions of depreciated software out there would be an option.  The days of doing business this way are also long gone.

 

Cannot speak for everyone of course, but I don’t have the real-estate on my desk and have no desire to run up down the hall to my MDF every time I want to manage something in the environment.

 

 

Highlighted

Re: OnCommand System Manager recieves error 500

To clarify, I am 100% in agreement with Chuck.  There is no excuse for NetApp not supporting Java 8 when it has been out for this long.  In our organization, running outdated versions of Java is unacceptable.  Following the steps above, I was able to install the System Manager, then install Java 8, and remove 7--and the entire thing works fine.  The big key I believe is that our filers did not have TLS enabled.  We removed SSL support from our environment when the Poodle vulnerability was made known.  Unfortunately, we did not realize this until going through these steps.  We couldn't get it to work no matter what version of Java was installed.

 

Also--our complex password works just fine 🙂  No reason to use a simple password.

Highlighted

Re: OnCommand System Manager recieves error 500

Chuck,

you are absolutely right !

 

That java chaos is unproductive and annoying.

 

But let us see my thread not as a political but as a technical thing that helps me (and hopefully one or another) gaining back access to my NetApp again.

Lets see this as a base and maybe theres someone out there who will improve my solution working with actual versions of java.

 

Cheers

  Hilmar

Highlighted

Re: OnCommand System Manager recieves error 500

regarding my last version:

------------------------------------------------------------------------

  - a clean Windows-7 64 bit

  - Java 7u25  64 bit version

  - Firefox 32  (as default browser)

  - OnCommand version 3.0

 

    options httpd.admin.enable off

    secureadmin disable all
    secureadmin setup ssl
    secureadmin enable ssl
    secureadmin enable ssh2

    options tls.enable on

 

   a simple password only with characters

 

with that version i successfully connect to my old FAS 2040 and my new FAS 2240 without any error - puah

----------------------------------------------------------------------------

 

i did some additional testing:

 

a) Firefox version 35 is fine

b) an non-complex password is not needed

c) OCSM 3.0 or 3.1.1. does not make a difference

 

BUT:

 

d) JAVA does

 

i tried different versions (thanks to ESX and SNAPSHOTs) in which i upgraded java step by step

6u45 is fine

7u25 is fine

even 7u75 32 bit and 7u25 64 is fine,

but 7u75 32 AND 64 bit installed causes the well known problem

and just to complete: 8u31 32bit uninstalls 7u25 64 bit and therefore is does NOT work

 

=> my best guess: 7u25 64 bit (in 64 bit environment) iss essential

      maybe there are some versions between 7u25 and 7u75 that will work as well

     but i do know that 7u25 DOES work, whereas 7u75 DOES NOT

 

and to complete my research i re-installed 7u25 64 bit after 8u31 de-installed it - and - guess - YEPP , everything is fine

 

=>  install whatever version you prefer, but have 7u25 64 bit installed as well

 

that directly points me to a question to you Chuck:  did you have different versions installed ?

    something like : the 32bit version is java 8 but the 64 bit version is an elder java 7 ?

 

Cheers

  Hilmar

Highlighted

Re: OnCommand System Manager recieves error 500

I can confirm that java 8 64bit is the problem.

I approved the java updater lately and it updated to  java 8u31 32bit and 64bit

The behaviour then was the following when I tried to login to our filers

7.3.7P3 FAS3020   => security question => OK  (I know the system is out of support)
8.1.3P1 FAS3210   => security question => OK
8.1.3P1 FAS3220   => error 500
8.1.3P1 FAS3270   => error 500

 

After struggling a while with different solutions from this thread I uninstalled the 64bit version and reverted to java 7u55 64bit which I had been running before the update.

Now on all filers there is  no security question anymore and all logins work OK

Highlighted

Re: OnCommand System Manager recieves error 500

I am running 8.31 64-bit and using the steps I provided in my earlier post, I have everything work with SSL/TLS.

Now, granted, there is no 100% garuntee that it works for 100% of everyone.  There are other considerations such as individula security settings in the JAVA.  I have all of my filers (both by IP address and by host name) as trusted sites in my browser and in JAVA.

 

Highlighted

Re: OnCommand System Manager recieves error 500

That's odd--I am running it just fine with 8u31.  I only needed to have 7 present to get through the System Manager installation, which will stop if you do not have 7 installed.  After installation, I removed 7 completely and it is still running.

 

The steps to turn off unsecure http admin, reset the certificate setup, and enable TLS made the difference for us.

Highlighted

Re: OnCommand System Manager recieves error 500

/!\ Security Hole /!\

 

You must modify the file "C:\Program Files\Java\jre1.8.0_31\lib\security\java.security" and disable the last line "jdk.tls.disabledAlgorithms=SSLv3" with #.

 

The last Java disable SSLv3, you must reactivate him.

Highlighted

Re: OnCommand System Manager recieves error 500


@SRay wrote:

/!\ Security Hole /!\

 

You must modify the file "C:\Program Files\Java\jre1.8.0_31\lib\security\java.security" and disable the last line "jdk.tls.disabledAlgorithms=SSLv3" with #.

 

The last Java disable SSLv3, you must reactivate him.


This worked for me thanks SRay.   I'll have to make do with toggling it on and off when required until a fix is released. 

 

Highlighted

Re: OnCommand System Manager recieves error 500

 

OK, what do we have learned the last days ?

 

With Java 8 there came a new security structure.

Regarding the flaws in SSL  (Heartbleed, Poodle) Java completely disabled SSL in the usable protocols list with version 8

 

Thats why elder versions (like my preferred 7u25) work with OCSM, but newer doesnt.

 

We found a workaround to run OCSM with Java 8  (Thanks to my Java Admin Josua):

- open a DOS Box

- jump to the OCSM-directory:

    cd "\Program Files\NetApp\OnCommand System Manager"

- start OCSM with parameter "i am sure what i do and i will run my OCSM with unsafe protocols" :

    java -Dsun.security.ssl.allowUnsafeRenegotiation=true -Djdk.tls.client.protocols="TLSv1, SSLv3" –jar SystemManager.jar

 

and everything is fine

 

hope that works for you as well

  Hilmar

Highlighted

Re: OnCommand System Manager recieves error 500

I think what the industry should have learned a long time ago is that Java on the client side is an absolute mess for many of the reasons already stated here. It is not a system to be able to allow any device any software to be able to work. I would have to have 5-10 vm's just for the different software that requires different versions. Netapp and others please upgrade to other tech. One that comes to mind would be HTML 5 .net or just pick something beside the proven to fail java! Don't care if this is what you call "political". It's not its a call for using tech that works. 

Highlighted

Re: OnCommand System Manager recieves error 500

For System Manager 3.1.2 to manage storage systems running Data ONTAP 7.3.x , 8.1.x and 8.2.x operating in 7-Mode ,TLS protocol must be enabled

If TLS protocol is not setup , System Manager 3.1.2 will display an error while adding to home page that TLS is not setup

TLS protocol is enabled by default for storage systems running Data ONTAP in Cluster mode.

Refer to https://kb.netapp.com/support/index?page=content&id=9010008

 

The next version of 3.1.2, targeted for end of March or early April, will officially support Java 8

 

 

Highlighted

Re: OnCommand System Manager recieves error 500

Java on client side is a pita. I also wish they would drop it.

First version of the software needed Adobe Flash Player. Go figure!

Highlighted

Re: OnCommand System Manager recieves error 500

I had 3 different versions of 32-bit java (72,75,76) installed and one 64-bit 7u76. Removed all versions. Downloaded 7u71 32-bit and 64-bit and installed. No more connection refused errors!

 

Highlighted

Re: OnCommand System Manager recieves error 500

OCSM 3.1.1

Java 1.7 Update 75

Win7 SP1 32bit German

2 Netapp Systems - FAS2020A (Ontap 7.3.7P3) and FAS2220 (8.1.4P7 7-mode) in Snapmirror relation.

We found out that the FAS2220 system stopped to reject SSL connections after we rerun secureadmin setup ssl with 2048 key length.

The FAS2020a still rejects the SSL connection and offers to set it up, but it screws up the certificate with FQDN fqdn instead the "right one". 

Cloud Volumes ONTAP
Review Banner
All Community Forums
Public