Data Protection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Protection

Ask a Question

SnapCreator Powerhell cannot connect to snapcreator 4.3.0P3 Server

yoni
NetApp
‎2017-02-08 06:31 AM
5,933 Views

Hello,

 

I am using SC_PowerShell_Toolkit_4.1.7.0.

After a SnapCreator Upgrade to version 4.3.0P3, the snapcreator powershell cannot connect to the scserver with the following error:

 

PS C:\Users\user> Connect-ScServer -Name <SnapCreatorServer> -Credential admin

Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '<SnapCreatorServerIP>:8443'.

At line:1 char:1

+ Connect-ScServer -Name <SnapCreatorServer> -Credential admin

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidResult: (<SnapCreatorServer>:ScServer) [Connect-ScServer], SecurityNegotiationException

    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer

 

Hostname                                           Address                 ApiVersion

--------                                                      -------                       ----------

<SnapCreatorServer>      <SnapCreatorServerIP>           1.0

 

Any help is appreciated.

0 Kudos
View By:
5 REPLIES 5

mbeattie
NetApp
‎2017-02-08 03:58 PM
5,894 Views

Hi,

 

Did the port number change during the upgrade? I had a look at the source code, it will default to 8443 if the port number is not provided.

Here is a sample of the source code, it fails with error "httpsConnectionFailed"before it fails it calls "ConnectHTTPS" which sets the port to 8443 (if it is not specified) (this.port.value : 8443)

 

 

		protected override void ProcessRecord()
		{
			if (string.IsNullOrEmpty(this.Name))
			{
				this.Name = "localhost";
			}
			ScServer server = new ScServer(this.Name);
			if (this.Credential == null)
			{
				base.ThrowTerminatingError(new ErrorRecord(new ArgumentNullException("Credentials not provided."), "CredentialsNotSpecified", ErrorCategory.InvalidArgument, null));
			}
			else
			{
				try
				{
					ConnectScServer.logger.Debug("Trying HTTPS");
					base.WriteVerbose("Trying HTTPS");
					this.ConnectHTTPS(server, this.Credential);
				}
				catch (Exception ex)
				{
					base.WriteError(new ErrorRecord(ex, "HttpsConnectionFailed", ErrorCategory.InvalidResult, server));
				}
			}
			if (server.EngineVersion == null)
			{
				ConnectScServer.logger.DebugFormat("Failed to connect to {0}", server.Hostname);
				base.WriteVerbose(string.Format("Failed to connect to {0}", server.Hostname));
				server = null;
			}
			else
			{
				ConnectScServer.logger.DebugFormat("Connected to {0} using {1}", server.Hostname, server.Protocol);
				base.WriteVerbose(string.Format("Connected to {0} using {1}", server.Hostname, server.Protocol));
			}
			if (!this.Transient)
			{
				this.SetSessionVariable(server);
			}
			base.WriteObject(server);
		}

		protected void ConnectHTTPS(ScServer server, PSCredential credentials)
		{
			server.Credentials = credentials.GetNetworkCredential();
			server.Port = (int)(this.Port.HasValue ? this.Port.Value : 8443);
			server.Protocol = ServerProtocol.HTTPS;
			ConnectScServer.logger.DebugFormat("Connecting to {0} via HTTPS", server.Hostname);
			this.GetEngineVersion(server);
			this.GetRbacVersion(server);
			this.GetRepositoryVersion(server);
			this.GetSchedulerVersion(server);
			this.GetStorageVersion(server);
		}

See the documentation here for checking\changing the port number

 

https://library.netapp.com/ecm/ecm_download_file/ECMLP2604630 (Page 15)

 

You could try specifying the port number when connecting. IE:

 

Param(
   [Parameter(Mandatory=$True, HelpMessage="The hostname or IP Address of the SnapCenter server")]
   [String]$HostName,
   [Parameter(Mandatory=$True, HelpMessage="The SnapCenter Port Number")]
   [Int]$PortNumber,
   [Parameter(Mandatory=$True, HelpMessage="The credentials to authenticate the to SnapCreator server")]   
   [System.Management.Automation.PSCredential]$Credentials
)
#'------------------------------------------------------------------------------
Import-Module SnapCreator -ErrorAction SilentlyContinue
Try{
   Connect-ScServer -Name $HostName -Port $PortNumber -Credential $credentials -ErrorAction Stop | Out-Null
   Write-Host "Connected to SnapCenter ""$HostName"" on port number ""$PortNumber"""
}Catch{
   Write-Warning -Message $("Failed connecting to SnapCenter ""$HostName"" on port number ""$PortNumber"". Error " + $_.Exception.Message)
   Break;
}
#'------------------------------------------------------------------------------

Then try connecting (assuming you save the above code as "C:\scripts\snapcreator\testconnect.ps1"). IE

 

 

PS C:\scripts\snapcreator>$credentials = Get-Credential -Credential admin
PS C:\scripts\snapcreator>.\testconnect.ps1 -HostName localhost -PortNumber 8443 -Credentials $credentials

I suspect it's more likely to be related to SSL\TLS security rather than an issue with the port number though.

Just trying to help eliminate the obvious first before troubleshooting further.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos

yoni
NetApp
‎2017-02-09 12:46 AM
5,862 Views

Hi Matt,

 

Thank you very much for your response,

 

The port number didnt change during the upgrade, the port is still the default port - 8443.

The "testconnect script" is getting the follow error; (you wrote 'snapcenter' instead of 'snapcreator')

WARNING: Failed connecting to SnapCenter "<SnapCreatorServer>" on port number "8443". Error Could not establish secure channel for SSL/TLS with authority '<SnapCreatorIP>:8443'.

 

I found something very strange,

I am trying to access the snap creator server from two different servers (a WFA server and the local SnapCreator server).

I get the "SSL" error from both of the servers (ApiVersion 1.0), but I found that in the snapcreator server, after a powershell connection to the netapp, the connection to the local snapcreator server works (ApiVersion 1.1). It doesnt work in the WFA server.

 

 

 

Local SnapCreator Server:

PS C:\Windows\system32> Connect-ScServer -Name localhost -Credential admin
Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '127.0.0.1:8443'.
At line:1 char:1
+ Connect-ScServer -Name localhost -Credential admin
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (localhost:ScServer) [Connect-ScServer], SecurityNegotiationException
    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname             Address              ApiVersion
--------             -------              ----------
localhost            127.0.0.1               1.0


PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> Connect-NcController -Name <NetAppClusterName> -Credential admin

Name                        Address                Vserver              Version
----                        -------                -------              -------
<NetAppClusterName>        <NetAppClusterIP>                            NetApp Release 8.3.2P4: Thu Jun 30 18:50:43 UTC 2016


PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> Connect-ScServer -Name localhost -Credential admin

Hostname             Address              ApiVersion
--------             -------              ----------
localhost            127.0.0.1               1.1

 

 

WFA Server:

 

PS C:\Windows\System32> Connect-ScServer -Name <SnapCreatorServer> -Credential admin
Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '<SnapCreatorIP>:8443'.
At line:1 char:1
+ Connect-ScServer -Name col-snapcreator -Credential netapp
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (<SnapCreatorServer>:ScServer) [Connect-ScServer], SecurityNegotiationExcepti
   on
    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname                 Address                  ApiVersion
--------                 -------                  ----------
<SnapCreatorServer>      <SnapCreatorIP>           1.0


PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\system32> Connect-NcController -Name <NetAppClusterName> -Credential admin

Name                        Address                Vserver              Version
----                        -------                -------              -------
<NetAppClusterName>        <NetAppClusterIP>                            NetApp Release 8.3.2P4: Thu Jun 30 18:50:43 UTC 2016


PS C:\Windows\system32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32> Connect-ScServer -Name <SnapCreatorServer> -Credential admin
Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '<SnapCreatorIP>:8443'.
At line:1 char:1
+ Connect-ScServer -Name col-snapcreator -Credential netapp
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (<SnapCreatorServer>:ScServer) [Connect-ScServer], SecurityNegotiationExcepti
   on
    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname                 Address                  ApiVersion
--------                 -------                  ----------
<SnapCreatorServer>      <SnapCreatorIP>           1.0

 

0 Kudos

Abhishar
‎2017-04-12 03:38 AM
In response to yoni
5,677 Views

We haver snapcreator version 4.3.1 and having same error.

 

connect-scserver : Could not establish secure channel for SSL/TLS with authority 'Server:8443'.
At line:1 char:1
+ connect-scserver -credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (153.112.4.219:ScServer) [Connect-ScServer], SecurityNegotiationException
+ FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer

Is any way we can install API version 1.0

 

Hostname Address ApiVersion
-------- ------- ----------
snapcreator  153.112.4.219 1.0

 

 

We used the workaround to connect the CDOT filer first but still we have issue.

 

 

PS C:\Users\tin2036x> import-module dataontap
PS C:\Users\tin2036x> connect-nccontroller NetApp -credential admin

Name Address Vserver Version
---- ------- ------- -------
NetApp. 153.112.47.210 NetApp Release 8.3.2P7: Mon Oct 03 10:59:56 UTC 2016


PS C:\Users\tin2036x> connect-scserver snapcreator -credential 
connect-scserver : Could not establish secure channel for SSL/TLS with authority '153.112.4.219:8443'.
At line:1 char:1
+ connect-scserver 153.112.4.219 -credential tin2036x
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (153.112.4.219:ScServer) [Connect-ScServer], SecurityNegotiationException
+ FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname Address ApiVersion
-------- ------- ----------
snapcreator  153.112.4.219 1.0

 

 

Please help to fix the issue.

@yoni wrote:

Hi Matt,

 

Thank you very much for your response,

 

The port number didnt change during the upgrade, the port is still the default port - 8443.

The "testconnect script" is getting the follow error; (you wrote 'snapcenter' instead of 'snapcreator')

WARNING: Failed connecting to SnapCenter "<SnapCreatorServer>" on port number "8443". Error Could not establish secure channel for SSL/TLS with authority '<SnapCreatorIP>:8443'.

 

I found something very strange,

I am trying to access the snap creator server from two different servers (a WFA server and the local SnapCreator server).

I get the "SSL" error from both of the servers (ApiVersion 1.0), but I found that in the snapcreator server, after a powershell connection to the netapp, the connection to the local snapcreator server works (ApiVersion 1.1). It doesnt work in the WFA server.

 

 

 

Local SnapCreator Server:

PS C:\Windows\system32> Connect-ScServer -Name localhost -Credential admin
Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '127.0.0.1:8443'.
At line:1 char:1
+ Connect-ScServer -Name localhost -Credential admin
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (localhost:ScServer) [Connect-ScServer], SecurityNegotiationException
    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname             Address              ApiVersion
--------             -------              ----------
localhost            127.0.0.1               1.0


PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> Connect-NcController -Name <NetAppClusterName> -Credential admin

Name                        Address                Vserver              Version
----                        -------                -------              -------
<NetAppClusterName>        <NetAppClusterIP>                            NetApp Release 8.3.2P4: Thu Jun 30 18:50:43 UTC 2016


PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> Connect-ScServer -Name localhost -Credential admin

Hostname             Address              ApiVersion
--------             -------              ----------
localhost            127.0.0.1               1.1

 

 

WFA Server:

 

PS C:\Windows\System32> Connect-ScServer -Name <SnapCreatorServer> -Credential admin
Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '<SnapCreatorIP>:8443'.
At line:1 char:1
+ Connect-ScServer -Name col-snapcreator -Credential netapp
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (<SnapCreatorServer>:ScServer) [Connect-ScServer], SecurityNegotiationExcepti
   on
    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname                 Address                  ApiVersion
--------                 -------                  ----------
<SnapCreatorServer>      <SnapCreatorIP>           1.0


PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\system32> Connect-NcController -Name <NetAppClusterName> -Credential admin

Name                        Address                Vserver              Version
----                        -------                -------              -------
<NetAppClusterName>        <NetAppClusterIP>                            NetApp Release 8.3.2P4: Thu Jun 30 18:50:43 UTC 2016


PS C:\Windows\system32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32>
PS C:\Windows\System32> Connect-ScServer -Name <SnapCreatorServer> -Credential admin
Connect-ScServer : Could not establish secure channel for SSL/TLS with authority '<SnapCreatorIP>:8443'.
At line:1 char:1
+ Connect-ScServer -Name col-snapcreator -Credential netapp
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (<SnapCreatorServer>:ScServer) [Connect-ScServer], SecurityNegotiationExcepti
   on
    + FullyQualifiedErrorId : HttpsConnectionFailed,NetApp.SnapCreatorPS.Server.Cmdlets.ConnectScServer


Hostname                 Address                  ApiVersion
--------                 -------                  ----------
<SnapCreatorServer>      <SnapCreatorIP>           1.0

 

 

0 Kudos

mbeattie
NetApp
‎2017-04-12 04:12 AM
In response to Abhishar
5,666 Views

Hi,

 

Can you please try connecting using the following code. This will provide verbose output of the exception. Can you please post a screenshot of it?

I'd like to see the stack trace property of the error object to trace the source code.

 

#'------------------------------------------------------------------------------
Param(
   [Parameter(Mandatory=$True, HelpMessage="The hostname or IP Address of the SnapCenter server")]
   [String]$HostName,
   [Parameter(Mandatory=$True, HelpMessage="The SnapCenter Port Number")]
   [Int]$PortNumber,
   [Parameter(Mandatory=$True, HelpMessage="The credentials to authenticate the to SnapCreator server")]   
   [System.Management.Automation.PSCredential]$Credentials
)
#'------------------------------------------------------------------------------
Import-Module SnapCreator -ErrorAction SilentlyContinue
Try{
   Connect-ScServer -Name $HostName -Port $PortNumber -Credential $credentials -ErrorAction Stop | Out-Null
   Write-Host "Connected to SnapCenter ""$HostName"" on port number ""$PortNumber"""
}Catch{
   Write-Warning -Message $("Failed connecting to SnapCenter ""$HostName"" on port number ""$PortNumber"". Error " + $_.Exception.Message)
   echo $_.Exception | Format-List -Force
}
#'------------------------------------------------------------------------------

Thanks

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos

GLENYU5820
‎2019-07-23 02:56 PM
In response to mbeattie
4,222 Views
Add below before connect-scServer =================================== [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
0 Kudos
All Community Forums
Public