I'm using DataONTAP module version 184.108.40.206, and I'm seeing an issue with Connect-NaController when a PSCredential object is supplied.
I'm able to connect to a controller using the following syntax:
Connect-NaController "controllername" (I launched PS as the same domain user that has access to the controller via Active Directory)
I get an API Invoke failed when I supply those same credentials to a Get-Credential, or the root user/password credentials to Get-Credential. I've verified the root user/password credentials work by SSH'ing into the controller, which takes a domain authentication issue out of the question.
I've found that the API invoke errors are normally created when the expected paremeter is not a string type. Have a look at this discussion which provides some sample code for dealing with a similar error.
Hello, Damian. I don't see anything inherently wrong with your code, and it worked for me on multiple systems (Win 2008 R2 and Win 7, ONTAP 7.3.3). A few thoughts:
If you are using the fully-qualified domain name of the storage controller, make sure that is resolvable from your Windows host.
Try using an IP address instead.
Connect-NaController does make a couple of API calls to validate the connection (system-get-version and system-get-ontapi-version). Ensure the user whose credentials you are using has permission to call those APIs.
Try both HTTPS and HTTP via the ForceSecure and ForceUnsecure switches, respectively.
I have re-tested Toolkit 1.2 with Windows 2003 (32-bit), and RPC / HTTP / HTTPS all worked here.
If RPC works and HTTP does not, this sounds more like a network or firewall issue. You could check whether HTTP access to the controller is working at all by pointing a browser from the Windows host to http://<address>/na_admin/.
You can also enable debug output in the PowerShell Toolkit as follows:
In Windows Explorer, navigate to the PowerShell modules directory where the Toolkit is installed. The system location is usually C:\Windows\System32\WindowsPowerShell\v1.0\Modules\DataONTAP.
Open LogSettings.xml in a text editor.
Change the root logger level from OFF to DEBUG and save the file.
This would allow us to see the XML interaction with the controller. A WireShark trace might also be useful.
Interestingly enough, as you can see below, when I run PowerShell in the context of my domain admin credentials, I'm unable to pass a PSCredential object. I can connect without it, since my domain admin account has access to the filer, since it was joined to AD for CIFS purposes. However, when I use my non-domain admin user account, I can pass in a PSCredential object. Attempting to connect without a -Credential parameter fails since my non-domain admin user account doesn't have the capability to invoke API system-get-ontapi-version.
ClusterConstraint Name Value ----------------- ---- ----- none httpd.access legacy none httpd.admin.access legacy none httpd.admin.enable on none httpd.admin.hostsequiv.enable off none httpd.admin.hostsequiv.enable off none httpd.admin.max_connections 512 none httpd.admin.ssl.enable on none httpd.admin.top-page.authentication on none httpd.autoindex.enable off none httpd.bypass_traverse_checking off none httpd.enable off none httpd.ipv6.enable off only_one httpd.log.format common none httpd.method.trace.enable off none httpd.rootdir XXX only_one httpd.timeout 300 only_one httpd.timewait.enable off same_required trusted.hosts *
Sorry for the multi replies. I went into IE and uncheck my proxy setting. It seems to work. Of course now I canot get onto the internet. Is there a way to bypass the proxy (i do have the exclusion in IE also..did not work)?
PS C:\Documents and Settings\me> Connect-NaController $Filer -Credential $cred 2010-11-04 14:40:43,317 INFO DataONTAP.PowerShell.SDK.ConnectNaController - Cmdlet invocation: Connect-NaController $Filer -Credential $cred 2010-11-04 14:40:43,380 DEBUG NetApp.Ontapi.NaServer - NaServer port changed to 443 2010-11-04 14:40:43,380 DEBUG NetApp.Ontapi.NaServer - NaServer Protocol changed to HTTPS 2010-11-04 14:40:43,380 DEBUG DataONTAP.PowerShell.SDK.ConnectNaController - Connecting to x.x.x.x via HTTPS 2010-11-04 14:40:44,114 DEBUG NetApp.Ontapi.NaServer - <netapp version='1.0' xmlns='http://www.netapp.com/filer/admin'><system-get-ontapi-version /></netapp>
We did wireshark and found that it uses the ip address for the filer even if we use the name of the filer. Therefore it was not picked up on our proxy exception (*.domain.com). When we added the ip address for the filer to the proxy exception it works fine.
OK, thanks to both of you. I can confirm the Toolkit currently uses the system default HTTP proxy setting that is set in Internet Explorer. It seems we should change the Toolkit to never use a proxy. In the meantime, please try this potential workaround before invoking Connect-NaController: