Microsoft Virtualization Discussions
Microsoft Virtualization Discussions
Happy New Year
7-Mode 8.2.4
Windows server 2012 R2
I am trying to run my powershell script over https but I got the below error:-
Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel. The error may be resolved by generating a new certificate on the storage controller, with a longer key length. At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6 + Connect-NaController $netapp -Credential $cred -HTTPS + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController
I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.
httpd.access none |
httpd.admin.access host=myhost1,myhost2,myhost3 |
httpd.admin.enable off |
httpd.admin.hostsequiv.enable off |
httpd.admin.max_connections 512 |
httpd.admin.ssl.enable on |
httpd.admin.top-page.authentication on |
httpd.autoindex.enable off |
httpd.bypass_traverse_checking off |
httpd.enable off |
httpd.ipv6.enable off |
httpd.log.format common (value might be overwritten in takeover) |
httpd.method.trace.enable off |
httpd.rootdir /vol/vol0/home/http |
httpd.timeout 300 (value might be overwritten in takeover) |
httpd.timewait.enable off |
tls.enable on |
ldap.ssl.enable off |
ssl.enable on |
ssl.v2.enable off (same value required in local+partner) |
ssl.v3.enable on (same value required in local+partner) |
If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.
I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?
Your help is appriciated.
Thanks,
Hello ahmada,
happy new year!
Can you access the webfrontend by browser over https ?
Does it produce a warning ?
I guess that the powershell Toolkit uses .net Components for HTTPS Communication.
so you could try out the .NET Foundation to test the connection.
Please see
And try if you can get more information out of it.
To help in Troubleshooting.
Kind Regards
Thanks for your replay
Can you access the webfrontend by browser over https ? Does it produce a warning ?
I got the below error:-
I have checked TLS1.1 and TLS 1.2 and both are enabled.
As for the code in the link provided, I got the below error:
However, in the test lab both tests works fine.
Could it be that some group policy is forced via AD that's causing the issue seen on the production environment ?
make sure TLS 1.2 is actually enabled on your windows boxes
There were eveidently some "patches" that turned of TLS.
Verify these registry keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
you can also check out htis link: https://portal.chicagonettech.com/kb/a187/maximizing-ssl-security-for-windows-server-2012-ssl-tls.aspx
On 8.3 I had the same issue attempting to connect to system manager. I used three seperate browsers. Double checked TLS and SSL settings and certificates.
Finally figured it out.
Make sure the Server side is enabled.
wrote:Happy New Year
7-Mode 8.2.4
Windows server 2012 R2
I am trying to run my powershell script over https but I got the below error:-
Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel. The error may be resolved by generating a new certificate on the storage controller, with a longer key length. At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6 + Connect-NaController $netapp -Credential $cred -HTTPS + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController
I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.
httpd.access none httpd.admin.access host=myhost1,myhost2,myhost3 httpd.admin.enable off httpd.admin.hostsequiv.enable off httpd.admin.max_connections 512 httpd.admin.ssl.enable on httpd.admin.top-page.authentication on httpd.autoindex.enable off httpd.bypass_traverse_checking off httpd.enable off httpd.ipv6.enable off httpd.log.format common (value might be overwritten in takeover) httpd.method.trace.enable off httpd.rootdir /vol/vol0/home/http httpd.timeout 300 (value might be overwritten in takeover) httpd.timewait.enable off tls.enable on ldap.ssl.enable off ssl.enable on ssl.v2.enable off (same value required in local+partner) ssl.v3.enable on (same value required in local+partner)
If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.
I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?
Your help is appriciated.
Thanks,
security SSL show
Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
uspdop6lus 561E4629E0E3E uspdop6lus true false
Certificate Authority: uspdop6lus
sorry,
I was using a clustered OnTap responce to a 7-mode issue.
DId you resolve this issue? I'm having exact issue with Powershell.
Thanks!
I forced powershell to connect over RPC - that's for 7-mode systems-, the connection command will be something like : -
Connect-NaController storageName -RPC