Hello ahmada,

happy new year!

Can you access the webfrontend by browser over https ?

Does it produce a warning ?

I guess that the powershell Toolkit uses .net Components for HTTPS Communication.

so you could try out the .NET Foundation to test the connection.

Please see

https://blogs.technet.microsoft.com/parallel_universe_-_ms_tech_blog/2014/06/26/reading-a-certificate-off-a-remote-ssl-server-for-troubleshooting-with...

And try if you can get more information out of it.

To help in Troubleshooting.

Kind Regards

 Thanks for your replay

Can you access the webfrontend by browser over https ?

Does it produce a warning ?

I got the below error:-

I have checked TLS1.1 and TLS 1.2 and both are enabled.

As for the code in the link provided, I got the below error:

However, in the test lab both tests works fine.

Could it be that some group policy is forced via AD that's causing the issue seen on the production environment ?

make sure TLS 1.2 is actually enabled on your windows boxes

There were eveidently some "patches" that turned of TLS.

Verify these registry keys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

you can also check out htis link: https://portal.chicagonettech.com/kb/a187/maximizing-ssl-security-for-windows-server-2012-ssl-tls.aspx

On 8.3 I had the same issue attempting to connect to system manager. I used three seperate browsers. Double checked TLS and SSL settings and certificates.

Finally figured it out.

Make sure the Server side is enabled.

---

wrote:

Happy New Year

 

7-Mode 8.2.4

Windows server 2012 R2

 

I am trying to run my powershell script over https but I got the below error:-

Connect-NaController : Connection to FILERNAME using HTTPS failed - The request was aborted: Could not create SSL/TLS secure channel.
The error may be resolved by generating a new certificate on the storage controller, with a longer key length.
At D:\NetApp\Scripts\7-Mode\7Snap1.ps1:35 char:6
+      Connect-NaController $netapp -Credential $cred -HTTPS
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (FILERNAME:NaController) [Connect-NaController], NaConnectionSSLException
    + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

 

 

I have increased the key length to more than 2000 (secureadmin setup ssl)but still it is not working. Below are my filer options which I believe should be enough to get it to run over HTTPS.

 

httpd.access                 none

httpd.admin.access           host=myhost1,myhost2,myhost3

httpd.admin.enable           off

httpd.admin.hostsequiv.enable off

httpd.admin.max_connections  512

httpd.admin.ssl.enable       on

httpd.admin.top-page.authentication on

httpd.autoindex.enable       off

httpd.bypass_traverse_checking off

httpd.enable                 off

httpd.ipv6.enable            off

httpd.log.format             common     (value might be overwritten in takeover)

httpd.method.trace.enable    off

httpd.rootdir                /vol/vol0/home/http

httpd.timeout                300        (value might be overwritten in takeover)

httpd.timewait.enable        off

tls.enable                   on

ldap.ssl.enable              off

ssl.enable                   on

ssl.v2.enable                off        (same value required in local+partner)

ssl.v3.enable                on         (same value required in local+partner)

 

If I enable http and run the script over http it works fine. Moreover, I have the same exact configuration on my demo lab and it is working fine even with HTTPS.

I am not sure why it is not working on the production environment. Could it be a server related issue/policy ?

 

Your help is appriciated.

 

Thanks,

---

security SSL show

          Serial                                         Server  Client
Vserver   Number Common Name                             Enabled Enabled
--------- ------ --------------------------------------- ------- -------
uspdop6lus 561E4629E0E3E uspdop6lus            true    false
 Certificate Authority: uspdop6lus

sorry,

I was using a clustered OnTap responce to a 7-mode issue.

DId you resolve this issue? I'm having exact issue with Powershell.

Thanks!

I forced powershell to connect over RPC - that's for 7-mode systems-, the connection command will be something like : -

Connect-NaController storageName -RPC