Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

joseconde
‎2011-05-12 01:45 PM
3,364 Views

Running DataONTAP PowerShell v 1.3.0.38 on Windows 2008 SP2 with .NET 3.5

If registry entry "HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled" is set to "1", enabled,

and I run the Invoke-NaSSH command on a controller, I get the following .NET error

Session.connect: System.NullReferenceException:Object reference not set to an instance of an object.
   at Tamir.SharpSsh.jsch.jce.HMACMD5.update(Int32 i)
   at Tamir.SharpSsh.jsch.Session.read(Buffer buf)
   at Tamir.SharpSsh.jsch.UserAuth.start(Session session)
   at Tamir.SharpSsh.jsch.UserAuthNone.start(Session session)
   at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout)]

In our test environment, setting it to "0" yields no such error.

Unfortunately, this registry entry is set by our security group in the 2008 images we deploy out in the field

and disabling it is a no-no.

Is this a problem with Tamir.SharpSsh.jsch package or with how a call is made or something else?

-Jose

0 Kudos
View By:
1 ACCEPTED SOLUTION

cknight
NetApp
‎2011-05-12 04:01 PM
3,364 Views

Hello, Jose.  The released build of Toolkit 1.3 was 1.3.0.130.  How did you get such an early build?

The FIPS algorithm issues were reported during internal beta testing of Toolkit 1.3, and I fixed them before release.  In any case, with FIPS enabled on my development system (Windows Server 2008 R2), Invoke-NaSsh in Toolkit 1.3 and later works.  Would you please download Toolkit 1.4 and report whether that works for you?

View solution in original post

0 Kudos
4 REPLIES 4

cknight
NetApp
‎2011-05-12 04:01 PM
3,365 Views

Hello, Jose.  The released build of Toolkit 1.3 was 1.3.0.130.  How did you get such an early build?

The FIPS algorithm issues were reported during internal beta testing of Toolkit 1.3, and I fixed them before release.  In any case, with FIPS enabled on my development system (Windows Server 2008 R2), Invoke-NaSsh in Toolkit 1.3 and later works.  Would you please download Toolkit 1.4 and report whether that works for you?

0 Kudos

joseconde
‎2011-05-13 07:04 AM
In response to cknight
3,364 Views

v1.4 took care of it!

Thanks!

(that build was given to us as part of custom built installation script)

0 Kudos

joseconde
‎2011-05-13 10:10 AM
In response to joseconde
3,364 Views

Looks like going to v1.4 broke my storage configuration script.

That early build toolkit given to us also included a "Invoke-NaSystemCli" cmdlet which I used extensively throughout my configuration script.

Any chance of putting that cmdlet back?

If not, I'll have to go back to the toolkit I was using.  I'm thinking I can just disable then enable that registry entry

$RegKey ="HKLM:\System\CurrentControlSet\Control\Lsa"
Set-ItemProperty -path $RegKey -name FIPSAlgorithmPolicy  -value 0 (or 1)

-Jose

0 Kudos

cknight
NetApp
‎2011-05-13 10:17 AM
In response to joseconde
3,364 Views

The system-cli API is unsupported, so I'm afraid we can't ship that cmdlet.  But all is not lost.  v1.4 adds a more generic cmdlet, Invoke-NaSystemApi, from which you could roll your own script cmdlet fairly easily.  Just be careful using unsupported APIs!

0 Kudos
All Community Forums
Public