Microsoft Virtualization Discussions

Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

joseconde

Running DataONTAP PowerShell v 1.3.0.38 on Windows 2008 SP2 with .NET 3.5

If registry entry "HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled" is set to "1", enabled,

and I run the Invoke-NaSSH command on a controller, I get the following .NET error

Session.connect: System.NullReferenceException:Object reference not set to an instance of an object.
   at Tamir.SharpSsh.jsch.jce.HMACMD5.update(Int32 i)
   at Tamir.SharpSsh.jsch.Session.read(Buffer buf)
   at Tamir.SharpSsh.jsch.UserAuth.start(Session session)
   at Tamir.SharpSsh.jsch.UserAuthNone.start(Session session)
   at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout)]

In our test environment, setting it to "0" yields no such error.

Unfortunately, this registry entry is set by our security group in the 2008 images we deploy out in the field

and disabling it is a no-no.

Is this a problem with Tamir.SharpSsh.jsch package or with how a call is made or something else?

-Jose

1 ACCEPTED SOLUTION

cknight

Hello, Jose.  The released build of Toolkit 1.3 was 1.3.0.130.  How did you get such an early build?

The FIPS algorithm issues were reported during internal beta testing of Toolkit 1.3, and I fixed them before release.  In any case, with FIPS enabled on my development system (Windows Server 2008 R2), Invoke-NaSsh in Toolkit 1.3 and later works.  Would you please download Toolkit 1.4 and report whether that works for you?

View solution in original post

4 REPLIES 4

cknight

Hello, Jose.  The released build of Toolkit 1.3 was 1.3.0.130.  How did you get such an early build?

The FIPS algorithm issues were reported during internal beta testing of Toolkit 1.3, and I fixed them before release.  In any case, with FIPS enabled on my development system (Windows Server 2008 R2), Invoke-NaSsh in Toolkit 1.3 and later works.  Would you please download Toolkit 1.4 and report whether that works for you?

View solution in original post

joseconde

v1.4 took care of it!

Thanks!

(that build was given to us as part of custom built installation script)

joseconde

Looks like going to v1.4 broke my storage configuration script.

That early build toolkit given to us also included a "Invoke-NaSystemCli" cmdlet which I used extensively throughout my configuration script.

Any chance of putting that cmdlet back?

If not, I'll have to go back to the toolkit I was using.  I'm thinking I can just disable then enable that registry entry

$RegKey ="HKLM:\System\CurrentControlSet\Control\Lsa"
Set-ItemProperty -path $RegKey -name FIPSAlgorithmPolicy  -value 0 (or 1)

-Jose

cknight

The system-cli API is unsupported, so I'm afraid we can't ship that cmdlet.  But all is not lost.  v1.4 adds a more generic cmdlet, Invoke-NaSystemApi, from which you could roll your own script cmdlet fairly easily.  Just be careful using unsupported APIs!

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public