Microsoft Virtualization Discussions

Microsoft Virtualization Discussions

Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

joseconde
‎2011-05-12 01:45 PM

Running DataONTAP PowerShell v 1.3.0.38 on Windows 2008 SP2 with .NET 3.5

If registry entry "HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled" is set to "1", enabled,

and I run the Invoke-NaSSH command on a controller, I get the following .NET error

Session.connect: System.NullReferenceException:Object reference not set to an instance of an object.
   at Tamir.SharpSsh.jsch.jce.HMACMD5.update(Int32 i)
   at Tamir.SharpSsh.jsch.Session.read(Buffer buf)
   at Tamir.SharpSsh.jsch.UserAuth.start(Session session)
   at Tamir.SharpSsh.jsch.UserAuthNone.start(Session session)
   at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout)]

In our test environment, setting it to "0" yields no such error.

Unfortunately, this registry entry is set by our security group in the 2008 images we deploy out in the field

and disabling it is a no-no.

Is this a problem with Tamir.SharpSsh.jsch package or with how a call is made or something else?

-Jose

4 Replies
0 Likes
4 REPLIES

Re: Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

cknight
NetApp
‎2011-05-12 04:01 PM

Hello, Jose.  The released build of Toolkit 1.3 was 1.3.0.130.  How did you get such an early build?

The FIPS algorithm issues were reported during internal beta testing of Toolkit 1.3, and I fixed them before release.  In any case, with FIPS enabled on my development system (Windows Server 2008 R2), Invoke-NaSsh in Toolkit 1.3 and later works.  Would you please download Toolkit 1.4 and report whether that works for you?

4 Replies
0 Likes

Re: Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

joseconde
‎2011-05-13 07:04 AM

v1.4 took care of it!

Thanks!

(that build was given to us as part of custom built installation script)

4 Replies
0 Likes

Re: Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

joseconde
‎2011-05-13 10:10 AM

Looks like going to v1.4 broke my storage configuration script.

That early build toolkit given to us also included a "Invoke-NaSystemCli" cmdlet which I used extensively throughout my configuration script.

Any chance of putting that cmdlet back?

If not, I'll have to go back to the toolkit I was using.  I'm thinking I can just disable then enable that registry entry

$RegKey ="HKLM:\System\CurrentControlSet\Control\Lsa"
Set-ItemProperty -path $RegKey -name FIPSAlgorithmPolicy  -value 0 (or 1)

-Jose

4 Replies
0 Likes

Re: Invoke-NaSSH and FipsAlgorithmPolicy Enabled = .NET error

cknight
NetApp
‎2011-05-13 10:17 AM

The system-cli API is unsupported, so I'm afraid we can't ship that cmdlet.  But all is not lost.  v1.4 adds a more generic cmdlet, Invoke-NaSystemApi, from which you could roll your own script cmdlet fairly easily.  Just be careful using unsupported APIs!

4 Replies
0 Likes
START A DISCUSSION
Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2018 NetApp
Let us know