Re: NetAppDocs Powershell errors

JoshAbe · ‎2019-01-29

I am trying to run the powershell commands to get the NetAppDocs on 7 -mode systems in HA pair with running version 8.2.4P4, as below:

PS C:\Windows\system32>Get-NtapFilerData -Name 'Controller-A', 'Controller-B' -Credential $cred | Format-NtapFilerData | Out-NtapDocument -WordFile 'd:\Docs\document1.docx'

I can execute this scrip successfully on most of the controllers except few. It worked on one of the controllers in a HA pair but not the other node. It doesn't work on both controllers in a HP pair in another instance. Below is the error in both scenarios.

Get-NtapFilerData : Unable to gather data from system. Reason: No connection could be made because the target machine actively refused it 10.xx.xx.219:443
At line:1 char:1
+ Get-NtapFilerData -Name 'controller1', 'controller2' -Credential $cred | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (controller1:String) [Get-NtapFilerData], Exception
+ FullyQualifiedErrorId : SocketException,Get-NtapFilerData

Get-NtapFilerData : Unable to gather data from system. Reason: No connection could be made because the target machine actively refused it 10.xx.xx.220:443
At line:1 char:1
+ Get-NtapFilerData -Name 'controller1', 'controller2' -Credential $cred | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (controller2:String) [Get-NtapFilerData], Exception
+ FullyQualifiedErrorId : SocketException,Get-NtapFilerData

PS C:\Windows\system32>

Please share with me your thoughts what could be causing the issue.

cole · ‎2019-02-08

Hi Josh,

This could be a couple of things.

First, can you check that the 'httpd.admin.enable' option (and maybe httpd.admin.ssl.enable) is turned on for these nodes?

If so, it may be related to the certificate key length, but this produces a different error. See this thread for that issue: https://community.netapp.com/t5/Microsoft-Virtualization-Discussions/Could-not-create-SSL-TLS-secure-channel/m-p/126601#M5174

If neither of these work then let us know and we can dig deeper.

Thanks,

Jason

JoshAbe · ‎2019-02-08

The http options are as below:

httpd.access legacy
httpd.admin.access legacy
httpd.admin.enable on
httpd.admin.hostsequiv.enable off
httpd.admin.max_connections 512
httpd.admin.ssl.enable on
httpd.admin.top-page.authentication on
httpd.autoindex.enable off
httpd.bypass_traverse_checking off
httpd.enable off
httpd.ipv6.enable off
httpd.log.format common (value might be overwritten in takeover)
httpd.method.trace.enable off
httpd.rootdir XXX
httpd.timeout 300 (value might be overwritten in takeover)
httpd.timewait.enable off (value might be overwritten in takeover)

I tried to run 'options tls.enable on' but it failed with below error
Could not set option for https/ftps traffic. Try again

I also tried to run 'options ssl.v2.enable off' but again, this too failed with below error
Could not set option for https/ftps traffic. Try again

LJStorage · ‎2019-08-28

Any answer on this one?

mbeattie · ‎2019-08-28

Hi,

Have you tried this:

options httpd.admin.enable on
options httpd.admin.ssl.enable on
options tls.enable on

If you recieve the error 'Could not set option for https/ftps traffic' then try executing the following commands

secureadmin setup -f ssl
options tls.enable on

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

JoshAbe · ‎2019-08-29

I fixed this issue myself a while ago. Actually its weird that how it worked for me. We had several systems for transition from 7 -mode to cluster mode. Some of these worked with disablilng the older SSL versions. Some other systems worked when I turned the TLS 'off'. I was surprised to learn that it worked for me this way.

NetAppDocs Powershell errors

Portfolio Updates | NetApp ONAIR