Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

Ask a Question

SVM Connected NetApp ONTAP Powershell Toolkit, Get-NcVol returns 403 Errors when QoS policy applied

GlennW
NetApp
3 weeks ago
326 Views

Troubleshooting: enabled PSTK debugging

  • ERROR DataONTAP.C.PowerShell.SDK.NcRestInterface - The remote server returned an error: (403) Forbidden.
  • ONTAP does not allow the QoS commands to be assigned to any role at the SVM level – so  can’t fix this by adding a permission
  • Although ZAPI works, dropping back to using ZAPI is not a viable solution, as it’s only maintained for “legacy” and on a sunset path

To reproduce
a. Install PowerShell toolkit
b. Setup vsadmin user on an SVM
c. Setup management lif on the SVM
d. Connect to the SVM management lif with the vsadmin account (or account with vsadmin assigned)
e. Execute Get-NcVol, with no QoS policies applied – success, no errors
f. Apply QoS policy or Adaptive QoS policy to a volume
g. Execute Get-NcVol again, 403 error occurs
h. Enable debug level logging, Set-NaToolKitConfiguration -LogLevel DEBUG
i. Note the qos/policies endpoint being attempted

Reproduced using PowerShell Toolkit 9.15.1, 9.16.1, and 9.17.1 – connecting to ONTAP 9.16.1P8 and ONTAP 9.17.1P7
 

Idea/suggestions on long term fix? 

0 Kudos
1 REPLY 1

mbeattie
NetApp
3 weeks ago
237 Views

Hey Glen,

 

I've not seen that error before but are you able to invoke a CLI as the vsadmin user to query the volume which has the QoS policy? If it doesn't work from a CLI for you then that's a greater problem but If so, then as a short term work around, have you considered using the private REST CLI instead of using Get-NcVol? You could write a PowerShell function to query the volume that has the QoS policy applied if you receive a HTTP 403 error. IE within a Try/Catch statement, if the response status code from Get-NcVol CmdLet equals 403 then retry by calling a function that uses the private REST CLI instead.

 

As for a longer term fix it's probably something that requires engineering to ensure it works at the REST API layer as that is what the PSTK is leveraging in the CmdLet. 

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos
Announcements
All Community Forums
Public