Microsoft Virtualization Discussions

Unable to connect to filer using HTTPS

OUTLAWPIPER
33,507 Views

I'm new to DataOntap and NetApp in general, so I please bear with my ignorance.  I would like to be able to manage my company's filers (both 7-mode and clustered) using the DataOntap Powershell Toolkit, which I have downloaded and imported.  My problem is that I am unable to connect to our filers over HTTPS.

These are my configured HTTP options:

httpd.access                 legacy    

httpd.admin.access           legacy    

httpd.admin.enable           on        

httpd.admin.hostsequiv.enable on        

httpd.admin.max_connections  512       

httpd.admin.ssl.enable       on        

httpd.admin.top-page.authentication on        

httpd.autoindex.enable       off       

httpd.bypass_traverse_checking off       

httpd.enable                 on        

httpd.ipv6.enable            off       

httpd.log.format             common     (value might be overwritten in takeover)

httpd.method.trace.enable    off       

httpd.rootdir                XXX       

httpd.timeout                300        (value might be overwritten in takeover)

httpd.timewait.enable        off        (value might be overwritten in takeover)

I have verified the following:

  • Port 443 is open between me and the filers in question
  • SSL Admin is enabled on the filers
  • I have the root administrator credentials
  • I have tried adding my laptop's name (resolvable via DNS forward and reverse) to the hosts.equiv file, but that did not help
  • I have tried disabling the httpd.admin.hostsequiv.enable option, but that did not help
  • I have tried adding my laptop's hostname to httpd.admin.access, but that did not help
  • I am able to connect using HTTP, but I need to be able to connect using HTTPS.  When using HTTP, I get the following:

PS C:\Windows> $connection = Connect-NaController <Controller Name> -HTTP

PS C:\Windows> $global:CurrentNaController | Format-List *

Ontapi             : 1.19

Vfiler             :

Mode               : Classic

OntapiMajorVersion : 1

OntapiMinorVersion : 19

Version            : NetApp Release 8.1.4P1 7-Mode: Tue Feb 11 23:23:27 PST 2014

Protocol           : HTTP

Proxy              :

TimeoutMsec        : 60000

RetryCount         : 0

Name               : <Controller Name>

Address            : <IP Address>

Port               : 80

Credentials        : NetApp.Ontapi.OntapiCredential

ValidateIncoming   : False

ValidateOutgoing   : False

Trace              : False

  • When I attempt to connect using HTTPS, I get the following error:

PS C:\Windows> $connection = Connect-NaController <Controller Name> -HTTPS

Connect-NaController : Could not connect to <Controller Name> on port 443 for protocol HTTPS.

At line:1 char:35

+ $connection = Connect-NaController <<<<  <Controller Name> -HTTPS

    + CategoryInfo          : InvalidResult: (<Controller Name>:NaController) [Connect-NaController], NaConnectionSSLException

    + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

I have also tried pre-storing root admin credentials using a $credentials variable and the -Credentials option, but that did not change anything.

I would be very grateful for assistance getting connected via HTTPS.


Thank you!

10 REPLIES 10

JGPSHNTAP
33,473 Views

Is RPC out of the question?   I've used both RPC and HTTPS, and RPC is generally faster in my opinion.

I went through what you posted and I don't see any glaring mistakes..   just try this one first and let me know what happens

connect-nacontroller filer -cred root -https

obviously filer is your filer name

Also, don't worry about using a variable just yet, lets see it connect successfully

OUTLAWPIPER
33,474 Views

I'm not sure that RPC is out of the question, but I assume it will require random high ports, which I'm guessing will be hard to get by security.  (I'm a Windows guy in a Unix environment, and I'm trying to prove the worth of the DataOntap PowerShell Toolkit to myself, and potentially others.  If I introduce the fun with RPC high ports, I think I will be shooting myself in the foot.)

I got the same error when I specified "root" user in-line:

PS C:\Windows> Connect-NaController <Controller Name> -Credential root -HTTPS

Connect-NaController : Could not connect to <Controller Name> on port 443 for protocol HTTPS.

At line:1 char:21

+ Connect-NaController <<<<  <Controller Name> -Credential root -https

    + CategoryInfo          : InvalidResult: (<Controller Name>:NaController) [Connect-NaController], NaConnectionSSLException

    + FullyQualifiedErrorId : HttpConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

For what it's worth, this is what I get when I try to connect using RPC.

PS C:\Windows> Connect-NaController <Controller Name> -Credential root -RPC

Connect-NaController : RPC Error: The RPC server is unavailable. Code 0x6BA.

At line:1 char:21

+ Connect-NaController <<<<  <Controller Name> -Credential root -RPC

    + CategoryInfo          : InvalidResult: (<Controller Name>:NaController) [Connect-NaController], EAPITRANSMISSION

    + FullyQualifiedErrorId : RpcConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

JGPSHNTAP
33,474 Views

I'm a windows guy in a unix world as well, but take a look at some of the scripts we developed for data ontap with powershell, not to mention WFA Is built on it.   I can wipe the floor with the unix guys compared to the scripting of data ontap.  That's not a question.

what version of OS are you running and toolkit version?  get-natoolkitversion  

(gwmi -class win32_operatingsystem).caption

I'm not sure what the issue on the connection part is just yet.

OUTLAWPIPER
33,474 Views

Major  Minor  Build  Revision

-----  -----  -----  --------

3      1      1      181

Microsoft Windows 7 Enterprise

JGPSHNTAP
33,474 Views

The only two options i see different from you are

httpd.autoindex.enable is set to on - but that's mainly for http server

httpd.admin.hostsequiv.enable

zulanch
33,473 Views

Are you able to reach the admin interface over HTTPS using a web browser? Try accessing https://<Controller IP>/na_admin/.

-Ben

M_Ferber
29,489 Views

In case someone is looking at this article, solution for 7-Mode controller is to enable TLS on the controller by issuing a options tls.enable on.

 

kush
29,285 Views

i am looking to enable https in clustered data ontap. can u help me out

M_Ferber
29,253 Views

First of all you should verify the firewall status to verify that https is open : system services firewall policy show

next step is to verify that the web engine is configured : system services web modify

if https is not enabled , do it with security ssl modify

if you need https on a SVM do a vserver services web modify

 

Nader
13,498 Views

We have the storage in untrsuted zone, we could discover it by SNMP, but failed to connect by HTTPS.do we need to open port/s between the Management server and the Storage in order to connect directly, or we can do something on the Gateways? is there anyway to avoid openning ports between two untrusted zones?

Public