Solved: "The expression is missing a value" with Set-NcSecuritySsl/Get-NcSecuritySsl and ONTAP 9.x

mcgue · ‎2017-01-13

I have a script that I have used these two cmdlets without issue on any 8.2/8.3 flavor I've tested. Now testing against 9.x I get this error with other of these cmdlets. I was able to resolve for the "Get" by changing the -vserver parameter to using -vservercontext instead. Why would the new OS version require that difference? Regarding the "Set" cmdlet, regardless of passing values for every parameter accepted by that cmdlet I still get this error and now way around it. Any ideas on the difference in ONTAP 9 that might be causing this? I've tested against multiple 9.0x and 9.1x systems and getting the same results.

asulliva · ‎2017-02-03

Hello @mcgue,

This appears to be a bug in the PSTK. I'm able to do modifications by executing ZAPI directly from PowerShell...for example:

Invoke-NcSystemApi -VserverContext $svmName "<security-ssl-modify><client-authentication-enabled>false</client-authentication-enabled></security-ssl-modify>"

As a workaround, it should be relatively straightforwad to create a custom PowerShell function to wrap creating the ZAPI request for this.

I'll create a new bug for this issue. I'm happy to pay you in NetApp stickers (if you're not already innundated) for finding it : )

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

Marius · ‎2017-02-03

Hi,

do you have any update to this problem? I have the same one with the set-NcSecuritySsl Command in Ontap 9.1.

Regards,

Marius

asulliva · ‎2017-02-03

Hello @mcgue,

This appears to be a bug in the PSTK. I'm able to do modifications by executing ZAPI directly from PowerShell...for example:

Invoke-NcSystemApi -VserverContext $svmName "<security-ssl-modify><client-authentication-enabled>false</client-authentication-enabled></security-ssl-modify>"

As a workaround, it should be relatively straightforwad to create a custom PowerShell function to wrap creating the ZAPI request for this.

I'll create a new bug for this issue. I'm happy to pay you in NetApp stickers (if you're not already innundated) for finding it : )

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

mcgue · ‎2017-02-04

Thanks Andrew! I appreciate the syntax as well for the invoke API cmdlet as I hadn't used that yet. I'll craft that as a workaround. Good stuff!

hland · ‎2017-02-28

i Andrew,

did you ever found the time to file the bug (as I couldn't find it)? If not, I'll go ahead and do it so this can be fixed. Just ran into this as well...

Thanks

Hendrik

mirko · ‎2017-03-08

$Request = @"
<security-ssl-modify>
<certificate-authority>$CA</certificate-authority>
<certificate-serial-number>$Serial</certificate-serial-number>
<common-name>$CN</common-name>
<server-authentication-enabled>true</server-authentication-enabled>
<vserver>$VserverName</vserver>
</security-ssl-modify>
"@
Invoke-NcSystemApi -VserverContext $VserverName -Request $Request

This worked for me

+1 to file a burt

Girton · ‎2017-09-05

Mirko,

Thank you for your script code. It was very useful.

Dan

mcgue · ‎2017-03-08

Thanks all for the replies - I updated the script here too:

http://community.netapp.com/t5/Microsoft-Cloud-and-Virtualization-Discussions/Risk-Resolver-Certificate-Renew-Recreate/m-p/128084

ronaldmajor · ‎2017-10-06

Has the bug with Set-NcSecuritySsl been fixed? I still see the issue in PSTK 4.4.

The workaround works nicely though. Thanks for that.

asulliva · ‎2017-10-09

Hello @ronaldmajor,

The bug id is 1074255, it appears to still be open.

Hope that helps.

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

"The expression is missing a value" with Set-NcSecuritySsl/Get-NcSecuritySsl and ONTAP 9.x

We're on Discord, are you?