ONTAP Discussions

Cannot Connect to Cluster Via PowerShell in OnTAP 9.3

TMADOCTHOMAS
5,441 Views

I am at a division site for one week setting up a new 2620. This is our first time to use OnTAP 9.3 and I think that might be our issue. I have to be able to script throttling of SnapMirror jobs from our remote offices or the jobs slam the local network, however I've hit a major roadblock and can't get past it. What's worse, I was just told NetApp Support doesn't support the PowerShell Toolkit.

 

Here is the issue. I've set credentials for the new cluster using Add-NcCredential. This works without error. I show the list of the current cache and it shows all of our filers and clusters, including the new one. I've added the domain account used for credentials as an account on the filer and assigned it ontapi, http, and ssh, all as admin. I've also enabled http in system web services. Despite all of this, when I enter Connect-NcController -Name <cluster>, I get the error "Incorrect credentials". I have logged in to the server with the service account I am using and I get the same thing. We are on PowerShell Toolkit 4.5 P1, and we do have Putty 0.70 64-bit installed on the D drive.

 

I have tried everything I can think of including comparing settings between other systems where this is working fine. The only difference is OS - the others are 9.1 or 9.2 Anyone have any ideas?

1 ACCEPTED SOLUTION

mbeattie
5,402 Views

Hi Thomas,

 

It's definately possible to connect to ONTAP 9.3 using the PSTK. Did you create a domain tunnel on the new cluster to ensure you can authenticate using a domain account? Can you SSH to cluster as the domain account and does it work manually using:

 

Connect-NcController -Name $cluster -HTTPS -Credential (Get-Credential) -ErrorAction Stop

Assuming the cluster LIF IP address is resolvable in DNS? Also assuming that you've checked the cached credentials are valid? EG

 

PS C:\> Add-NcCredential -Controller cluster1.testlab.local -Credential (Get-Credential)

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential

Name                   Credential                                HostUser
----                   ----------                                --------
cluster1.testlab.local System.Management.Automation.PSCredential TESTLAB\mbeattie


PS C:\> $credentials = Get-NcCredential -Controller cluster1.testlab.local
PS C:\> $credentials

Name                   Credential                                HostUser
----                   ----------                                --------
cluster1.testlab.local System.Management.Automation.PSCredential TESTLAB\mbeattie


PS C:\> $credentials.Credential

UserName                     Password
--------                     --------
admin    System.Security.SecureString

PS C:\> $credentials.Credential.GetNetworkCredential().Password
N0tMyP@ssW0rd!:-}

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

5 REPLIES 5

mbeattie
5,403 Views

Hi Thomas,

 

It's definately possible to connect to ONTAP 9.3 using the PSTK. Did you create a domain tunnel on the new cluster to ensure you can authenticate using a domain account? Can you SSH to cluster as the domain account and does it work manually using:

 

Connect-NcController -Name $cluster -HTTPS -Credential (Get-Credential) -ErrorAction Stop

Assuming the cluster LIF IP address is resolvable in DNS? Also assuming that you've checked the cached credentials are valid? EG

 

PS C:\> Add-NcCredential -Controller cluster1.testlab.local -Credential (Get-Credential)

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential

Name                   Credential                                HostUser
----                   ----------                                --------
cluster1.testlab.local System.Management.Automation.PSCredential TESTLAB\mbeattie


PS C:\> $credentials = Get-NcCredential -Controller cluster1.testlab.local
PS C:\> $credentials

Name                   Credential                                HostUser
----                   ----------                                --------
cluster1.testlab.local System.Management.Automation.PSCredential TESTLAB\mbeattie


PS C:\> $credentials.Credential

UserName                     Password
--------                     --------
admin    System.Security.SecureString

PS C:\> $credentials.Credential.GetNetworkCredential().Password
N0tMyP@ssW0rd!:-}

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

JGPSHNTAP
5,389 Views

We 100% use ps toolkit on 9.3,9.4,9.1,9.2 -  

 

 

 

 

TMADOCTHOMAS
5,384 Views

Thank you both for your responses.

 

@mbeattie, I believe you have pointed out my issue. I knew it would be something I overlooked. I have not yet set up a domain tunnel because the CIFS server won't be cutover to the new system until tonight. So ... of course a domain account that I added isn't authenticating yet :\. Argh! Thank you for saving me hours more of head scratching. I'll update this thread after we cutover tonight to verify that resolved the issue (hopefully).

TMADOCTHOMAS
5,352 Views

@mbeattie, the domain authentication tunnel was the issue. Thank you again!

JGPSHNTAP
5,350 Views

Uh. makes sense... 

Public