ONTAP Discussions

Connect-NcController Could not connect to FAS27DX1 on port 80 for protocol HTTP.

Michael_K
2,192 Views

Hello community,

 

we use PowerShell for evaluations of the ONTAP systems (9.8.P11). The credentials of the controllers are stored via " Add-NcCredential -Controller CName -Credential CUser".

 

Now we want to include two more controllers (FAS2750 - where FIPS is enabled; FIPS is not active on all other systems).

The following error occurs (when a script is started):

 

"Connect-NcController : Could not connect to FASxxxxx on port 80 for protocol HTTP."

 

By default HTTPS should be used, which obviously does not happen - why ever? And HTTP does not work either.

 

HTTP is not enabled in the "system services web". - When trying to enable (system services web modify -http-enabled true😞

 

"Error: command failed: Cannot enable the HTTP protocol because FIPS is enabled."

- But FIPS should remain enabled.

 

I am grateful for any solution hints.

 

Best regards

 

Michael

3 REPLIES 3

maffo
2,177 Views

hi @Michael_K 

have you tried to force HTTPS with Connect-NcController -HTTPS ?

Michael_K
2,159 Views

Hallo maffo,

 

I forgot to mention that in the post above:

 

A connect of the controller via the PowerShell ISE with: Connect-NcController -HTTPS FASxxxxx is working.

 

The PowerShell scripts are started via scheduler and therefore I need saved login information that is available at all times without manual input (of the password).

 

So far this has worked with the other controllers, but not with the new controllers (with FIPS enabled).

 

Best regards 

 

Michael

Michael_K
2,081 Views

Hello,

 

I kept looking for a solution and found the following:

 

For the evaluation via powershell we use the user "script_user" with the role "readonly" and the "User Login Methods" "HTTP, ONTAPI" on all controllers. - This works (on FAS2520, FAS2550, FAS2750, FAS8040, AFF A300) without errors as described above - except for the new FAS2750-Systems (all systems are using  ONTAP 9.8P11).

 

As a test, I assigned the role "admin" to the "script_user" on a new system and also "User Login Methods" "HTTP, ONTAPI". And with this "admin" role, access via script now also works!! - But why???

 

"Readonly" was always enough. The only noticeable difference is, that the new systems have FIPS enabled.

 

Anyone have an explanation or solution?

 

Best regards

 

Michael

 

Public