Solved: Problems with the connection to AIQUM / FAS2750

sanadmin_do · ‎2025-02-17

We have been using a FAS2750 for years, and since last week with ONTAP 9.15.1P7 (this was necessary because we have acquired a C60 as a successor system and want to transfer the data there soon). As of today, the AIQUM (9.16) that we are using can no longer connect to the FAS2750. Under "Storage Management" / "Cluster Setup" the "Operation State" only shows "failed". Yesterday, a new certificate was issued by the AIQUM and transferred to the FAS2750. Today we also had to issue a new certificate for the AIQUM. This was also transferred to the FAS2750. Could there be a connection? We have already deleted the two newly created certificates on the 2750 and recreated the certificate on the AIQUM using "regenerate", without success.

liu · ‎2025-02-17

You can create a new certificate and delete the old one

How to renew an ONTAP self-signed SSL certificate via command line - NetApp Knowledge Base

Unable to add cluster to Unified Manager due to duplicate certificate entries in a cluster - NetApp Knowledge Base

View solution in original post

sanadmin_do · ‎2025-02-17

We have found the solution. Do this at your own risk, as you may destroy the AIQUM configuration. OVA version will require access to the DIAG shell. Then stop the OCIE and OCIEAU services: sudo systemctl stop ocieau and sudo systemctl stop ocie. Update the server.properties file: /opt/netapp/essentials/conf/server.properties with a text editor (e. g. vi) and change the line enable.cloudagent=true to enable.cloudagent=false. Start the OCIE and OCIEAU services. Finally, sudo systemctl start ocie and sudo systemctl start ocieau.

liu · ‎2025-02-17

You can create a new certificate and delete the old one

How to renew an ONTAP self-signed SSL certificate via command line - NetApp Knowledge Base

Unable to add cluster to Unified Manager due to duplicate certificate entries in a cluster - NetApp Knowledge Base

PeterSun

Regenerating certificates will not have any effect if they are self-signed. The key is to make AIQUM and the cluster trust each other’s certificates, either by deploying your own internal CA to issue unified certificates or by using certificates purchased from a trusted CA.