TrendMicroServerProtect connectivity issue between ONTAP 9.3

Adam_storage · ‎2020-04-21

Hello,

I have configured Trend Micro Server Protect for doing scan for one of the vserver. When I run scanning manually it is working, scan is doing well but scheduled work is giving error that antivirus user has security.invalid.login: Failed to authenticate login attempt with application ontapi.

ONTAP management LIFs for Polling tool also did not have any issues.

User is from domain and it has read-only privileges for whole cluster.

What can be the reason why it is working manually but not in schedule?

Ontapforrum · ‎2020-04-21

Hi,

In general, that error means the "The User does not have 'ontapi' application permissions to access storage systems".

Step 1 : I am guessing this is already in place ?
::> security login role create -vserver cluster -role network-readonly -cmddirname "network interface" –access readonly

[The AV connector will connect to the cluster Mgmt interface to read out the LIFs that are active whithin the Storage Virtual Machine (SVM)]

Step 2 : Is the user given 'ontap' api access ?
cluster1::> security login create -vserver cluster1 -username <avconnect_user> -application ontapi -authmethod password

Also, could you ensure the prerequisite & best practices are followed as per this TR:
https://www.netapp.com/us/media/tr-4312.pdf

Page 17 & 18: Antivirus connector
Page 26: Add Privileged Users to Scanner Pool
Page 30: General best practices

Thanks!