ONTAP Discussions - Page 355

peldah · ‎2019-03-25

Hi, What is correct info regarding Automatic node referrals during a Hyper-V setup over SMB? I have found a document from netapp, published 09/09/2018: https://kb.netapp.com/app/answers/answer_view/a_id/1030128/~/how-to-set-up-svm%2Fcifs-for-hyper-v-over-smb- Under chapter: General SVM/CIFS Server and Share Configuration Requirements, chpater 12.3 it says Automatic node referrals must be disabled for Data ONTAP versions 8.2.0 and earlier. Automatic node referrals are supported in Data ONTAP 8.2.1 and later. I just wonder if that is correct.. that is the only information that says it is OK to use on CIFS -share to Hyper-V (If you have above 8.2.0) All other artical says that it is not supported. (Example "SMB/CIFS Config guide for Hyper-V/SQL, from Netapp, published feb 2019" https://library.netapp.com/ecm/ecm_get_file/ECMLP2494083 on Page 20: • Automatic node referrals must be disabled) My problem today is that one of my nodes in my HA cluster (ontap 9.4) owns all SMB-sessions. I do not know why the SVM-server forward all SMB traffic to one of the node. I have two SMB LIF´s, one to each node in the cluster. The DNS (external) is setup an both LIF´s have its own IP address registered in the DNS. When ping from my hyper-V hosts the DNS roundrobin works fine. But it does not matter, when the SVM-server keeps sending all traffic to the same node. If I do a simple filecopy from my hyper-v server to the CIFS-share by using IP-address, then the traffic goes to the correct node. That is why I want to use Automatic node referrals, to split the load equal over my nodes in the cluster. Any tips? Best regards, Pelle Dahlkild _______________________________ 2650 dual node HA cluster, switchless, ontap 9.4 SMB3 3-node hyper-V cluster (Win 2016)

FrankWest

Hi, in this blogpost: https://www.netapp.com/blog/ontap-one/ it’s mentioned that most customers with active support contracts are eligible for an Ontap One license and you can download it from the support site under your account. However, I cannot find it there. Does anyone know the license name for the Ontap One license? We have a huge list of licenses listed with names of which most I can’t make anything out of it.

PROFESSORE79

Hi there, maybe there's a trick I do not know of but you do - otherwise take this as a suggestion/feature request. We renew our official certificates yearly which also affects federation - we use MS AD FS. We change all certificates to the public one - web server port, token signing, token encryption. AD FS has a cool feature where a new signing/encryption certificate can be imported as secondary before the original (primary) expires. Thus all properly coded identity clients can refresh this from the metadata URL and see that there is now another legitimate certificate. After a grace period of a few days you switch the secondary certificate to primary. Now my SAML authentication to ONTAP System Manager (FAS and AFF) is broken: "Message was signed, but signature could not be verified." This leads me to the conclusion that ONTAP does not properly handle the federation metadata and just evaluates this one-time instead of periodically retrieving AD FS metadata updates. Also the NetApp SAML Troubleshooting Guide makes no mention of a certificate change process or troubleshooting options. "saml repair" in Advanced has no effect. Therefore it seems a trip to the vault to recover the protected console passwords will be in order for a disable-enable SAML game. Certificate management is a common operational task so NetApp ONTAP should handle this more intelligently - either by periodic metadata checks or at least some manual refresh capability, be it as part of the "repair" subcommand or something new like "metadata refresh" or what have you. Thanks & regards, Markus

GHK

Wondering if anyone has run into this issue and so far support has been unable to resolve. We have Our Production side and DR side with Snapmirror set up to DR. If we test a failover that works fine, however, when we try to get everything back to normal and run a reverse resync we get the following error. (Could not fetch information about the peer cluster. Reason: entry doesn't exist.) We have no issues go from our Prod site to DR site but keep getting this error going from DR back to Prod. Thanks!

Clem_SG

Hi All, I haven't explored yet repurposing an existing shelve (DS4246) from FAS2552 and placing it to a newly purchased FAS2720. I am trying to check some documentation on how to do that but having a hard time finding one. Seeking your assistance on how we can proceed migrating the data from the old FAS2552 with DS4246 and moving it to FAS2720. Thank you.

Board Activity

Automatic node referrals CIFS and support for Hyper-V

Ontap One

SAML Signature/Encryption Certificate Change - Metadata Update

Could not fetch information about the peer cluster. Reason: entry doesn't exist. Reverse Resync

Repurposing of DS4246 and adding it to the newly purchased FAS2720