Active IQ Unified Manager Discussions

System Manager and (403) Forbidden

korns
8,726 Views

I'm trying to test Sysman against a number of systems in a large data center where I am not sure all the protocol blocking that is occuring between my system running Sysman various NetApp controllers. The only one which I know has no protocol blocking is a FAS900 and Sysman V1.0 reports that it only supports FAS2000/3000. No problem.

However, another FAS3070 running 7.3P7 behaves as follows:

  1) I can attempt to manually add it and it detects it's part of a cluster, shows the partner name, shows the version, sysid, etc

  2) but does not have the [+] sign to expand in the left column.

  3) when I single click on the cluster a diaglogue box pops up saying "API invoke failed. The remote server returned an error: (403) Forbidden.

secureadmin status (on this same FAS3070), if it matters (I wonder) shows:

ssh2 - active

ssh1 - active

ssl - inactive

I know FilerView seems to work fine against this same system. Does Sysman require more protocols than Filerview?

1 ACCEPTED SOLUTION

__ple_16414
8,726 Views

Hello David,

Hello,

If you have checked a proxy on your Internet browser, desactivate it and try again. It should work now.

Please Keep me posted.


Best regards,

Philippe

View solution in original post

3 REPLIES 3

__ple_16414
8,727 Views

Hello David,

Hello,

If you have checked a proxy on your Internet browser, desactivate it and try again. It should work now.

Please Keep me posted.


Best regards,

Philippe

danielpr
8,726 Views

Hi David,

The HTTP error message says that the client was able to communicate with the server, but the server won't let the client access for the request.

Please check the following output of the following command if you have the access granted to the host machine where you installed NSM.

1. options httpd.admin.hostsequiv.enable (Incase "on" then check the below command for the allowed hosts)

2. rdfile /etc/hosts.equiv

3. options trusted.host

Thanks;

Daniel

korns
8,726 Views

Thanks for the replies. Philippe's suggestion to turn off the proxy I had in my browser fixed it. It then asked me if I wanted to enable a secure connection which I did. Now Sysman is fully working on this and other systems. Shouldn't my browser setting check mark on [x] Bypass proxy server for local addresses have made this un-nessecary?

Then I also collected the options settings Daniel suggested I check.

My host where I'm running Sysman is not in the hosts.equiv. So how do the the options httpd.admin.hostsequiv.enable and trusted.host play together in allowing access? 


adc1005nap> options httpd.admin
httpd.admin.access           legacy
httpd.admin.enable           on
httpd.admin.hostsequiv.enable on
httpd.admin.max_connections  512
httpd.admin.ssl.enable       on
httpd.admin.top-page.authentication on
adc1005nap> rdfile /etc/hosts.equiv
ap600adm        root
ap605adm        root
ap6000adm-vlan900       root
ap6000adm
rws60002adm
adc60001adm
ap6001isd-adm
adc1005nap> options trusted.host
trusted.hosts                *          (same value required in local+partner)

Thanks, Dave



Public