VMware Solutions Discussions
VMware Solutions Discussions
Hi,
I have a few esx servers that versions are 4.0
# vmware -v
VMware ESX 4.0.0 build-208167
I installed FC Host Utilities 5.2 ,
When I configure HBA I get
"Determining NetApp storage systems OS versions....................FAILED"
error.
How can I solve this problem without open all ports of firewall?
# /opt/netapp/santools/config_hba --configure --secure --access ntp1:root:xxx --access ntp2:root:xxx
Secure connection enabled
Checking for installed HBAs.......................................DONE
Verifying firewall port are open..................................DONE
Determining NetApp storage systems OS versions....................FAILED
Setting QFull Tunables............................................DONE
Setting HBA timeout setting for lpfc820...........................DONE
Updating BOOT RAM disk............................................DONE
WARNING:
The script was unable to determine the OS version
of the following NetApp storage system(s).
The script could not determine the correct settings for your
configuration.
One possible cause is SSL might not be configured properly.
Please login to your NetApp storage controller
and run 'secureadmin setup ssl'. Once you have verified SSL
is configured properly, run the following commands to ensure
the correct settings are being used:
/opt/netapp/santools/config_hba --configure --secure --access <controller>:<login>:<password>
# config_mpath --primary --policy rr --loadbalance --secure --access ntp1:root:xxx --access ntp2:root:xxx
Secure connection enabled
Verifying firewall port is open...................................DONE
Determining Primary/Proxy paths for LUN=naa.60a9800043346d705234563441524447
Secure connection enabled
Error: SSL might not be configured properly or your username and password are incorrect.
Please login to your NetApp storage controller and run 'secureadmin setup ssl',
then retry the command again
Exiting...
Determining Primary/Proxy paths for LUN=naa.60a9800043346d71434a613135726f54
Secure connection enabled
Error: SSL might not be configured properly or your username and password are incorrect.
Please login to your NetApp storage controller and run 'secureadmin setup ssl',
then retry the command again
Exiting...
....................
WARNING:
The script encountered a problem and was to unable to connect
to the following NetApp storage system(s):
ntp1
ntp2
The script was unable to set the correct path settings
for your configuration.
One possible cause is SSL might not be configured properly.
Please login to your NetApp storage controller
and run 'secureadmin setup ssl'. After you have verified that SSL
is configured properly, run the following command to ensure
the correct settings are being used:
/opt/netapp/santools/config_mpath --primary --secure --loadbalance --persistent --access <controller>:<login>:<password>
I am sure that Username and password are correct and I run secureadmin setup ssl before run this command.
Also I added host ip address and user name in /etc/hosts.equiv file of filers.
# esxcfg-firewall -q
Chain INPUT (policy DROP 21967 packets, 1926K bytes)
pkts bytes target prot opt in out source destination
135 21834 ACCEPT tcp -- * * 10.3.1.222 0.0.0.0/0 tcp
262 46298 ACCEPT tcp -- * * 10.3.1.221 0.0.0.0/0 tcp
15983 11M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3932 1108K valid-tcp-flags tcp -- * * 0.0.0.0/0 0.0.0.0/0
4076 1116K valid-source-address !udp -- * * 0.0.0.0/0 0.0.0.0/0
25244 2261K valid-source-address-udp udp -- * * 0.0.0.0/0 0.0.0.0/0
1 60 valid-source-address tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
144 8064 icmp-in icmp -- * * 0.0.0.0/0 0.0.0.0/0
3931 1108K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:902 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
12 3953 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
3267 331K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:427
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:427 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5989 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5988 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:514
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:544
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
15983 11M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
5503 2661K valid-tcp-flags tcp -- * * 0.0.0.0/0 0.0.0.0/0
122 6832 icmp-out icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
5442 2657K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:902 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:427
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:427 state NEW
41 2460 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:902 state NEW
167 52550 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:902 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:749 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:88 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:514
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:544
20 1200 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain icmp-in (1 references)
pkts bytes target prot opt in out source destination
122 6832 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
22 1232 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain icmp-out (1 references)
pkts bytes target prot opt in out source destination
122 6832 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain log-and-drop (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 6 level 7
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain valid-source-address (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 127.0.0.1 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 255.255.255.255
Chain valid-source-address-udp (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 127.0.0.1 0.0.0.0/0
1 368 DROP all -- * * 0.0.0.0/8 0.0.0.0/0
Chain valid-tcp-flags (2 references)
pkts bytes target prot opt in out source destination
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 log-and-drop tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
Incoming and outgoing ports blocked by default.
Enabled services: CIMSLP VCB CIMHttpsServer vpxHeartbeats kerberos CIMHttpServer sshServer webAccess
Opened ports:
port21 : port 21 tcp.out
portrsh : port 514 tcp.in tcp.out
port443 : port 443 tcp.in tcp.out
port544 : port 544 tcp.in tcp.out
web : port 80 tcp.in tcp.out
port23 : port 23 tcp.out
port20 : port 20 tcp.in
Added Iprules:
ntp1_ip_rule : host 10.3.1.221 cport 0:65535 ACCEPT tcp
ntp2_ip_rule : host 10.3.1.222 cport 0:65535 ACCEPT tcp
Hi,
I figure out the problem,
It has been defined trusted.hosts options.
I added esx ip address in this option, then problem solved.
Regards