VMware Solutions Discussions

RBAC error: "Authentication failed because the remote party has close the transport stream"

Pandoy
1,228 Views

Hi, 

I was able to install RBAC User Creator for Data ONTAP 2.7 on windows 10 computer, but keeps on getting error: 

Pandoy_0-1638471288519.png

 

The windows desktop has full access to netapp management network and I can access the system manager from windows desktop. Please advise what can be causing and possible fix on RBAC error. 

 

Thanks, 

Pandoy 

 

 

 

3 REPLIES 3

Ontapforrum
1,195 Views

As you are using SSL to Cluster, could you check the below.

 

Check:
1) Check if the SSL Server Authentication Enabled value for the admin SVM is set to false.

cluster1::> ssl show -vserver cluster1
SSL Server Authentication Enabled: false

If yes,

Enable SSL with the following command
cluster1::> ssl modify -vserver cluster1 -server-enabled true

If it's already enabled, ignore and check the expiry date for the Cluster Admin SVM.

 

2) Check if the cluster admin SVM certificate expired?
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_renew_a_Self-Signed_SSL_certificate_in_ONTAP_9

Pandoy
1,129 Views

Thank you for look into this. 

I have checked the ssl status for cluster SVM and the expiry date, both looks good (Server Enabled is true and Expiry is set next year). But I renew it too trying to see if that will fix it. 

 

 

netappaff::> ssl show
(security ssl show)
Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
:
:
netappaff 6A7712DEE0C44AB78C4E2B4527544FE21C835EA4
netappaff.hms.ac true false
Certificate Authority: DCCIS Intermediate CA

7 entries were displayed.

netappaff::>

 

netappaff::>  ssl show -vserver netappaff                                              

  (security ssl show)

 

                                         Vserver: netappaff

                   Server Certificate Issuing CA: DCCIS Intermediate CA

                Server Certificate Serial Number: 6A7712DEE0C44AB78C4E2B4527544FE21C835EA4

                  Server Certificate Common Name: netappaff.hms.ac

               SSL Server Authentication Enabled: true

               SSL Client Authentication Enabled: false

Online Certificate Status Protocol Validation Enabled: false

URI of the Default Responder for OCSP Validation: 

Force the Use of the Default Responder URI for OCSP Validation: false

                        Timeout for OCSP Queries: 10s

 Maximum Allowable Age for OCSP Responses (secs): unlimited

Maximum Allowable Time Skew for OCSP Response Validation: 5m

                 Use a NONCE within OCSP Queries: true

 

netappaff::> 

 

netappaff::> security certificate show -vserver netappaff -common-name netappaff.hms.ac

Vserver    Serial Number   Certificate Name                       Type

---------- --------------- -------------------------------------- ------------

netappaff  6A7712DEE0C44AB78C4E2B4527544FE21C835EA4 

                           netappaff.hms.ac_6A7712DEE0C44AB78C4E2B4527544FE21C835EA4 

                                                                  server

    Certificate Authority: DCCIS Intermediate CA

          Expiration Date: Sun Dec 03 15:59:00 2023

 

netappaff  6A7712DEE0C44AB78C4E2B4527544FE21C835EA4 

                           netappaff.hms.ac                       server-chain

    Certificate Authority: DCCIS Intermediate CA

          Expiration Date: -

 

2 entries were displayed.

 

netappaff::> 

netappaff::> 

 

 

 

ONTAP System Manager looks good when access via gui, but I am still getting the same error when running RBAC 

dhickey
930 Views

I see the same issue.  The cert is not expired and SSL is enabled.  Any thoughts?

Public