RBAC error: "Authentication failed because the remote party has close the transport stream"

Pandoy · ‎2021-12-02

Hi,

I was able to install RBAC User Creator for Data ONTAP 2.7 on windows 10 computer, but keeps on getting error:

The windows desktop has full access to netapp management network and I can access the system manager from windows desktop. Please advise what can be causing and possible fix on RBAC error.

Thanks,

Pandoy

Ontapforrum · ‎2021-12-02

As you are using SSL to Cluster, could you check the below.

Check:
1) Check if the SSL Server Authentication Enabled value for the admin SVM is set to false.

cluster1::> ssl show -vserver cluster1
SSL Server Authentication Enabled: false

If yes,

Enable SSL with the following command
cluster1::> ssl modify -vserver cluster1 -server-enabled true

If it's already enabled, ignore and check the expiry date for the Cluster Admin SVM.

2) Check if the cluster admin SVM certificate expired?
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_renew_a_Self-Signed_SSL_certificate_in_ONTAP_9

Pandoy · ‎2021-12-03

Thank you for look into this.

I have checked the ssl status for cluster SVM and the expiry date, both looks good (Server Enabled is true and Expiry is set next year). But I renew it too trying to see if that will fix it.

netappaff::> ssl show
(security ssl show)
Serial Server Client
Vserver Number Common Name Enabled Enabled
--------- ------ --------------------------------------- ------- -------
:
:
netappaff 6A7712DEE0C44AB78C4E2B4527544FE21C835EA4
netappaff.hms.ac true false
Certificate Authority: DCCIS Intermediate CA

7 entries were displayed.

netappaff::>

netappaff::> ssl show -vserver netappaff

(security ssl show)

Vserver: netappaff

Server Certificate Issuing CA: DCCIS Intermediate CA

Server Certificate Serial Number: 6A7712DEE0C44AB78C4E2B4527544FE21C835EA4

Server Certificate Common Name: netappaff.hms.ac

SSL Server Authentication Enabled: true

SSL Client Authentication Enabled: false

Online Certificate Status Protocol Validation Enabled: false

URI of the Default Responder for OCSP Validation:

Force the Use of the Default Responder URI for OCSP Validation: false

Timeout for OCSP Queries: 10s

Maximum Allowable Age for OCSP Responses (secs): unlimited

Maximum Allowable Time Skew for OCSP Response Validation: 5m

Use a NONCE within OCSP Queries: true

netappaff::>

netappaff::> security certificate show -vserver netappaff -common-name netappaff.hms.ac

Vserver Serial Number Certificate Name Type

---------- --------------- -------------------------------------- ------------

netappaff 6A7712DEE0C44AB78C4E2B4527544FE21C835EA4

netappaff.hms.ac_6A7712DEE0C44AB78C4E2B4527544FE21C835EA4

server

Certificate Authority: DCCIS Intermediate CA

Expiration Date: Sun Dec 03 15:59:00 2023

netappaff 6A7712DEE0C44AB78C4E2B4527544FE21C835EA4

netappaff.hms.ac server-chain

Certificate Authority: DCCIS Intermediate CA

Expiration Date: -

2 entries were displayed.

netappaff::>

ONTAP System Manager looks good when access via gui, but I am still getting the same error when running RBAC

dhickey · ‎2021-12-09

I see the same issue. The cert is not expired and SSL is enabled. Any thoughts?