Active IQ Unified Manager Discussions

OnCommand System Manager recieves error 500

atinivelli

Good day, i am running OnCommand System Manager ver 3.1.1 on Windows.

 

Today, for the very first time, i have seen this issue: i can connect to my 3210 running DataONTAP 8.0.3P2 7-mode, but when i try to reach my new 2240 running DataONTAP 8.1.3P3 7-mode i recieve an error 500 "connection refused".

 

I have found this workaround: on the 2240s i have issued the command >options httpd.admin.enable on ;

after this the OnCommand System Manager probably still tries a secure connection, on the console i see errors like 

[hostname: HTTPPool03:warning]: HTTP XML Authentication failed from MyClientIP . 

 

But now i guess OnCommand System Manager falls back to a non secure connection, i see the question "do you want to set up a secure connection or continue without...", i answer "continue without" and i'm able to manage my filers again.

 

What's happened? Maybe something java updates related? Thanks in advance.

Alessandro

 

 

94 REPLIES 94

LeonidB

THANK YOU!
That works for me.

I'm ruunig Java 8 update 45 

 

The files is change his location to:

C:\Program Files\Java\jre1.8.0_45\lib\security

 

Smiley Wink

gkoufoud

Worked for me too thanks SRay.

richardtully

@SRay wrote:

/!\ Security Hole /!\

 

You must modify the file "C:\Program Files\Java\jre1.8.0_31\lib\security\java.security" and disable the last line "jdk.tls.disabledAlgorithms=SSLv3" with #.

 

The last Java disable SSLv3, you must reactivate him.


This worked for me thanks SRay.   I'll have to make do with toggling it on and off when required until a fix is released. 

 

I am running 8.31 64-bit and using the steps I provided in my earlier post, I have everything work with SSL/TLS.

Now, granted, there is no 100% garuntee that it works for 100% of everyone.  There are other considerations such as individula security settings in the JAVA.  I have all of my filers (both by IP address and by host name) as trusted sites in my browser and in JAVA.

 

CHUCK_SAUNDERS

While removing newer version of Java and installing older versions probably fixes this in most cases, do you really want to run version of software that have known vulnerabilities in them?

 

I think that companies like NETAPP, EMC, DELL, HP, etc, etc., need to be accountable for staying current.  They need to upgrade the applications regularly to stay compatible with the platforms they develop in.  The days of write it once and forget it are long gone.  The threat vectors have changed and continue to change on a daily basis.

 

If I had machine that was dedicated to doing nothing other managing storage, network and servers, that never saw any portion of the production network and was isolated 100% from the internet, perhaps leaving archaic versions of depreciated software out there would be an option.  The days of doing business this way are also long gone.

 

Cannot speak for everyone of course, but I don’t have the real-estate on my desk and have no desire to run up down the hall to my MDF every time I want to manage something in the environment.

 

 

Hilmar

Chuck,

you are absolutely right !

 

That java chaos is unproductive and annoying.

 

But let us see my thread not as a political but as a technical thing that helps me (and hopefully one or another) gaining back access to my NetApp again.

Lets see this as a base and maybe theres someone out there who will improve my solution working with actual versions of java.

 

Cheers

  Hilmar

AOXBOROUGH

To clarify, I am 100% in agreement with Chuck.  There is no excuse for NetApp not supporting Java 8 when it has been out for this long.  In our organization, running outdated versions of Java is unacceptable.  Following the steps above, I was able to install the System Manager, then install Java 8, and remove 7--and the entire thing works fine.  The big key I believe is that our filers did not have TLS enabled.  We removed SSL support from our environment when the Poodle vulnerability was made known.  Unfortunately, we did not realize this until going through these steps.  We couldn't get it to work no matter what version of Java was installed.

 

Also--our complex password works just fine 🙂  No reason to use a simple password.

CAPTAIN_GATSO

I have had the same issue.  If you are experiencing error 500 and are using Windows 7 Enterprise x64 try uninstalling all versions of Java and then install J7 U45 x86 and then J7 U71 x64 then install OCSM 3.1.1.

 

I had later versions of Java (x86/x64) and OCSM wouldn't launch.

cmcn_2015

I experienced similar issues when I inadvertently updated my to a Java 8 version.

As previously suggested I did the following to resolve the issue.

 

- uninstalled OCSM

- uninstalled all Java versions

- reinstalled Java 7 u51

- reinstalled OCSM

 

It seems to be the case that later versions of Java 7 and especially version 8 are incompatible. 

ksasmal

Thanks 

Faisal_Khan

Try following command on all nodes. i had this issue and this fixed it straight away.

options tls.enable on

 

Announcements
Register for Insight 2021 Digital

INSIGHT 2021 Digital: Meet the Specialists 2

On October 20-22, gear up for a fully digital, totally immersive virtual experience with a downright legendary lineup of world-renowned specialists. Tune in for visionary conversations, solution deep dives, technical sessions and more.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public