The community will be undergoing maintenance soon, requiring Read-Only mode. Click to learn more.

Active IQ Unified Manager Discussions

OnCommand System Manager recieves error 500

atinivelli

Good day, i am running OnCommand System Manager ver 3.1.1 on Windows.

 

Today, for the very first time, i have seen this issue: i can connect to my 3210 running DataONTAP 8.0.3P2 7-mode, but when i try to reach my new 2240 running DataONTAP 8.1.3P3 7-mode i recieve an error 500 "connection refused".

 

I have found this workaround: on the 2240s i have issued the command >options httpd.admin.enable on ;

after this the OnCommand System Manager probably still tries a secure connection, on the console i see errors like 

[hostname: HTTPPool03:warning]: HTTP XML Authentication failed from MyClientIP . 

 

But now i guess OnCommand System Manager falls back to a non secure connection, i see the question "do you want to set up a secure connection or continue without...", i answer "continue without" and i'm able to manage my filers again.

 

What's happened? Maybe something java updates related? Thanks in advance.

Alessandro

 

 

94 REPLIES 94

atinivelli

it is really impossible to guess why NetApp (but EMC, Equallogic also...) continues writing software to manage enteprise solutions -such as storage systems- using Java.

Java is not a reliable platform! You simply patch up your Java runtime environment (because of security issues) and voilà: nothing works any longer!

 

And, as anyone knows, every software based on JRE requires a specific, different version of JRE. Changing even the third subversion number of JRE breaks anything.

 

I think we, customers, should stop buying any product requiring JRE on admin's computer to be managed!

bsnyder27

I created another post realted to this.

 

Did you happen to install java 8 client(s)?

StefanL

Good Morning everyone!

 

Im struggling with the same issue.

Is there a workaround or a fix to this problem?

 

My java-client version is 7.45 due to the fact, that we need this exact version for some other applications here.

 

But if the only way to get the OnCommandSystemmanager working again is to update java, surely i will do the update.

 

Thanks in advance!

 

 

StefanL

Hello everyone!

 

I just updated Java to the latest version and this issue is solved.

It seems to be java related.

 

This is working for OnCommandSystemmanager version 3.1.1 and 3.1.2

 

BR

Stefan

Doc_Poulson

I have written 2 KB's related to this issue:

 

KB ID: 2021850 

OnCommand System Manager is unable to authenticate clustered Data ONTAP using secure protocols when Java 8u25 is installed on the host

 

KB ID: 2021507

 

OnCommand System Manager 3.1 and 3.1.1 do not function when using Java 8.x

Scotty

I am using OCSM 3.1.1RC1 as well and got upgraded to Java 8 update 31 and am having the same issues with SSL. I also change the .exe with the .jar version and still have the same issues. I uninstalled Java 8 and reverted back to Java 7u75 but that didn't seem to work either. I'm stumped.

AOXBOROUGH

Exact same thing here...Removed all traces of Java 8, installed 7u75, got the System Manager to install but cannot connect to anything.  Just error 500.  Another user here is able to connect without any problems.

Scotty

I ended up installing Java 8 U 31. Reinstalled OnCommand System Manager 3.1.1RC1 which kept all my filers. But when I try to run the Network Config Checker I get the enclosed errors. When I try to login to the filer themselves I get the other enclosed screenshot. The only thing that changed was the Java upgrade.

 

I can't seem to find anyone else with this exact type of issue though.

 

 

FKL

I am having a customer with the same security warning prompts as SCOTTY's last screenshot

 

When I click "Set up a secure connection" it refreshes the page with the same Security Warning

 

When I click "Continue wihtout secure connection" I get a 500 Connectino Refused error.

 

We rolled back to Java 7u71 and are still having the issue. 


@Scotty wrote:

I ended up installing Java 8 U 31. Reinstalled OnCommand System Manager 3.1.1RC1 which kept all my filers. But when I try to run the Network Config Checker I get the enclosed errors. When I try to login to the filer themselves I get the other enclosed screenshot. The only thing that changed was the Java upgrade.

 

I can't seem to find anyone else with this exact type of issue though.

 

 


 

Hilmar

Hi everybody,

at least I am not alone with that problem...

 

I tried different versions of the OCSM (3.0 and 3.1.1) on different platforms (2k3 and 7-64) with different java versions 7.74 (? - latest) , 8.25 and 8.31

 

as FKL said before  I first get the

    netapp is not configured for secure management -error

and then it divides:

my old netapp 2040 then accepts the insecure connection

but my new 2240 doesnt and return error 500 "connection refused"

 

i reinstalled the SSH / SSL certificates with no success (at least on my 2240)

i created a new admin-user with a simple password - again with no success

 

guess i have to create a new VM and start with java 6  (halleluja and java forever  )

 

btw: the solution Chuck offers doesnt work for me

 

  til then

   Hilmar

 

Hilmar

OK, heres my version of a solution:

 

  - a clean Windows-7 64 bit

  - Java 7u25  64 bit version

  - Firefox 32  (as default browser)

  - OnCommand version 3.0

 

the changes proposed by Chuck are still active - will check if they are needed / helpful :

    options httpd.admin.enable off

    secureadmin disable all
    secureadmin setup ssl
    secureadmin enable ssl
    secureadmin enable ssh2

    options tls.enable on

 

a simple password only with characters - will check if needed

 

with that version i successfully connect to my old FAS 2040 and my new FAS 2240 without any error - puah

 

hope that helps

   Hilmar

dsulli29

simply enabling tls fixed the http 500 error for me

thollingworth

8.1.4P3 7-Mode

 

OnCommand System Manager 3.1.2

 

Both controllers had TLS disabled. One allowed me to connect and the other returned "500 Connection Refused." 

 

I enabled TLS on the controller and it worked.

 

 

 

-Tim-

greizt

Thanks,

i also had a

500 connection has been shutdown: javax.net.ssl.SSLException:Received fatal alert: bad_record_mac

an this solved my problem

great job.

greetings greizt

greizt

sorry,

 
solution was the one which worked for me

greizt

Hilmar

regarding my last version:

------------------------------------------------------------------------

  - a clean Windows-7 64 bit

  - Java 7u25  64 bit version

  - Firefox 32  (as default browser)

  - OnCommand version 3.0

 

    options httpd.admin.enable off

    secureadmin disable all
    secureadmin setup ssl
    secureadmin enable ssl
    secureadmin enable ssh2

    options tls.enable on

 

   a simple password only with characters

 

with that version i successfully connect to my old FAS 2040 and my new FAS 2240 without any error - puah

----------------------------------------------------------------------------

 

i did some additional testing:

 

a) Firefox version 35 is fine

b) an non-complex password is not needed

c) OCSM 3.0 or 3.1.1. does not make a difference

 

BUT:

 

d) JAVA does

 

i tried different versions (thanks to ESX and SNAPSHOTs) in which i upgraded java step by step

6u45 is fine

7u25 is fine

even 7u75 32 bit and 7u25 64 is fine,

but 7u75 32 AND 64 bit installed causes the well known problem

and just to complete: 8u31 32bit uninstalls 7u25 64 bit and therefore is does NOT work

 

=> my best guess: 7u25 64 bit (in 64 bit environment) iss essential

      maybe there are some versions between 7u25 and 7u75 that will work as well

     but i do know that 7u25 DOES work, whereas 7u75 DOES NOT

 

and to complete my research i re-installed 7u25 64 bit after 8u31 de-installed it - and - guess - YEPP , everything is fine

 

=>  install whatever version you prefer, but have 7u25 64 bit installed as well

 

that directly points me to a question to you Chuck:  did you have different versions installed ?

    something like : the 32bit version is java 8 but the 64 bit version is an elder java 7 ?

 

Cheers

  Hilmar

Hilmar

 

OK, what do we have learned the last days ?

 

With Java 8 there came a new security structure.

Regarding the flaws in SSL  (Heartbleed, Poodle) Java completely disabled SSL in the usable protocols list with version 8

 

Thats why elder versions (like my preferred 7u25) work with OCSM, but newer doesnt.

 

We found a workaround to run OCSM with Java 8  (Thanks to my Java Admin Josua):

- open a DOS Box

- jump to the OCSM-directory:

    cd "\Program Files\NetApp\OnCommand System Manager"

- start OCSM with parameter "i am sure what i do and i will run my OCSM with unsafe protocols" :

    java -Dsun.security.ssl.allowUnsafeRenegotiation=true -Djdk.tls.client.protocols="TLSv1, SSLv3" –jar SystemManager.jar

 

and everything is fine

 

hope that works for you as well

  Hilmar

SR

I think what the industry should have learned a long time ago is that Java on the client side is an absolute mess for many of the reasons already stated here. It is not a system to be able to allow any device any software to be able to work. I would have to have 5-10 vm's just for the different software that requires different versions. Netapp and others please upgrade to other tech. One that comes to mind would be HTML 5 .net or just pick something beside the proven to fail java! Don't care if this is what you call "political". It's not its a call for using tech that works. 

PMSBoeblingen

I can confirm that java 8 64bit is the problem.

I approved the java updater lately and it updated to  java 8u31 32bit and 64bit

The behaviour then was the following when I tried to login to our filers

7.3.7P3 FAS3020   => security question => OK  (I know the system is out of support)
8.1.3P1 FAS3210   => security question => OK
8.1.3P1 FAS3220   => error 500
8.1.3P1 FAS3270   => error 500

 

After struggling a while with different solutions from this thread I uninstalled the 64bit version and reverted to java 7u55 64bit which I had been running before the update.

Now on all filers there is  no security question anymore and all logins work OK

AOXBOROUGH

That's odd--I am running it just fine with 8u31.  I only needed to have 7 present to get through the System Manager installation, which will stop if you do not have 7 installed.  After installation, I removed 7 completely and it is still running.

 

The steps to turn off unsecure http admin, reset the certificate setup, and enable TLS made the difference for us.

SRay

/!\ Security Hole /!\

 

You must modify the file "C:\Program Files\Java\jre1.8.0_31\lib\security\java.security" and disable the last line "jdk.tls.disabledAlgorithms=SSLv3" with #.

 

The last Java disable SSLv3, you must reactivate him.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public