Problem
Error when adding a NetApp Cluster to Data Insight using Secure Connection (port 443).
Error Message
Details from netapp_util log...
2023-02-03 15:09:57 INFO: V-378-0-0: #{2624} Product Version 6.3.1.14000
2023-02-03 15:09:57 INFO: V-378-1318-1000: #{2624} [__initlog: 398] Logging Initialized successfully
2023-02-03 15:09:57 INFO: V-378-1318-1029: #{2624} [__parse: 1206] filer: <filername>
2023-02-03 15:09:57 INFO: V-378-1318-1046: #{2624} [__doit: 1302] Operation code: NTAP_TEST_CMOD_CONN
2023-02-03 15:09:57 INFO: V-378-1318-2238: #{2624} [open_cmod_conn: 2516] Transport style for filer nastest1 is NA_SERVER_TRANSPORT_HTTPS i.e. secure connection.
2023-02-03 15:09:57 INFO: V-378-1318-2237: #{2624} [open_cmod_conn: 2526] Communication style for filer nastest1 is NA_STYLE_CERTIFICATE i.e. secure connection.
2023-02-03 15:09:58 INFO: V-378-1318-2239: #{2624} [open_cmod_conn: 2592] Certificate file path: <Drive_letter>:\DataInsight\data\collector\ssl\vserver_cert.pem, Key file path: <Drive_letter>\DataInsight\data\collector\ssl\vserver_key.key, Filer: <filername>.
2023-02-03 15:09:58 ERROR: V-378-1318-2077: #{2624} [open_cmod_conn: 2649] Error connecting to port 443 of filer <filername>. Err: Can't connect to host (err=10061)..
2023-02-03 15:09:58 ERROR: V-378-1318-2223: #{2624} [ntap_test_cmod_conn: 2721] Secure connection using Certificate communication style with cluster[<filername>] failed. Certificate Path: <Drive_letter>:\DataInsight\data\collector\ssl\vserver_cert.pem, Key Path: <Drive_letter>:\DataInsight\data\collector\ssl\vserver_key.key.
2023-02-03 15:09:58 ERROR: V-378-1318-1056: #{2624} [main: 1375] Error in performing desired action
2023-02-03 15:09:58 INFO: V-378-1318-1058: #{2624} [main: 1382] netapp_util exit code: 3
Cause
NetApp HTTPS Security setting blocked all HTTPS traffic except for a list of excluded IPs.
The Collector IP was not on the exclusion list.
Solution
1. Run network interface service-policy show -vserver <vservername> to check whether HTTPS traffic is blocked.
2. Set exclusion in service-policy to allow the Data Insight collector IP to connect via HTTPS
NetApp Cluster::> service-policy modify-service -vserver <vservername> -policy default-management -service management-https -allowed-addresses <Collector IP>/1
Example:
ClusterName::>service-policy modify-service -vserver Nas_Server1 -policy default-management -service management-https -allowed-addresses 127.0.0.1/1
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.