Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

FAQ: What are the options available as Antivirus Connector Command Line Switches

Views:
287
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9
  • clustered Data ONTAP
  • AV Connector
  • Vscan

Answer

Question: What are the options available as command line switches for the Antivirus Connector?

 

Below are the list of command line switches available for the AV Connector and use case examples:
/IpAddrToDns

/IpAddrToDns:false
This setting will disable reverse DNS lookups from the AV Connector

/IpAddrToDns:true
This setting will enable reverse DNS lookups from the AV Connector (default behavior)

Known Use Case: Users will be using DNS load balancing round-robin and this can prevent the AV Connector from connecting to data LIFs on some nodes.

 
 
How to invoke the option (start service via cmd line):
 
/transport and /port
By default, the AV Connector issues ONTAPI calls to get a list of data LIFS over HTTPS and port 443. The mechanism to change this behavior is listed below.

/transport:http
With this setting, the AV Connector will utilize http. This will need to be used in conjunction with the /port setting to port 80.

/transport:https
With this setting, the AV Connector will utilize http. It will need to be used in conjunction with the /port  setting to default back to port 443. This parameter is not required as this is the default behavior.

/port:xxx
Values can be set for: 1 > 65535 (default 443)
 
Known Use Case: Can be used in troubleshooting contents of the ZAPI call, needs to be captured in a packet trace or in situations where non-default ports are utilized for transport.

How to invoke the option: (start service via cmd line)
Note: The same transport and port settings can be used when utilizing the AV Connector GUI for testing of ZAPI calls to the SVM.

Changing via this method will only affect the TEST functionality built into the GUI.

Two ways to accomplish this:
 
Add parameters to the shortcut
 
-OR-
 
Run from the CLI:

 
The following is a sample TEST where you can verify the ONTAPI call was sent via HTTP and port 80.
 
 
Other switches that are available with AV Connector.
  • Command-line option (version 1.0.3 and up) (/updatePassword:<user>:<newPassword>) for changing the password of an account.
    Once mregfa application (“Configure ONTAP Management LIFs”) is run with this option, it goes through the list of mgmt entries and changes the passwords for the entries whose user-name matches the supplied user-name. For the entries with different user, it does nothing.
  • Silent install: /S /v /qn SVCUSERNAME=* SRV_PASSWORD=*
    There is a way to install a windows executable silently. This can be used if users are planning to deploy a large number of AV servers:
    C:\>”ONTAP AV Connector-1.0.4.exe” /S /v /qn SVCUSERNAME=domain\admin SRV_PASSWORD=mypasswd"

Putting it all together…

Sample scripted command of performing a silent install; adding the mgmt LIF for ONTAPI zapi lookups (with bogus passwords); and updating the password for AV Connector GUI.

Known Use Case: Users might be able to utilize this procedure to try and automate AV Connector installs\configurations in their environment.
This might require scripting knowledge and is outside the scope of Netapp Technical Support.
 
Example:
// Silent install
C:\tempdir>"ONTAP AV Connector-1.0.4.exe" /S /v /qn SVCUSERNAME=domaina\administrator SRV_PASSWORD=pass123!"

// Add multi-string registry with some random password
C:\>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data ONTAP\Clustered Data ONTAP Antivirus Connector\v1.0\mgmt-lifs" /v mgmt-lif:60:10.238.7.21 /t REG_MULTI_SZ /d "fsct\administrator\0randompassword\0"
The operation completed successfully.


// Update the password
This also obfuscates the credentials and changes the registry format to binary.
C:\Program Files (x86)\ONTAP AV Connector>mregfa.exe [/updatePassword:[user]:[password]]
C:\Program Files (x86)\ONTAP AV Connector>mregfa.exe /updatepassword:vsadmin:cifs*1234
 
// Remote execution:
PS C:\Users\administrator.DOM> invoke-command -ComputerName vmwin204-254 -ScriptBlock { & 'C:\Program Files (x86)\ONTAP AV Connector\mregfa.exe' -something "/updatePassword:admin:netapp1!" }

 

Additional Information

additionalInformation_text

 

 

 

  • Was this article helpful?