When the callhome.arw.activity.seen event occurs, SWS does not receive the notification due to an SSL communication error

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 110

Visibility:: Public

Votes:: 0

Category:: data-infrastructure-insights

Specialty:: ds_dii

Last Updated:

Applies to

ONTAP 9
Storage Workload Security(SWS)
Data Infrastructure Insights(DII)
Anti-Ransomware
SWS agent has 2 or more interfaces
ONTAP and SWS agent can communicate within the same segment in both the management subnet and the data SVM subnet.
All required ports are opened.

Issue

Even if an attack is detected by Anti-Ransomware in ONTAP and callhome.arw.activity.seen is triggered, no notification is received by SWS.
The event notification settings for event integration registered during the creating a data collector are configured correctly.
Communication by REST API is done between management subnet interfaces.
The following error is shown in notifyd.log :

0x81351fc00: 0: ERR: EMS::REST_API_HANDLER: HTTP/S POST failed for destination https://admin:*****@<agent interface address for management subnet>:35019/api/v1/connector/datasources/<data-collector-uuid>/ems-events. Error buffer string is: SSL: no alternative certificate subject name matches target ipv4 address '<agent interface address for management subnet>' 0x81351fc00: 0: ERR: EMS::REST_API_HANDLER: Unable to send the event callhome.arw.activity.seen to the destination https://admin:*****@<agent interface address for management subnet>:35019/api/v1/connector/datasources/<data-collector-uuid>/ems-events. Reason: SSL peer certificate or SSH remote key was not OK