Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 18 results
    • Why does WS blocks an user for activities on devices excluded from WS attack Policy?
      https://kb.netapp.com/Cloud/BlueXP/DII/Why_does_WS_blocks_an_user_for_activities_on_devices_excluded_from_WS_attack_Policy
      The device list in automated response attack policy is only applicable for taking snapshots of the impacted volumes on vserver devices depending on they are included or not, where as user blocking wil...The device list in automated response attack policy is only applicable for taking snapshots of the impacted volumes on vserver devices depending on they are included or not, where as user blocking will be done anyway to prevent further attacks irrespective of the source device is included/excluded on the device list However blocking user, is done on all 3 devices as long as they are on the WS data collectors list so attack cannot proceed on new devices/volumes
    • Block User Access does not work with error "Reason vserver svm name not found"
      https://kb.netapp.com/Cloud/BlueXP/DII/Block_User_Access_does_not_work_with_error_Reason_vserver_svm_name_not_found
      Applies to Cloud Insights Storage Workload Security Issue When attack is detected or Block User button is pressed, Block User Access fails with error: SID to DomainName transformation failed. Reason v...Applies to Cloud Insights Storage Workload Security Issue When attack is detected or Block User button is pressed, Block User Access fails with error: SID to DomainName transformation failed. Reason vserver svm name not found
    • Storage Workload Security External Fpolicy server terminated error
      https://kb.netapp.com/Cloud/BlueXP/DII/Storage_Workload_Security_External_Fpolicy_server_terminated_error
      Applies to Data Infrastructure Insights (DII) (formerly Cloud Insights) Software Workload Security(SWS) Issue SWS data collector fails to connect Error on GUI: Connector is in error state. Service.nam...Applies to Data Infrastructure Insights (DII) (formerly Cloud Insights) Software Workload Security(SWS) Issue SWS data collector fails to connect Error on GUI: Connector is in error state. Service.name: audit. Reason for failure: External fpolicy server terminated
    • How to manually unblock SMB/CIFS access that blocked by Workload security
      https://kb.netapp.com/Cloud/BlueXP/DII/How_to_manually_unblock_SMB_CIFS_access_that_blocked_by_Workload_security
      Use the following steps to manually restore any users from ONTAP if your Workload Security trial expires, or if the agent/collector is down. You can get the list of users blocked in Workload Security ...Use the following steps to manually restore any users from ONTAP if your Workload Security trial expires, or if the agent/collector is down. You can get the list of users blocked in Workload Security from the users list page. Run the following command to list all users blocked by Workload Security for SMB in all SVMs: Once we identify the position from the above output, run the following command to unblock the user:
    • Data Infrastructure Insights Workload Security data collector: External fpolicy server terminated
      https://kb.netapp.com/Cloud/BlueXP/DII/DII_Workload_Security_data_collector_External_fpolicy_server_terminated
      Applies to Workload Security (Formerly Cloud Secure) Data collector Cloud Secure agent The Workload Security data collector is in error state: Connector is in error state. Reason for failure: External...Applies to Workload Security (Formerly Cloud Secure) Data collector Cloud Secure agent The Workload Security data collector is in error state: Connector is in error state. Reason for failure: External fpolicy server terminated. The EMS errors on ONTAP provided error: No local lif present to connect to FPolicy server Node failed to establish a connection with the FPolicy server "10.10.10.10" of policy "Cloud Secure" for Vserver VS1 (reason: "TCP Connection to FPolicy server failed.
    • Enabling MAV prevents Workload Security Block User Access
      https://kb.netapp.com/Cloud/BlueXP/DII/Enabling_MAV_prevents_Workload_Security_Block_User_Access
      Applies to Cloud Insights Storage Workload Security ONTAP 9 Multi-admin verification (MAV) rules include Operation: set with Query: -privilege diagnostic Issue When attack is detected or Block User bu...Applies to Cloud Insights Storage Workload Security ONTAP 9 Multi-admin verification (MAV) rules include Operation: set with Query: -privilege diagnostic Issue When attack is detected or Block User button is pressed, Block User Access fails with error: SID translate failed. Reason:255:Error: command failed: The security multi-admin-verify request (index x)requires approval.Error: "access-check" is not a recognized command
    • External fpolicy server terminated due to multiple default gateways
      https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/External_fpolicy_server_terminated_due_to_multiple_default_gateways
      Unable to add a data connectors to WorkLoad Security 00000059.001a095d 01b97fd3 Thu Jan 04 2024 23:55:52 +01:00 [kern_fpolicy:error:7186] Establish TCP connection returned error.[0x0x807a8c500] src/fs...Unable to add a data connectors to WorkLoad Security 00000059.001a095d 01b97fd3 Thu Jan 04 2024 23:55:52 +01:00 [kern_fpolicy:error:7186] Establish TCP connection returned error.[0x0x807a8c500] src/fsm/fsm_external_engine.cc:5042 00000059.001a095e 01b97fd3 Thu Jan 04 2024 23:55:52 +01:00 [kern_fpolicy:info:7186] Connect to Server[<SWS Agent Server IP>] hit max retries Setting the state to SERVER_DISCONNECTED. [0x0x807a8c500] src/fsm/fsm_external_engine.cc:2809
    • WS failed to connect to ONTAP data collector with multiple cluster management LIF
      https://kb.netapp.com/Cloud/BlueXP/DII/WS_failed_to_connect_to_ONTAP_data_collector_with_multiple_cluster_management_LIF
      Applies to ONTAP 9.x ONTAP SVM Data collector WS ONTAP Data collector failed to connect via cluster management IP GUI Error: Failed to determine ONTAP type for [hostname:<cluster_management_IP>, subDa...Applies to ONTAP 9.x ONTAP SVM Data collector WS ONTAP Data collector failed to connect via cluster management IP GUI Error: Failed to determine ONTAP type for [hostname:<cluster_management_IP>, subDataSourceName:<cluster_name>]. Reason: Connection error to Storage System <cluster_management_IP>:Remote host terminated the handshake Checked the port connectivity between linux WS agent and ONTAP which worked fine SSH from the WS agent towards the ONTAP cluster mgmt IP fails
    • Workload Security data collector fails with External fpolicy server terminated
      https://kb.netapp.com/Cloud/BlueXP/DII/Workload_Security_data_collector_fails_with_External_fpolicy_server_terminated
      Reason for failure: External fpolicy server terminated.","target":"ONTAP Datasource Connector: 10.10.10.10"},"id":"3d6509b0-ebe7-4dd2-8a23-16c266738b2c","name":"10.10.10.10","services":[{"name":"inven...Reason for failure: External fpolicy server terminated.","target":"ONTAP Datasource Connector: 10.10.10.10"},"id":"3d6509b0-ebe7-4dd2-8a23-16c266738b2c","name":"10.10.10.10","services":[{"name":"inventoryLdapUserDirectory","status":"running"},{"name":"audit","status":"failed"},{"name":"inventoryCifsShare","status":"running"},{"name":"inventoryVolume","status":"running"},{"name":"inventoryExport","status":"running"},{"name":"usersUnixLocalUserDirectory","status":"running"},{"name":"metadata","st…
    • Unable to add the Cloud Workload Security Agent VM server in Cloud Insights
      https://kb.netapp.com/Cloud/BlueXP/DII/Unable_to_add_the_Cloud_Workload_Security_Agent_VM_server_in_Cloud_Insights
      Unable to add the CS Agent VM server in CI under Data Collectors " Installed Agents" list. The error in Cloud secure logs is as follows /opt/netapp/cloudsecure/agent/logs/agent.log 2021-10-18T06:04:01...Unable to add the CS Agent VM server in CI under Data Collectors " Installed Agents" list. The error in Cloud secure logs is as follows /opt/netapp/cloudsecure/agent/logs/agent.log 2021-10-18T06:04:01,149 [ERROR] [prod] [tenant_id] [agent_id] [agent-CommunicationManager] - Certificate request failed, reason: Sign Agent certificate request failed. Reason: Certificate request failed, reason: Sign Agent certificate request failed.
    • Workload Security Data Collector does not recover automatically after network failure
      https://kb.netapp.com/Cloud/BlueXP/DII/Workload_Security_Data_Collector_does_not_recover_automatically_after_network_failure
      Data Collector is in Error status in Workload Security > Collectors > Data Collectors with the following message after temporary network failure: 2023-06-29T02:47:18,009 [ERROR] [prod] [<ID>] [<DATA_C...Data Collector is in Error status in Workload Security > Collectors > Data Collectors with the following message after temporary network failure: 2023-06-29T02:47:18,009 [ERROR] [prod] [<ID>] [<DATA_COLLECTOR_ID>] [3733] [datasource-AuditManager] - Exception occurred while starting : Connection error to Storage System <STORAGE_IP>: No route to host (Host unreachable)