Skip to main content
NetApp Knowledge Base

In mTLS disabled AIQUM environment, when AIQUM Client-CA certificate on ONTAP is deleted, reachability issue to the cluster happens

Views:
40
Visibility:
Public
Votes:
0
Category:
active-iq-unified-manager
Specialty:
om
Last Updated:

Applies to

  • Active IQ Unified Manager (AIQUM)
  • ONTAP 9
  • mTLS is disabled on AIQUM
  • AIQUM Client-CA certificate on ONTAP is deleted

Issue

  • Reachability issue to the cluster happens after deleting AIQUM Client-CA certificate on ONTAP.
  • AIQUM GUI shows the following error:

username or password has changed. Edit the cluster and enter valid username and password.

  • server_acq.log includes the following error:

INFO  [common-pool-5016] c.o.m.h.AUAuditHttpClientManager (AUAuditHttpClientManager.java:38) - Creating datasource audit
INFO  [common-pool-5016] c.o.s.a.d.n.t.z.ZAPIConnection (ZAPIConnection.java:766) - Inside after checking mutual tls
INFO  [common-pool-5016] c.o.c.u.CredentialStoreUtils (CredentialStoreUtils.java:86) - Successfully retrieved the decrypted value
ERROR [common-pool-5016] c.o.s.a.d.n.t.z.ZAPIConnection (ZAPIConnection.java:629) - [netappfoundation] 10.20.30.40 - while executing ZAPIs on datasource: 10.20.30.40 IP: 10.20.30.40 for ZAPI: system-get-version, netapp.manage.NaAuthenticationException: Authorization failed netapp.manage.NaAuthenticationException: Authorization failed
INFO  [common-pool-5016] c.o.s.a.d.n.NetAppOCIEDataSource (NetAppOCIEDataSource.java:337) - [] Total poll duration: 5162 ms
INFO  [common-pool-5016] c.o.s.a.d.n.NetAppOCIEDataSource (NetAppOCIEDataSource.java:345) - [] -- Finished Poll --
ERROR [common-pool-5016] c.o.s.a.f.d.BaseDataSource (DataSourceErrorException.java:246) - 10.20.30.40 [Invalid login credentials] - Failed to log in to the cluster: 10.20.30.40 ([Device name 10.20.30.40]: Failed to login to the cluster.)
INFO  [common-pool-5016] c.o.m.h.AUAuditHttpClientManager (AUAuditHttpClientManager.java:74) - Closing datasource audit
INFO  [common-pool-5016] c.o.s.a.f.d.BaseDataSource (BaseDataSource.java:311) - [netappfoundation] 10.20.30.40 - Finished acquisition

  • ONTAP's apache-error.log  includes requests from AIQUM with null user..

[dot:error] [pid 8324:tid 34404257280] [client 10.20.30.41:60998] [vserver ID 4294967295] [service ontapi] Authentication denied for user null, application ontapi
[auth_basic:error] [pid 8324:tid 34404257280] [client 10.20.30.41:60998] AH01617: user null: authentication failure for "//servlets/netapp.servlets.admin.XMLrequest_filer": Password Mismatch

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.