In mTLS disabled AIQUM environment, when AIQUM Client-CA certificate on ONTAP is deleted, reachability issue to the cluster happens
Applies to
- Active IQ Unified Manager (AIQUM)
- ONTAP 9
- mTLS is disabled on AIQUM
- AIQUM Client-CA certificate on ONTAP is deleted
Issue
- Reachability issue to the cluster happens after deleting AIQUM Client-CA certificate on ONTAP.
- AIQUM GUI shows the following error:
username or password has changed. Edit the cluster and enter valid username and password.
server_acq.log
includes the following error:
INFO [common-pool-5016] c.o.m.h.AUAuditHttpClientManager (AUAuditHttpClientManager.java:38) - Creating datasource audit
INFO [common-pool-5016] c.o.s.a.d.n.t.z.ZAPIConnection (ZAPIConnection.java:766) - Inside after checking mutual tls
INFO [common-pool-5016] c.o.c.u.CredentialStoreUtils (CredentialStoreUtils.java:86) - Successfully retrieved the decrypted value
ERROR [common-pool-5016] c.o.s.a.d.n.t.z.ZAPIConnection (ZAPIConnection.java:629) - [netappfoundation] 10.20.30.40 - while executing ZAPIs on datasource: 10.20.30.40 IP: 10.20.30.40 for ZAPI: system-get-version, netapp.manage.NaAuthenticationException: Authorization failed netapp.manage.NaAuthenticationException: Authorization failed
INFO [common-pool-5016] c.o.s.a.d.n.NetAppOCIEDataSource (NetAppOCIEDataSource.java:337) - [] Total poll duration: 5162 ms
INFO [common-pool-5016] c.o.s.a.d.n.NetAppOCIEDataSource (NetAppOCIEDataSource.java:345) - [] -- Finished Poll --
ERROR [common-pool-5016] c.o.s.a.f.d.BaseDataSource (DataSourceErrorException.java:246) - 10.20.30.40 [Invalid login credentials] - Failed to log in to the cluster: 10.20.30.40 ([Device name 10.20.30.40]: Failed to login to the cluster.)
INFO [common-pool-5016] c.o.m.h.AUAuditHttpClientManager (AUAuditHttpClientManager.java:74) - Closing datasource audit
INFO [common-pool-5016] c.o.s.a.f.d.BaseDataSource (BaseDataSource.java:311) - [netappfoundation] 10.20.30.40 - Finished acquisition
- ONTAP's
apache-error.log
includes requests from AIQUM withnull
user..
[dot:error] [pid 8324:tid 34404257280] [client 10.20.30.41:60998] [vserver ID 4294967295] [service ontapi] Authentication denied for user null, application ontapi
[auth_basic:error] [pid 8324:tid 34404257280] [client 10.20.30.41:60998] AH01617: user null: authentication failure for "//servlets/netapp.servlets.admin.XMLrequest_filer": Password Mismatch