Skip to main content
NetApp Knowledge Base

TLS handshake failure when connecting to StorageGRID object-store in Fabricpool

  1. Last updated
  2. Save as PDF
Views:
138
Visibility:
Public
Votes:
0
Category:
storagegrid-webscale
Specialty:
sgrid
Last Updated:

Applies to

  • NetApp StorageGRID
  • ONTAP FAS Cluster
  • Fabricpool configuration

Issue

  • Newly installed FAS cluster cannot connect to StorageGRID FabricPool.
  • The GRID is configured using subnet (/32) and the Client Network is configured using subnet (/26). 
  • The Intercluster LIFS can ping the StorageGRID tenant IP endpoint, but not able to connect.
  • Firewall is seeing packets received from FAS cluster but not from StorageGRID.
  • Error observed when creating object store with  -is-certificate-validation-enabled false:
    • Error: command failed: Cannot verify availability of the object store from node <cluster_name>.
      Reason: TLS: Handshake timed out.
  • Error observed when creating object store with -is-ssl-enabled false:
    • Error: command failed: Cannot verify availability of the object store from node <cluster_name>.
      Reason: Timeout: Operation "object_store_config_ksmf_iterator::create_imp()" took longer than 45 seconds to complete [from mgwd on node "cluster_name" (VSID: -1) to kernel at 100.xxx.xx.xxx].
  • Error running openssl command:
<cluster_name>::*> systemshell local sudo openssl s_client -connect <GRID_Endpoint>:<Port> -showcerts -CAfile /var/certificates/ssl/serverCA.pem
(system node systemshell)
CONNECTED(00000004)
write:errno=60
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 393 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.