What are the options available as Antivirus Connector Command Line Switches
Applies to
- ONTAP 9
- Antivirus (Vscan)
- ONTAP AV Connector
Answer
Below are the list of command line switches available for the AV Connector and use case examples
IpAddrToDns
- Users will be using DNS load balancing round-robin and this can prevent the AV Connector from connecting to data LIFs on some nodes.
- Setting the /IpAddrToDns to true will enable reverse DNS lookups from the AV Connector (default behavior)
- Setting the /IpAddrToDns to falesewill disable reverse DNS lookups from the AV Connector
- From a CMD window on the Vscan server, run net start ontapavc /ipaddrtodns:<true/false>
Example:
C:\Users\Administrator>net start ontapavc /ipaddrtodns:false
The ONTAP AV Connector service is starting.
The ONTAP AV Connector service was started successfully.
transport and port
- By default, the AV Connector issues ONTAPI calls to get a list of data LIFS over HTTPS and port 443
- The mechanism to change this behavior is listed below:
/transport:http
- With this setting, the AV Connector will utilize HTTP
- This will need to be used in conjunction with the
/port
setting to port 80
/transport:https
- With this setting, the AV Connector will utilize https. It will need to be used in conjunction with the
/port
setting to default back to port 443 - This parameter is not required as this is the default behavior
- With this setting, the AV Connector will utilize https. It will need to be used in conjunction with the
/port:<port>
- Values can be set for: 1 > 65535 (default 443)
- By default, the AV Connector issues ONTAPI calls to get a list of data LIFS over HTTPS and port 443
- The mechanism to change this behavior is listed below:
/transport:http
- With this setting, the AV Connector will utilize HTTP
- This will need to be used in conjunction with the
/port
setting to port 80
/transport:https
- With this setting, the AV Connector will utilize https. It will need to be used in conjunction with the
/port
setting to default back to port 443 - This parameter is not required as this is the default behavior
- With this setting, the AV Connector will utilize https. It will need to be used in conjunction with the
/port:<port>
- Values can be set for: 1 > 65535 (default 443)
Note: This methodcan be used in troubleshooting contents of the ZAPI call, needs to be captured in a packet trace or in situations where non-default ports are utilized for transport.
- From the Vscan server, use a CMD promp to run:
net start ontapavc /transport: http /port:80
Example:
C:\Users\Administrator>net start ontapavc /transport:http /port:80
The ONTAP AV Connector service is starting.
The ONTAP AV Connector service was started successfully.
Note: The same transport and port settings can be used when utilizing the AV Connector GUI for testing of ZAPI calls to the SVM.
- Changing via this method will only affect the TEST functionality built into the GUI
- Two ways to accomplish this:
- Add parameters to the shortcut:
Other Switches
- Other switches that are available with AV Connector
- Command-line option (version 1.0.3 and up) (/updatePassword:<user>:<newPassword>) for changing the password of an account.
- Once mregfa application (“Configure ONTAP Management LIFs”) is run with this option, it goes through the list of mgmt entries and changes the passwords for the entries whose user-name matches the supplied user-name. For the entries with different user, it does nothing.
- Silent install:
/S /v /qn SVCUSERNAME=* SRV_PASSWORD=*
- There is a way to install a windows executable silently
- This can be used if users are planning to deploy a large number of AV servers:
C:\>”ONTAP AV Connector-1.0.4.exe” /S /v /qn SVCUSERNAME=domain\admin SRV_PASSWORD=mypasswd"
- Command-line option (version 1.0.3 and up) (/updatePassword:<user>:<newPassword>) for changing the password of an account.
- Users might be able to utilize this procedure to try and automate AV Connector installs\configurations in their environment
- This might require scripting knowledge and is outside the scope of Netapp Technical Support
- Slient install:
C:\tempdir>"ONTAP AV Connector-1.0.4.exe" /S /v" /qn SVCUSERNAME=domaina\administrator SRV_PASSWORD=pass123!"
- Add multi-string registry with some random password:
C:\>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data ONTAP\Clustered Data ONTAP Antivirus Connector\v1.0\mgmt-lifs" /v mgmt-lif:60:10.238.7.21 /t REG_MULTI_SZ /d "fsct\administrator\0randompassword\0"
The operation completed successfully.
- Update the password:
- This also obfuscates the credentials and changes the registry format to binary
C:\Program Files (x86)\ONTAP AV Connector>mregfa.exe [/updatePassword:[user]:[password]]
C:\Program Files (x86)\ONTAP AV Connector>mregfa.exe /updatepassword:vsadmin:cifs*1234
- This also obfuscates the credentials and changes the registry format to binary
- Test password:
C:\Program Files (x86)\ONTAP AV Connector>mregfa.exe /testPassword
Attempting REST API connection to ONTAP LIF 192.168.0.101 using HTTPS on port 443... REST API call to 192.168.0.101 using account "DEMO\nasav2" was successful.
- Remote execution:
PS C:\Users\administrator.DOM> invoke-command -ComputerName vmwin204-254 -ScriptBlock { & 'C:\Program Files (x86)\ONTAP AV Connector\mregfa.exe' -something "/updatePassword:admin:netapp1!" }
- Slient install:
- This might require scripting knowledge and is outside the scope of Netapp Technical Support
Additional Information