跳转到主内容

由于用于相互TLS通信的CA证书已过期、AIQUM中的集群采集失败

  1. 最后更新
  2. 另存为PDF
Views:
86
Visibility:
Public
Votes:
0
Category:
active-iq-unified-manager
Specialty:
om
Last Updated:

适用场景

  • Active IQ Unified Manager (AIQUM) 9.12及更高版本
  • ONTAP 9.10及更高版本
  • 已为ONTAP集群启用相互传输层安全(MTLS/相互TLS)

问题描述

  • AIQUM信息板显示Cluster discovery failed. Rediscover the cluster after resolving the issue.
  • 集群发现会显示"Failed" 新添加集群的"Failed"  。
  • 操作状态 是Failed 存储管理">"集群设置"中的Failed for Health Poll operation.
  • Cluster Monitoring Failed  和 Mutual TLS Certificate Expire  触发的事件
  • 不会显示最新性能图形
  • 不会反映最近的配置更改(例如创建qtree)
  • ocumserver.log 显示错误:

INFO [oncommand] [org.springframework.jms.listener.DefaultMessageListenerContainer#0-1] [com.netapp.ipc.jms.OCIE_Events] OCIE JMS notification message received: {WarningCount=0, DatasourceName=<cluster_name>, DatasourceID=1, Error0_ClusterManagementIP=<cluster_name>, PackageName=netappfoundation, TotalReportTime=-1, PollStartTime=1711675762833, ErrorCount=1, Success=false, DurationTime=554, Error0_Message=[Device name <cluster_name>]: Communication problem with the cluster: <cluster_name>, command: system-get-version, error: 'Received fatal alert: certificate_expired' on try 5 out of 5, TotalZAPITime=-1, NotificationType=PACKAGE_COMPLETED, Error0_Type=NETWORK_ACCESS_FAILURE, UpdateTime=1711675763398, Error0_Port=443, MessageType=PACKAGE_NOTIFICATION, Error0_Zapi=system-get-version}

  • au.log 显示错误:

ERROR [common-pool-XX] c.o.s.a.d.n.t.z.ZAPIConnection (ZAPIConnection.java:442) - [netappfoundation] <cluster_name> - Communication problem with the cluster: <cluster_name>, command: system-get-version, error: 'Received fatal alert: certificate_expired' on try 5 out of 5

  • ONTAP报告mgmtgwd.certificate.expired 和/或mgmtgwd.certificate.expiring EMS事件
    • [Node_Name: mgwd: security.invalid.login:alert]: Failed to authenticate login attempt to Vserver: <vserver_name>, username: null, application: ontapi. audit-mlog shows: [kern_audit:info:3385] 8503e8000065373d :: <cluster_name>:ontapi :: <AIQUM_IP>:52346 :: <cluster_name>:null :: Login Attempt :: Error: Authentication failed
    • [Nodename: mgwd: mgmtgwd.certificate.expired:error]: A digital certificate with Fully Qualified Domain Name (FQDN) admin, Serial Number xxxxxxxxxxx, Certificate Authority 'admin' and type client-ca for Vserver svm0 has expired.

 

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.