NetApp ACP status showing “Partial connectivity ” after IOM6 firmware upgrade

Had an issue this week on a pair of FAS8080s running 8.2.2P1 Cluster-Mode. During firmware upgrade for IOM6 module from version 0208 to 0209, I ran into ACP (Alternate Control Path) Connectivity Status showing “Partial Connectivity”.

I followed the recommended action plan:
1. Disable the ACP feature in ONTAP:
>options acp.enabled off
2. Reseat the IOM module with the unresponsive ACP processor.
3. Reenable the ACP feature:
>options acp.enabled on

That however, did not resolve the issue and we had to replace the module in order to correct. I did not disable ACP prior to replacement.

After replacement, ACP shows status “Additional Connectivity”:

ACP status then shows “Full Connectivity” with module status as “inactive (upgrading firmware)”:

After firmware upgrade from 02.08 to 02.09, the module reboots:

It reports 02.09 firmware and status “inactive (initializing)”:

And concludes with status “active”:

I didn’t expect to resolve this via HW replacement because it hadn’t been reporting an ACP issue prior to the IOM6 firmware upgrade. But that’s what resolved it.

Enabling tracking quotas in NetApp Cluster-Mode

Tracking quotas are like regular quotas but without any quota limits enforced. Tracking quotas enable you to generate disk and file capacity reports, and when used in conjunction with quotas they are helpful because you can resize quota values without having to reinitialize (turning them off and on to activate).

I recently used tracking quotas on volumes dedicated for user home directories in order to automated a chargeback report of user directory folder sizes using the Data ONTAP PowerShell Toolkit. But more on that later. First we need to get tracking quotas enabled.

We begin by creating a quota policy:

::> quota policy create -vserver vserver_name -policy-name quotatrackingpolicy

Create tracking quota rule(s) (this can be qtrees or volumes, I prefer using volumes):

::> quota policy rule create -vserver vserver_name -policy-name quotatrackingpolicy -volume uservol1 -type tree -target "" 

::> quota policy rule create -vserver vserver_name -policy-name quotatrackingpolicy -volume uservol2 -type tree -target "" 

::> quota policy rule create -vserver vserver_name -policy-name quotatrackingpolicy -volume uservol3 -type tree -target "" 

Configure the vserver to use the policy you created:

::> vserver modify -vserver vserver_name -quota-policy quotatrackingpolicy

Enable the quotas on the volume(s):

::> quota modify -vserver vserver_name -volume uservol1 -state on
[Job 4992] Job is queued: "quota on" performed for quota policy "quotatrackingpolicy" on volume "uservol1" in Vserver "vserver_name".

::> quota modify -vserver vserver_name -volume uservol1 -state on
[Job 4993] Job is queued: "quota on" performed for quota policy "quotatrackingpolicy" on volume "uservol2" in Vserver "vserver_name".

::> quota modify -vserver vserver_name -volume uservol1 -state on
[Job 4994] Job is queued: "quota on" performed for quota policy "quotatrackingpolicy" on volume "uservol3" in Vserver "vserver_name".

Test volume quota report:

::> quota report -volume uservol1 -vserver vserver_name
Vserver: vserver_name  
                                    ----Disk----  ----Files-----   Quota
Volume   Tree      Type    ID        Used  Limit    Used   Limit   Specifier  
-------  --------  ------  -------  -----  -----  ------  ------   ---------
uservol1    user  *  0B    -       0       -   *  
uservol1    user  BUILTINAdministrators  78.74GB  -  163733  -  
uservol1    user  root  0B  -      2       -  
uservol1    user  ADDOMAINuser1  495.3MB  -  13087  -   *  
uservol1    user  ADDOMAINuser2  3.88GB  -  49889  -   *  
uservol1    user  ADDOMAINuser3  38.03MB  -  301  -   *  
uservol1    user  ADDOMAINuser4 3.33GB  -  9079  -   *  
uservol1    user  ADDOMAINuser5  3.18GB  -  37629  -   *  
uservol1    user  ADDOMAINuser6  612.0MB  -  4815  -   *  
uservol1    user  ADDOMAINuser7  83.76MB  -  989  -   *  
uservol1    user  ADDOMAINuser8  260.4MB  -  5378  -   *  
11 entries were displayed.  

For more information, visit here:
And here:

Use PowerShell to get Active Directory Office Phone Number

Happy Friday Everyone. I am horrible with remembering phone numbers so this is a good little one-liner to know.

Obviously, this relies on (1) OfficePhone being populated in AD (2) knowing the last name of the person you are trying to call. But it’s faster than several mouse clicks in Outlook Address Book, if you’re already in PowerShell, which I tend to be.

Get-ADUser -filter 'Surname -like "Lastname"' -Properties Officephone | Select Name, Officephone  

Disable SSLv2 and SSLv3 in Data ONTAP 7-mode for CVE-2016-0800 and CVE-2014-3566

NetApp KB1015015 provides information and procedures for disabling SSLv2 and SSLv3 in Data ONTAP operating in 7-Mode and clustered Data ONTAP versions 8.1 though 8.3 for CVE-2016-0800 and CVE-2014-3566.

The procedure is 2-steps: (1) enable tls (disabled by default and must be enabled prior to disabling SSL) and (2) disable SSLv2 and v3.

The following simple PowerShell script will automate performing this procedure on multiple number of 7-mode systems.

It relies on either either specifying filername or providing a .csv list of filernames it can authenticate against.

.CSV file should be formatted as:

#requires -Version 2 -Modules dataontap
        Simple script which automates disabling SSLv2 and SSLv3 in Data ONTAP 7-Mode for CVE-2016-0800 and CVE-2014-3566.

        Uses Set-NaOption to enable tls and disable SSLv2 and v3.

        .PARAMETER filer
        Specifies the name of the NetApp filer. Optional.

        (1) Script will prompt for credentials. Uses same cred for multiple filers.
        (2) If no parameter is specified it will prompt for .csv list of filers. 
        .CSV should be formatted as:

        C:PS> netapp-disable-ssl-7mode.pst 

        C:PS> netapp-disable-ssl-7mode.pst filer1

        Author: David Maldonado
        Date: 09/01/2016
        Version: 1.0 - Initial Script - for 7mode

param( [string[]] $filerinput)  
If ($filerinput -eq $NULL)  
    function Get-FileName($initialDirectory)
        $NULL = [System.Reflection.Assembly]::LoadWithPartialName('')

        $OpenFileDialog = New-Object -TypeName System.Windows.Forms.OpenFileDialog
        $OpenFileDialog.initialDirectory = $initialDirectory
        $OpenFileDialog.filter = 'All files (*.*)| *.*'
        $NULL = $OpenFileDialog.ShowDialog()
    Write-Host -Object 'No controller specified, please provide source .csv file.' -BackgroundColor Yellow -ForegroundColor Blue 
    $filers = Import-Csv (Get-FileName -initialDirectory 'c:') 
    $filers = $filerinput 

    $filerresults = @() 
    $filerhash = foreach ($filer in $filers)
        $filerresult  = New-Object -TypeName PSObject
        $filerresult  | Add-Member -MemberType NoteProperty -Name 'name' -Value $filer
        $filerresults += $filerresult

    $filers = $filerresults | Select-Object -Property *

Import-Module -Name DataONTAP  
$mycreds = (Get-Credential)
function Disable-7MSSL  
    Connect-NaController -Name $ -Credential $mycreds

    Set-NaOption -OptionName tls.enable -OptionValue on
    if (((Get-NaOption -OptionNames tls.enable).value) -eq 'on') 
        Set-NaOption -OptionName ssl.v2.enable -OptionValue off
        Set-NaOption -OptionName ssl.v3.enable -OptionValue off

Foreach ($filer in $filers)