Protocol and certificate management issues, Gathering additional information – Dell POWEREDGE M1000E User Manual
Page 79
Fabric OS Troubleshooting and Diagnostics Guide
65
53-1001769-01
Protocol and certificate management issues
6
Symptom
Switch is unable to form an F_Port.
Probable cause and recommended action
Regardless of the device authentication policy mode on the switch, the F_Port is disabled if the
DH-CHAP protocol fails to authenticate. If the HBA sets the FC-SP bit during FLOGI and the switch
sends a FLOGI accept with FC-SP bit set, then the switch expects the HBA to start the
AUTH_NEGOTIATE. From this point on until the AUTH_NEGOTIATE is completed, all ELS and CT
frames, except the AUTH_NEGOTIATE ELS frame, are blocked by the switch. During this time, the
Fibre Channel driver rejects all other ELS frames. The F_Port will not form until the
AUTH_NEGOTIATE is completed. It is the HBA's responsibility to send an Authentication Negotiation
ELS frame after receiving the FLOGI accept frame with the FC-SP bit set.
Protocol and certificate management issues
This section provides information and procedures for troubleshooting standard Fabric OS security
features such as protocol and certificate management.
Symptom
Troubleshooting certificates
Probable cause and recommended action
If you receive messages in the browser or in a pop-up window when logging in to the target switch
using HTTPS, refer to
for recommended actions you can take to correct the problem.
Gathering additional information
For security-related issues, use the following guidelines to gather additional data for your switch
support provider.
•
Perform a supportSave -n command.
•
If not sure about the problem area, collect a supportSave -n from all switches in the fabric.
•
If you think it may be related to E_Port authentication then collect a supportSave -n from both
switches of the affected E_Port.
TABLE 13
SSL messages and actions
Message Action
The page cannot be displayed
The SSL certificate is not installed correctly or HTTPS is not
enabled correctly. Make sure that the certificate has not expired,
that HTTPS is enabled, and that certificate file names are
configured correctly.
The security certificate was issued by a
company you have not chosen to trust.
The certificate is not installed in the browser. Install it as
described in the Fabric OS Administrator’s Guide.
The security certificate has expired or is not yet
valid
Either the certificate file is corrupted or it needs to be updated.
Click View Certificate to verify the certificate content. If it is
corrupted or out of date, obtain and install a new certificate.
The name on the security certificate is invalid
or does not match the name of the site file
The certificate is not installed correctly in the Java Plug-in. Install
it as described in the Fabric OS Administrator’s Guide.
This page contains both secure and nonsecure
items. Do you want to display the nonsecure
items?
Click No in this pop-up window. The session opens with a closed
lock icon on the lower-right corner of the browser, indicating an
encrypted connection.