#Connect-NcController errors with "rdfile /etc/powershell"} :: Error: not authorized for that command

Hi All,

Hopeing you can help with this as support have said they can't 😦

I upgrade ONTAP from 9.13.1 to 9.15.1 a couple of weeks ago and when running a Powershell script now receive the following error in the audit log:

POST /api/private/cli : {"input":"node run nodename -command rdfile /etc/powershell"} :: Error: not authorized for that command

This occurs when running the Connect-NcController cmdlet under Powershell 5.1 with NetApp.Ontap module 9.16.1.2501. The user I am connecting as has the admin role. I have already had to add the http application to their login; they previously just has the ontapi.

When I run "node run nodename -command rdfile /etc/powershell" as another use with the admin role and ssh application, I get the content of the file. Do I have to add the cosole/ssh application for this user too?

Thanks for any insights offered.

Mark

Do I have to add the cosole/ssh application for this user too?
I would just try that first

Ok, let me give you a bit more background to narrow down the problem. I should have tried this yesterday but sometimes you need a good nights sleep to see things clearly again.

I did have this particular script running on a Windows 2016 server using the DataONTAP module 4.1.0. I need to migrate that to a Windows 2025 server and installed the latest NetApp.Ontap module 9.16.1.2501 (as I noted above).

If I run the script on the old server, it works. So this is something to do with the changes in the module, rather than changes in Ontap. I appreciate that there have probably been a lot of changes between these module so I'll do some digging, but if anyone can point me in the right direction, I'd appreciate it.

Yeah, there were a lot of changes between the old "DataONTAP" module and the new "NetApp.ONTAP" modules. They are not in any way plug-and-play compatible, even if the commandlets have the same name. We had to basically re-build our scripts from scratch using the new modules

Found the error in my script. I was specifiying the -HTTPS parameter with the Connect-NcController cmdlet. This is no longer supported; I guess no longer necessary. As I'd wrapped that command in a try, catch I wasn't seeing the actual error.
The Connect-NcController still generates the error in the audit log about not being authorized to access /etc/powershell, it does actually connect. I'll see if that makes any difference to permitted functionality and if not, it makes me wonder what /etc/powershell is for?