2015-11-23 08:06 AM - edited 2015-11-30 09:00 AM
If you are using 8.3.1 P1 with sslv3 disabled and only tls1 enabled in Ontap, the jdk version within the Oracle Agent needs to be updated from what I think was the default.
We were running with 220.127.116.11 within agent12c/core/xxxxxx/jdk, we updated to 18.104.22.168 and connectivity was ok once more.
Oracle Support note Steps for Implementing TLSv1 with OEM 22.214.171.124 to Fix Poodle Attack (Doc ID 2059368.1)
This one also relates:
CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control (Doc ID 1938799.1)
(Bit stange as pre 8.3.1 P1 running 8.2 tls1 was fine with the older version of the jdk)
I would like to thank Sachin @ Nettapp or their help. This was provided as a command line way to check if the plugin could talk to the agent:
To validate that NetApp Plug-in jars are able to communicate using TLSv1 protocol with ONTAP system, please run the following steps:
example: java -jar /u11/app/agent_inst/plugins/netapp.storage.sys.agent.plugin_126.96.36.199.0/scripts/OEMDataCollector.jar 10.232.14.56 443 vsadmin netapp1! vsresponse
java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_188.8.131.52.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsproductinfo
When the agent was failing we got this in the log:
[2015-11-17 13:07:15,752] [main] [ERROR] Failed to initialize Zapi runner. :com.netapp.autozapi.client.ApiProtocolException: Connection error to Storage System 10.1.x.x: Remote host closed connection during handshake
hope this helps someone else.
2015-11-30 09:22 AM - edited 2015-11-30 09:23 AM
Thank you, Chris for sharing your learnings on public forum for benefit of others.
Finally, Netapp Storage Plug-in for ONTAP version 8.3.1 with TLSv1 protocol enabled worked after upgrading Java version and applying POODLE patch as provided by Oracle mentioned in your post above.