8.3.1.x seemed to break the Oracle Enterprise manager plugin Remote host closed connection durin
2015-11-23 08:06 AM
If you are using 8.3.1 P1 with sslv3 disabled and only tls1 enabled in Ontap, the jdk version within the Oracle Agent needs to be updated from what I think was the default.
We were running with 22.214.171.124 within agent12c/core/xxxxxx/jdk, we updated to 126.96.36.199 and connectivity was ok once more.
Oracle Support note Steps for Implementing TLSv1 with OEM 188.8.131.52 to Fix Poodle Attack (Doc ID 2059368.1)
This one also relates:
CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control (Doc ID 1938799.1)
(Bit stange as pre 8.3.1 P1 running 8.2 tls1 was fine with the older version of the jdk)
I would like to thank Sachin @ Nettapp or their help. This was provided as a command line way to check if the plugin could talk to the agent:
To validate that NetApp Plug-in jars are able to communicate using TLSv1 protocol with ONTAP system, please run the following steps:
- Login to OEM Agent host wirh oracle user credentials where NetApp plug-in has been deployed.
- Goto /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.propetries
- cat /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.properties| grep JAVA_HOME
- cd inside java_home
- java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_184.108.40.206.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsresponse
example: java -jar /u11/app/agent_inst/plugins/netapp.storage.sys.agent.plugin_220.127.116.11.0/scripts/OEMDataCollector.jar 10.232.14.56 443 vsadmin netapp1! vsresponse
- If output is 1, NetApp Plug-in is able to communicate with Storage server and there are issues with OEM setting for TLSv1. If output is 0, problem with NetApp Plug-in which we need to investigate further.
- If output is 1, try following command which communicated with storage server to retrieve details:
java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_18.104.22.168.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsproductinfo
When the agent was failing we got this in the log:
[2015-11-17 13:07:15,752] [main] [ERROR] Failed to initialize Zapi runner. :com.netapp.autozapi.client.ApiProtocolException: Connection error to Storage System 10.1.x.x: Remote host closed connection during handshake
hope this helps someone else.
1 REPLY 1
Re: 8.3.1.x seemed to break the Oracle Enterprise manager plugin Remote host closed connection durin
2015-11-30 09:22 AM
Thank you, Chris for sharing your learnings on public forum for benefit of others.
Finally, Netapp Storage Plug-in for ONTAP version 8.3.1 with TLSv1 protocol enabled worked after upgrading Java version and applying POODLE patch as provided by Oracle mentioned in your post above.