8.3.1.x seemed to break the Oracle Enterprise manager plugin Remote host closed connection durin

[ Edited ]

If you are using 8.3.1 P1 with sslv3 disabled and only tls1 enabled in Ontap,  the jdk version within the Oracle Agent needs to be updated from what I think was the default.


We were running with within agent12c/core/xxxxxx/jdk, we updated to and connectivity was ok once more.


I followed:


Oracle Support note Steps for Implementing TLSv1 with OEM to Fix Poodle Attack (Doc ID 2059368.1)

This one also relates:

CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control (Doc ID 1938799.1)


(Bit stange as pre 8.3.1 P1 running 8.2 tls1 was fine with the older version of the jdk)



I would like to thank Sachin @ Nettapp or their help. This was provided as a command line way to check if the plugin could talk to the agent:


To validate that NetApp Plug-in jars are able to communicate using TLSv1 protocol with ONTAP system, please run the following steps:

  1. Login to OEM Agent host wirh oracle user credentials where NetApp plug-in has been deployed.
  2. Goto /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.propetries
  3. cat  /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/| grep JAVA_HOME
  4. cd inside java_home
  5. java -jar <OEM_AGENT_HOST>/agent_inst/plugins/ <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsresponse

example: java -jar /u11/app/agent_inst/plugins/ 443 vsadmin netapp1! vsresponse

em_result =1

  1. If output is 1, NetApp Plug-in is able to communicate with Storage server and there are issues with OEM setting for TLSv1. If  output is 0, problem with NetApp Plug-in which we need to investigate further.
  2. If output is 1, try following command which communicated with storage server to retrieve details:

java -jar <OEM_AGENT_HOST>/agent_inst/plugins/ <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsproductinfo


When the agent was failing we got this in the log:




[2015-11-17 13:07:15,752] [main] [ERROR] Failed to initialize Zapi runner. :com.netapp.autozapi.client.ApiProtocolException: Connection error to Storage System 10.1.x.x: Remote host closed connection during handshake


hope this helps someone else.




Re: 8.3.1.x seemed to break the Oracle Enterprise manager plugin Remote host closed connection durin

[ Edited ]

Thank you, Chris for sharing your learnings on public forum for benefit of others.

Finally, Netapp Storage Plug-in for ONTAP version 8.3.1 with TLSv1 protocol enabled worked after upgrading Java version and applying POODLE patch as provided by Oracle mentioned in your post above.