ONTAP Discussions

8.3.1.x seemed to break the Oracle Enterprise manager plugin Remote host closed connection durin

ChrisYoung
2,992 Views

If you are using 8.3.1 P1 with sslv3 disabled and only tls1 enabled in Ontap,  the jdk version within the Oracle Agent needs to be updated from what I think was the default.

 

We were running with 1.6.0.43 within agent12c/core/xxxxxx/jdk, we updated to 1.6.0.95 and connectivity was ok once more.

 

I followed:

 

Oracle Support note Steps for Implementing TLSv1 with OEM 12.1.0.4 to Fix Poodle Attack (Doc ID 2059368.1)

This one also relates:

CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control (Doc ID 1938799.1)

 

(Bit stange as pre 8.3.1 P1 running 8.2 tls1 was fine with the older version of the jdk)

 

 

I would like to thank Sachin @ Nettapp or their help. This was provided as a command line way to check if the plugin could talk to the agent:

 

To validate that NetApp Plug-in jars are able to communicate using TLSv1 protocol with ONTAP system, please run the following steps:

  1. Login to OEM Agent host wirh oracle user credentials where NetApp plug-in has been deployed.
  2. Goto /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.propetries
  3. cat  /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.properties| grep JAVA_HOME
  4. cd inside java_home
  5. java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsresponse

example: java -jar /u11/app/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.0/scripts/OEMDataCollector.jar 10.232.14.56 443 vsadmin netapp1! vsresponse

em_result =1

  1. If output is 1, NetApp Plug-in is able to communicate with Storage server and there are issues with OEM setting for TLSv1. If  output is 0, problem with NetApp Plug-in which we need to investigate further.
  2. If output is 1, try following command which communicated with storage server to retrieve details:

java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsproductinfo

 

When the agent was failing we got this in the log:

 

agent12c/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/log/NetAppPlugin.log

 

[2015-11-17 13:07:15,752] [main] [ERROR] Failed to initialize Zapi runner. :com.netapp.autozapi.client.ApiProtocolException: Connection error to Storage System 10.1.x.x: Remote host closed connection during handshake

 

hope this helps someone else.

 

Chris

 

1 REPLY 1

sachin1
2,929 Views

Thank you, Chris for sharing your learnings on public forum for benefit of others.

Finally, Netapp Storage Plug-in for ONTAP version 8.3.1 with TLSv1 protocol enabled worked after upgrading Java version and applying POODLE patch as provided by Oracle mentioned in your post above.

 

Public