ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

8.3.1.x seemed to break the Oracle Enterprise manager plugin Remote host closed connection durin

ChrisYoung
‎2015-11-23 08:06 AM
2,991 Views

If you are using 8.3.1 P1 with sslv3 disabled and only tls1 enabled in Ontap,  the jdk version within the Oracle Agent needs to be updated from what I think was the default.

 

We were running with 1.6.0.43 within agent12c/core/xxxxxx/jdk, we updated to 1.6.0.95 and connectivity was ok once more.

 

I followed:

 

Oracle Support note Steps for Implementing TLSv1 with OEM 12.1.0.4 to Fix Poodle Attack (Doc ID 2059368.1)

This one also relates:

CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control (Doc ID 1938799.1)

 

(Bit stange as pre 8.3.1 P1 running 8.2 tls1 was fine with the older version of the jdk)

 

 

I would like to thank Sachin @ Nettapp or their help. This was provided as a command line way to check if the plugin could talk to the agent:

 

To validate that NetApp Plug-in jars are able to communicate using TLSv1 protocol with ONTAP system, please run the following steps:

  1. Login to OEM Agent host wirh oracle user credentials where NetApp plug-in has been deployed.
  2. Goto /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.propetries
  3. cat  /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.properties| grep JAVA_HOME
  4. cd inside java_home
  5. java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsresponse

example: java -jar /u11/app/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.0/scripts/OEMDataCollector.jar 10.232.14.56 443 vsadmin netapp1! vsresponse

em_result =1

  1. If output is 1, NetApp Plug-in is able to communicate with Storage server and there are issues with OEM setting for TLSv1. If  output is 0, problem with NetApp Plug-in which we need to investigate further.
  2. If output is 1, try following command which communicated with storage server to retrieve details:

java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsproductinfo

 

When the agent was failing we got this in the log:

 

agent12c/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/log/NetAppPlugin.log

 

[2015-11-17 13:07:15,752] [main] [ERROR] Failed to initialize Zapi runner. :com.netapp.autozapi.client.ApiProtocolException: Connection error to Storage System 10.1.x.x: Remote host closed connection during handshake

 

hope this helps someone else.

 

Chris

 

View By:
1 REPLY 1

sachin1
NetApp
‎2015-11-30 09:22 AM
2,928 Views

Thank you, Chris for sharing your learnings on public forum for benefit of others.

Finally, Netapp Storage Plug-in for ONTAP version 8.3.1 with TLSv1 protocol enabled worked after upgrading Java version and applying POODLE patch as provided by Oracle mentioned in your post above.

 

All Community Forums
Public