If you are using 8.3.1 P1 with sslv3 disabled and only tls1 enabled in Ontap, the jdk version within the Oracle Agent needs to be updated from what I think was the default.
We were running with 1.6.0.43 within agent12c/core/xxxxxx/jdk, we updated to 1.6.0.95 and connectivity was ok once more.
I followed:
Oracle Support note Steps for Implementing TLSv1 with OEM 12.1.0.4 to Fix Poodle Attack (Doc ID 2059368.1)
This one also relates:
CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control (Doc ID 1938799.1)
(Bit stange as pre 8.3.1 P1 running 8.2 tls1 was fine with the older version of the jdk)
I would like to thank Sachin @ Nettapp or their help. This was provided as a command line way to check if the plugin could talk to the agent:
To validate that NetApp Plug-in jars are able to communicate using TLSv1 protocol with ONTAP system, please run the following steps:
- Login to OEM Agent host wirh oracle user credentials where NetApp plug-in has been deployed.
- Goto /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.propetries
- cat /<OEM_AGENT_HOST>/agent_inst/agent_inst/sysman/config/emd.properties| grep JAVA_HOME
- cd inside java_home
- java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsresponse
example: java -jar /u11/app/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.0/scripts/OEMDataCollector.jar 10.232.14.56 443 vsadmin netapp1! vsresponse
em_result =1
- If output is 1, NetApp Plug-in is able to communicate with Storage server and there are issues with OEM setting for TLSv1. If output is 0, problem with NetApp Plug-in which we need to investigate further.
- If output is 1, try following command which communicated with storage server to retrieve details:
java -jar <OEM_AGENT_HOST>/agent_inst/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/OEMDataCollector.jar <VSERVER_MGMT_IP> 443 <vserver_user_account> <password> vsproductinfo
When the agent was failing we got this in the log:
agent12c/plugins/netapp.storage.sys.agent.plugin_12.1.0.3.1/scripts/log/NetAppPlugin.log
[2015-11-17 13:07:15,752] [main] [ERROR] Failed to initialize Zapi runner. :com.netapp.autozapi.client.ApiProtocolException: Connection error to Storage System 10.1.x.x: Remote host closed connection during handshake
hope this helps someone else.
Chris