ORACLE EM DBA

Problems, Solutions, Test Cases from my professional and personal experience in technologies like Oracle Enterprise Manager 13 c,Oracle Enterprise Manager 12c, Oracle Configuration Manager and some other stuff.

Month: April 2016

Service Test failed on OEM12c due to JAVA7 upgrade

 

Recently I faced issue with my Service Tests created for ENOVIA application. Java was upgraded from Java 1.6_24 to Java1.7_79 on our Enovia Servers.

Everytime when I perform verify Service test I get “Remote host closed connection during handshake– https://chapxxx.oii.xxx.com:9010/enovia/emxLogin.jsp” Error message .

Since then all the Service Test for ENOVIA were showing down but on the contrary all other Service tests for other applications are working fine.

Now OEM12c supports only till Java 6 Update 95, and this java upgrade was causing the Service Test to failed at every run. So the only workaround I was thinking was either upgrade my OEM to 13c which support JAVA or if possible lower the version of JAVA on ENOVIA servers.

What I did to resolve this Issue.

Issue:

Service test failed: “Remote host closed connection during handshake– https://chapxxx.oii.xxx.com:9010/enovia/emxLogin.jsp” Error message .

Cause:

Java upgrade from Java 1.6_24 to Java1.7_79

Resolution:

Steps for Implementing TLSv1 with OEM 12.1.0.4 to Fix Poodle Attack (Doc ID 2059368.1)

Steps to be followed:

  1. Applied recommended patches and update java on OMS to jdk 6 update 95.
  2. Update Java on the agent {Beacon Agent} host to jdk 6 update 95.
    1. [NOTE: This step is required only when the agents are monitoring TLSv1 enabled 12.1.3 middleware targets]
    2. Download the Patch 20418674 from Doc ID 1439822.1 All Java SE Downloads on MOS
    3. Follow the instructions as per the example given in Doc ID 1944044.1 EM12c: How to Use / Update JDK 1.6u Version on Agent.
  3. Configure the Agent to switch to TLSv1 as per the following document under the section “Oracle Management Agent”.
    1. Doc ID 1938799.1 CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka “Poodle Attack”) in Oracle Enterprise Manager Grid / Cloud Control

Once you have performed all the steps make you your result look like this.

[oracle@hanoemxxx1 ~]$ openssl s_client -connect hanoemxxx1 .oii.xxx.com:3872 -tls1
CONNECTED(00000003)
depth=1 O = EnterpriseManager on hanoemxxx1 .oii.xxx.com, OU = EnterpriseManager on hanoemxxx1 .oii.xxx.com, L = EnterpriseManager on hanoemxxx1 .oii.xxx.com, ST = CA, C = US, CN = hanoemxxx1 .oii.xxx.com
verify error:num=19:self signed certificate in certificate chain
verify return:0

Certificate chain
0 s:/CN=hanoemxxx1 .oii.xxx.com
i:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com
1 s:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com
i:/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemxxx1 .oii.xxx.com

Server certificate
—–BEGIN CERTIFICATE—–
MIIC4DCCAkmgAwIBAgIJBBqdIBqYL6a0MA0GCSqGSIb3DQEBDQUAMIH5MTswOQYD
VQQKEzJFbnRlcnByaXNlTWFuYWdlciBvbiBoYW5vZW1hcDEub2lpLm9jZWFuZWVy
aW5nLmNvbTE7MDkGA1UECxMyRW50ZXJwcmlzZU1hbmFnZXIgb24gaGFub2VtYXAx
Lm9paS5vY2VhbmVlcmluZy5jb20xOzA5BgNVBAcTMkVudGVycHJpc2VNYW5hZ2Vy
IG9uIGhhbm9lbWFwMS5vaWkub2NlYW5lZXJpbmcuY29tMQswCQYDVQQIEwJDQTEL
MAkGA1UEBhMCVVMxJjAkBgNVBAMTHWhhbm9lbWFwMS5vaWkub2NlYW5lZXJpbmcu
Y29tMB4XDTE1MDUxMjIxMDA1MVoXDTI1MDUxMDIxMDA1MVowKDEmMCQGA1UEAxQd
aGFub2VtYXAxLm9paS5vY2VhbmVlcmluZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMZGbWxsmL+/HraSuevWybcBI2zY+3rgFOQTbRijL7pyO1jQV9bX
6NodoTBTrHp8l+s1+OWfy6SsBgz5EYwxBtsSMpmMd3zWy1b8hWeuZLBk77tPKYZL
JgMg2RY/QMjRe7l5i3rcdyNigpwBLR9VB4UI04Hhj7TDcHSzrR9QiNA3AgMBAAGj
QDA+MAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAwfoADAdBgNVHQ4EFgQUJbLM
QJPLTX0/RlaijJ3qT05BGxowDQYJKoZIhvcNAQENBQADgYEAVmBOWk2rIZX5Ew6I
iTt1xQujqPk4EtJUPwy2iGhHhCeYvr4SDoqXD6A2za7hlqD79tENYLPZOWWHnw9H
ZihRye9vqQkQ1k+fqLyXlPCpVpUaYZnL+kjVJVGShx69Tv1Xjl4lobemcXidbIiY
mNYNa9USae70oZdlJ+63hYbcU8E=
—–END CERTIFICATE—–
subject=/CN=hanoemxxx1 .oii.xxx.com
issuer=/O=EnterpriseManager on hanoemxxx1 .oii.xxx.com/OU=EnterpriseManager on hanoemxxx1 .oii.xxx.com/L=EnterpriseManager on hanoemxxx1 .oii.xxx.com/ST=CA/C=US/CN=hanoemap1.oii.xxx.com

No client certificate CA names sent

SSL handshake has read 1815 bytes and written 345 bytes

New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 56FB0E61209B62179FB5E17A9DBF49D882EB5A5BB8F4E77ACC1753E5D8050467
Session-ID-ctx:
Master-Key: 3F6A0D03114C02914B757164F843DB8F2A8A17124445E2DB77ADFA5F21CB94A6012D92D5D771898C5FB3701F3058CD55
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1459293793
Timeout : 7200 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

Now re-run your Service Test, it application URL which was being monitored will show as Up and Running now.

 

Thanks

Deepak Sharma

I’m Speaking @ OTN Yathra 2016

OTN Yatra Noida-2016 , Dated 01-May-2016,at BirlaSoft , H–9, Sector 63, NOIDA – 201306.
Speaker: Deepak Sharma, working as SR. Application Administrator with experience of 6+ years has worked on technologies like Oracle Enterprise Manager 11g Grid Contol, Oracle Enterprise Manager 12c Cloud Control, Oracle Enterprise Manager 13c, Oracle Database. He is currently working with “Oceaneering International Inc.” from last 4 years and before that he has been employee of “Bebo Technologies” for 2 years. He is Co-Founder of AIOUG-North India Chapter and core team member of AIOUG itself {http://www.aioug.org/aiougnichapter.php}. He has presented at various Oracle conferences organized by AIOUG i.e. OTNYathra and Monthly Tech Days etc.

He also shares his research and findings over his Oracle blog (https://deepaksharmaem12c.wordpress.com). He can be easily reachable at { sharma.deepak345@gmail.com} and {https://in.linkedin.com/in/dksharmaemdba}

There are the details. http://www.otnyathra.info/ ,
Click on Link to see the Agenda http://www.otnyathra.info/index.php…,
Click on link to register your self ( only Limited seats are available)http://www.meraevents.com/previewevent

Mishra Airy's photo.DSC_0568

© 2017 ORACLE EM DBA

Theme by Anders NorenUp ↑