My Oracle Support Banner

EM 12c: The Enterprise Manager 12c Cloud Control OMS Fails to Start if WLS Server Certificates are Expired (Doc ID 1603843.1)

Last updated on SEPTEMBER 20, 2019

Applies to:

Enterprise Manager Base Platform - Version 12.1.0.2.0 to 12.1.0.5.0 [Release 12.1]
Information in this document applies to any platform.

Symptoms

For EM 13c,refer to document <Note 2191775.1> : EM 13c: Webtier Fails to Start with Error "nzos call nzosSetCredential returned" if Custom SSL Certificate has Expired 

Accessing the Enterprise Manager (EM) 12c Cloud Control console report the following error:

Backend WLS or EM application seems to be down

 

A certificate error is reported on checking the status of OMS:

$emctl status oms -details
Oracle Enterprise Manager Cloud Control 12c Release 3
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
Console Server Host : OMSHOSTNAME.DOMAINNAME
HTTP Console Port : 7797
HTTPS Console Port : 7808
HTTP Upload Port : 4897
HTTPS Upload Port : 4906
EM Instance Home : /u03/12c3vh/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /u03/12c3vh/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or virtual hostname
Agent Upload is locked.
OMS Console is locked.
Active CA ID: 6
Console URL: https://OMSHOSTNAME.DOMAINNAME:7808/em
Upload URL: https://OMSHOSTNAME.DOMAINNAME:4906/empbs/upload

WLS Domain Information
Domain Name : GCDomain
Admin Server Host : OMSHOSTNAME.DOMAINNAME
Admin Server HTTPS Port: 7199

Managed Server Information
Managed Server Instance Name: EMGC_OMS1
Managed Server Instance Host: OMSHOSTNAME.DOMAINNAME
WebTier is Up
Oracle Management Server is Up

 

Restarting the OMS fails with this error:

$emctl start oms
Oracle Enterprise Manager Cloud Control 12c Release 3
Copyright (c) 1996, 2013 Oracle Corporation. All rights reserved.
Starting Oracle Management Server...
Starting WebTier...
WebTier Successfully Started
Node Manager Could Not Be Started
Check Node Manager log file for details:
/u03/12c3vh/gc_inst/NodeManager/emnodemanager20130924184822/nodemanager.log
Oracle Management Server is Down

 

The following error is correspondingly logged in the .../gc_inst/ModeManager/emnodemanager/nodemanager.log (In 13c, ../gc_inst/user_projects/domains/GCDomain/nodemanager/nodemanager.log):

<Nov 27, 2013 4:44:55 PM> <WARNING> <Uncaught exception in server
handlerjavax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert was
received from OMSHOSTNAME.DOMAINNAME - <IP ADDRESS>. Check the peer to determine
why it rejected the certificate chain (trusted CA configuration, hostname
verification). SSL debug tracing may be required to determine the exact reason the
certificate was rejected.>

 

and the following error is logged in .../gc_inst/em/EMGC_OMS1/sysman/log/emctl.log

2013-11-27 16:19:33,736 [main] ERROR util.EmctlUtil logp.251 - Failed to get repos
conn by connecting to AdminServer. Ignoring.
java.io.IOException
at weblogic.management.remote.common.ClientProviderBase.makeConnection
(ClientProviderBase.java:196)
at weblogic.management.remote.common.ClientProviderBase.newJMXConnector
(ClientProviderBase.java:84)
at javax.management.remote.JMXConnectorFactory.newJMXConnector
(JMXConnectorFactory.java:338)
at javax.management.remote.JMXConnectorFactory.connect
(JMXConnectorFactory.java:247)
at oracle.sysman.util.jmx.JMXUtil.getMBeanServerConn(JMXUtil.java:103)
at oracle.sysman.emctl.util.EmctlUtil.getMBeanServerConn(EmctlUtil.java:672)
at oracle.sysman.emctl.util.EmctlUtil.getReposConn(EmctlUtil.java:710)
at oracle.sysman.emctl.util.EmctlUtil.getOMSSetupInfo(EmctlUtil.java:818)
at oracle.sysman.emctl.oms.PrintOMSSetupInfo.main(PrintOMSSetupInfo.java:118)
Caused by: javax.naming.CommunicationException [Root exception is
java.net.ConnectException: t3s://OMSHOSTNAME.DOMAINNAME:7199: Destination unreachable; nested
exception is:
javax.net.ssl.SSLKeyException: [Security:090548]The certificate chain received
from OMSHOSTNAME.DOMAINNAME - <IP ADDRESS> contained a V3 CA certificate which was missing the
basic constraints extension; No available router to destination]

or

2013-11-15 10:35:22,352 [Thread-1] INFO commands.BaseCommand run.554 -
<OUT>NMProcess: javax.net.ssl.SSLKeyException: [Security:090482]BAD_CERTIFICATE alert
was received from OMSHOSTNAME.DOMAINNAME - <IP ADDRESS>. Check the peer to
determine why it rejected the certificate chain (trusted CA configuration, hos
tname verification). SSL debug tracing may be required to determine the exact reason
the certificate was rejected.

 

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.