EM12c: Enterprise Manager 12c Cloud Control Agent Deployment on AIX Server Fails after Securing OMS with TLSv1 only Protocol (Doc ID 2067158.1)

Last updated on JULY 08, 2017

Applies to:

Enterprise Manager Base Platform - Version 12.1.0.1.0 to 12.1.0.5.0 [Release 12.1]
IBM AIX on POWER Systems (64-bit)

Symptoms

The Enterprise Manager (EM) 12c Cloud Control OMS has been secured to accept only TLSv1 connections following the steps in;

<Document 1938799.1> : CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control

After this, attempting to deploy a 12.1.0.4/5 Agent on an AIX server from Console fails with:

Check complete: Failed <<<<
Problem: The management server cannot be reached from the target node via HTTP(S).
Recommendation: Ensure that the OMS hostname is resolvable from the target node. If the OMS hostname is resolvable, and a firewall is configured between the OMS and target node, ensure that the HTTP(S) ports of the OMS are open.

Silent Agent installation reports:

Return status:1-oms port passed is not valid
ERROR: The Oracle Management Server (OMS) host and port specified via OMS_HOST and EM_UPLOAD_PORT is not available. Pass in a valid hostname and port number for the OMS to successfully deploy the agent.

 Even if you ignore the error and attempt to continue, Agent installation fails when securing the Agent.
   

 Alternatively, you can do one of the following:
  1. Install the agent software only and configure the agent later once the OMS is available. Installing just the software without configuring can be accomplished by passing the '-softwareOnly' argument to agentDeploy.sh and if windows pass the arguments to agentDeploy.bat instead. Configuring the agent after the software has been installed can be accomplished by passing the '-configOnly' argument to agentDeploy.sh and if platform is windows pass the arguments to agentDeploy.bat.
  2. Force the configuration of the agent, even though the OMS is not available. This can be accomplished by passing the '-forceConfigure' option to agentDeploy.sh and if windows pass the arguments to agentDeploy.bat.

NOTE: Forcing the configuration of the agent when the OMS is not available will configure the agent to use HTTP (non-secure) communication. In order to properly establish secure HTTPS communication between the agent and the OMS, you will need to secure the agent after the OMS is available.

If you are passing 10.2.0.5.0 or 11.1.0.1.0 OMS_HOST and EM_UPLOAD_PORT then that is not supported. Pass in a valid hostname and port number of 12c OMS.
-e Validating the OMS_HOST & EM_UPLOAD_PORT has failed


- The OMS upload port is open for communication from the Agent server.
- This error occurs for Push agent deployment from console as well as the silent agent installation method.

Changes

The EM 12c OMS has been secured to accept only TLSv1 connections following the steps in <Document 1938799.1> : CVE-2014-3566 Instructions to Mitigate the SSL v3.0 Vulnerability (aka "Poodle Attack") in Oracle Enterprise Manager Grid / Cloud Control.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms