My Oracle Support Banner

EM 12c: Troubleshooting issues with Enterprise Manager 12c Cloud Control OMS to Agent communication due to SSL Handshake Failure (Doc ID 2127696.1)

Last updated on JULY 28, 2022

Applies to:

Enterprise Manager Base Platform - Version 12.1.0.1.0 and later
Information in this document applies to any platform.

Purpose

Enterprise Manager (EM) 12c Cloud Control OMS and Agents are configured to run in secure mode (https) out-of-box. OMS communicates to Agent only after a successful SSL handshake between OMS and Agent.
When OMS attempts to connect to Agent, Agent provides its certificate chain(User/server certificate,Intermediate certificates if any and Root certificate) to OMS. OMS verifies if the Trusted certificates of Agent(Intermediate certificates if any and Root certificate) is present in the trust store of OMS which is <EM_INSTANCE_HOME>/sysman/config/b64LocalCertificate.txt file.
SSL handshake will be successful and OMS will be able to communicate to Agent, only if Trusted certificates of Agent(Intermediate certificates if any and Root certificate) is present in b64LocalCertificate.txt file.

When OMS fails to ping or connect to Agent due to SSL Handshake failure error below is reported on Agent Home page on EM Console.
This document provide steps to collect diagnostic data and solve the issue with OMS to Agent communication due to SSL Handshake failure.

Communication between the Oracle Management Service to the Agent is unavailable. Any functions or displayed information requiring this communication link will be unavailable. For example: deleting/configuring targets, uploading metric data, or displaying Agent home page information such as Agent to Management Service Response Time (ms).

 Error below is reported in <EM_INSTANCE_HOME>/sysman/log/emoms.trc

Caused by: oracle.sysman.emSDK.agent.comm.exception.VerifyConnectionException: unable to connect to http server at https://<HOSTNAME>.<DOMAINNAME>:1832/emd/main/. [peer not authenticated]
at oracle.sysman.gcagent.comm.http.ClientConnection.verifySecureConnection(ClientConnection.java:915)
at oracle.sysman.gcagent.comm.http.ClientConnection.makeConnection(ClientConnection.java:886) This document provide steps to collect diagnostic data and solve the issue with Agent to OMS communication due to SSL Handshake failure.

 

You should still be able to perform ping, telnet,wget and openssl to Agent port from OMS server to confirm that there is no network issue between Agent and OMS server.

Troubleshooting Steps

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Purpose
Troubleshooting Steps
 Diagnostics:
 Solution:
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.