EM 13c: OMS Communication to all Agents Failing with "[handshake has no peer]" but Agents are able to Upload Successfully to the OMS
(Doc ID 2381313.1)
Last updated on MAY 09, 2023
Applies to:
Enterprise Manager Base Platform - Version 13.2.0.0.0 and laterInformation in this document applies to any platform.
Symptoms
Agents are able to upload to the OMS but the OMS to Agent Communication is failing.
The <gc_inst>/em/EMGC_OMS1/sysman/log/emoms.trc file reports errors such as below:
2018-03-28 02:51:19,921 [RJob Step 59146235] ERROR target.CollectionUtil logp.251 - unable to connect to http server at https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/. [handshake has no peer] oracle.sysman.emSDK.emd.comm.CommException: unable to connect to http server at https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/. [handshake has no peer] at oracle.sysman.emSDK.emd.comm.ExceptionTranslator.throwAsCommException(ExceptionTranslator.java:1040) at oracle.sysman.emSDK.emd.comm.ExceptionTranslator.rethrowGetActiveTargetCollection(ExceptionTranslator.java:303)
Similar errors are seen for all the agents.
- Third party certificates have not been configured at the OMS / agents, hence <Note 1580282.1> does not apply.
- From the OMS, attempting to verify the communication to the Agent url using the below command, also fails:
emctl secdiag openurl -url https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/ Oracle Enterprise Manager Cloud Control 13c Release 2 Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Log file: /tmp/OpenPage_2018_03_28_06_32_332576799103167120926.log
Opening page: https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/ Using non-validating trust manager; all certificates will be blindly accepted. Proxy server is not set Using protocol: TLSv1
Negotiated protocol: NONE
Getting the certificate chain Following exception occurred when running OpenPage javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:470) at oracle.sysman.emctl.secdiag.OpenURL.main(OpenURL.java:261)
- However, connection to the Agent URL works fine via the openssl command:
$ openssl s_client -host <Agent HOSTNAME>.<DOMAINNAME> -port 3872 CONNECTED(00000003) depth=1 O = EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>, OU = EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>, L = EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>, ST = CA, C = US, CN = <OMS HOSTNAME>.<DOMAINNAME> verify error:num=19:self signed certificate in certificate chain --- Certificate chain 0 s:/CN=<Agent HOSTNAME>.<DOMAINNAME> i:/O=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/OU=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/L=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/ST=CA/C=US/CN=<OMS HOSTNAME>.<DOMAINNAME> 1 s:/O=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/OU=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/L=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/ST=CA/C=US/CN=<OMS HOSTNAME>.<DOMAINNAME> i:/O=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/OU=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/L=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/ST=CA/C=US/CN=<OMS HOSTNAME>.<DOMAINNAME> --- Server certificate -----BEGIN CERTIFICATE----- MIICvTCCAiagAwIBAgIIubzdULCGqnAwDQYJKoZIhvcNAQEEBQAwgd0xNDAyBgNV BAoTK0VudGVycHJpc2VNYW5hZ2VyIG9uIHNsNzNvZW1pcmNwMDIudmlzYS5jb20x
The output indicates that there is no issue with the host name / IP address resolution or the access to agent port.
- The Cipher suite and TLS protocols set at the OMS and the agent match.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |