My Oracle Support Banner

EM 13c: OMS Communication to all Agents Failing with "[handshake has no peer]" but Agents are able to Upload Successfully to the OMS (Doc ID 2381313.1)

Last updated on MAY 09, 2023

Applies to:

Enterprise Manager Base Platform - Version 13.2.0.0.0 and later
Information in this document applies to any platform.

Symptoms

Agents are able to upload to the OMS but the OMS to Agent Communication is failing.

The <gc_inst>/em/EMGC_OMS1/sysman/log/emoms.trc file reports errors such as below:

2018-03-28 02:51:19,921 [RJob Step 59146235] ERROR target.CollectionUtil logp.251 - unable to connect to http server at https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/. [handshake has no peer]
oracle.sysman.emSDK.emd.comm.CommException: unable to connect to http server at https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/. [handshake has no peer]
at oracle.sysman.emSDK.emd.comm.ExceptionTranslator.throwAsCommException(ExceptionTranslator.java:1040)
at oracle.sysman.emSDK.emd.comm.ExceptionTranslator.rethrowGetActiveTargetCollection(ExceptionTranslator.java:303)

Similar errors are seen for all the agents.

-  Third party certificates have not been configured at the OMS / agents, hence <Note 1580282.1> does not apply.

-  From the OMS, attempting to verify the communication to the Agent url using the below command, also fails:

emctl secdiag openurl -url https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Log file: /tmp/OpenPage_2018_03_28_06_32_332576799103167120926.log
Opening page: https://<Agent HOSTNAME>.<DOMAINNAME>:3872/emd/main/
Using non-validating trust manager; all certificates will be blindly accepted.
Proxy server is not set
Using protocol: TLSv1
Negotiated protocol: NONE
Getting the certificate chain
Following exception occurred when running OpenPage
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:470)
at oracle.sysman.emctl.secdiag.OpenURL.main(OpenURL.java:261)

 

-  However, connection to the Agent URL works fine via the openssl command:

$ openssl s_client -host <Agent HOSTNAME>.<DOMAINNAME> -port 3872
CONNECTED(00000003)
depth=1 O = EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>, OU = EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>, L = EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>, ST = CA, C = US, CN = <OMS HOSTNAME>.<DOMAINNAME>
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
0 s:/CN=<Agent HOSTNAME>.<DOMAINNAME>
i:/O=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/OU=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/L=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/ST=CA/C=US/CN=<OMS HOSTNAME>.<DOMAINNAME>
1 s:/O=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/OU=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/L=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/ST=CA/C=US/CN=<OMS HOSTNAME>.<DOMAINNAME>
i:/O=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/OU=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/L=EnterpriseManager on <OMS HOSTNAME>.<DOMAINNAME>/ST=CA/C=US/CN=<OMS HOSTNAME>.<DOMAINNAME>
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvTCCAiagAwIBAgIIubzdULCGqnAwDQYJKoZIhvcNAQEEBQAwgd0xNDAyBgNV
BAoTK0VudGVycHJpc2VNYW5hZ2VyIG9uIHNsNzNvZW1pcmNwMDIudmlzYS5jb20x

The output indicates that there is no issue with the host name / IP address resolution or the access to agent port.

-  The Cipher suite and TLS protocols set at the OMS and the agent match.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.