WLST Fails to Connect to Nodemanager in Standalone OHS 12.1.3 Domain on AIX 7.1 (Doc ID 2484471.1)

Last updated on APRIL 03, 2024

Applies to:

Symptoms

In 12.1.3 standalone OHS, a scaled down domain is created.  There is no Weblogic Server,
but there is still the WLS components nodemanager and wlst.

Configured the Nodemanager to use only TLSv1.2 by setting -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 in the DOMAIN_HOME/bin/startNodeManager.sh

After setting and testing, determined that TLSv1.0, TLSv1.1 and TLSv1.2 were
all being allowed by the nodemanager.

To get past this,  apply the 12.1.3 PSU  (tested both 28298916-12.1.3.0.181016  and 27919943-12.1.3.0.180717)   After this, the
nodmenager allows only TLSv1.2 and blocks TLSv1.0 and TLSv1.1

However, after applying the PSUs,  wlst is unable to connect to the nodemanager.


Whether trying to start the OHS using  DOMAIN_HOME/bin/startComponent.sh ohs1 or running the wlst.sh and then running nmConnect...they both give the same error.

So there is something in the PSU patches that is causing the SSL handshake
issue between wlst and nodemanager.

To see if it may be something specific to an OHS 12.1.3 domain, tested against a 12.1.3 Infrastructure (WLS is included) with a collocated OHS
12.1.3

Determined the same issue occurs when configuring the Nodemanager to use only
TLS v1.2.  Nodemanager allowed both TLS v1.1 and TLS v1.2 but not TLSv1.0

Applied PSU  28298916 and determined that wlst could make a connection to the
nodmenager through the wlst shell and when starting the OHS.

So it does appear to be an issue with wlst only in the OHS standalone install.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.