My Oracle Support Banner

OCI Management Agent Service : Wallet Key Auto-Rotation Corrupts Agent Proxy Credentials (Doc ID 2987700.1)

Last updated on JANUARY 07, 2024

Applies to:

OCI Management Agent Service - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

In Oracle Cloud Infrastructure, all the outbound communication through the proxy fails with HTTP 407 Status Code. Agent will not be able to:

1. Delete the Proxy Credentials
2. Upsert a new value for the Proxy Credentials.
3. Restarting the agent will not help.

Following error messages can be observed from the agent logs.

1. Outbound communications will fail with HTTP 407 errors as the credentials to communicate via a Gateway are no longer valid

Error stack from /opt/oracle/mgmt_agent/agent_inst/sysman/log/mgmt_agent_client.log file:

[SysExecutor.3 (Resource Principal Token Refresher)-32] INFO - RPTInvocation <--rsp[???]<-- GET https://management-agent.us-ashburn-1.oci.oraclecloud.com/20200202/managementAgents/ocid1.managementagent.oc1.iad.amaaaaaafz6q...SNIP...22g5eihljdq/resourcePrincipalToken: [407]

2. Attempts to update Gateway credentials will fail with messages that indicate the password is incorrect

Error stack from /opt/oracle/mgmt_agent/agent_inst/sysman/log/mgmt_agent.log file:

core.services.credential.CredentialAccessException [the data could not be accessed from FileCredentialStore]
java.io.IOException [password does not match]

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Cause
Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.