Home > Enterprise Manager, Oracle > DB Console fails to start / emagent.trc contains “ERROR ssl: nzos_Handshake failed, ret=29024″

DB Console fails to start / emagent.trc contains “ERROR ssl: nzos_Handshake failed, ret=29024″

Problem description:

Oracle Enterprise Manager DB Console fails during startup without any visible reason:

TZ set to Europe/Madrid
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
https://myserver.mydomain:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control
.............................................................................................
failed.

The emagent.trc file contains the following messages:

2011-04-14 12:34:43 Thread-4104076192 ERROR pingManager: nmepm_pingReposURL: Cannot connect to https://myserver.mydomain:1158/em/upload/: retStatus=-1
2011-04-14 12:34:56 Thread-4130380704 WARN  http: -1,5: nmehl_httpListener: signaled to exit from emctl
2011-04-14 12:39:15 Thread-4135938752 ERROR ssl: nzos_Handshake failed, ret=29024

Cause:
You are using a secure DB Console configuration with an Oracle generated SSL-certificate. These Oracle generated SSL-certificates have a lifetime of 6 months until 10.2.0.4. Starting with 10.2.0.5 the lifetime was extended to 10 years.

If your SSL-certificate expires, you will encounter problems during startup of Enterprise Manager DB Console. Although you might be able to connect with your browser afterwards, agents will not and therefore generate “ERROR ssl: nzos_Handshake failed, ret=29024″ messages.

Problem resolution:
You have to regenerate your SSL-certificate. This can be established by “unsecure” and “secure” commands of emctl.

First stop all running DB Console components:

$ emctl stop dbconsole
TZ set to Europe/Vienna
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://myserver.mydomain:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 10g Database Control ...
--- Failed to shutdown DBConsole Gracefully ---
 failed.
 
$ ps -ef | grep oc4j
oracle   18414 18412  7 12:37 pts/1    00:00:13 /u01/app/oracle/product/10.2.0/db_1/jdk/bin/java -server -Xmx256M -XX:MaxPermSize=96m - ....
...
oracle   22708 22837  0 12:40 pts/1    00:00:00 grep oc4j
[oracle@ora1 log]$ kill -9 18414

In the next step “unsecure” and “secure” the DB Console:

$ emctl unsecure dbconsole
TZ set to Europe/Vienna
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://myserver.mydomain:1158/em/console/aboutApplication
Configuring DBConsole for HTTP...   Done.
DBCONSOLE already stopped...   Done.
Agent is already stopped...   Done.
Unsecuring dbconsole...   Started.
DBConsole is now unsecured...  Done.
Unsecuring dbconsole...  Sucessful.
$
$ emctl secure dbconsole
TZ set to Europe/Vienna
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
http://myserver.mydomain:1158/em/console/aboutApplication
Enter Enterprise Manager Root password :
Enter a Hostname for this OMS : myserver.mydomain
 
DBCONSOLE already stopped...   Done.
Agent is already stopped...   Done.
Securing dbconsole...   Started.
Checking Repository...   Done.
Checking Em Key...   Done.
Checking Repository for an existing Enterprise Manager Root Key...   Done.
Fetching Root Certificate from the Repository...   Done.
Updating HTTPS port in emoms.properties file...   Done.
Generating Java Keystore...   Done.
Securing OMS ...   Done.
Generating Oracle Wallet Password for Agent....   Done.
Generating wallet for Agent ...    Done.
Copying the wallet for agent use...    Done.
Storing agent key in repository...   Done.
Storing agent key for agent ...   Done.
Configuring Agent...
Configuring Agent for HTTPS in DBCONSOLE mode...   Done.
EMD_URL set in /u01/app/oracle/product/10.2.0/db_1/myserver_INST/sysman/config/emd.properties
   Done.
Configuring Key store..   Done.
Securing dbconsole...   Sucessful.
$

In an Oracle RAC environment remember to execute the commands on all nodes.

Categories: Enterprise Manager, Oracle Tags:
  1. No comments yet.
  1. No trackbacks yet.

Connect with Facebook