OEM:Unable to initialize ssl connection with server, aborting connection attempt

今天去项目组准备做压力测试，需要监控一下数据库的性能，为了方便，首先想到了OEM。

但是客户的测试库没有创建OEM，因此手工配置了OEM，但是在启动OEM的时候报错：

 

/home/oracle> emctl start dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.5.0  
Copyright (c) 1996, 2010 Oracle Corporation.  All rights reserved.
https://ysftest:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ............................................................................................. failed. 
------------------------------------------------------------------
Logs are generated in directory /oracle/product/db10gr2/ysftest_ccicarap/sysman/log

日志文件中出现如下错误：

 

2012-01-07 14:11:01 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:11:31 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:11:31 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:11:31 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:12:31 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:12:31 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:12:31 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:13:01 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:13:01 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:13:01 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:14:01 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:14:01 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:14:01 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:14:31 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:14:31 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:14:31 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:15:31 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:15:31 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:15:31 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2012-01-07 14:16:01 Thread-1 ERROR ssl: Open wallet failed, ret = 28750
2012-01-07 14:16:01 Thread-1 ERROR ssl: nmehlenv_openWallet failed
2012-01-07 14:16:01 Thread-1 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt

 

查询了一下发现10.2.0.4以后的版本数据库在2010年12月31后创建的OEM都会有这个问题。

如下所示：

In Enterprise Manager Database Control with Oracle Database 10.2.0.4 and 10.2.0.5, 
the root certificate used to secure communications via the Secure Socket Layer (SSL) 
protocol will expire on 31-Dec-2010 00:00:00. The certificate expiration will 
cause errors if you attempt to configure Database Control on or after 31-Dec-2010. 
Existing Database Control configurations are not affected by this issue.
If you plan to configure Database Control with either of these Oracle Database releases, 
Oracle strongly recommends that you apply Patch 8350262 to your Oracle Home installations
 before you configure Database Control. Configuration of Database Control is typically 
 done when you create or upgrade Oracle Database, or if you run Enterprise Manager Configuration Assistant (EMCA) 
 in standalone mode.

 

这是由于root授权信息过期导致，从2010年12月31日后，10.2.0.4以后版本如果需要使用OEM需要打Patch

8350262。

 

一下是问题的解决过程：

 

/home/oracle > /oracle/product/db10gr2/OPatch/sqlplus -v

 

SQL*Plus: Release 10.2.0.5.0 - Production

 

/home/oracle > oracle/product/db10gr2/OPatch/opatch lsinventory
Invoking OPatch 10.2.0.4.9

Oracle Interim Patch Installer version 10.2.0.4.9
Copyright (c) 2009, Oracle Corporation.  All rights reserved.

Oracle Home       : /oracle/product/db10gr2
Central Inventory : /oracle/oraInventory
   from           : /etc/oraInst.loc
OPatch version    : 10.2.0.4.9
OUI version       : 10.2.0.5.0
OUI location      : /oracle/product/db10gr2/oui
Log file location : /oracle/product/db10gr2/cfgtoollogs/opatch/opatch2012-01-07_14-31-37PM.log

Patch history file: /oracle/product/db10gr2/cfgtoollogs/opatch/opatch_history.txt

Lsinventory Output file location : /oracle/product/db10gr2/cfgtoollogs/opatch/lsinv/lsinventory2012-01-07_14-31-37PM.txt

--------------------------------------------------------------------------------
Installed Top-level Products (2):

Oracle Database 10g                                                  10.2.0.1.0
Oracle Database 10g Release 2 Patch Set 4                            10.2.0.5.0
There are 2 products installed in this Oracle Home.

Interim patches (1) :

Patch  7612454      : applied on Thu Jun 16 03:48:11 GMT+08:00 2011
Unique Patch ID:  12780900
   Created on 22 Jul 2010, 03:58:28 hrs PST8PDT
   Bugs fixed:
     7612454

 

--------------------------------------------------------------------------------

OPatch succeeded.

 

1、停止与DBCONSOLE相关的服务

 

/home/oracle> emctl stop dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.5.0  
Copyright (c) 1996, 2010 Oracle Corporation.  All rights reserved.
https://ysftest:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 10g Database Control ... 
 ...  Stopped. 
/home/oracle>

 

可以使用解压后的补丁8350262中的脚本killDBConsole 来关闭DBCONSOLE.

2、确保没有与DBCONSOLE相关的进程

 

/home/oracle>  ps -ef | grep -v "LOCAL=NO" | grep -v ora_ | grep oracle
  oracle  180344       1   0   Dec 16      - 14:00 /oracle/product/db10gr2/bin/tnslsnr LISTENER -inherit 
  oracle  942320 1241416   0 14:38:51  pts/0  0:00 grep oracle 
  oracle 1040546 1028216   0 13:20:58  pts/1  0:00 -ksh 
  oracle 1241416 1290702   0 14:25:18  pts/0  0:00 -ksh 
  oracle 1253860 1241416   0 14:38:51  pts/0  0:00 ps -ef 
/home/oracle>

3、将补丁p8350262_10205_Generic.zip上传到数据库服务器上并解压

 

/home/oracle> cd $ORACLE_HOME/OPatch
/home/oracle> ls -ltr
total 184
-rwxr-xr-x    1 oracle   oinstall       2672 Mar 23 2009  opatch.pl
-rwxr-xr-x    1 oracle   oinstall      23694 Mar 23 2009  emdpatch.pl
-rwxr-xr-x    1 oracle   oinstall      13252 Jan 07 2010  opatch
drwxr-xr-x    4 oracle   oinstall        256 Jun 16 2011  opatchprereqs
drwxr-xr-x    2 oracle   oinstall        256 Jun 16 2011  docs
drwxr-xr-x    5 oracle   oinstall        256 Jun 16 2011  ocm
drwxr-xr-x    2 oracle   oinstall        256 Jun 16 2011  jlib
drwxr-xr-x    3 oracle   oinstall       4096 Jun 16 2011  crs
-rwxr-xr-x    1 oracle   oinstall         49 Jun 16 2011  opatch.ini
-rw-r-----    1 oracle   oinstall      40487 Jan 07 14:19 p8350262_10205_Generic.zip
/home/oracle> unzip p8350262_10205_Generic.zip
Archive:  p8350262_10205_Generic.zip
   creating: 8350262/
  inflating: 8350262/killDBConsole   
   creating: 8350262/files/
   creating: 8350262/files/sysman/
   creating: 8350262/files/sysman/jlib/
   creating: 8350262/files/sysman/jlib/emCORE.jar/
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/fsc/
  inflating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/fsc/FSWalletUtil.class  
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/
  inflating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/RootCert.class  
  inflating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/SecConstants.class  
   creating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/rep/
  inflating: 8350262/files/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/rep/RepWalletUtil.class  
   creating: 8350262/files/sysman/jlib/emd_java.jar/
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/fsc/
  inflating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/fsc/FSWalletUtil.class  
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/
  inflating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/RootCert.class  
  inflating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/SecConstants.class  
   creating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/rep/
  inflating: 8350262/files/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/rep/RepWalletUtil.class  
  inflating: 8350262/killDBConsole.pl  
  inflating: 8350262/README.txt      
   creating: 8350262/etc/
   creating: 8350262/etc/xml/
  inflating: 8350262/etc/xml/ShiphomeDirectoryStructure.xml  
  inflating: 8350262/etc/xml/GenericActions.xml  
   creating: 8350262/etc/config/
  inflating: 8350262/etc/config/inventory  
  inflating: 8350262/etc/config/actions 

/home/oracle> ls -ltr
total 184
-rwxr-xr-x    1 oracle   oinstall       2672 Mar 23 2009  opatch.pl
-rwxr-xr-x    1 oracle   oinstall      23694 Mar 23 2009  emdpatch.pl
-rwxr-xr-x    1 oracle   oinstall      13252 Jan 07 2010  opatch
drwxr-xr-x    4 oracle   oinstall        256 Oct 07 2010  8350262
drwxr-xr-x    4 oracle   oinstall        256 Jun 16 2011  opatchprereqs
drwxr-xr-x    2 oracle   oinstall        256 Jun 16 2011  docs
drwxr-xr-x    5 oracle   oinstall        256 Jun 16 2011  ocm
drwxr-xr-x    2 oracle   oinstall        256 Jun 16 2011  jlib
drwxr-xr-x    3 oracle   oinstall       4096 Jun 16 2011  crs
-rwxr-xr-x    1 oracle   oinstall         49 Jun 16 2011  opatch.ini
-rw-r-----    1 oracle   oinstall      40487 Jan 07 14:19 p8350262_10205_Generic.zip
/home/oracle>

 

4、安装补丁

 

/home/oracle> ls -ltr
total 184
-rwxr-xr-x    1 oracle   oinstall       2672 Mar 23 2009  opatch.pl
-rwxr-xr-x    1 oracle   oinstall      23694 Mar 23 2009  emdpatch.pl
-rwxr-xr-x    1 oracle   oinstall      13252 Jan 07 2010  opatch
drwxr-xr-x    4 oracle   oinstall        256 Oct 07 2010  8350262
drwxr-xr-x    4 oracle   oinstall        256 Jun 16 2011  opatchprereqs
drwxr-xr-x    2 oracle   oinstall        256 Jun 16 2011  docs
drwxr-xr-x    5 oracle   oinstall        256 Jun 16 2011  ocm
drwxr-xr-x    2 oracle   oinstall        256 Jun 16 2011  jlib
drwxr-xr-x    3 oracle   oinstall       4096 Jun 16 2011  crs
-rwxr-xr-x    1 oracle   oinstall         49 Jun 16 2011  opatch.ini
-rw-r-----    1 oracle   oinstall      40487 Jan 07 14:19 p8350262_10205_Generic.zip
/home/oracle> cd 8350262
/home/oracle> opatch apply
ksh: opatch:  not found.
/home/oracle> $ORACLE_HOME/OPatch/opatch apply
Invoking OPatch 10.2.0.4.9

Oracle Interim Patch Installer version 10.2.0.4.9
Copyright (c) 2009, Oracle Corporation.  All rights reserved.

Oracle Home       : /oracle/product/db10gr2
Central Inventory : /oracle/oraInventory
   from           : /etc/oraInst.loc
OPatch version    : 10.2.0.4.9
OUI version       : 10.2.0.5.0
OUI location      : /oracle/product/db10gr2/oui
Log file location : /oracle/product/db10gr2/cfgtoollogs/opatch/opatch2012-01-07_14-42-26PM.log

Patch history file: /oracle/product/db10gr2/cfgtoollogs/opatch/opatch_history.txt

ApplySession applying interim patch '8350262' to OH '/oracle/product/db10gr2'

Running prerequisite checks...

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Backing up files and inventory (not for auto-rollback) for the Oracle Home
Backing up files affected by the patch '8350262' for restore. This might take a while...
Backing up files affected by the patch '8350262' for rollback. This might take a while...

Patching component oracle.sysman.agent.core, 10.2.0.5.0a...
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/fsc/FSWalletUtil.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/rep/RepWalletUtil.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/RootCert.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/SecConstants.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/fsc/FSWalletUtil.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/rep/RepWalletUtil.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/RootCert.class"
Updating jar file "/oracle/product/db10gr2/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/SecConstants.class"
ApplySession adding interim patch '8350262' to inventory

Verifying the update...
Inventory check OK: Patch ID 8350262 is registered in Oracle Home inventory with proper meta-data.
Files check OK: Files from Patch ID 8350262 are present in Oracle Home.

OPatch succeeded.
/home/oracle>

5、检查补丁安装情况

 

/home/oracle> $ORACLE_HOME/OPatch/opatch lsinventory
Invoking OPatch 10.2.0.4.9

Oracle Interim Patch Installer version 10.2.0.4.9
Copyright (c) 2009, Oracle Corporation.  All rights reserved.

Oracle Home       : /oracle/product/db10gr2
Central Inventory : /oracle/oraInventory
   from           : /etc/oraInst.loc
OPatch version    : 10.2.0.4.9
OUI version       : 10.2.0.5.0
OUI location      : /oracle/product/db10gr2/oui
Log file location : /oracle/product/db10gr2/cfgtoollogs/opatch/opatch2012-01-07_14-43-27PM.log

Patch history file: /oracle/product/db10gr2/cfgtoollogs/opatch/opatch_history.txt

Lsinventory Output file location : /oracle/product/db10gr2/cfgtoollogs/opatch/lsinv/lsinventory2012-01-07_14-43-27PM.txt

--------------------------------------------------------------------------------
Installed Top-level Products (2):

Oracle Database 10g                                                  10.2.0.1.0
Oracle Database 10g Release 2 Patch Set 4                            10.2.0.5.0
There are 2 products installed in this Oracle Home.

Interim patches (2) :

Patch  8350262      : applied on Sat Jan 07 14:42:39 GMT+08:00 2012
Unique Patch ID:  13011832
   Created on 13 Sep 2010, 14:09:12 hrs GMT
   Bugs fixed:
     8350262

Patch  7612454      : applied on Thu Jun 16 03:48:11 GMT+08:00 2011
Unique Patch ID:  12780900
   Created on 22 Jul 2010, 03:58:28 hrs PST8PDT
   Bugs fixed:
     7612454

 

--------------------------------------------------------------------------------

OPatch succeeded.
/home/oracle>

6、Re-secure Database Control

 

/home/oracle> cd $ORACLE_HOME/OPatch 
/home/oracle> cd 8350262
/home/oracle> ./killDBConsole
ORACLE_HOME=/oracle/product/db10gr2
ORACLE_SID=ccicarap
State directory = /oracle/product/db10gr2/ysftest_ccicarap
WatchDog PID  = 1065100
DBconsole PID = 1286500
EMAgent PID   = 1180148
Killing WatchDog (pid=1065100) ...
Successfully killed process 1065100
Killing DBConsole (pid=1286500) ...
Successfully killed process 1286500
Killing EMAgent (pid=1180148) ...
Successfully killed process 1180148

/home/oracle>  $ORACLE_HOME/bin/emctl secure dbconsole -reset
Oracle Enterprise Manager 10g Database Control Release 10.2.0.5.0  
Copyright (c) 1996, 2010 Oracle Corporation.  All rights reserved.
https://ysftest:1158/em/console/aboutApplication
Enter Enterprise Manager Root Password : 
DBCONSOLE already stopped...   Done.
Agent is already stopped...   Done.
Securing dbconsole...   Started.
Checking Repository...   Done.
Checking Em Key...   Done.
Checking Repository for an existing Enterprise Manager Root Key...
WARNING! An Enterprise Manager Root Key already exists in
the Repository. This operation will replace your Enterprise
Manager Root Key.
All existing Agents that use HTTPS will need to be
reconfigured if you proceed. Do you wish to continue and
overwrite your Root Key
(Y/N) ?
Y
Are you sure ? Reset of the Enterprise Manager Root Key
will mean that you will need to reconfigure each Agent
that is associated with this OMS before they will be
able to upload any data to it. Monitoring of Targets
associated with these Agents will be unavailable until
after they are reconfigured.
(Y/N) ?
Y
Generating Enterprise Manager Root Key (this takes a minute)...   Done.
Fetching Root Certificate from the Repository...   Done.
Updating HTTPS port in emoms.properties file...   Done.
Generating Java Keystore...   Done.
Securing OMS ...   Done.
Generating Oracle Wallet Password for Agent....   Done.
Generating wallet for Agent ...    Done.
Copying the wallet for agent use...    Done.
Storing agent key in repository...   Done.
Storing agent key for agent ...   Done.
Configuring Agent... 
Configuring Agent for HTTPS in DBCONSOLE mode...   Done.
EMD_URL set in /oracle/product/db10gr2/ysftest_ccicarap/sysman/config/emd.properties
   Done.
Configuring Key store..   Done.
Securing dbconsole...   Sucessful.

 

7、重新启动OEM

 

/home/oracle> emctl start dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.5.0  
Copyright (c) 1996, 2010 Oracle Corporation.  All rights reserved.
https://ysftest:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ................... started. 
------------------------------------------------------------------
Logs are generated in directory /oracle/product/db10gr2/ysftest_ccicarap/sysman/log

 

问题解决。