Select Page

Fight with MOS over proxy connection

Few days ago Gabriel Keusen posted EM13c – MOS Connection with Proxy which shows what you need for a secure connection over the infrastructure proxy from your company to MOS.

Nearby the same setup have I run for a different customer. The small difference was the username and password for proxy authentication.

Unexpexted error

If you have this setup, you will run into an unexpected error which shows you following output if your username and password is entered correctly.

Error after Apply

There is no unexpexted error if you use a wrong username and/or password. OEM will return in this case the correct message, that username or password is incorrect.

No helpful logentries

Are you looking for this files, there are no helpful information to find. After I set the logger to debugging, I get more output which shows no hint where the issue could be.

emoms.trc
2021-02-02 14:46:59,685 [[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG authz.EMAuthzService logp.251 - Checking permission 0000000000000000:MANAGE_PERSONAL_NOTIFICATIONS for User DBA_XJP
2021-02-02 14:46:59,685 [[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG conn.ConnectionService getConnection.621 - Audit Session GUID from thread local = BA5BAA9B66886ECAE0530D248C0AA51A
2021-02-02 14:46:59,685 [[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG jdbc.ConnectionCache _printConnectionStat.834 - DefaultPool connections active/available:  0/5
2021-02-02 14:46:59,686 [[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG conn.FGAConnectionCache getFGAConnection.268 - auditFlag = false auditGuid (hash) = BA5BAA9B66886ECAE0530D248C0AA51A auditGuid (inp) BA5BAA9B66886ECAE0530D248C0AA51A
2021-02-02 14:46:59,688 [[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG jdbc.ConnectionWrapper prepareStatement.800 - prepareStatement has been called with sql string from 137 name: [ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)' hash code of Oracle Connection: 0 hash code of Connection Wrapper: 1470601301 hash code of EMSecurityContext 1476330030 false with stack : 
oracle.sysman.emSDK.util.jdk.ThreadUtil.getCurrentThreadStack(ThreadUtil.java:39)
oracle.sysman.emSDK.core.util.jdbc.ConnectionWrapper.prepareStatement(ConnectionWrapper.java:807)
oracle.sysman.emSDK.core.util.jdbc.ConnectionWrapper.setE2EMetrics(ConnectionWrapper.java:3798)
oracle.sysman.util.jdbc.UIConnectionListener.invokeDbmsAppInfo(UIConnectionListener.java:106)
oracle.sysman.util.jdbc.DefaultConnectionListener.connectionOpened(DefaultConnectionListener.java:238)
oracle.sysman.util.jdbc.ConnectionListenerManagerImpl.processConnectionEvent(ConnectionListenerManagerImpl.java:142)
oracle.sysman.emSDK.core.util.jdbc.ConnectionCache.processConnectionEvent(ConnectionCache.java:624)
oracle.sysman.emSDK.core.util.jdbc.ConnectionWrapper._fireOpenedEvent(ConnectionWrapper.java:2243)
oracle.sysman.emSDK.core.util.jdbc.ConnectionWrapper.<init>(ConnectionWrapper.java:276)
oracle.sysman.emSDK.svc.conn.FGAConnection.<init>(FGAConnection.java:175)
oracle.sysman.emSDK.svc.conn.FGAConnectionCache.getFGAConnection(FGAConnectionCache.java:285)
oracle.sysman.emSDK.svc.conn.ConnectionService.getConnection(ConnectionService.java:638)
oracle.sysman.emSDK.svc.conn.ConnectionService.getConnection(ConnectionService.java:587)
oracle.sysman.emSDK.sec.authz.EMSecurityContext.getConnection(EMSecurityContext.java:917)
oracle.sysman.emSDK.sec.authz.EMSecurityContext.getConnection(EMSecurityContext.java:859)
oracle.sysman.emSDK.sec.authz.EMAuthzService.checkEMPermissionExNoCache(EMAuthzService.java:404)
oracle.sysman.emSDK.sec.authz.EMAuthzService.checkEMPermissionEx(EMAuthzService.java:380)
oracle.sysman.emSDK.sec.authz.EMAuthzService.checkEMPermission(EMAuthzService.java:354)
oracle.sysman.emSDK.sec.authz.EMAuthzService.checkPermission(EMAuthzService.java:585)
oracle.sysman.emSDK.sec.authz.EMAuthzService.checkEMPermissionInternal(EMAuthzService.java:334)
oracle.sysman.emSDK.sec.authz.EMAuthzService.checkEMPermission(EMAuthzService.java:298)
sun.reflect.GeneratedMethodAccessor879.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
com.sun.el.parser.AstFunction.getValue(AstFunction.java:206)

Service Request at My Oracle Support

After several tests I have opened a service request and after a short time I get the message, that there is the Bug 31019082 – Invalid My Oracle Support credentials in OEM Cloud Control 13.4. At first I thought that my error is not that, because if I have used wrong credentials I got the right message back. But I tried the workaround anyway.

Proxy without authentication

Oracle’s described workaround is, don’t use a proxy with authentication. After a short call to the network group I found out, that they have changed the rule and I can go without proxy authentication.

So, after short reconfiguration a retest with the login… and it works now.

Conclusion

In the beginning it was not clear if there is a network or SSL issue, because I knew from Gabriel the setup works over a proxy. Also I knew, that version 13.2 was working as well. Nevertheless I will open next time faster a service request, because the help from that side was fast and helpful.

0 Comments