ERROR ssl: nzos_Handshake failed, ret=29024

Today i faced an interesting issue with dbconsole.While stopping the dbconsole, it showed Failed.

-bash-3.00$ emctl stop dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
http://node1:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 10g Database Control .............
--- Failed to shutdown DBConsole Gracefully ---
 failed.

Lets check the status

-bash-3.00$ emctl status dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
http://node1:1158/em/console/aboutApplication
EM Daemon is not running.
------------------------------------------------------------------
Logs are generated in directory /data2/oracle/product/10.2.0/db_1/node1_rac1/sysman/log

Ohhhh, EM Daemon is not running.Try to start the dbconsole

-bash-3.00$ emctl start dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
http://node1:1158/em/console/aboutApplication
 - An instance of Oracle Enterprise Manager 10g Database Control is already running.

hey whats this, it says “An instance of Oracle Enterprise Manager 10g Database Control is already running.”

Peeking into the emdctl.trc logfile showed

Thread-1 ERROR ssl: nzos_Handshake failed, ret=29024
Thread-1 ERROR http: 256: Unable to initialize ssl connection with server, aborting connection attempt

As per the Metalink

The Dbconsole certificate life time has expired.

As the certificate is expired, dbconsole won’t shutdown cleanly,so fetch its pid and kill it manually.

-bash-3.00$ cd /data2/oracle/product/10.2.0/db_1/node1_rac1/
-bash-3.00$ ls -lrt
total 6
-rw-r-----   1 oracle   oinstall      61 May 18  2009 oraInst.loc
drwxr-----   8 oracle   oinstall     512 May 18  2009 sysman
-rw-r-----   1 oracle   oinstall       5 May 26 13:20 emctl.pid
-bash-3.00$ cat emctl.pid
6709
-bash-3.00$ ps -ef | grep 6709
  oracle  6709     1   0 13:20:02 ?           1:26 /data2/oracle/product/10.2.0/db_1/jdk/bin/java -Xmx256M -server -XX:MaxPermSize
  oracle 11378  1257   0 04:25:29 pts/5       0:00 grep 6709
-bash-3.00$
-bash-3.00$ kill -9 6709
-bash-3.00$  ps -ef | grep 6709
  oracle 12032  1257   0 04:26:30 pts/5       0:00 grep 6709
-bash-3.00$

Now, running emctl secure dbconsole,will generate the new certificates.

-bash-3.00$ emctl secure dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
http://node1:1158/em/console/aboutApplication
Enter Enterprise Manager Root password :
Enter a Hostname for this OMS : node1

DBCONSOLE already stopped...   Done.
Agent is already stopped...   Done.
Securing dbconsole...   Started.
Checking Repository...   Done.
Checking Em Key...   Done.
Checking Repository for an existing Enterprise Manager Root Key...   Done.
Fetching Root Certificate from the Repository...   Done.
Updating HTTPS port in emoms.properties file...   Done.
Generating Java Keystore...   Done.
Securing OMS ...   Done.
Generating Oracle Wallet Password for Agent....   Done.
Generating wallet for Agent ...    Done.
Copying the wallet for agent use...    Done.
Storing agent key in repository...   Done.
Storing agent key for agent ...   Done.
Configuring Agent...
Configuring Agent for HTTPS in DBCONSOLE mode...   Done.
EMD_URL set in /data2/oracle/product/10.2.0/db_1/node1_rac1/sysman/config/emd.properties
   Done.
Configuring Key store..   Done.
Securing dbconsole...   Sucessful. 

While running the above,provide the SYSMAN password when prompted for “Enter Enterprise Manager Root password :” and hostname for “Enter a Hostname for this OMS :”

Once, the dbconsole securing is successfully done, try to start the dbconsle

-bash-3.00$ emctl start dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://node1:1158/em/console/aboutApplication
 - An instance of Oracle Enterprise Manager 10g Database Control is already running.

An instance is again running 😦 .In normal scenario it must start showing
“Starting Oracle Enterprise Manager 10g Database Control ……………………… started.”

Lets check back the everything,

-bash-3.00$ emctl status dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://node1:1158/em/console/aboutApplication
Oracle Enterprise Manager 10g is not running.
------------------------------------------------------------------
Logs are generated in directory /data2/oracle/product/10.2.0/db_1/node1_rac1/sysman/log

The status is showing not running.But when i am trying to start it shows an instance of OEM already running.

Checked the emctl.pid file again,

-bash-3.00$ cd /data2/oracle/product/10.2.0/db_1/node1_rac1/
-bash-3.00$ cat emctl.pid
6709

This is the same pid , as it was before.Something is wrong.Now, the emdctl.trc shows some different error

http: snmehl_connect: connect failed to (node1:3938): Connection refused (error = 146)
http: snmehl_connect: connect failed to (node1:1158): Connection refused (error = 146)

As,emctl secure dbconsole ran successfully, i thought of stopping and starting the dbconsole back.

-bash-3.00$ emctl stop dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://node1:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 10g Database Control ...
 ...  Stopped.

Hmmm, it shows “Stopped” this time.Earlier it showed “Failed”.Lets try starting the dbconsole

-bash-3.00$ emctl start dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://node1:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ........................... started.
------------------------------------------------------------------
Logs are generated in directory /data2/oracle/product/10.2.0/db_1/node1_rac1/sysman/log

It started successfully. 🙂

-bash-3.00$ emctl status dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://node1:1158/em/console/aboutApplication
Oracle Enterprise Manager 10g is running.
------------------------------------------------------------------
Logs are generated in directory /data2/oracle/product/10.2.0/db_1/node1_rac1/sysman/log

What about the pid

-bash-3.00$ cd /data2/oracle/product/10.2.0/db_1/node1_rac1/
-bash-3.00$ ls -lrt
total 6
-rw-r-----   1 oracle   oinstall      61 May 18  2009 oraInst.loc
drwxr-----   8 oracle   oinstall     512 May 18  2009 sysman
-rw-r-----   1 oracle   oinstall       6 May 27 04:42 emctl.pid
-bash-3.00$ cat emctl.pid
23956
-bash-3.00$

The pid value is changed.

NOTE:- node1 is the hostname of the server and rac1 is the instance_name on node1.

6 thoughts on “ERROR ssl: nzos_Handshake failed, ret=29024

  1. Hi, This helped me. I don’t get the failed message anymore. The browser (IE) still thinks the certificate is invalid even though I installed it. I still get the URL in RED background. When I view the certificate it says its valid though.

    Thanks,
    Dave

  2. Thanks very much for this – I’ve been struggling with this exact problem for hours (on 3 different servers!). It didn’t make any sense because it used to work and suddenly it didn’t… everywhere. You saved my day and I am grateful – thanks again!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s