We recently changed IP addresses on hosts serving up LDAP/OID. After the IP change the OID targets properly showed Up status in my OEM console but the WLS Admin Servers were bright RED.
The local 11g OEM running on those web servers showed the correct status and I could log into those Admin Servers directly, so something had to be wrong in OEM 12c.
Each EM agent home contains an XML file named targets.xml in ../agent_inst/sysman/emd directory. Target definitions are stored there, including IP addresses for selected properties.
The fix was rather simple once I knew where to look.
- Move into the ..sysman/emd directory
- Make a backup copy of targets.xml
- Open targets.xml with vim
- Replace the old IP address with the new one
- Bounce your EM agent and run an emctl upload agent
The properties that needed changing on my servers were:
<Property NAME=”ListenAddress” VALUE=”99.999.9.99″/>
<Property NAME=”serviceURL” VALUE=”various services:t3://99.999.9.99:7001/…
Sed makes quick work of it inside vim:
There’s one more thing to verify – the Java Keystore for agent must contain the certificate from your WLS.
Refer to http://docs.oracle.com/cd/E24628_01/install.121/e24215/weblogic.htm#GSSOA9597
“When using Enterprise Manager version 12.1 and a Secure Socket Layer (SSL) protocol to discover and monitor WebLogic servers, the Management Agent must be able to trust the server before it can establish a secure communication link. The Agent maintains a Java Keystore (JKS) truststore containing certificates of Certification Authorities (CAs) that it can trust when establishing a secure connection. The Agent comes with nine well-known CA certificates.”
You do it like this (the default password is ‘welcome’):
> emctl secure add_trust_cert_to_jks -password welcome
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Message : keytool error: java.lang.Exception: Certificate not imported, alias <wlscertgenca> already exists
Message : keytool error: java.lang.Exception: Certificate not imported, alias <wlscertgencab> already exists
I’d already done this server, as you can tell.
Happy New Year!