After ICS POD upgraded to 18.2.3.0.0, ICS agent will not come up and throw an error “Agent Group Existence Check Failed, Recheck ICS Username, ICS Password and Proxy Username, Proxy Password or Contact Customer Support“.
The reason being of the issue is, ICS certificate has been changed. Certificate changes for ICS happened on the Cloud (outside of Agent). It can be mapped to 18.2.3 MLR 00.
This is known Bug 28242477 logged by Oracle.
To resolve this issue, the user needs to re-import the CA certs from ICS on to agent keystore. Ensure that entire certificate chain is imported to agent keystore.
Follow below steps to resolve the issue:
1) Download Certificate Chain from ICS
- Login into ICS console using Firefox browser
- Click on Security Report and More Information
- Go to Security Tab and Click on View Certificate button
- Click on Details tab. Once click on Details tab, you will notice Certificate Chain (Root, Intermediate & Leaf)
- Download all three (Root, Intermediate & Leaf) Certificate one by one
- Click on Root Certificate and Click on Export button
- Save the certificate with .crt extension
- Repeat last two steps for Intermediate and Leaf certificate
2) Import Certificate Chain into keystore
- Login to ICS agent server
- Move certificates to /tmp/cert directory
- Go to <AgentHome>/cert/ directory
- Take backup of keystore.jks file
- Ensure JAVA_HOME is set to run keytool command
- Import leaf certificate first by issuing following command
keytool -import -trustcacerts -keystore keystore.jks -file /tmp/cert/integration.us2.oraclecloud.cer -alias integration.us2.oraclecloud.com
- Once promoted for keystore password, enter “changeit”. This is default password of keystore.jks
Note: You may get a prompt like an alias or certificate already exists. Ignore and proceed.
- Run below command to import root certificate
keytool -import -trustcacerts -keystore keystore.jks -file /tmp/cert/DigiCertGlobalRootCA.cer -alias integrationroot.us2.oraclecloud.com
- Run below command to import intermediate certificate
keytool -import -trustcacerts -keystore keystore.jks -file /tmp/cert/DigiCertSHA2SecureServerCA.cer -alias integrationintermediate.us2.oraclecloud.com
Above three commands will import certificate chain into keystore
3) Start ICS Agent
- Run below command to start ICS agent
nohup ./startAgent.sh -u=test@test.com -p=TEST@123 &
Now ICS Agent should be started successfully without any issue.
Comments
I see the greatest contents on your blog and I extremely love reading them. password app
You have made some decent points there. I looked on the internet for more information about the issue and found most people will go along with your views on this web site. Digitogy
You guys are writing some Amazing tips. Thanks for sharing this. Totally Awesome Post Please Keep Posting Regularly.
echobeat earbuds review, chargeboost reviews, liporing review , doc socks, livewave antenna review