Saturday, September 08, 2012

Deploying OEM Agent 12c on Windows

After having upgraded the OEM 11g to 12c which was relatively easy and painless, then upgraded to 12c BP1 which is rather complicated to achieve successfully with all the patches to be installed. One of the most painful upgrade I’ve ever seen.
Now time to deploy the Agent 12c on a Windows machine. And again, this is painful and rather tricky. One of the very first pre-requisite we can read from the documentation is the need of Cygwin installation for a ssh tunnel between the OMS host and the remote client. That’s a kind of very restrictive requirement, why Cygwin is recommanded ? And even more than recommended, because it’s hardcoded in several configuration files of deployment ? I’m sure, many shops do not like having Cygwin. Moreover, it requires to connect onto each server to install it… not really nice if you have dozens.
Anyway, since it’s there in the documentation, here we go.
Note that :
1) Cygwin needs an Internet connection to be installed straightforward as mentioned in the documentation, again, I’m sure many server do not have that access.
2) The given installation directory is C:\Cygwin, rather odd to have that drive by default (hardcoded!!). Even though that can be changed, it should be changed in configuration file (please read the documentation for more information) .

Anyway, I tried to follow the documentation here but despite multiple tries, it did not work.

So, after quite some time and digging around on Internet for a while, I found a solution to make it work on an IBM wiki page. And since I don’t want to forget it I’ll put the steps here. It could also help some of you who have to do the same task.

1. Connect to a client machine with Internet access, go to http://www.cygwin.com and click on setup.exe
2. Do not install but download on local drive only (without installing)
3. Check zip and unzip under Archive folder, openssl and openssh from Net folder
4. Follow the instruction, accept to download the dependencies
5. Copy the files onto a temporary folder on your target server
6. Run the installer, and choose an installation from a local drive
7. Install it on C:\Cygwin, the easiest way to achieve a successful install
8. Again, be sure the zip and unzip under Archive folder, openssl and openssh from Net folder are all checked
9. Once installed, modify the file C:\cygwin\cygwin.bat as indicated in the documentation as follow (the 4th line has been added):
@echo off
C:
chdir C:\cygwin\bin
set CYGWIN=binmode ntsec
bash --login –i
11. Do not execute cygwin.bat now
12. Define which user it has to be used for ssh connection from OMS to the remote Agent
13. Here and below steps, I follow the instructions given here.
See, “Grant local permissions” for this one :
To allow SSH access to the gateway for domain accounts, the “CYGWIN sshd” service must be run as an administrative domain user, not as a local user. Regardless of domain or local installation, the account you choose must have the following local permissions defined on the gateway server: 
    => Adjust memory quotas for a process.
    => Create a token object.
    => Log on as a service.
    => Replace a process-level token.
The easiest way to set the permissions is to run the secpol.msc command or navigate to Control Panel --> Administrative Tools --> Local Security Policy.
14. Run C:\cygwin\cygwin.bat
15. From the opened window, run the following commands :
mkpasswd -l > /etc/passwd
mkpasswd -u Administrator -D MYDOMAIN -S '_' >> /etc/passwd
(replace Administrator by the name of your domain user name which has been set as administrator and defined properly within the previous step, replace MYDOMAIN by your own domain name)
16. From the Cygwin window opened on previous step, run the following :
mkgroup -l > /etc/group
mkgroup -D -S '_' >> /etc/group
17. Now run the following :
ssh-host-config
18. Answer yes to all the “yes/no” questions, the value of CYGWIN for the daemon is binmode ntsec (as given in the Oracle documentation), and the user will be something like MYDOMAIN_Administrator (you will be asked for the password as well).
19. The service has been created, you can start it manually by running cygrunsrv -S sshd or with the Windows menu.
20. You can validate the entire installation, connect to the OMS host, and run :
ssh MYDOMAIN_Administrator@your_agent_hostname
You’ll be prompted for the password, once connected, you’ll see the Cygwin content folder.
21. Now we are able to deploy the agent from the Grid Control (the connection user is MYDOMAIN_Administrator).

Of course, there can be some (strange) errors such as :
* For instance, I have had an error because the ORACLE_BASE folder I was installing the Agent in was marked as hidden…
INFO:Error Message found  Agent Configuration Failed SEVERE:OUI-10094:Problem in saving inventory. Installation cannot continue. C:\Program Files\Oracle\Inven
tory\ContentsXML\inventory.xml (Access is denied)SEVERE:File handle exception:C:\ADE\v\oracle\work\Shiphome\oracle\core\12.1.0.1.0\install\oragchomelist (The system cannot find the path specified)

* Then, wanted to install the agent in D:\appl\oracle\product\agent12c, I received the following error :
Error Message:checkdir warning: path too long; truncating core/12.1.0.1.0/.patch_storage[…]
I don’t think the given path was particularly too long, but changing the recipe to D:\appl\oracle\agent12c solves the issue, maybe not really happy.

* Sometimes, if deploying agent in ORACLE_BASE on a Windows remote host, you may receive the following error :
Execution of command C:/cygwin/bin/sh.exe -c 'export NEED_EXIT_CODE=1 && D:/appl/oracle/agent12c/agent_inst/bin/emctl.bat start agent' on host <your_hostname> Failed Error Message:The Oracleagent12c1Agent service could not be started. A service specific error occurred: 2. More help is available by typing NET HELPMSG 3547.
Exit Code :2 Fix the cause of the error and retry the operation (or) manually run the following commands on the remote host
•C:/cygwin/bin/sh.exe -c 'export NEED_EXIT_CODE=1 && D:/appl/oracle/agent12c/agent_inst/bin/emctl.bat secure agent'
•C:/cygwin/bin/sh.exe -c 'export NEED_EXIT_CODE=1 && D:/appl/oracle/agent12c/agent_inst/bin/emctl.bat start agent'
•C:/cygwin/bin/sh.exe -c 'export NEED_EXIT_CODE=1 && D:/appl/oracle/agent12c/agent_inst/bin/emctl.bat config agent 
=> According to the note 1464991.1, in that case, the agent should be installed outside the ORACLE_BASE in a pre-created folder…

* Some other errors may also be solve by running the given command line manually directly onto the remote server.

Honestly, nothing straightforward in agent deployment on remote Windows host.

Hope this help,

Nicolas.

Ref. :
=>https://www.ibm.com/developerworks/wikis/display/tivoliaddm/Setting+up+a+Cygwin+OpenSSH+Server+for+Windows+Domains+on+a+TADDM+Gateway+Server
=>http://docs.oracle.com/cd/E24628_01/install.121/e22624/preinstall_req_cygwin_ssh.htm#CBHCDFCH

2 comments:

Anonymous said...

Nice "how to" document. After hours of work installing/configuring Cygwin in older versions of GC (and still did not work) I may now try it again using this version of Cygwin and EM 12c.
Always be sure to use the correct version of Cygwin. A new release of Cygwin may not work for EM 12c.

Eric

jose manuel said...

Awesome information!
It is very good tool, and your step wise task helped me to deploy it.
windows server standard oem