Oracle10.2.0.4版本Database Control 配置问题

Oracle环境：Oracle EE 10.2.0.4, 64bit

配置database control如下：
oracle:/home/oracle>emca -config dbcontrol db -repos create

STARTED EMCA at May 10, 2011 12:43:46 PM
EM Configuration Assistant, Version 10.2.0.1.0 Production
Copyright (c) 2003, 2005, Oracle.  All rights reserved.

Enter the following information:
Database SID: cmdbdev
Listener port number: 1521
Password for SYS user:
Password for DBSNMP user:
Password for SYSMAN user:
Email address for notifications (optional):
Outgoing Mail (SMTP) server for notifications (optional):
-----------------------------------------------------------------

You have specified the following settings

Database ORACLE_HOME ................ /oracle/product/10.2.0/db_1

Database hostname ................ onecmdb002
Listener port number ................ 1521
Database SID ................ cmdbdev
Email address for notifications ...............
Outgoing Mail (SMTP) server for notifications ...............

-----------------------------------------------------------------
Do you wish to continue? [yes(Y)/no(N)]: y
May 10, 2011 12:44:15 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /oracle/product/10.2.0/db_1/cfgtoollogs/
May 10, 2011 12:44:16 PM oracle.sysman.emcp.EMReposConfig createRepository
INFO: Creating the EM repository (this may take a while) ...
May 10, 2011 12:45:27 PM oracle.sysman.emcp.EMReposConfig invoke
INFO: Repository successfully created
May 10, 2011 12:45:29 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Securing Database Control (this may take a while) ...
May 10, 2011 12:46:16 PM oracle.sysman.emcp.util.DBControlUtil secureDBConsole
INFO: Database Control secured successfully.
May 10, 2011 12:46:16 PM oracle.sysman.emcp.util.DBControlUtil startOMS
INFO: Starting Database Control (this may take a while) ...
May 10, 2011 12:50:59 PM oracle.sysman.emcp.util.PlatformInterface executeComman
WARNING: Error executing /oracle/product/10.2.0/db_1/bin/emctl start dbconsole
May 10, 2011 12:50:59 PM oracle.sysman.emcp.EMConfig perform
SEVERE: Error starting Database Control
Refer to the log file at /oracle/product/10.2.0/db_1/cfgtoollogs/emca/cmdbdev/em
Could not complete the configuration. Refer to the log file at /oracle/product/1
oracle:/home/oracle>

Database Control启动失败。根据提示查看日志emca_2011-05-10_12-43-46-PM.log：

Starting Oracle Enterprise Manager 10g Database Control ............................................................................................. failed.
------------------------------------------------------------------
Logs are generated in directory /oracle/product/10.2.0/db_1/onecmdb002_cmdbdev/sysman/log

May 10, 2011 12:50:59 PM oracle.sysman.emcp.util.PlatformInterface executeCommand
WARNING: Error executing /oracle/product/10.2.0/db_1/bin/emctl start dbconsole
May 10, 2011 12:50:59 PM oracle.sysman.emcp.EMConfig perform
SEVERE: Error starting Database Control
Refer to the log file at /oracle/product/10.2.0/db_1/cfgtoollogs/emca/cmdbdev/emca_2011-05-10_12-43-46-PM.log for more details.
May 10, 2011 12:50:59 PM oracle.sysman.emcp.EMConfig perform
CONFIG: Stack Trace:
oracle.sysman.emcp.exception.EMConfigException: Error starting Database Control
        at oracle.sysman.emcp.EMDBPostConfig.performConfiguration(EMDBPostConfig.java:646)
        at oracle.sysman.emcp.EMDBPostConfig.invoke(EMDBPostConfig.java:224)
        at oracle.sysman.emcp.EMDBPostConfig.invoke(EMDBPostConfig.java:193)
        at oracle.sysman.emcp.EMConfig.perform(EMConfig.java:184)
        at oracle.sysman.emcp.EMConfigAssistant.invokeEMCA(EMConfigAssistant.java:486)
        at oracle.sysman.emcp.EMConfigAssistant.performConfiguration(EMConfigAssistant.java:1142)
        at oracle.sysman.emcp.EMConfigAssistant.statusMain(EMConfigAssistant.java:470)
        at oracle.sysman.emcp.EMConfigAssistant.main(EMConfigAssistant.java:419)

oracle:/oracle/product/10.2.0/db_1/cfgtoollogs/emca/cmdbdev>cd /oracle/product/10.2.0/db_1/onecmdb002_cmdbdev/sysman/log

该目录下的trace文件中有Wallet打开失败信息：

2011-05-10 12:59:51 Thread-4135500576 ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
2011-05-10 13:00:09 Thread-4135492384 ERROR ssl: Open wallet failed, ret = 28750
2011-05-10 13:00:09 Thread-4135492384 ERROR ssl: nmehlenv_openWallet failed
2011-05-10 13:00:09 Thread-4135492384 ERROR http: 6: Unable to initialize ssl connection with server, aborting connection attempt
2011-05-10 13:00:51 Thread-4135078688 ERROR ssl: Open wallet failed, ret = 28750
2011-05-10 13:00:51 Thread-4135078688 ERROR ssl: nmehlenv_openWallet failed
2011-05-10 13:00:51 Thread-4135078688 ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
2011-05-10 13:01:21 Thread-4135545632 ERROR ssl: Open wallet failed, ret = 28750
2011-05-10 13:01:21 Thread-4135545632 ERROR ssl: nmehlenv_openWallet failed
2011-05-10 13:01:21 Thread-4135545632 ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt
2011-05-10 13:02:21 Thread-4134877984 ERROR ssl: Open wallet failed, ret = 28750
2011-05-10 13:02:21 Thread-4134877984 ERROR ssl: nmehlenv_openWallet failed
2011-05-10 13:02:21 Thread-4134877984 ERROR http: 5: Unable to initialize ssl connection with server, aborting connection attempt

在metalink上查询结果。
文章Enterprise Manager Database Control Configuration - Recovering From Errors Due to CA Expiry on Oracle Database 10.2.0.4 or 10.2.0.5 [Video] [ID 1222603.1]提到：
In Enterprise Manager Database Control with Oracle Database 10.2.0.4 and 10.2.0.5, the root certificate used to secure communications via the Secure Socket Layer (SSL) protocol will expire on 31-Dec-2010 00:00:00. The certificate expiration will cause errors if you attempt to configure Database Control on or after 31-Dec-2010. Existing Database Control configurations are not impacted by this issue.

If you plan to configure Database Control with either of these Oracle Database releases, Oracle strongly recommends that you apply Patch 8350262 to your Oracle Home installations before you configure Database Control. Configuration of Database Control is typically done when you create or upgrade Oracle Database, or if you run Enterprise Manager Configuration Assistant (EMCA) in standalone mode.

根据文章内容，打补丁8350262。
该补丁无需停止数据库进程与监听进程，只需确保没有oracle home下的与java相关的进程即可。
打补丁之前，先把opatch的路径加入PATH环境变量。

oracle:/home/oracle/patch/8350262>pwd
/home/oracle/patch/8350262
oracle:/home/oracle/patch/8350262>ls
etc  files  killDBConsole  killDBConsole.pl  README.txt
oracle:/home/oracle/patch/8350262>opatch apply
Invoking OPatch 10.2.0.4.2

Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation.  All rights reserved.

Oracle Home       : /oracle/product/10.2.0/db_1
Central Inventory : /oracle/oraInventory
   from           : /etc/oraInst.loc
OPatch version    : 10.2.0.4.2
OUI version       : 10.2.0.4.0
OUI location      : /oracle/product/10.2.0/db_1/oui
Log file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2011-05-10_13-09-52PM.log

ApplySession applying interim patch '8350262' to OH '/oracle/product/10.2.0/db_1'

Running prerequisite checks...

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Backing up files and inventory (not for auto-rollback) for the Oracle Home
Backing up files affected by the patch '8350262' for restore. This might take a while...
Backing up files affected by the patch '8350262' for rollback. This might take a while...

Patching component oracle.sysman.agent.core, 10.2.0.4.0a...
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/fsc/FSWalletUtil.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/rep/RepWalletUtil.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/RootCert.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emCORE.jar" with "/sysman/jlib/emCORE.jar/oracle/sysman/eml/sec/util/SecConstants.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/fsc/FSWalletUtil.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/rep/RepWalletUtil.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/RootCert.class"
Updating jar file "/oracle/product/10.2.0/db_1/sysman/jlib/emd_java.jar" with "/sysman/jlib/emd_java.jar/oracle/sysman/eml/sec/util/SecConstants.class"
ApplySession adding interim patch '8350262' to inventory

Verifying the update...
Inventory check OK: Patch ID 8350262 is registered in Oracle Home inventory with proper meta-data.
Files check OK: Files from Patch ID 8350262 are present in Oracle Home.

OPatch succeeded.

查看补丁：
oracle:/home/oracle/patch/8350262>opatch lsinventory
Invoking OPatch 10.2.0.4.2

Oracle Interim Patch Installer version 10.2.0.4.2
Copyright (c) 2007, Oracle Corporation.  All rights reserved.

Oracle Home       : /oracle/product/10.2.0/db_1
Central Inventory : /oracle/oraInventory
   from           : /etc/oraInst.loc
OPatch version    : 10.2.0.4.2
OUI version       : 10.2.0.4.0
OUI location      : /oracle/product/10.2.0/db_1/oui
Log file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/opatch2011-05-10_13-10-33PM.log

Lsinventory Output file location : /oracle/product/10.2.0/db_1/cfgtoollogs/opatch/lsinv/lsinventory2011-05-10_13-10-33PM.txt

--------------------------------------------------------------------------------
Installed Top-level Products (2):

Oracle Database 10g                                                  10.2.0.1.0
Oracle Database 10g Release 2 Patch Set 3                            10.2.0.4.0
There are 2 products installed in this Oracle Home.

Interim patches (1) :

Patch  8350262      : applied on Tue May 10 13:10:18 CST 2011
   Created on 14 Sep 2010, 04:59:44 hrs PST8PDT
   Bugs fixed:
     8350262

 

--------------------------------------------------------------------------------

OPatch succeeded.
oracle:/home/oracle/patch/8350262>

继续启动dbconsole:

oracle:/home/oracle/patch/8350262>emctl start dbconsole
TZ set to PRC
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://onecmdb002:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ............................................................................................. failed.
------------------------------------------------------------------
Logs are generated in directory /oracle/product/10.2.0/db_1/onecmdb002_cmdbdev/sysman/log

补丁完毕，还是不能启动Database Control，还需要Re-secure Database Control。
Re-secure Database Control之前，可以使用patch 8350262目录下的脚本killDBConsole强制停止Database Control相关的进程。
完成之后进行Re-secure Database Control :

oracle:/home/oracle/patch/8350262>emctl secure dbconsole -reset
TZ set to PRC
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://onecmdb002:1158/em/console/aboutApplication
Enter Enterprise Manager Root Password :
DBCONSOLE already stopped...   Done.
Agent is already stopped...   Done.
Securing dbconsole...   Started.
Checking Repository...   Done.
Checking Em Key...   Done.
Checking Repository for an existing Enterprise Manager Root Key...
WARNING! An Enterprise Manager Root Key already exists in
the Repository. This operation will replace your Enterprise
Manager Root Key.
All existing Agents that use HTTPS will need to be
reconfigured if you proceed. Do you wish to continue and
overwrite your Root Key
(Y/N) ?
Y
Are you sure ? Reset of the Enterprise Manager Root Key
will mean that you will need to reconfigure each Agent
that is associated with this OMS before they will be
able to upload any data to it. Monitoring of Targets
associated with these Agents will be unavailable until
after they are reconfigured.
(Y/N) ?
Y
Generating Enterprise Manager Root Key (this takes a minute)...   Done.
Fetching Root Certificate from the Repository...   Done.
Updating HTTPS port in emoms.properties file...   Done.
Generating Java Keystore...   Done.
Securing OMS ...   Done.
Generating Oracle Wallet Password for Agent....   Done.
Generating wallet for Agent ...    Done.
Copying the wallet for agent use...    Done.
Storing agent key in repository...   Done.
Storing agent key for agent ...   Done.
Configuring Agent...
Configuring Agent for HTTPS in DBCONSOLE mode...   Done.
EMD_URL set in /oracle/product/10.2.0/db_1/onecmdb002_cmdbdev/sysman/config/emd.properties
   Done.
Configuring Key store..   Done.
Securing dbconsole...   Sucessful.

启动:
oracle:/home/oracle/patch/8350262>emctl start dbconsole
TZ set to PRC
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation.  All rights reserved.
https://onecmdb002:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ............................ started.
------------------------------------------------------------------
Logs are generated in directory /oracle/product/10.2.0/db_1/onecmdb002_cmdbdev/sysman/log

当然也可以使用下述方式重配：
emca -deconfig dbcontrol db -repos drop
emca -config dbcontrol db -repos create