13883183259 023-68037655 咨询热线:
当前位置: 主页 > 关于思庄 > 技术分享 >

CMAN: ORA-12529: TNS:connect Request Rejected Based On Curre

发布时间:2022-01-27
CMAN: ORA-12529: TNS:connect Request Rejected Based On Current Filtering Rules (Doc ID 2001767.1)       


In this Document

Symptoms

Cause

Solution


APPLIES TO:

Oracle Net Services - Version 11.2.0.4 to 12.1.0.2 [Release 11.2 to 12.1]

Information in this document applies to any platform.

SYMPTOMS

Attempting to use a CMAN proxy in an environment with a NAT (Network Address Translator)


Remote client connections are failing with this message:


C:\Users\admn1715>sqlplus system/xxxxxx@MYORCL


SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 14 18:26:41 2015


Copyright (c) 1982, 2013, Oracle. All rights reserved.


ERROR:

ORA-12564: TNS:connection refused


Might also return:


TNS-12529: TNS:connect request rejected based on current filtering rules





The CMGW trace shows:


[15-APR-2015 17:56:21:922] nspsend: transport write error

[15-APR-2015 17:56:21:922] nspsend: error exit

[15-APR-2015 17:56:21:922] nscon: error sending NSPTCN packet

[15-APR-2015 17:56:21:922] nserror: entry

[15-APR-2015 17:56:21:922] nserror: nsres: id=3, op=67, ns=12571, ns2=12560; nt[0]=505, nt[1]=110, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=0

[15-APR-2015 17:56:21:922] nscon: exit (-1)

[15-APR-2015 17:56:21:922] nsdo: nsctxrnk=0

[15-APR-2015 17:56:21:922] nsdo: error exit

[15-APR-2015 17:56:21:922] nsclose: entry



CAUSE

The database server's hostname is not resolvable to the CMAN server.


Tested the following from the CMAN server to the Database server: (FQDN is ok, shortname is not resolvable)



tnsping "(address=(host=DB Hostname here)(port=1521)(protocol=tcp))".


Attempting to contact (address=(host=DB Hostname here)(port=1521)(protocol=tcp))

TNS-12535: TNS:operation timed out



Tnsping issued from CMAN server shows no route to db server using shortname.


Customer reports that FQDN is ok:


This works

tnsping "(address=(host=DB Hostname here.example.com)(port=1521)(protocol=tcp))"<===Fully qualified name is resolvable at CMAN host.


TNS Ping Utility for Linux: Version 11.2.0.4.0 - Production on 16-APR-2015 19:36:07


Copyright (c) 1997, 2013, Oracle. All rights reserved.


Attempting to contact (address=(host=DB Hostname here.example.com)(port=1521)(protocol=tcp))

OK (0 msec)


Note the previous result.   A timeout is thrown when the tnsping is issued from the CMAN server to the database listener address.


Confirmed that the DB server listener is returning the shortname in the redirect packet:


[15-APR-2015 17:55:18:921] nsc2addr: (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=MYORCL.COM)(SERVER=DEDICATED)(CID=(PROGRAM=C:\oracle_local\instantclient-basic-windows.x64-11.2.0.4.0\instantclient_11_2\sqlplus.exe)(HOST=client host)(USER=admin))(INSTANCE_NAME=MYORCL))(address= (host=DB Hostname here) (port=1521)(protocol=tcp))(SOURCE_ROUTE=YES)(HOP_COUNT=1))

[15-APR-2015 17:55:18:921] nttbnd2addr: entry


Note this portion:


(address=(host=DB Hostname here)(port=1521)(protocol=tcp))(SOURCE_ROUTE=YES)(HOP_COUNT=1))


SOLUTION

Make the following change to the LOCAL_LISTENER setting so that the HOST field is populated with the FQDN.



Log in to the instance and issue the following so that the HOST field is populated with the FQDN:



alter system set LOCAL_LISTENER="(address=(host=hostname.example.com)(port=1521)(protocol=tcp))" scope=both sid='MYORCL';



Once this is done, issue the CMCTL show services again and confirm that the FQDN is showing up here:


Service "MYORCL.COM" has 1 instance(s).

Instance "MYORCL", status READY, has 1 handler(s) for this service...

Handler(s):

  "DEDICATED" established:0 refused:0 state:ready

  REMOTE SERVER

  (address=(host=hostname.example.com)(port=1521)(protocol=tcp)) <===Now we see FQDN in CMCTL services output.

联系我们 重庆思庄科技有限公司
023-68037655
重庆思庄科技有限公司 版权所有© 备案号:渝ICP备12004239号-4

渝公网安备 50010702502184号

<<