EM 12c監控雲資料庫告警:TNS-1189 - 2
LSNRCTL Commands May Yield Frequent TNS-1189 Errors (文件 ID 285439.1)
Applies to:
Oracle Net Services - Version 10.1.0.2.0 to 12.1.0.1 [Release 10.1 to 12.1]
Information in this document applies to any platform.
***Checked for relevance on 25-JUN-2014***
The issue documented here is limited to the version 10g or higher listener or lsnrctl utility.
Symptoms
When using a 10g listener or higher, it is possible that the error TNS-1189 "The listener could not authenticate the user" may occur intermittently (or very frequently) while performing listener operations from within the same LSNRCTL session. For example:
LSNRCTL> set trc_level 16
LSNRCTL> save_config
TNS-1189
Changes
The listener.ora file may have been edited recently or this is a new installation.
Cause
This error is an authentication failure error between LSNRCTL and the tnslsnr process. The user attempted to issue a privileged administrative command, but could not be successfully authenticated by the listener using the local OS authentication mechanism.
This error has been known to happen when multiple network interfaces exist on the same machine as the listener. The failure is due to the LSNRCTL failing its locality check (meaning the LSNRCTL utility is communicating on an IP address, provided by the OS, different than what the the listener is using - causing the authentication failure).
Additional causes for this error, not directly related to the problem described in this note are:
1. The user is running a version of LSNRCTL that is lower than the version of the listener.
2. The user is attempting to administer the listener from a remote node.
3. The listener could not obtain the system resources needed to perform the authentication.
4. The local network connection between the listener and LSNRCTL was terminated unexpectedly during authentication message exchange, such as if LSNRCTL program was suddenly aborted.
5. The communication between the listener and LSNRCTL is being intercepted by a malicious user.
6. The software that the user is running is not following the authentication protocol, indicating a malicious user.
Solution
The problem can be worked around by having the LSNRCTL utility utilize the IPC protocol to communicate with the tnslsnr rather than TCP. To do this, insert an IPC address into the listener.ora file and make it the first ADDRESS within an ADDRESS_LIST:
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=IPC)(KEY=ANYTHING))
(ADDRESS=(PROTOCOL=TCP)(HOST=serverhost)(PORT=1521))
)
Using the IPC protocol locally will not affect incoming connections.
An alternative solution is to add LOCAL_OS_AUTHENTICATION_listenername=OFF to the listener.ora file and restart the listener.
Applies to:
Oracle Net Services - Version 10.1.0.2.0 to 12.1.0.1 [Release 10.1 to 12.1]
Information in this document applies to any platform.
***Checked for relevance on 25-JUN-2014***
The issue documented here is limited to the version 10g or higher listener or lsnrctl utility.
Symptoms
When using a 10g listener or higher, it is possible that the error TNS-1189 "The listener could not authenticate the user" may occur intermittently (or very frequently) while performing listener operations from within the same LSNRCTL session. For example:
LSNRCTL> set trc_level 16
LSNRCTL> save_config
TNS-1189
Changes
The listener.ora file may have been edited recently or this is a new installation.
Cause
This error is an authentication failure error between LSNRCTL and the tnslsnr process. The user attempted to issue a privileged administrative command, but could not be successfully authenticated by the listener using the local OS authentication mechanism.
This error has been known to happen when multiple network interfaces exist on the same machine as the listener. The failure is due to the LSNRCTL failing its locality check (meaning the LSNRCTL utility is communicating on an IP address, provided by the OS, different than what the the listener is using - causing the authentication failure).
Additional causes for this error, not directly related to the problem described in this note are:
1. The user is running a version of LSNRCTL that is lower than the version of the listener.
2. The user is attempting to administer the listener from a remote node.
3. The listener could not obtain the system resources needed to perform the authentication.
4. The local network connection between the listener and LSNRCTL was terminated unexpectedly during authentication message exchange, such as if LSNRCTL program was suddenly aborted.
5. The communication between the listener and LSNRCTL is being intercepted by a malicious user.
6. The software that the user is running is not following the authentication protocol, indicating a malicious user.
Solution
The problem can be worked around by having the LSNRCTL utility utilize the IPC protocol to communicate with the tnslsnr rather than TCP. To do this, insert an IPC address into the listener.ora file and make it the first ADDRESS within an ADDRESS_LIST:
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=IPC)(KEY=ANYTHING))
(ADDRESS=(PROTOCOL=TCP)(HOST=serverhost)(PORT=1521))
)
Using the IPC protocol locally will not affect incoming connections.
An alternative solution is to add LOCAL_OS_AUTHENTICATION_listenername=OFF to the listener.ora file and restart the listener.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/35489/viewspace-1846128/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- EM 12c監控雲資料庫告警:TNS-1189 - 1資料庫
- ORACLE EM 12C 監控MySQLOracleMySql
- db2pd 監控資料庫DB2資料庫
- Oracle EM 12c 如何切換備用的OMR資料庫 - 2Oracle資料庫
- 資料庫監控資料庫
- Python呼叫阿里雲資料庫監控資料Python阿里資料庫
- 監控DB2資料庫指令碼DB2資料庫指令碼
- prometheus監控+alertmanager告警Prometheus
- 資料庫效能監控資料庫
- 監控資料庫活動資料庫
- 2 Day DBA-管理方案物件-監控和優化資料庫-積極的資料庫監控物件優化資料庫
- 雲監控告警2.0:革新傳統告警機制,引領智慧化監控新時代
- MySQL監控-Datadog資料庫監控調研MySql資料庫
- 資料庫繁忙程度監控資料庫
- 資料庫監控軟體資料庫
- SQL Server資料庫監控SQLServer資料庫
- 資料庫監控指令碼資料庫指令碼
- 監控Oracle資料庫方法Oracle資料庫
- 監控資料庫指令碼資料庫指令碼
- zabbix監控oracle資料庫Oracle資料庫
- 資料庫監控---PIGOSS BSM資料庫Go
- shell監控mysql 8.0資料庫MySql資料庫
- shell監控mysql 5.7資料庫MySql資料庫
- [zt]資料庫監控指令碼資料庫指令碼
- 資料庫監控指令碼(一)資料庫指令碼
- 資料庫監控指令碼(二)資料庫指令碼
- 資料庫監控指令碼(三)資料庫指令碼
- 監控資料庫效能的SQL資料庫SQL
- Zabbix監控神通資料庫教程資料庫
- 雲資料庫安全管控資料庫
- 2 Day DBA-管理方案物件-監控和優化資料庫-效能自我診斷:自動資料庫診斷監控物件優化資料庫
- Oracle EM 12c 如何切換備用的OMR資料庫 - 1Oracle資料庫
- 監控系統告警指令碼集合指令碼
- 資料庫DML監控一例資料庫
- 基於Prometheus的資料庫監控Prometheus資料庫
- MySQL資料庫監控項說明MySql資料庫
- 資料庫效能SQL監控指令碼資料庫SQL指令碼
- Oracle資料庫的監控內容Oracle資料庫