ora-12537 TNS:connection closed的問題處理

dcswinner發表於2013-01-09
元旦後連續3天處理了3個不同的問題,這個是問題之一。今天稍閒一點,記錄如下:
 
1月5號晚上22點多了,偶正在家看書,接到同事一個急救電話,說一臺11g的rac資料庫通過遠端連線其中的一個例項連線報ora-12537錯。
通過lsnrctl service:
正在連線到 (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
服務摘要..
服務 "+ASM" 包含 1 個例項。
  例項 "+ASM2", 狀態 READY, 包含此服務的 1 個處理程式...
    處理程式:
      "DEDICATED" 已建立:0 已拒絕:0 狀態:ready
         LOCAL SERVER
服務 "mzhdb" 包含 1 個例項。
  例項 "mzhdb2", 狀態 READY, 包含此服務的 1 個處理程式...
    處理程式:
      "DEDICATED" 已建立:0 已拒絕:12 狀態:ready
         LOCAL SERVER
服務 "mzhdbXDB" 包含 1 個例項。
  例項 "mzhdb2", 狀態 READY, 包含此服務的 1 個處理程式...
    處理程式:
      "D000" 已建立:0 已被拒絕:0 當前: 0 最大: 1022 狀態: ready
         DISPATCHER 
         (ADDRESS=(PROTOCOL=tcp)(HOST=cpnamsii-hdb02)(PORT=37700))
有不少 拒絕的,在另外一個例項上連線正常。
看到這個錯誤後,我第一個想法是不是他這個資料庫做了IP地址的限制,(在以前的我的一篇文章中提到過ip地址限制)如果做了ip限制的話,一般會報這個錯誤。通過和他溝通,這個庫是他昨天新裝的,現在還沒有做ip限制。既然談到是新裝的(這個同事以前沒有安裝過rac),因此我開始在想是不是他安裝的有問題。
我們知道11g中監聽時有grid使用者管理的,但是他需要訪問oracle使用者的一些檔案,
grid使用者下:
cd $RDBMS_HOME/bin
報許可權不足。
檢視$RDBMS_HOME目錄的使用者組和許可權,果然有問題:700,而且使用者所屬的組也有問題。
對照另外一個好的節點修改可這個有問題的節點的目錄許可權和使用者的屬性。發現還是沒有解決這個問題。
最後檢視$RDBMS_HOME/bin/oracle的許可權時,也是和另外一個節點一樣的,但是發現下面幾個檔案:

nmo

nmb

nmhs

oradism

jssu

extjob

emtgtctl2

許可權不一樣,調整和另外一個節點一樣的後問題解決,即調整為:

-rws--x--- 1 root   oinstall     44707 01-05 10:23 nmo

-rws--x--- 1 root   oinstall     34436 01-05 10:23 nmb

-rws--x--- 1 root   oinstall     66538 01-05 10:23 nmhs

-rwsr-x--- 1 root   oinstall     71758 2011-09-17 oradism

-rwsr-x--- 1 root   oinstall     43680 01-05 10:23 jssu

-rwsr-x--- 1 root   oinstall   1249619 01-05 10:23 extjob

-rwsr-s--x 1 oracle oinstall     66069 01-05 10:23 emtgtctl2

-rwsr-s--x 1 oracle asmadmin 232399463 01-05 10:24 oracle

 

參考文件:

Applies to:

Oracle Database Configuration Assistant - Version: 11.2.0.1 and later   [Release: 11.2 and later ]
Information in this document applies to any platform.

Symptoms

In environment where listener home (including SCAN listener which resides in Grid Infrastructure/ASM home) and database home are owned by different OS user, ORA-12537 could happen when connecting through listener, when creating database through DBCA, or when installing database software and creating a database in runInstaller. Job Role Separation is a typical example as SCAN and local grid home listener is owned differently than database.

  • Error detail

12537, 00000, "TNS:connection closed"
// *Cause: "End of file" condition has been reached; partner has disconnected.
// *Action: None needed; this is an information message.


Before the error is reported, connection could hang for a while, and a core file may also be generated.

  • Screen output:

SQL> conn system/xxx@OSES
ERROR:
ORA-12537: TNS:connection closed

OR

PRCR-1079 : Failed to start resource ora.db11.db
CRS-5011: Check of resource db11 failed: details at ..
CRS-2674: Start of ora.db11.db on racnode1 failed
ORA-12546: TNS:permission denied

 

  • listener_scann.log or listener.log

TNS-12518: TNS:listener could not hand off client connection
TNS-12546: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00516: Permission denied
   Linux Error: 13: Permission denied

OR

TNS-12518: TNS:listener could not hand off client connection
TNS-12547: TNS:lost contact
 TNS-12560: TNS:protocol adapter error
  TNS-00517: Lost contact
   Linux Error: 32: Broken pipe

 

  • runInstaller error if installing

INFO: Starting Output Reader Threads for process /ocw/grid/bin/kfod
INFO: Parsing KFOD-00300: OCI error [-1] [OCI error] [ORA-12547: TNS:lost contact
INFO: Parsing ] [12547]
INFO: Parsing
INFO: The process /ocw/grid/bin/kfod exited with code 1
..
SEVERE: [FATAL] [INS-30502] No ASM disk group found.
   CAUSE: There were no disk groups managed by the ASM instance +ASM1.

 

Cause


1. Listener owner (including SCAN listener) can not access oracle binary in database home:

As listener owner:

$ ls -l $RDBMS_HOME/bin/oracle
ls: /home/oracle/app/oracle/product/11.2/db/bin/oracle: Permission denied



2. Oracle binary in database home has wrong permission:

ls -l $RDBMS_HOME/bin/oracle
-rwxr-x--x 1 oracle asmadmin 184286251 Aug  9 16:25 /home/oracle/app/oracle/product/11.2/db/bin/oracle


The permission "-rwxr-x--x" is wrong as it's missing suid bit, oracle binary should have permission of 6751:

-rwsr-s--x 1 oracle asmadmin 184286251 Aug  9 16:25 /home/oracle/app/oracle/product/11.2/db/bin/oracle


Note: If Job Role Separation is in place, the group will be , otherwise it will be


3. File System for database home does not support setuid/suid or has nosetuid/nosuid set:

mount| grep
/home/oracle on /dev/dsk/diskoracle read/write/nosuid..

 

Solution

Solution is to make sure file system for database home has setuid/suid set, database binary($RDBMS_HOME/bin/oracle) has correct ownership and permission, and listener owner is able to access database oracle binary (as listener owner, "ls -l $RDBMS_HOME/bin/oracle" will tell)

If its Job Role Separation environment, please refer to the following document:

Oracle® Grid Infrastructure
Installation Guide
11g Release 2 (11.2)

Oracle ASM Job Role Separation Option with SYSASM

References

NOTE:970619.1 - ORA-12545 or ORA-12537 Reported while Connecting to RAC through SCAN name
NOTE:975457.1 - How to Troubleshoot Connectivity Issue with 11gR2 SCAN Name

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/12129601/viewspace-752415/,如需轉載,請註明出處,否則將追究法律責任。

相關文章