Fail with TNS-12526, TNS-12527 or TNS-12528

xychong123發表於2016-12-17
AI

In this Document

Symptoms
Changes
Cause
Solution
References


APPLIES TO:

Oracle Net Services - Version 10.2.0.5 to 12.1.0.2 [Release 10.2 to 12.1]
Information in this document applies to any platform.
***Checked for relevance on 5-APR-2013***

SYMPTOMS

Connections via the listener to an instance that is in RESTRICTED status or in NO MOUNT status may fail with TNS-12526, TNS-12527 or TNS-12528 even when supplying the credentials for a privileged account.    The lsnrctl services output will show that the service handler for this instance is in state: BLOCKED or RESTRICTED.

The full error text is:

ORA-12526 (TNS-12526) 
TNS:listener: all appropriate instances are in restricted mode

ORA-12528 (TNS-12528) 
TNS:listener: all appropriate instances are blocking new connections

ORA-12527 (TNS-12527) 
TNS:listener: all instances are in restricted mode or blocking

 

CHANGES

The only significant change would be that the instance has been started up in some kind of "restricted access" mode such as RESTRICTED or NO MOUNT.

Here is an example of starting up the database in restricted mode and the output for lsnrctl status:

1.Start the database with restricted mode 

SQL>startup restrict 

2.Check the status of the listener 

LSNRCTL> status 
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=myhost.oracle.com)(PORT=1521)) 
STATUS of the LISTENER 
------------------------ 
Alias LISTENER 
Version TNSLSNR for 32-bit Windows: Version 10.1.0.2.0 
Start Date 21-JUL-2003 18:19:03 
Uptime 2 days 17 hr. 36 min. 17 sec 
Trace Level OFF 
Security OFF 
SNMP OFF 
Listener Parameter File e:\10g\network\admin\listener.ora 
Listener Log File e:\10g\network\log\listener.log 
Listening Endpoints Summary... 
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=myhost.oracle.com)(PORT=1521))) 
Services Summary... 
Service "prod10ib.oracle.com" has 1 instance(s). 
Instance "prod10ib", status RESTRICTED, has 1 handler(s) for this service... 
The command completed successfully 

 

From the above we can see that the listener status for that instance is 
"RESTRICTED"

CAUSE

When an instance is in restricted mode, PMON updates the listener with that information and blocks new connections from being established. 

The lsnrctl services output will show the handler is blocked for new connections or lsnrctl status may show the instance is in RESTRICTED mode.

 

 

SOLUTION

The (UR=A) clause for TNS connect strings was created in response to an enhancement request.  This clause can be inserted into the "(CONNECT_DATA=" section of a TNS connect string and allow a privileged or administrative user to connect via the listener even when the service handler is blocking connections for non-privileged users. 

Here's an example of a connect string configured with (UR=A):

PROD = 
   (DESCRIPTION = 
     (ADDRESS_LIST = 
          (ADDRESS = (PROTOCOL = TCP)(HOST = myhost.oracle.com)(PORT = 1521)))
      (CONNECT_DATA = 
          (UR=A) 
          (SERVICE_NAME = prod10ib.oracle.com) 
       ) 
     )

 

Please note that the (UR=A) clause is intended to work with a dynamically registered handler so the use of SERVICE_NAME versus SID is required when using dynamic registration (i.e. handler exists in lsnrctl output but is BLOCKED).  The use of SID in a TNS connect string may allow a connection if using a static handler in the listener.ora file under SID_DESC.

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/20747382/viewspace-2130842/,如需轉載,請註明出處,否則將追究法律責任。

相關文章