ora-3136 client認證失敗

dotaddjj發表於2012-08-03
原文網址 : http://blog.itpub.net/25362835/viewspace-1059082/
client

檢視alert日誌中出現如下警告:

Fri Aug 3 14:46:26 2012

WARNING: inbound connection timed out (ORA-3136)

Fri Aug 3 14:46:26 2012

WARNING: inbound connection timed out (ORA-3136)

oracle@server135 ~]$ oerr ora 3136

03136, 00000, "inbound connection timed out"

// *Cause: Inbound connection was timed out by the server because

// user authentication was not completed within the given time

// specified by SQLNET.INBOUND_CONNECT_TIMEOUT or its default value

// *Action: 1) Check SQL*NET and RDBMS log for trace of suspicious connections.

// 2) Configure SQL*NET with a proper inbound connect timeout value

// if necessary.

根據提示來看應該是連線超時導致的,檢視sqlnet.log日誌檔案出現了ora-12170

Fatal NI connect error 12170.

VERSION INFORMATION:

TNS for Linux: Version 10.2.0.1.0 - Production

Oracle Bequeath NT Protocol Adapter for Linux: Version 10.2.0.1.0 - Production

TCP/IP NT Protocol Adapter for Linux: Version 10.2.0.1.0 - Production

Time: 03-JUN-2011 13:01:21

Tracing not turned on.

Tns error struct:

ns main err code: 12535

TNS-12535: TNS:operation timed out

ns secondary err code: 12560

nt main err code: 505

TNS-00505: Operation timed out

nt secondary err code: 110

nt OS err code: 0

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=60442))

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=60445))

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=60414))

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=60437))

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=56520))

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=60415))

Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=10.10.10.4)(PORT=60438))

[oracle@server135 ~]$ oerr ora 12170

12170, 00000, "TNS:Connect timeout occurred"

// *Cause: The server shut down because connection establishment or

// communication with a client failed to complete within the allotted time

// interval. This may be a result of network or system delays; or this may

// indicate that a malicious client is trying to cause a Denial of Service

// attack on the server.

// *Action: If the error occurred because of a slow network or system,

// reconfigure one or all of the parameters SQLNET.INBOUND_CONNECT_TIMEOUT,

// SQLNET.SEND_TIMEOUT, SQLNET.RECV_TIMEOUT in sqlnet.ora to larger values.

// If a malicious client is suspected, use the address in sqlnet.log to

// identify the source and restrict access. Note that logged addresses may

// not be reliable as they can be forged (e.g. in TCP/IP).

根據網友提供的metalink資訊描述:

The "WARNING: inbound connection timed out (ORA-3136)" in the alert log indicates that the client was not able to complete it's authentication within the period of time specified by parameter SQLNET.INBOUND_CONNECT_TIMEOUT.

You may also witness ORA-12170 without timeout error on the database server sqlnet.log file.
This entry would also have the clinet address which failed to get authenticated. Some applications or JDBC thin driver applications may not have these details.

也就是客戶端認證超時導致的連線報錯。這個錯誤跟oracle監聽的一個引數有關:SQLNET.INBOUND_CONNECT_TIMEOUT引數從9I引入,指定客戶端連線伺服器並且提供認證資訊的超時時間,如果超過這個時間客戶端還沒有提供正確的認證資訊,伺服器會自動中止連線請求,同時記錄檢視連線的IPora-12170.

給出的解決方案是:

1 設定listener.ora中的set INBOUND_CONNECT_TIMEOUT=0

2 set sqlnet.INBOUND_CONNECT_TIMEOUT=0伺服器端修改sqlnet.ora檔案

3 重新reload listenerdatabase

[@more@]

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/25362835/viewspace-1059082/,如需轉載,請註明出處,否則將追究法律責任。

相關文章