本文介绍了解决Oracle Net Services中频繁出现的TNS-1189错误的方法。此错误通常出现在使用10g及以上版本的监听器进行操作时。文章详细解释了错误产生的原因,并提供了两种解决方案:通过IPC协议进行本地通信或关闭本地OS认证。
LSNRCTL Commands May Yield Frequent TNS-1189 Errors (文档 ID 285439.1)
Applies to:
Oracle Net Services - Version 10.1.0.2.0 to 12.1.0.1 [Release 10.1 to 12.1]
Information in this document applies to any platform.
***Checked for relevance on 25-JUN-2014***
The issue documented here is limited to the version 10g or higher listener or lsnrctl utility.
Symptoms
When using a 10g listener or higher, it is possible that the error TNS-1189 "The listener could not authenticate the user" may occur intermittently (or very frequently) while performing listener operations from within the same LSNRCTL session. For example:
LSNRCTL> set trc_level 16
LSNRCTL> save_config
TNS-1189
Changes
The listener.ora file may have been edited recently or this is a new installation.
Cause
This error is an authentication failure error between LSNRCTL and the tnslsnr process. The user attempted to issue a privileged administrative command, but could not be successfully authenticated by the listener using the local OS authentication mechanism.
This error has been known to happen when multiple network interfaces exist on the same machine as the listener. The failure is due to the LSNRCTL failing its locality check (meaning the LSNRCTL utility is communicating on an IP address, provided by the OS, different than what the the listener is using - causing the authentication failure).
Additional causes for this error, not directly related to the problem described in this note are:
1. The user is running a version of LSNRCTL that is lower than the version of the listener.
2. The user is attempting to administer the listener from a remote node.
3. The listener could not obtain the system resources needed to perform the authentication.
4. The local network connection between the listener and LSNRCTL was terminated unexpectedly during authentication message exchange, such as if LSNRCTL program was suddenly aborted.
5. The communication between the listener and LSNRCTL is being intercepted by a malicious user.
6. The software that the user is running is not following the authentication protocol, indicating a malicious user.
Solution
The problem can be worked around by having the LSNRCTL utility utilize the IPC protocol to communicate with the tnslsnr rather than TCP. To do this, insert an IPC address into the listener.ora file and make it the first ADDRESS within an ADDRESS_LIST:
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=IPC)(KEY=ANYTHING))
(ADDRESS=(PROTOCOL=TCP)(HOST=serverhost)(PORT=1521))
)
Using the IPC protocol locally will not affect incoming connections.
An alternative solution is to add LOCAL_OS_AUTHENTICATION_listenername=OFF to the listener.ora file and restart the listener.
Applies to:
Oracle Net Services - Version 10.1.0.2.0 to 12.1.0.1 [Release 10.1 to 12.1]
Information in this document applies to any platform.
***Checked for relevance on 25-JUN-2014***
The issue documented here is limited to the version 10g or higher listener or lsnrctl utility.
Symptoms
When using a 10g listener or higher, it is possible that the error TNS-1189 "The listener could not authenticate the user" may occur intermittently (or very frequently) while performing listener operations from within the same LSNRCTL session. For example:
LSNRCTL> set trc_level 16
LSNRCTL> save_config
TNS-1189
Changes
The listener.ora file may have been edited recently or this is a new installation.
Cause
This error is an authentication failure error between LSNRCTL and the tnslsnr process. The user attempted to issue a privileged administrative command, but could not be successfully authenticated by the listener using the local OS authentication mechanism.
This error has been known to happen when multiple network interfaces exist on the same machine as the listener. The failure is due to the LSNRCTL failing its locality check (meaning the LSNRCTL utility is communicating on an IP address, provided by the OS, different than what the the listener is using - causing the authentication failure).
Additional causes for this error, not directly related to the problem described in this note are:
1. The user is running a version of LSNRCTL that is lower than the version of the listener.
2. The user is attempting to administer the listener from a remote node.
3. The listener could not obtain the system resources needed to perform the authentication.
4. The local network connection between the listener and LSNRCTL was terminated unexpectedly during authentication message exchange, such as if LSNRCTL program was suddenly aborted.
5. The communication between the listener and LSNRCTL is being intercepted by a malicious user.
6. The software that the user is running is not following the authentication protocol, indicating a malicious user.
Solution
The problem can be worked around by having the LSNRCTL utility utilize the IPC protocol to communicate with the tnslsnr rather than TCP. To do this, insert an IPC address into the listener.ora file and make it the first ADDRESS within an ADDRESS_LIST:
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=IPC)(KEY=ANYTHING))
(ADDRESS=(PROTOCOL=TCP)(HOST=serverhost)(PORT=1521))
)
Using the IPC protocol locally will not affect incoming connections.
An alternative solution is to add LOCAL_OS_AUTHENTICATION_listenername=OFF to the listener.ora file and restart the listener.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/35489/viewspace-1846128/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/35489/viewspace-1846128/
扫一扫
2958
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
