12170问题引起的Oracle无法登陆问题解决办法
服务器每隔一段时间后就出现无法登陆的问题。重启数据库后,问题解决,但这并不是长久之计。
查看日志文件:D:\app\administrator\diag\rdbms\hzdb\hzdb\alert的alert.log,出现大量的重复错误信息,如下所示:
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=172.16.206.83)(PORT=2067))
TNS-00505: 操作超时
nt secondary err code: 60
nt OS err code: 0
ns secondary err code: 12560
nt main err code: 505
TNS-12535: TNS: 操作超时
Tracing not turned on.
Tns error struct:
ns main err code: 12535
VERSION INFORMATION: TNS for 32-bit Windows: Version 11.1.0.7.0 - Production Oracle Bequeath NT
Protocol Adapter for 32-bit Windows: Version 11.1.0.7.0 - Production Windows NT TCP/IP NT Protocol
Adapter for 32-bit Windows: Version 11.1.0.7.0 - Production
Fatal NI connect error 12170.
为什么会出现这样的情况呢?网上搜索后得知,在Oracle11G中,有这样两个参数SQLNET.INBOUND_CONNECT_TIMEOUT 和INBOUND_CONNECT_TIMEOUT_listenername;他们的默认值为60s,这两个参数负责登陆用户与服务器验证的超时时间,在10GR2以前的版本默认是0s,为了防止Denial of Service (DOS)攻击,在以后的版本中才设置为60s。如果在登录过程中,服务器没有给出及时的响应,那么将会在60后给出错误提示,这个超时时间显然有点过长,导致用户重复登陆的频率加大,频繁的登录引起数据库负载过大。
解决问题:减少着两个参数的超时时间,把它们分别设为3和2s。
Metalink上给出的解决方案如下:
1. set INBOUND_CONNECT_TIMEOUT_=0 in listener.ora
2. set SQLNET.INBOUND_CONNECT_TIMEOUT = 0 in sqlnet.ora of server.
3. stop and start both listener and database.
4. Now try to connect to DB and observe the behaviour
以下是Oracle官方文档的一段:
SQLNET.INBOUND_CONNECT_TIMEOUT
Use the SQLNET.INBOUND_CONNECT_TIMEOUT parameter to specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information.
If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failed error message.
Without this parameter, a client connection to the database server can stay open indefinitely without authentication.Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.
To protect both the database server and the listener, Oracle Corporation recommends setting this parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. When specifying values for these parameters, consider the following recommendations:
Set both parameters to an initial low value.
Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than theSQLNET.INBOUND_CONNECT_TIMEOUT parameter.
For example, you can set INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.
修改listener的inbound_connect_timeout参数的方法
SET INBOUND_CONNECT_TIMEOUT
Purpose
Use theSET
INBUND_CONNECT_TIMEOUT
command to specify the time, in seconds, for the client to complete its connect request to the listener after the network connection had been established.
If the listener does not receive the client request in the time specified, then it terminates the connection. In addition, the listener logs the IP address of the client and anORA-12525:TNS: listener has not received client's request in time allowed
error message to thelistener.log
file.
See Also:
Oracle Database Net Services Administrator's Guidefor information about specifying the time-out for client connectionsSyntax
From the Listener Control utility:
LSNRCTL> SET INCOUND_CONNECT_TIMEOUT
Arguments
{
time
}
: Specify the time, in seconds. Default setting is 60 seconds.
Example
LSNRCTL> SET INBOUND_CONNECT_TIMEOUT 2
Connecting to (ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 2
The command completed successfully.
方法一:
$ lsnrctl
LSNRCTL for IBM/AIX RISC System/6000: Version 10.2.0.3.0 - Production on 29-OCT-2007 10:00:57
Copyright (c) 1991, 2006, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> help
The following operations are available
An asterisk (*) denotes a modifier or extended command:
start stop status
services version reload
save_config trace spawn
change_password quit exit
set* show*
LSNRCTL> show
The following operations are available after show
An asterisk (*) denotes a modifier or extended command:
rawmode displaymode
rules trc_file
trc_directory trc_level
log_file log_directory
log_status current_listener
inbound_connect_timeout startup_waittime
snmp_visible save_config_on_stop
dynamic_registration
LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully
LSNRCTL> set inbound_connect_timeout 0
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully
LSNRCTL> show inbound_connect_timeout
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
LISTENER parameter "inbound_connect_timeout" set to 0
The command completed successfully
LSNRCTL> set save_config_on_stop on #表示修改参数永久生效,否则只是临时生效,下次重启监听又还原为原来的值了
LSNRCTL> exit
方法二:
修改listener.ora文件,加入: INBOUND_CONNECT_TIMEOUT_LISTENER_NAME=0
参考文档:
inbound connection timed out (ORA-3136)错误诊断:http://blog.chinaunix.net/u1/50863/showart_410003.html
ORACLE帮助文件
目录 返回
首页