清明在家接到同事电话,说数据库连不上,连接报如下错误:
ORA-12516: TNS: 监听程序找不到符合协议堆栈要求的可用处理程
这种错误一般是连接满了,但是被他们重启以后连接又报改错误,感觉增大连接用处不大。登录到后台alert_jscn.log日志,看到如下错误:
Wed Apr 4 15:04:25 2012
WARNING: inboundconnection timed out (ORA-3136)
Wed Apr 4 15:04:25 2012
WARNING: inboundconnection timed out (ORA-3136)
Wed Apr 4 15:04:25 2012
WARNING: inboundconnection timed out (ORA-3136)
Wed Apr 4 15:04:25 2012
WARNING: inboundconnection timed out (ORA-3136)
下面内容参考网络
参考metalink上的345197.1文章,内容如下:
Symptoms
The Oracle Net 10g parameters SQLNET.INBOUND_CONNECT_TIMEOUT andINBOUND_CONNECT_TIMEOUT_listenername default to 0 (indefinite) in 10.1. To address Denial of Service (DOS)issues, the parameters were set to havea default of 60 (seconds) in Oracle 10.2.
If applications are longer than 60 secs to authenticate with theOracle database, the errors occur.The following may be seen in the alert log:WARNING: inbound connection timed out (ORA-3136)
SQLNET.INBOUND_CONNECT_TIMEOUT is set to a value in seconds anddetermines how long a client has to provide the necessary authenticationinformation to a database.
INBOUND_CONNECT_TIMEOUT_listenernameis set to a value in seconds and determines how long a client has to completeits connect request to the listener after the network connection has beenestablished.
To protect both the listener and the database server, OracleCorporation recommends setting INBOUND_CONNECT_TIMEOUT_listenername incombination with the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.
Cause
Whenever default timeouts are assigned to a parameter, there may becases where this default does not work well with a particular application.However, some type of timeout on the connection establishment is necessary tocombat Denial of Service attacks on the database. In this case, SQLNET.INBOUND_CONNECT__TIMEOUTand INBOUND_CONNECT_TIMEOUT_listenername were given default values of 60seconds in Oracle 10.2. It is thesetimeout values that can cause the errors described in this note.
Also note thatit is possilbe the reason the database is slow to authenticate, may be due toan overloaded Oracle database or node.
Solution
Set theparameters SQLNET.INBOUND_CONNECT_TIMEOUT andINBOUND_CONNECT_TIMEOUT_listenername to 0 (indefinite) or to an appropratevalue for the application yet still combat DOS attacks (120 for example).
Theseparameters are set on the SERVER side:
listener.ora:INBOUND_CONNECT_TIMEOUT_listenername
sqlnet.ora: SQLNET.INBOUND_CONNECT_TIMEOUT
Further tuning of these parameters may beneeded is the problem persists
Metalink上给出的解决方案如下:
1. set INBOUND_CONNECT_TIMEOUT_=0 inlistener.ora
2. set SQLNET.INBOUND_CONNECT_TIMEOUT = 0in sqlnet.ora of server.
3. stop and start both listener anddatabase.
4. Now try to connect to DB and observe thebehaviour
以下是Oracle官方文档的一段:
SQLNET.INBOUND_CONNECT_TIMEOUT
Use theSQLNET.INBOUND_CONNECT_TIMEOUT parameter to specify the time, in seconds, for aclient to connect with the database server and provide the necessaryauthentication information.
If the clientfails to establish a connection and complete authentication in the timespecified, then the database server terminates the connection. In addition, thedatabase server logs the IP address of the client and an ORA-12170: TNS:Connecttimeout occurred error message to the sqlnet.log file. The client receiveseither an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failederror message.
Without thisparameter, a client connection to the database server can stay openindefinitely without authentication. Connections without authentication canintroduce possible denial-of-service attacks, whereby malicious clients attemptto flood database servers with connect requests that consume resources.
To protect boththe database server and the listener, Oracle Corporation recommends settingthis parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_nameparameter in the listener.ora file. When specifying values for theseparameters, consider the following recommendations:
Set both parameters to an initial lowvalue.
Set the value of theINBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than theSQLNET.INBOUND_CONNECT_TIMEOUT parameter.
For example, you can setINBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUTparameter to 3 seconds. If clients are unable to complete connections withinthe specified time due to system or network delays that are normal for theparticular environment, then increment the time as needed.
修改listener的inbound_connect_timeout参数的方法
方法一:
$ lsnrctl
LSNRCTL for IBM/AIX RISC System/6000:Version 10.2.0.3.0 - Production on 29-OCT-2007 10:00:57
Copyright (c) 1991, 2006, Oracle. All rights reserved.
Welcome to LSNRCTL, type "help"for information.
LSNRCTL> help
The following operations are available
An asterisk (*) denotes a modifier orextended command:
start stop status
services version reload
save_config trace spawn
change_password quit exit
set* show*
LSNRCTL> show
The following operations are availableafter show
An asterisk (*) denotes a modifier orextended command:
rawmode displaymode
rules trc_file
trc_directory trc_level
log_file log_directory
log_status current_listener
inbound_connect_timeout startup_waittime
snmp_visible save_config_on_stop
dynamic_registration
LSNRCTL> showinbound_connect_timeout
Connecting to(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=SHOW-100-12)(PORT=1521)))
LISTENER parameter"inbound_connect_timeout" set to 60
The command completed successfully
LSNRCTL> set inbound_connect_timeout0
Connecting to(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=SHOW-100-12)(PORT=1521)))
LISTENER parameter"inbound_connect_timeout" set to 0
The command completed successfully
LSNRCTL> showinbound_connect_timeout
Connecting to(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=SHOW-100-12)(PORT=1521)))
LISTENER parameter"inbound_connect_timeout" set to 0
The command completed successfully
LSNRCTL> set save_config_on_stop on #表示修改参数永久生效,否则只是临时生效,下次重启监听又还原为原来的值了
LSNRCTL> exit
方法二:
修改listener.ora文件,加入:INBOUND_CONNECT_TIMEOUT_LISTENER_NAME=0