RAC从11.2.0.3升级到11.2.0.4后,一个节点的Public IP、VIP无法连接数据库

SQL> CONN SYS/oracle@192.168.122.101:1521/pplus as sysdba
ERROR:
ORA-12537: TNS:connection closed

查看RAC的监听日志:

# cd $ORACLE_BASE/diag/tnslsnr/racdb2/listener/trace/

# vi listener.log

06-MAY-2019 12:13:52 * (CONNECT_DATA=(SERVICE_NAME=posplus)(CID=(PROGRAM=sqlplus)(HOST=racdb1)(USER=grid))) * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.122.100)(PORT=40081)) * establish * posplus * 12518
TNS-12518: TNS:listener could not hand off client connection
  TNS-12546: TNS:permission denied
    TNS-12560: TNS:protocol adapter error
     TNS-00516: Permission denied
        Linux Error: 13: Permission denied

首先想到GRID和Database的是oracle文件权限的问题,都有s权限,确认没有问题

[grid@racdb1 ~]$ ll $ORACLE_HOME/bin/oracle

-rwsr-s--x 1 grid oinstall 209914479 Mar 25 23:39 /home/grid/app/11.2.0.4/grid/bin/oracle

[oracle@racdb1 ~]$ ll $ORACLE_HOME/bin/oracle

-rwsr-s--x 1 oracle asmadmin 239626641 Mar 26 01:36 /home/oracle/app/oracle/product/11.2.0.4/db_1/bin/oracle

然后再用GRID用户去访问Database的HOME目录

[grid@racdb1 ~]$ cd $ORACLE_HOME/bin
-bash: cd: $ORACLE_HOME/bin: Permission denied

果然没有权限

[grid@racdb2 ~]$ ll /home/
total 8
drwxr-xr-x. 7 root oinstall 4096 Mar 23 16:43 grid
drwx------. 8 oracle oinstall 4096 May 6 11:45 oracle

把/home/oracle的权限修改为

chmod g+rx,o+rx /home/oracle

[grid@racdb1 ~]$ sqlplus / as sysdba

SQL*Plus: Release 11.2.0.4.0 Production on Wed May 8 10:41:06 2019

Copyright (c) 1982, 2013, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Real Application Clusters and Automatic Storage Management options

SQL> CONN SYS/oracle@192.168.122.111:1521/posplus as sysdba
Connected.
SQL> CONN SYS/oracle@192.168.122.101:1521/posplus as sysdba
Connected.
SQL> CONN SYS/oracle@192.168.122.110:1521/posplus as sysdba
Connected.
SQL> CONN SYS/oracle@192.168.122.120:1521/posplus as sysdba

至此问题已解决

-------------------------------------------------------------------------------

参考Oracle官方文档:

ORA-12537 / ORA-12547 or TNS-12518 if Listener (including SCAN Listener) and Database are Owned by Different OS User (文档 ID 1069517.1) 转到底部

In this Document

  Symptoms
  Cause
  Solution
  References

APPLIES TO:

Oracle Database - Enterprise Edition - Version 11.2.0.3 and later
Oracle Database Configuration Assistant - Version 11.1.0.7 and later
Oracle Net Services - Version 11.2.0.2 and later
Information in this document applies to any platform.

SYMPTOMS

In environment where listener home (including SCAN listener which resides in GRID Infrastructure/ASM home) and database home are owned by different OS user, ORA-12537 could happen when connecting through listener, when creating database through DBCA, or when installing database software and creating a database in runInstaller. Job Role Separation is a typical example as SCAN and local grid home listener is owned differently than database.

  • Error detail
12537, 00000, "TNS:connection closed"
// *Cause: "End of file" condition has been reached; partner has disconnected.
// *Action: None needed; this is an information message.

Before the error is reported, connection could hang for a while, and a core file may also be generated.

  • Screen output:
SQL> conn system/xxx@OSES
ERROR:
ORA-12537: TNS:connection closed

OR

PRCR-1079 : Failed to start resource ora.db11.db
CRS-5011: Check of resource db11 failed: details at ..
CRS-2674: Start of ora.db11.db on racnode1 failed
ORA-12546: TNS:permission denied

  • listener_scann.log or listener.log
TNS-12518: TNS:listener could not hand off client connection
TNS-12546: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00516: Permission denied
   Linux Error: 13: Permission denied

OR

TNS-12518: TNS:listener could not hand off client connection
TNS-12547: TNS:lost contact
 TNS-12560: TNS:protocol adapter error
  TNS-00517: Lost contact
   Linux Error: 32: Broken pipe

  • runInstaller error if installing
INFO: Starting Output Reader Threads for process /ocw/grid/bin/kfod
INFO: Parsing KFOD-00300: OCI error [-1] [OCI error] [ORA-12547: TNS:lost contact
INFO: Parsing ] [12547]
INFO: Parsing
INFO: The process /ocw/grid/bin/kfod exited with code 1
..
SEVERE: [FATAL] [INS-30502] No ASM disk group found.
   CAUSE: There were no disk groups managed by the ASM instance +ASM1.

CAUSE

1. In environments where the listener is not run in the same ORACLE_HOME where the database resides, the listener owner (including SCAN listener) may not be able to access the oracle binary in the database home.  This is common in RAC or whenever a GRID_HOME and a database ORACLE_HOME are installed.

As listener owner:

$ ls -l $RDBMS_HOME/bin/oracle
ls: /home/oracle/app/oracle/product/11.2/db/bin/oracle: Permission denied

2. Oracle binary in database home has wrong permission:

ls -l $RDBMS_HOME/bin/oracle
-rwxr-x--x 1 oracle asmadmin 184286251 Aug  9 16:25 /home/oracle/app/oracle/product/11.2/db/bin/oracle

The permission "-rwxr-x--x" is wrong as it's missing suid bit, oracle binary should have permission of 6751:

-rwsr-s--x 1 oracle asmadmin 184286251 Aug  9 16:25 /home/oracle/app/oracle/product/11.2/db/bin/oracle

Note: If Job Role Separation is in place, the group will be <asmadmin>, otherwise it will be <oinstall>

3. File System for database home does not support setuid/suid or has nosetuid/nosuid set:

mount| grep <mount_point_of_ORACLE_HOME>
/home/oracle on /dev/dsk/diskoracle read/write/nosuid..

4. RDBMS_HOME/lib has wrong ownership/permission:

As listener owner:

$ ls -l $RDBMS_HOME/lib
ls: /home/oracle/app/oracle/product/11.2/db/lib: Permission denied

5. Another cause may be permissions on the RDBMS Directory structure or Home directory which needs to be accessed by the CRS user.
Check that the RDBMS $ORACLE_HOME is set to 755.
This can be seen from an OS trace such as strace or truss when using it to trace the CRS user running the "oracle" executable which fails with the "Permission denied" error.

Also:

a) Log in as the "GRID" user on each node, and issue the following (on each directory under the RDBMS Home) :-

[grid@orcl002:+ASM2 ~]$ ls -al /home/oracle/app/oracle
ls: cannot open directory /u01/app/oracle: Permission denied

***NOTE: the Oracle directory has 700 for the permissions, which should be changed to 755:

Current (incorrect) -->

[grid@orcl002:+ASM2 ~]$ ll /home/oracle/app
drwx------. 8 oracle oinstall  4096 Oct 12 08:38 oracle

Should be (correct) -->

[grid@orcl002:+ASM2 ~]$ ll /home/oracle/app
drwxr-xr-x. 8 oracle oinstall  4096 Oct 12 08:38 oracle

b) Likewise the /product directory has 700 perms, so change to 755 -->

[grid@orcl002:+ASM2 ~]$ ls -al /home/oracle/app/oracle/product
ls: cannot open directory /u01/app/oracle/product: Permission denied

Current (incorrect) -->

[grid@orcl002:+ASM2 ~]$ ls -al /home/oracle/app/oracle
drwx------.  3 oracle oinstall 4096 Oct  12 08:58 product

Should be (correct) -->

[grid@orcl002:+ASM2 ~]$ ls -al /u01/app/oracle
drwxr-xr-x.  3 oracle oinstall 4096 Oct  12 08:58 product

c) Now a connection should work:

$ sqlplus system/<pwd>@'(description=(address=(protocol=tcp)(host=orcl002)(port=1521))(connect_data=(server=dedicated)(service_name=ORCL)))'

SQL>

SOLUTION

Solution is to make sure file system for database home has setuid/suid set, database binary($RDBMS_HOME/bin/oracle) has correct ownership and permission, and listener owner is able to access database oracle binary (as listener owner, "ls -l $RDBMS_HOME/bin/oracle" will tell)

If its Job Role Separation environment, please refer to the following document:

Oracle® Grid Infrastructure 
Installation Guide
11g Release 2 (11.2)

Oracle ASM Job Role Separation Option with SYSASM

RAC升级后,一个节点无法连接数据库,报ORA-12537: TNS:connection closed的更多相关文章

  1. 启动监听报错:TNS-12537: TNS:connection closed TNS-12560: TNS:protocol adapter error TNS-00507: Connection closed Linux Error: 29: Illegal seek

    启动监听程序报错: 说明:在rhel5.8上安装完成oracle11g数据库后,使用netca创建完监听,启动监听时报错.还未使用dbca创建实例. [oracle@rusky-oracle11g ~ ...

  2. Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)的解决

        Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)的解决 [oracle@rac01 ~]$ sqlplus /nolog S ...

  3. Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)

    Oracle 11gR2 RAC 数据库不能连接(ORA-12537: TNS:connection closed)的解决 [oracle@rac01 ~]$ sqlplus /nolog SQL*P ...

  4. plsql 连接oralce数据库,报ora 12557 tns 协议适配器不可加载错误

    使用plsql 连接oracle 数据库报ora 12557 错误: 解决方案: 1:首先确保服务中的service以及监听器都开启 2:F:\app\Administrator\product\11 ...

  5. Mac 升级后idea执行git命令报错xcrun: error: invalid active developer path的解决办法

    报错 xcrun: error: invalid active developer path (/Library/Developer/CommandLineTools), missing xcrun ...

  6. 关于MAC升级后,vim更新插件报错

    找不到路径: 直接在终端 terminal 输入: xcode-select --install

  7. 监听报错 TNS-00525: Insufficient privilege for operation 11gR2 + 连接报错ORA-12537: TNS:connection closed

    1.TNS-00525: Insufficient privilege for operation Started with pid= Listening on: (DESCRIPTION=(ADDR ...

  8. 单向链表在O(1)时间内删除一个节点

    说删链表节点,第一时间想到就是遍历整个链表,找到删除节点的前驱,改变节点指向,删除节点,但是,这样删除单链表的某一节点,时间复杂度就是O(n),不符合要求: 时间复杂度是O(n)的做法就不说了,看看O ...

  9. rac 11g_第二个节点重启后无法启动实例:磁盘组dismount问题

    原创作品,出自 "深蓝的blog" 博客,欢迎转载,转载时请务必注明以下出处,否则追究版权法律责任. 深蓝的blog:http://blog.csdn.net/huangyanlo ...

随机推荐

  1. Alpha项目测试--个人第五次博客

    第五次个人博客--测试 这个作业属于哪个课程 系统分析与设计 这个作业的要求在哪里 Alpha项目测试 团队名称 西柚排课王 这个作业的目标 测试别人的项目,从客观的角度体验项目 一.测试项目一 团队 ...

  2. rn 环境搭建

    https://reactnative.cn/docs/next/getting-started.html 搭建开发环境 欢迎使用 React Native!这篇文档会帮助你搭建基本的 React N ...

  3. php迭代器模式(iterator pattern)

    ... <?php /* The iterator pattern is used to traverse a container and access its elements. In oth ...

  4. httprunner学习7-extract提取content返回对象

    前言 提取response返回的对象数据,用extract关键字.前面有关于token的取值,通过content.token取值. 本篇详细讲解如何从返回的json数据提取出想要的各种数据 conte ...

  5. upd

    今天是中华人民共和国成立70周年,先祝我的祖国母亲生日快乐 由于最近嗓子不太好使,我就不发歌了 分割线 在学校挤了一点本来应该发呆的时间写了点没用的 前一部分是对一点OI知识的复习,后一部分是最近高中 ...

  6. ovirt磁盘类型(IDE, virtio, virtio-scsi)

    ovirt磁盘类型辨析(IDE, virtio, virtio-scsi) 通过一张表格,简单明了的说明这三种硬盘的不同: 整体上来看这三者的最大不同还是挂载磁盘的数量.根据在ovirt的上测试,一台 ...

  7. 关于Certificate、Provisioning Profile

    Certificate(证书)就是app在打包的时候必须签名,苹果iOS系统在安装app之前会验证Certificate,否则不会通过安装. Provisioning Profile简单来说就是包含A ...

  8. linux中/dev/null与2>&1讲解

    首先先来看下几种标识的含义: /dev/null 表示空设备文件 0 表示stdin标准输入 1 表示stdout标准输出 2 表示stderr标准错误 先看/dev/null command > ...

  9. ios Aspects面向切面沉思录—面向结构编程—面向修改记录编程—面向运行时结构编程—元编程?

    1.将主功能看成一个巨大的结构: 2.将切面注入的交叉业务看成是一组结构修改的注册:目标对象+方法是修改的键值: 3.Aspects引擎是修改的执行者.记录者.和维护者: 4.函数和方法是它操作和面对 ...

  10. redux的知名ppt

    https://slides.com/jenyaterpil/redux-from-twitter-hype-to-production#/20