TNS-12502, Firewalls, and SCAN Listeners


Had an interesting problem today involving firewalls and the SCAN listener (Oracle Clusterware 11.2+).

Symptoms

The client was reporting the following error from the application server:

TNS-12502: TNS:listener received no CONNECT_DATA from client

Diagnosis

Check the Validity of the TNS String

The obvious place to start was to check the validity of the TNS string. This was correct. I could use tnsping and sqlplus on that TNS string without any problems from my PC.

Connectivity Tests

Since I could connect directly to the database instance from my PC, then I could say that the SQL*Net path from the SCAN listeners to the database instance was working fine. This was also borne out by Cloud Control reporting that the database instance was active.

The client tested the connectivity from the application server to each of the IP addresses used by the SCAN listeners by using:

telnet db-scan-vip1 1521

This worked satisfactorily.

Checking the Listener Logs

I had to check the following four (4) logs:

  1. SCAN_LISTENER1
  2. SCAN_LISTENER2
  3. SCAN_LISTENER3
  4. LISTENER on the host where the database instance was active.

The first three (3) all show successful connection requests from my PC and the application server.

However, the last one only showed a connection request from my PC. There were no connection requests logged from the application server.

Resolution

It turns out that the firewalls were opened up for the link between the application server and the IP addresses used by the SCAN listeners, but NOT for the local listeners on each host of the cluster.

My PC had access to all listener addresses.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s