Platform Microsoft Windows x64 (64-bit)
Product Version 11.2.0.2
DETAILED PROBLEM DESCRIPTION |
+ASM instance is up/running and only accessible through EMGrid Control and cannot use
sqlplus to connect to +ASM instance, but asmcmd fails with the following error:
ASMCMD-08102: no connection to ASM; command requires ASM to run
C:\Users\vmummadi>set oracle_home=C:\Oracle\Grid11gR2
C:\Users\vmummadi>SET ORACLE_SID=+ASM
C:\Users\vmummadi>asmcmd
Connected to an idle instance.
ASMCMD> lsdg
ASMCMD-08102: no connection to ASM; command requires ASM to run
Enabled asmcmd tracing and the trace further shows:
C:\Users\vmummadi>set DBI_TRACE=1
C:\Users\vmummadi>set oracle_home=C:\Oracle\Grid11gR2
C:\Users\vmummadi>asmcmd
DBI 1.602-ithread default trace level set to 0x0/1 (pid 7412) at DBI.pm line 273 via asmcmdshare.pm line 201
-> DBI->connect(dbi:Oracle:, , ****, HASH(0x44ca968))
-> DBI->install_driver(Oracle) for MSWin32 perl=5.010000 pid=7412 ruid=0 euid=0
install_driver: DBD::Oracle version 1.20 loaded from C:/Oracle/Grid11gR2/perl/site/lib/DBD/Oracle.pm
!! ERROR: '12560' 'ORA-12560: TNS:protocol adapter error (DBD ERROR: OCIServerAttach)' (err#0)
DBI connect('','',...) failed: ORA-12560: TNS:protocol adapter error (DBDERROR: OCIServerAttach)
Connected to an idle instance.
ASMCMD>
check listener:
C:\Users\vmummadi>lsnrctl status
LSNRCTL for 64-bit Windows: Version 11.2.0.2.0 - Production on 07-MAR-2013 08:49:35
Copyright (c) 1991, 2010, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
---------------------------
Alias LISTENER
Version TNSLSNR for 64-bit Windows: Version 11.2.0.2.0 - Production
Start Date 22-FEB-2013 20:39:32
Uptime 12 days 12 hr. 10 min. 4 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File C:\Oracle\Grid11gR2\network\admin\listener.ora
Listener Log File C:\Oracle\diag\tnslsnr\ATLAS\listener\alert\log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1521ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<omitted here>)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=<omitted here>)(PORT=1521)))
Services Summary...
Service "+asm" has 1 instance(s).
Instance "+asm", status READY, has 1 handler(s) for this service...
...
The command completed successfully
Errors:
The errors are misleading, including the ORA-12560 (TNS:protocol adapter error).
The clue to the underlying problem is coming from the ORA-1031 (insufficient privileges)
during sqlplus "/ as sysasm"
C:\> set oracle_home=C:\Oracle\Grid11gR2
C:\> SET ORACLE_SID=+ASM
C:\> echo %ORACLE_SID%
+ASM
C:\> echo %ORACLE_HOME%
C:\Oracle\Grid11gR2
C:\> sqlplus "/ as sysasm"
SQL*Plus: Release 11.2.0.2.0 Production on Wed Mar 13 12:03:09 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Also, check if "SQLNET.AUTHENTICATION_SERVICES = (NTS)" is already set in the server's
sqlnet.ora file
Solutions:
User is not part of the ORA_DBA OS group:
C:\Users\vmummadi>echo %username%
vmummadi
C:\Users\vmummadi>NET LOCALGROUP ORA_DBA
Alias name ORA_DBA
Comment Oracle DBA Group
Members
-------------------------------------------------------------------------------
.... <-- other users listed here except 'vmummadi'
NT AUTHORITY\SYSTEM
The command completed successfully.
The problem is to do with harden security in 11g that affects non-dba OS users with
connections to Oracle instances.
If the user is not a member of the ORA_DBA OS group, then it either needs to connect to
the ASM instance using the ASM orapw file (either using his/her own account or using the
Oracle SYS account and as sysasm privilege) or be added to the OS ORA_DBA group.
Other workarounds include :
- Add the non-dba OS user to the ASM's orapw file and grant it 'SYSASM' privileges:
- Follow this - http://docs.oracle.com/cd/E11882_01/server.112/e25494/dba007.htm#ADMIN12478
- Allow the non-dba user to connect to the ASM instance using the SYS Oracle user account
- (for this, the non-dba user must know what is the password for SYS):
- Example: sqlplus sys@<hostname or IP address of the host>:<port were the listener
- lis tens>/+ASM as sysasm
- Make the non-dba OS user a member of the ORA_DBA OS group so it can use bequeath connections
- (ie, not using the listener) to the asm instance (ie, sqlplus "/ as sysasm") Oracle Support -ID 1537484.1 Reference: Bug 16470328
Thanks for the insight. I was able to get closer to an solution.
ReplyDeleteGlad, that my post helped you. Ty
ReplyDelete
ReplyDeleteIam so thrilled because of finding your alluring website here.Actually i was searching for Oracle DBA.Your blog is so astounding and informative too..Iam very happy to find such a creative blog. Iam also find another one by mistake while am searching the same topicOracle APEX.Thank you soo much..