Doc ID: Note:298916.1 Type: BULLETIN
Last Revision Date: 28-JUL-2005 Status: MODERATED
PURPOSE
-------
This document intends to give a comprehensive guide to 10G CMAN configuration.
SCOPE & APPLICATION
-------------------
Database administrators who want to configure 10G CMAN. This document is applicable
only to 10G CMAN and does not applies to earlier version of CMAN.
A Guide to 10G CMAN configuration
-----------------------------
1. Configuring CMAN.ORA
The first step towards configuring the 10G CMAN is to create a cman.ora in the
$ORACLE_HOME/network/admin directory on UNIX and in the ORACLE_HOME\network\admin
directory on Windows.
1.A. Configuring Listening endpoint (ADDRESS)
In 10G CMAN, a listener process listenes for all incoming requests. Unlike older
versions, you do not require to specify seperate listening endpoint list for the
CMGW gateway process and CMADMIN administrative process. We just require to configure
the listening endpoint for the Oracle Connection Manager listener.CMADMIN, the Oracle
Connection Manager monitoring process,uses this address to register information about
gateway processes with the listener. The database server, in turn, uses the address to
register service information at the Oracle Connection Manager node.
Example CMAN.ORA
CMAN1=(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=test)(PORT=1522))
(RULE_LIST=
(RULE=(SRC=X.Y.0.0/16)(DST=
(rule=(src=test)(dst=127.0.0.1)(srv=cmon)(act=accept))))
Here the CMAN listener has been configured to listen to the port 1522.
1.B. Configuring Access control rule list (RULE_LIST)
The parameter RULE to specify an access control rule list to filter incoming
connections. A rule list specifies which connections are accepted, rejected, or
dropped.
Syntax :
(RULE_LIST=
(RULE=
(SRC= host)
(DST= host)
(SRV= service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT=on|off)(CONN_
STATS=yes|no)(MCT= time)(MIT= time)(MOCT= time)))
(RULE= ...))
Subparameters
The RULE parameter filters a connection or group of connections using the
following subparameters:
SRC: Specify the source host name or IP address in dot notation of the client.
DST: Specify the destination server host name or IP address in dot notation of the
database server.
SRV: Specify database service name of the Oracle Database 10g, Oracle9i, or
Oracle8i database (obtained from the SERVICE_NAME parameter in the initialization
parameter file).
ACT: Specify accept to accept incoming requests or reject to reject incoming
requests.
ACTION_LIST: Specify rule-level parameter settings for some parameters. These
parameters are as follows:
AUT Oracle Advanced Security authentication on client side
CONN_STATS log input and output statistics
MCT maximum connect time
MIT maximum idle timeout
MOCT maximum outbound connect time
Rule-level parameters override their global counterparts.
Please note that there should be at least one rule for client connections and one
rule for CMCTL connections as shown in the Example CMAN.ORA
(RULE_LIST=
(RULE=(SRC=X.Y.0.0/16)(DST=
(rule=(src=test)(dst=127.0.0.1)(srv=cmon)(act=accept))))
The first rule allows incoming connection from X.Y.0.0/16 subnet to the db_server
for any database service name.
The second rule allows CMCTL connections from the host "test" ( this is actually
the host where CMAN is running).
Wildcard usage: CMAN.ORA supports usage of "*" as wildcards. An askterisk can only be used to include or exlclude an entire value for a RULE
parameter. Partial values are not allowed.
Example you can use the following rule
(RULE=(SRC=*)(DST=
This rule will allow incoming connection from client with any ip address to the db_server
for any database service name.
But the following rule is not allowed
(RULE=(SRC=X.Y.0.*)(DST=
Instead you can use ip_address/nn notation for subnet addresses. For example a
rule like following will alow incoming connection from any client ip whose first
16 bit matches with 162.158.
(RULE=(SRC=162.158.0.0/16)(DST=
1.C. Configuring Parameter list (PARAMETER_LIST)
Parameters in the Oracle Connection manager are of two types global and rule level.
A global parameter applies to all Oracle Connection Manager connections, unless a
rule-level parameter overrides it. To change a global parameters default setting,
enter it into the PARAMETER_LIST, together with an allowable value.
A rule-level parameter is enabled in the ACTION_LIST section of the RULE_LIST
and applies only to connections specified by the rule. It overrides its global
counterpart.
show parameter command in the CMCTL> prompt shows all the current parameters.
Following is the command for our example CMAN.ora. It shows all the default value as we have not
configuerd any parameter_list for our CMAN.ORA
________________________________________________________________
CMCTL:cman1> show parameters
listener_address | (ADDRESS=(PROTOCOL=tcp)(HOST=test)(PORT=1522))
aso_authentication_filter | OFF
connection_statistics | OFF
event_group | OFF
log_directory |
log_level | SUPPORT
max_connections | 256
idle_timeout | 0
inbound_connect_timeout | 0
session_timeout | 0
outbound_connect_timeout | 0
max_gateway_processes | 16
min_gateway_processes | 2
max_cmctl_sessions | 4
password | OFF
remote_admin | OFF
trace_directory |
trace_level | OFF
trace_timestamp | OFF
trace_filelen | 0
trace_fileno | 0
The command completed successfully.
_________________________________________________________________
Lets set two parameters IDLE_TIMEOUT and MAX_CONNECTIONS for the CMAN.
We will set IDLE_TIME=600 so that if a connection remain idle for 600 sec
(i.e no data exchange takes place in 600 sec) CMAN will disconnect the session.
We will also set MAX_CONNECTIONS=512 so that the maximum connections that can be
handled by a gateway process increased to 512.
CMAN.ORA
CMAN1=(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=test)(PORT=1522))
(RULE_LIST=
(RULE=(SRC=X.Y.0.0/16)(DST=
(rule=(src=test)(dst=127.0.0.1)(srv=cmon)(act=accept))))
(PARAMETER_LIST=
(IDLE_TIMEOUT=600)
(MAX_CONNECTIONS=512)))
Please refer to Oracle Database Net Services Administrators Guide 10 g Release 1 (10.1)
Part No. B10775-01 for a complete list of parameters and detailed information on them.
2. Configuring Local_listener and Remote_listener parameters of the database
LOCAL_LISTENER and REMOTE_LISTENER parameter need to be configuered in the database
so that the database register itself both with the local listener and the CMAN.
LOCAL_LISTENER should point to the listener running in the database server and
REMOTE_LISTENER parameter should point to the CMAN listener port like
ALTER SYSTEM SET LOCAL_LISTENER="(address=(protocol=tcp)(host=
ALTER SYSTEM SET REMOTE_LISTENER="(address=(protocol=tcp)(host=
"
Following command the CMCTL> prompt after starting the CMAN show all the database
services registered with the CMAN.
CMCTL:cman1> show services
3. Configuring Clients for Oracle Connection Manager
Please update the client tnsnames.ora with the Oracle Connection Manager
entry
test =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = test)(PORT = 1522))
(CONNECT_DATA =
(SERVER = dedicated)
(SERVICE_NAME =
)
)
As you can see the tnsanems.ora entry is just like another normal entry,
the only difference is you mention the CMAN listener ip address and port no
instead of database listener.
4. Starting and administering the CMAN
To administer a CMAN instance first we need to give the
administer
in the CMCTL> prompt.
Then we can start the CMAN.
In our exaple we can start the CMAN like
$CMCTL
CMCTL> administer CMAN1
CMCTL> startup
Please ensure that the database services are registered with the CMAN by show services
Now you can test the connectivity from the client to the database server.
Setting up a password in the CMAN:
Oracle recomends setting a password in the CMAN to secure it.
Password can be set up in the following way
CMCTL:cman1> set password
Old password:
New password:
Reenter new password:
eg:
Old password:
New password: passwd
Reenter new password: passwd
The command completed successfully.
Just hit
The passwords you entered will not be echoed.
This procedure does not save the password in the CMAN.ORA.
For this you have to execute save_passwd as below:
CMCTL:cman1> save_passwd
The command completed successfully.
CMCTL:cman1>
NOTE: The password is encrypted by default and can be set only by the above
method.
Remote administration:
You can adminster the CMAN from a remote machine also. To enable remote administration
you have to set REMOTE_ADMIN to yes in the CMAN.ORA and also add a rule to allow the
remote machine to access CMAN. Please note that for this rule also it needs to be
dst=127.0.0.1, otherwise the connection from remote machine will fail.
Example CMAN.ORA
CMAN1=(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=test)(PORT=1522))
(RULE_LIST=
(RULE=(SRC=X.Y.0.0/16)(DST=
(rule=(src=test)(dst=127.0.0.1)(srv=cmon)(act=accept))
(rule=(src=
(PARAMETER_LIST=
(IDLE_TIMEOUT=60)
(MAX_CONNECTIONS=512)
(REMOTE_ADMIN=yes)))
In the remote machine tnsnames.ora an entry need to be added to resolve the remote CMAN address like the following
CMANR=(ADDRESS=(protocol=TCP)(host=test)(port=1522))
Reload the CMAN and now you will be able to access the CMAN from the remote machine
CMCTL> administer CMANR
5. Configure the database server for session multiplexing.
To enable Connection Manager to take advantage of session multiplexing, set the
MULTIPLEX=on in the DISPATCHERS parameter in the initialization parameter file.
Example:
DISPATCHERS="(PROTOCOL=tcp)(MULTIPLEX=on)"
6.CMAN log files.
Oracle Connection Manager generates four types of log files: one each for its
listener, gateway, and CMADMIN processes and one for alerts.
i) CMAN-instance-name_ pid.log : This file is log file for the CMAN listener. like normal
listener.log it shows the service registration, sevice update and connect informations.
ii)CMAN-instance-name_cmgw_pid.log This is the log file for the gateway process
iii) CMAN-instance-name_cmadmin_pid.log This is log file for CMADMIN processes.
iv) CMAN-instance-name_alert.log CMAN alert log alert log captures information about
instance startup and shutdown and also chronologically record of all critical errors.
RELATED DOCUMENTS
-----------------
Oracle Database Net Services Administrators Guide 10 g Releas
.
==================================
Subject: Troubleshooting Guide for the CMAN in 10g(10.1.0.3.0)
Doc ID: Note:305220.1 Type: BULLETIN
Last Revision Date: 07-SEP-2005 Status: MODERATED
Troubleshooting Guide for the CMAN in 10g(10.1.0.3.0)
These are the most common problems you face when using a 10g CMAN:
1) TNS-04012 when starting CMAN
2) TNS-04006: Invalid password When administering CMAN
3) TNS-04005: Unable to resolve address for
4) TNS-12538 when administering a CMAN
5) NL-00857 when Administer using command
6) Starting CMAN on windows just hangs with no errors
TNS-04012: Unable to start Oracle Connection Manager instance
When starting the CMAN on Windows machine you are receing the errors:
CMCTL:CMAN_indl040ad> startup
Failed to start service, error 997.
TNS-04012: Unable to start Oracle Connection Manager instance.
CMCTL:CMAN_indl040ad>
Or on Unix machine you are receiving the errors:
CMCTL:CMAN_incq048ad.idc.oracle.com> startup
TNS-04012: Unable to start Oracle Connection Manager instance.
CMCTL:CMAN_incq048ad.idc.oracle.com>
You receive this error usually when there is some syntax errors in the cman.ora file.
The usual causes are:
1.1:
The rule_list missing the line that is used to accept administration commands
from the local host. Either of the following entries in the RULE_LIST must exist in order to start the cman.
(rule=(src=indl040ad)(dst=127.0.0.1)(srv=cmon)(act=accept))
or
(rule=(src=*)(dst=*)(srv=*)(act=accept))
1.2:
The TRACE_LEVEL parameter in PARAMETER_LIST is configured with a numeric value. Fact is that in earlier releases cman tracing was enabled by the parameter TRACING=YES | NO under the PARAMETER_LIST in cman.ora. From 10g onwards, the tracing is enabled as done for listener or client or server sqlnet tracing. i.e the parameter TRACE_LEVEL in the PARAMETER_LIST has to be included for this. The parameter TRACING = YES | NO has been stopped.
But again, there is one more interesting fact about this.
The allowed values for this are “off | user | admin | support“
Note: only the above string values are allowed and the numeric equivalent of these values are not allowed.
If the numeric values equivalent for these are used in cman.ora, the cman service doesnot startup
1.3:
The ADDRESS_LIST parameter is used in the cman.ora file as below:
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1630))
)
This clause is not needed. Change it to the entry as below:
(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1630))
TNS-04006: Invalid password
CMCTL> administer
Enter CMAN Password:
TNS-04006: Invalid password
CMCTL>
This is the error that you receive when you are attempting to administer a cman instance that is password protected, is already up and running and enter an invalid password for this operation.
However, if the CMAN is not started yet, the administer command succeeds but when the startup command is issued it prompts for the password. If an incorrect password is entered, it starts up the CMAN service but also throws the above error.
TNS-04005: Unable to resolve address for
If you give an instance name that doesnot exist or if you commit a typo when issuing an ADMINISTER command you receive the following error.
CMCTL> administer test
TNS-04005: Unable to resolve address for test
CMCTL>
TNS-12538 when administering a CMAN
If you have the word PROTO instead of the key word PROTOCOL in the cman.ora file, you receive the error message as below:
CMCTL> administer
TNS-12538: TNS:no such protocol adapter
CMCTL>
The keyword has to be the complete word PROTOCOL and not just PROTO
NL-00857 when Administer using command
The ADMINISTER command is used to choose an instance of Oracle Connection Manager.
Syntax
From the Oracle Connection Manager Control utility:
CMCTL> ADMINISTER [-c instance_name] using [password]
Strangely this does not work as below:
CMCTL> administer -c cman_indl040ad using jayu123
NL-00857: wrong number (0 - 3 needed) of arguments to "administer"
Correct syntax that works is:
CMCTL> administer cman_indl040ad using jayu123
Current instance cman_indl040ad is already started
Connections refer to (address=(protocol=TCP)(host=indl040ad)(port=1560)).
The command completed successfully.
CMCTL:cman_indl040ad>
A bug 4297538 has been filed for the same to make modifications
Starting CMAN on windows just hangs with no errors on Win2k
Sometimes the starting of CMAN from a command prompt hangs without returning any errors on windows platform.
CMCTL> administer cman_indl040ad using jayu123
Current instance cman_indl040ad is already started
Connections refer to (address=(protocol=TCP)(host=indl040ad)(port=1560)).
The command completed successfully.
CMCTL:cman_indl040ad> shutdown
The command completed successfully.
CMCTL:cman_indl040ad> startup
You have to issue a CTRL + C for coming out of this.
The services panel indicates that the services are started for this instance but show all command from CMCTL gives the output that instance is not running as illustrated below:
CMCTL> administer
Current instance CMAN_indl040ad is not yet started
Connections refer to (address=(protocol=TCP)(host=indl040ad)(port=1560)).
The command completed successfully.
CMCTL:CMAN_indl040ad> show all
TNS-04011: Oracle Connection Manager instance not yet started.
CMCTL:CMAN_indl040ad>
The trace files aslo doesnot indicate any errors:
Excerpt from Cmadmin trace file:
[05-JAN-2005 13:23:50:374] sntpinherit: Attempting to make pipe \\.\PIPE\ORANTP50C.3B0.w
[05-JAN-2005 13:23:50:374] sntpinherit: Listening on pipe \\.\PIPE\ORANTP50C.3B0.w
[05-JAN-2005 13:23:50:374] sntpinherit: Attempting to make pipe \\.\PIPE\ORANTP50C.3B0
[05-JAN-2005 13:23:50:374] sntpinherit: Listening on pipe \\.\PIPE\ORANTP50C.3B0
[05-JAN-2005 14:53:40:613] nttaddr2bnd: entry
[05-JAN-2005 14:53:40:623] nttaddr2bnd: exit
[05-JAN-2005 14:53:40:623] nsgllsn: Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=indl040ad.idc.oracle.com)(PORT=1560)))
…
and goes on in a loop with entries similar to below:
[05-JAN-2005 14:53:40:623] nsiorecv: entry
[05-JAN-2005 14:53:40:623] nttmrd: entry
[05-JAN-2005 14:53:40:623] nttrd: entry
[05-JAN-2005 14:53:40:623] ntt2err: entry
[05-JAN-2005 14:53:40:623] ntt2err: soc 396 error - operation=5, ntresnt[0]=524, ntresnt[1]=36, ntresnt[2]=0
[05-JAN-2005 14:53:40:623] ntt2err: exit
[05-JAN-2005 14:53:40:623] nttrd: exit
[05-JAN-2005 14:53:40:623] nsiorecv: exit (0)
….
[05-JAN-2005 14:53:40:623] nsiorecv: entry
[05-JAN-2005 14:53:40:623] nttmrd: entry
[05-JAN-2005 14:53:40:623] nttrd: entry
[05-JAN-2005 14:53:40:623] ntt2err: entry
[05-JAN-2005 14:53:40:623] ntt2err: soc 396 error - operation=5, ntresnt[0]=524, ntresnt[1]=36, ntresnt[2]=0
[05-JAN-2005 14:53:40:623] ntt2err: exit
[05-JAN-2005 14:53:40:623] nttrd: exit
[05-JAN-2005 14:53:40:623] nsiorecv: exit (0)
The services cannot be stopped, gives an error and status remains as STOPPING.
We will have to reboot the machine for this so that the services are either started automatically if properties are set to AUTOMATIC or not started if set to MANUAL option.
But if this operation is tried by just issuing administer, no problem is encountered as below:
CMCTL> administer
Enter CMAN Password:
Current instance CMAN_indl040ad is already started
Connections refer to (address=(protocol=TCP)(host=indl040ad)(port=1560)).
The command completed successfully.
CMCTL:CMAN_indl040ad> startup
Starting Oracle Connection Manager instance CMAN_indl040ad. Please wait...
Enter CMAN Password:
CMAN for 32-bit Windows: Version 10.1.0.3.0 - Production
Status of the Instance
….
The command completed successfully.
CMCTL:CMAN_indl040ad> exit
Though it indicates that it is administering the proper instance, the reason why the startup hang as indicated above example is due to the fact that the case used for cman_instance in the administer command is different than in cman.ora. This indicates that cman.ora is case sensitive for the instance name.
This works if proper case is given for the command as illustrated below:
CMCTL> administer CMAN_indl040ad using jayu123
Current instance CMAN_indl040ad is not yet started
Connections refer to (address=(protocol=TCP)(host=indl040ad)(port=1560)).
The command completed successfully.
CMCTL:CMAN_indl040ad> startup
Starting Oracle Connection Manager instance CMAN_indl040ad. Please wait...
CMAN for 32-bit Windows: Version 10.1.0.3.0 - Production
Status of the Instance
…
The command completed successfully.
CMCTL:CMAN_indl040ad> shutdown
The command completed successfully.
CMCTL:CMAN_indl040ad> exit
This case sensitiveness behaviour is not shown in unix platform (linux tested).
No comments:
Post a Comment