Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: windows2000 Oracle 817 behind firewall [solved]

Re: windows2000 Oracle 817 behind firewall [solved]

From: Svend Jensen <Svend_at_OracleCare.Com>
Date: Thu, 20 Jun 2002 20:25:55 +0200
Message-ID: <3D121E33.5010406@OracleCare.Com> 





Yurasis Dragon wrote:


> I had the same problem and had to do a couple of things ( hope I can remember them ).
> 
> 1) You need to make the registry entry USE_SHARED_SOCKET, set to TRUE, as you've noted.  Then
>     reboot as someone's already noted.
> 
> 2) Then you need to upgrade to patchset ... hmmm, I don't remember which one but you might
>     as well upgrade to the highest one available for your O/S.  This is important because if you don't
>     upgrade from 8.1.7.0, step 1) wont' do a thing for you.
> 
> You may want to have a look on Metalink for document 68652.1, Metalink is where I found out
> how to fix this problem.
> 
> 
> Slumped over a stained toilet, Svend Jensen <Svend_at_OracleCare.Com> spewed forth :
> 
> 




>>Senario: The IAS (client in this case) must connect to dedicated (not 

>>MTS) database hidden behind firewall(s).

>>The firewall(s) allows tcp connections on say port 80 (http), 443 

>>(https) and 1521 (sql*net/listener).

>>The initial connection is established, autorisation is granted and the 

>>connection is redirected to some random port (> 1000) ie. 1610, 2843

>>The firewall perhibits successfull redirection  and the client ses this 

>>as ora-3113 end of communication channel or the something alike.

>>

>>The cure (metalink) is to set USE_SHARED_SOCKET in system 

>>enviroment/registry. But this doesnt work, random port asignment is 

>>still in force. This is due to using socket 1.1 according to Support,

>>and we must use socket 2.0.

>>Windows resource kit says both socket 1.1 and 2.0 is installed and the 

>>named files are physical there, but apparently not used.

>>

>>A less nice solution is to use MTS and connection manager (cman), if it 

>>works(!?!), but I would rather stick with dedicated mode.

>>

>>Anybody cracked this nut(case)?

>>

>>Svend Jensen

>>



> 


To spare me the trouble and time to go to ouer ISP site, I relied on the 



listener.log file and used a inhouse connection for testing (no firewall). 



The logfiles states new connection beeing made are rediredted to different



ports, ie not to created on port 1521.


The listener.log had me and Oracle support for good at least a week. The
listener is logging untruthful. Having set full trace (level 16) on 
client and listener, the client trace reveals that the connection is in 
fact not redirected, saying resolved connection to 1521.
The fakt seems to be that the listener isn't 'seeing' the 
USE_SHARED_SOCKET, *but* the new thread (shadow process) created by 
oracle.exe *is*. Hence the redirection 'hint' from the listener is 
ignored or something alike.


I wonder if the listener.log isn't to be trusted; is the trace file.
Tomorrow I know. I go to ouer ISP site and check it out.
Tkanks for your time and effort.



rgds


/Svend Jensen
Received on Thu Jun 20 2002 - 13:25:55 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US