Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

ORA-12546: TNS:permission denied after moving to new server

Created: 24 Aug 2014 • Updated: 26 Aug 2014 | 8 comments
This issue has been solved. See solution.

NetBackup 7.5.0.3 on Solaris 10

Have an existing Solaris Cluster with several servers, four Oracle DB.

All backups run fine, using rman scripts. Policy call basic script which checks the server name, then updates the policy variable so it selects the child policy with the storage for direct backups via fiber. Has worked fine for many years.

Added new server, so I updated the scripts to include possibility of more server names. After cluster failover to new server, of the four DB, three run fine, archive and DB, the fourth gives me the ORA-12546: TNS:permission denied error when run from NB, or as root from the server. When run as oracle by running the script, it works fine.

I checked the externaljob.ora files, they are the same for all 4 DB.

Let me know what you want to see, essentially, the parent scripts work fine, the child jobs fail.

14:14:40.898 [3059] <4> bphdb: INF - Processing /ORASCORE/opt/app/oracle/rman/ORASCORE_arch_edl.sh
14:14:40.899 [3059] <4> bphdb: INF - Waiting for the child status
14:14:40.901 [3060] <4> bphdb: INF - Child executing /ORASCORE/opt/app/oracle/rman/ORASCORE_arch_edl.sh
14:14:46.900 [3059] <16> bphdb: ERR - Script exited with status = 1 <the requested operation was partially successful>
14:14:46.900 [3059] <16> bphdb: ERR - bphdb exit status = 6: the backup failed to back up the requested files

14:14:46.900 [3059] <4> bphdb: INF - EXIT STATUS 6: the backup failed to back up the requested files

Operating Systems:

Comments 8 CommentsJump to latest comment

Yasuhisa Ishikawa's picture

Review your backup script to determine in which user account 'rman' command is kicked, and check if this user have sufficient privilege on that server. If you does not switch user by 'su' command in your script, root user is used.

this error is occured in Oracle, and it is mostly matter of Oracle so you should ask your DB admin for further assistance.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

Marianne's picture

I agree with Yasuhisa.

Check the backup script: search for the 'su - <oracle-user>' in the script and ensure that correct oracle user name is specified.

Extract from sample script:

# Replace ora81, below, with the Oracle DBA user id (account).
# ---------------------------------------------------------------------------

ORACLE_USER=ora81
........

if [ "$CUSER" = "root" ]
then
    su - $ORACLE_USER -c "$CMD_STR" >> $RMAN_LOG_FILE
else
    /usr/bin/sh -c "$CMD_STR" >> $RMAN_LOG_FILE

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

Michael G Andersen's picture

As the script works with the oracle user, I would check that the parent script contains a switch user to oracle before calling rman, something like su - oracle -c "rman script"

The rman message log might contain more information about the ORA-12546 error, the oracle alert log is also a place to look.

I would also create the dbclient log with 777 permission as this often gives clues too

Hope this helps

Genericus's picture

The scripts run as root, the su - oracle line is commented out.

When I stepped through the scripts, loading the environment variables, the working scripts allowed me to export my ORA_variables, and manually run the command "rman nocatalog"

The working one connects successfully from the RMAN> prompt

using "connect target rcat/rcat@ORACLE_SID"

The one that fails, responds

RMAN> connect target rcat/rcat@ORACLE_SID

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

ORA-12546: TNS:permission denied

RMAN> quit

thoughts?

NetBackup 7.5.0.3 on Solaris 10
EMC Data Domain 990 VTL via FC
acsls 8.3.0
SL8500 LTO5

Marianne's picture

 When run as oracle by running the script, it works fine.

 The scripts run as root, the su - oracle line is commented out.

Put back su - oracle in the script.

root in this environment  clearly does not have dba permissions.

This is perfectly normal - every single installation that I have ever been involved with needed the 'su - <oracle-user>'

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

Yasuhisa Ishikawa's picture

If backup script is identical on other hosts, and backup works fine with root user, some settings related to DB privilege for root is mot identical on this host. Please ask your DBA to check if provilege for root user is identical or not.  I suppose root user is member of dba group on other hosts but not on this new host.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

SOLUTION
Genericus's picture

The challenging part is that the root user is used on all four DB on this system, and three work. 

Essentially, how does a system wide root user work on 3 and not on the 4th?

What can be set on the DB to allow a user access? 

NetBackup 7.5.0.3 on Solaris 10
EMC Data Domain 990 VTL via FC
acsls 8.3.0
SL8500 LTO5

Genericus's picture

Issue was solved by adding root to the dba group on the server. This was not immediately seen, it also required NetBackup media server recycle. After netbackup restart, jobs ran fine.

Thanks for your help.

NetBackup 7.5.0.3 on Solaris 10
EMC Data Domain 990 VTL via FC
acsls 8.3.0
SL8500 LTO5