I am trying to formulate a connection to a PGSQL server that requires both a client certificate and key to operate.
First, I can verify connections to the Postgres database using SQLGate work. Provide host, User, password, port, database and mark Use SSL, then under SSL provide the Certificate and Key. The connection does not operate without either of those items. Using NPGSQL, I provide all but the key as for some reason NpgsqlConnectionStringBuilder does not contain a definition for some sort of client key.
var connectionString = new NpgsqlConnectionStringBuilder();
connectionString.Host = rInfo.Host;
int portNumber = 5432;
int.TryParse(rInfo.Port, out portNumber);
connectionString.Port = portNumber;
connectionString.Database = rInfo.dbName;
connectionString.Username = rInfo.Username;
connectionString.Password = rInfo.Password;
connectionString.SslMode = SslMode.Prefer;
connectionString.TrustServerCertificate = true;
connectionString.ClientCertificate = rInfo.CertFilePath;
//Poke the database, see if we can get in.
try
{
NpgsqlConnection npgsqlConnection = new NpgsqlConnection(connectionString.ToString());
npgsqlConnection.ProvideClientCertificatesCallback += provideCertificates;
npgsqlConnection.UserCertificateValidationCallback += validateCertificates;
npgsqlConnection.Open();
npgsqlConnection.Close();
return connectionString.ToString();
}
The exception is:
Error 28000 : connection requires a valid client certificate
Which is to be expected since I'm not providing the key anywhere. I have tried forcing the key to be added to the connection string via guessing:
connectionString.Add(new KeyValuePair<string, object?>("Client Key", rInfo.KeyFilePath));
But that's unrecognized. Libpq's PG Connect documentation labels it as sslkey, but that comes back as unrecognized as well. My best guess is using ProvideClientCertificatesCallback callback to provide the certificate, but I don't know how to have it pair with a key since it's just asking for an X509CertificateCollection.
The previous tool we were using was provided by Devart, but we have lost the license. We also will be connecting to a range of databases (with the same schema) instead of just one.
What are my options?
I am trying to add a role to a Postgresql database after creating it in RDS via Terraform.
I have two separate modules, one creating the RDS instance, one adding the new role to it. The database address is an output of the persistence module and an input of the persistenceApplicationRole module. The problem seems to be that the Postgresql provider is ran before the RDS instance is created, so the address is empty.
The error I am getting is:
Error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: dial tcp :5432: connect: connection refused
on ../modules/persistenceApplicationRole/main.tf line 9, in provider "postgresql":
9: provider postgresql {
Running the modules separately via the -target=module.persistence flag works, since persistenceApplicationRole picks up the database address once it is created.
I have found an example with this exact scenario for the MySQL Provider in their documentation here.
# module.persistenceApplicationRole
provider postgresql {
host = var.databaseAddress
username = data.external.root_credentials.result["username"]
password = data.external.root_credentials.result["password"]
superuser = false
}
resource "postgresql_role" "application_role" {
name = data.external.application_credentials.result["username"]
password = data.external.application_credentials.result["password"]
login = true
encrypted_password = true
skip_reassign_owned = true
skip_drop_role = true
}
The 1.4.0 release of the Postgresql provider added expected_version which you can use to avoid the feature detection at plan time that attempts to connect to the database. This was introduced in the 0.1.1 release a while back and broke people being able to create the underlying instance and configure the database at the same time.
To use the expected_version you would do something like this:
provider postgresql {
host = var.databaseAddress
username = data.external.root_credentials.result["username"]
password = data.external.root_credentials.result["password"]
superuser = false
expected_version = "10.1"
}
The more common use case would be creating an RDS instance or something else and interpolating that across:
resource "aws_db_instance" "database" {
# ...
}
provider "postgresql" {
version = ">=1.4.0"
host = aws_db_instance.database.address
port = aws_db_instance.database.port
username = aws_db_instance.database.user
password = aws_db_instance.database.password
sslmode = "require"
connect_timeout = 15
superuser = false
expected_version = aws_db_instance.database.engine_version
}
I would like to create a database with entity Framework core that would be automatically added to my azure elactic pool.
I do that with a DatabaseFacadeExtension that execute SQL command after the db creation like suggested here:
Azure SQL Server Elastic Pool - automatically add database to pool
public static async Task<bool> EnsureCreatedAsync(this DatabaseFacade databaseFacade, string elasticPoolName, CancellationToken cancellationToken = default)
{
if (!await databaseFacade.EnsureCreatedAsync(cancellationToken)) return false;
// the database has been created.
var dbName = databaseFacade.GetDbConnection().Database;
try
{
cancellationToken.ThrowIfCancellationRequested();
if (!string.IsNullOrEmpty(elasticPoolName))
{
await databaseFacade.ExecuteSqlCommandAsync(new RawSqlString(
$"ALTER DATABASE {dbName} MODIFY ( SERVICE_OBJECTIVE = ELASTIC_POOL (name = [{elasticPoolName}] ));"),
cancellationToken);
}
return true;
}
catch
{
await databaseFacade.EnsureDeletedAsync(cancellationToken);
throw;
}
}
It's works but I will prefer an atomic operation where the database would be created directly in the Azure Elastic Pool.
I had a very similar issue. Fortunately, I took cues from the previous answer and I improvised on it to arrive at a solution.
I had a common database to manage the application and whenever a new client onboards, I need to create a new database. So, I had to maintain multiple database contexts in my .NET core application. Also, I had migrations for the clientContext ready in my codebase, which just needed
client_db.Database.MigrateAsync();
to create the database. But, I couldn't create it directly under elastic pool as Azure doesn't have any default settings which support that. So, MigrateAsync always created the database outside the pool.
So, I created the database within the pool using T-SQL command from my common database context, followed by MigrateAsync() to migrate all the required schema.
var commandText = "CREATE DATABASE client1 ( SERVICE_OBJECTIVE = ELASTIC_POOL ( name = demoPool ) );";
db.Database.ExecuteSqlCommand(commandText);
clientContext client_db = new clientContext(approved_corporate.Id, _configuration);
client_db.Database.MigrateAsync();
Also I had a custom Constructor in my clientContext to support this:
public clientContext(int client_id, IConfiguration configuration = null)
{
string client_code = "client" + client_id.ToString();
connection_string = configuration["ConnectionStrings:Client"].ToString().Replace("client_code", client_code);
}
Azure Elastic Pool supports you creates a new database in an existing pool or as a single database. You must be connected to the master database to create a new database.
For more details, please see: Transact-SQL: Manage pooled databases.
Example T-SQL Code:
Creating a Database in an Elastic Pool:
CREATE DATABASE db1 ( SERVICE_OBJECTIVE = ELASTIC_POOL ( name = S3M100 ) ) ;
Please see: Azure SQL Database single database/elastic pool
You can replace the T-SQL statement and try again.
Hope this helps
We have an application running locally where we're experiencing the following error:
ORA-12514: TNS:listener does not currently know of service requested
in connect descriptor
I've tested the connection using TNSPing which resolved correctly and
I tried SQLPlus to try connecting, which failed with the same error as above. I used this syntax for SQLPlus:
sqlplus username/password#addressname[or host name]
We have verified that:
the TNS Listener on the server is running.
Oracle itself on the server is running.
We don't know of any changes that were made to this environment.
Anything else we can test?
I had this issue and the fix was to make sure in tnsnames.ora the SERVICE_NAME is a valid service name in your database. To find out valid service names, you can use the following query in oracle:
select value from v$parameter where name='service_names'
Once I updated tnsnames.ora to:
TEST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = *<validhost>*)(PORT = *<validport>*))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = *<servicenamefromDB>*)
)
)
then I ran:
sqlplus user#TEST
Success!
The listener is basically telling you that whatever service_name you are using isn't a valid service according to the DB.
(*I was running sqlplus from Win7 client workstation to remote DB and blame the DBAs ;) *)
I know this is an old question, but still unanswered. It took me a day of research, but I found the simplest solution, at least in my case (Oracle 11.2 on Windows 2008 R2) and wanted to share.
The error, if looked at directly, indicates that the listener does not recognize the service name. But where does it keep service names? In %ORACLE_HOME%\NETWORK\ADMIN\listener.ora
The "SID_LIST" is just that, a list of SIDs and service names paired up in a format you can copy or lookup.
I added the problem Service Name, then in Windows "Services" control panel, I did a "Restart" on the Oracle listener service. Now all is well.
For example, your listener.ora file might initially look like:
# listener.ora Network Configuration File: C:\app\oracle_user\product\12.1.0\dbhome_1\network\admin\listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\app\oracle_user\product\12.1.0\dbhome_1)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\app\oracle_user\product\12.1.0\dbhome_1\bin\oraclr12.dll")
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
... And to make it recognize a service name of orcl, you might change it to:
# listener.ora Network Configuration File: C:\app\oracle_user\product\12.1.0\dbhome_1\network\admin\listener.ora
# Generated by Oracle configuration tools.
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\app\oracle_user\product\12.1.0\dbhome_1)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\app\oracle_user\product\12.1.0\dbhome_1\bin\oraclr12.dll")
)
(SID_DESC =
(GLOBAL_DBNAME = orcl)
(ORACLE_HOME = C:\app\oracle_user\product\12.1.0\dbhome_1)
(SID_NAME = orcl)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
In my circumstances the error was due to the fact the listener did not have the db's service registered. I solved this by registering the services. Example:
My descriptor in tnsnames.ora:
LOCALDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = LOCALDB)
)
)
So, I proceed to register the service in the listener.ora manually:
SID_LIST_LISTENER =
(SID_DESC =
(GLOBAL_DBNAME = LOCALDB)
(ORACLE_HOME = C:\Oracle\product\11.2.0\dbhome_1)
(SID_NAME = LOCALDB)
)
Finally, restart the listener by command:
> lsnrctl stop
> lsnrctl start
Done!
I had this issue at Windows server 2008 R2 and Oracle 11g
go to Net Manager > Listener > select database services form the combox > "Global Database Name" must be same as "SID" and "Oracle Home Directory" must be correct.
If you don't have any entry for database services, create one and set correct global database , sid and oracle home.
This really should be a comment to [Brad Rippe][1]'s answer, but alas, not enough rep. That answer got me 90% of the way there. In my case, the installation and configuration of the databases put entries in the tnsnames.ora file for the databases I was running. First, I was able to connect to the database by setting the environment variables (Windows):
set ORACLE_SID=mydatabase
set ORACLE_HOME=C:\Oracle\product\11.2.0\dbhome_1
and then connecting using
sqlplus / as sysdba
Next, running the command from Brad Rippe's answer:
select value from v$parameter where name='service_names';
showed that the names didn't match exactly. The entries as created using Oracle's Database Configuration Assistant were originally:
MYDATABASE =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = mylaptop.mydomain.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = mydatabase.mydomain.com)
)
)
The service name from the query was just mydatabase rather than mydatabase.mydomain.com. I edited the tnsnames.ora file to just the base name without the domain portion so they looked like this:
MYDATABASE =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = mylaptop.mydomain.com)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = mydatabase)
)
)
I restarted the TNS Listener service (I often use lsnrctl stop and lsnrctl start from an administrator command window [or Windows Powershell] instead of the Services control panel, but both work.) After that, I was able to connect.
[1]: https://stackoverflow.com/users/979521/brad-rippe
Starting the OracleServiceXXX from the services.msc worked for me in Windows.
For thoses Who are using spring-boot and jdbc for connection.
You have to be careful while writing jdbcUrl in application.properties
With SID in Database connection -
source.datasource.jdbcUrl = jdbc:oracle:thin:#[HOST][:PORT]:SID
With Service name in db connection
globe.datasource.jdbcUrl = jdbc:oracle:thin:#//[HOST][:PORT]/SERVICE
This worked for me :)
For Dbeaver users: try selecting "SID" instead of "Service name" in connection settings.
I had the same problem. For me, just writing
sqlplus myusername/mypassword#localhost
did the trick, doing so makes it connect to the default service name, I guess.
This error can occur when an application makes a new connection for every database interaction or the connections are not closed properly. One of the free tools to monitor and confirm this is Oracle Sql developer (although this is not the only tool you can use to monitor DB sessions).
you can download the tool from oracle site Sql Developer
here is a screenshot of how to monitor you sessions. (if you see many sessions piling up for your application user during when you see the ORA-12514 error then it's a good indication that you may have connection pool problem).
Check to see the database is up. Log onto the server, set the ORACLE_SID environment variable to your database SID, and run SQL*Plus as a local connection.
I resolved this issue in my linux enviroment updating the IP of my machine in /etc/hosts file.
You can verify your network IP (inet end.) with:
$ifconfig
See if your IP matches with /etc/hosts file:
$cat /etc/hosts
Edit your /etc/hosts file, if nedded:
$sudo gedit /etc/hosts
Bye.
what worked for me was really simple, I just needed to initiate the service manually in the "Windows Services" (services.msc in cmd trompt).
my service name is: OracleServiceXXXXX.
I had also faced the same problem and spent 3 days to dig it out.
This happens because of your wrong TNS service entry.
First check whether you are able to connect to standby database from primary database using sql > sqlplus sys#orastand as sysdba (orastand is a standby database).
If you are not able to connect then it is a problem with the service. Correct the entry of service name in TNS file at primary end.
Check standby database the same way. Make the changes here too if required.
Make sure the log_archive_dest_2 parameter has the correct service name.
For those that may be running Oracle in a VM (like me) I saw this issue because my VM was running out of memory, which seems to have prevented OracleDB from starting up/running correctly. Increasing my VM memory and restarting fixed the issue.
Lots of answers here, but here comes a working example with code that you can copy and paste and test immediately:
For me the error 12514 was solved after specifying the correct SERVICE_NAME.
You find that on the server in the file tnsnames.ora which comes with 3 predefined service names (one of them is "XE").
I installed the Oracle Express database OracleXE112 which already comes with some preinstalled demo tables.
When you start the installer you are asked for a password. I entered "xxx" as password. (not used in production)
My server runs on the machine 192.168.1.158
On the server you must explicitely allow access for the process TNSLSNR.exe in the Windows Firewall. This process listens on port 1521.
OPTION A: For C# (.NET2 or .NET4) you can download ODAC11, from which you have to add Oracle.DataAccess.dll to your project. Additionally this DLL depends on: OraOps11w.dll, oci.dll, oraociei11.dll (130MB!), msvcr80.dll.
These DLLs must be in the same directory as the EXE or you must specify the DLL path in: HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\ODP.NET\4.112.4.0\DllPath. On 64 bit machines write additionally to HKLM\SOFTWARE\Wow6432Node\Oracle\...
OPTION B: If you have downloaded ODAC12 you need Oracle.DataAccess.dll, OraOps12w.dll, oci.dll, oraociei12.dll (160MB!), oraons.dll, msvcr100.dll. The Registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\ODP.NET\4.121.2.0\DllPath
OPTION C: If you don't want huge DLL's of more than 100 MB you should download ODP.NET_Managed12.x.x.x.xxxxx.zip in which you find Oracle.ManagedDataAccess.dll which is only 4 MB and is a pure managed DLL which works in 32 bit and 64 bit processes as well and depends on no other DLL and does not require any registry entries.
The following C# code works for me without any configuration on the server side (just the default installation):
using Oracle.DataAccess.Client;
or
using Oracle.ManagedDataAccess.Client;
....
string oradb = "Data Source=(DESCRIPTION="
+ "(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.158)(PORT=1521)))"
+ "(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=XE)));"
+ "User Id=SYSTEM;Password=xxx;";
using (OracleConnection conn = new OracleConnection(oradb))
{
conn.Open();
using (OracleCommand cmd = new OracleCommand())
{
cmd.Connection = conn;
cmd.CommandText = "select TABLESPACE_NAME from DBA_DATA_FILES";
using (OracleDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
listBox.Items.Add(dr["TABLESPACE_NAME"]);
}
}
}
}
If the SERVICE_NAME=XE is wrong you get error 12514. The SERVICE_NAME is optional. You can also leave it away.
In my case the database had ran out of disk space. Which caused it to not respond. Once I cleared up that issue everything worked again.
I got the same error because the remote SID specified was wrong:
> sqlplus $DATASOURCE_USERNAME/$DATASOURCE_PASSWORD#$DB_SERVER_URL/$REMOTE_SID
I queried the system database:
select * from global_name;
and found my remote SID ("XE").
Then I could connect without any problem.
In my case, round brackets around the SERVICE_NAME was missing in the tnsnames.ora file.
<DBNAME> =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL=TCP)(HOST = nupark-cnvr-ora )(PORT=1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <DBNAME> ***CLOSING ROUND BRACKET WAS MISSING HERE***
)
)
LISTENER_<DBNAME> =
(ADDRESS = (PROTOCOL = TCP)(HOST = nupark-cnvr-ora)(PORT = 1521))
I had just to replace my connection string
from:
jdbc:oracle:thin:#localhost:1521:xe
To:
jdbc:oracle:thin:#localhost:1521:orcl
For me this was caused by using a dynamic ipadress using installation. I reinstalled Oracle using a static ipadress and then everything was fine
Restarting the VM worked for me
My issue was resolved by replacing the'SID' in URL with 'service name' and correct host.
tnslsnr is up but database is down.
For oracle novice it is not obvious that database may be down while connections are accepted.
I had to start up database manually like that
su - oracle
export ORACLE_SID=XE
sqlplus sys as sysdba
And then in sql console
startup
In my case i failed to startup but got another error message and found the source of a problem - i had to change host name and then database auto startup was functional again.
I have implemented below workaround to resolve this issue.
I have set the ORACLE_HOME using command prompt
(right click cmd.exe and Run as System administrator).
Used below command
set oracle_home="path to the oracle home"
Go to All programs --> Oracle -ora home1 --> Configuration migration tools --> Net Manager --> Listener
Select Database Services from dropdown.
Both Global database name and SID are set to the same (ORCL in my case).
Set Oracle Home Directory.
Oracle Net Manager window example from oracle documentation:
Click on File and save network configuration.
The problem was that my connection string url contained database name instead of SID.
Replacing database name with oracle database connection SID solved this problem.
To know your oracle SID's you can browse tnsnames.ora file.
XE was the actual SID, so this is how my tomcat connection string looks like now:
<Resource
name="jdbc/my_db_conn"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:#//127.0.0.1:1521/XE"
username="test_user"
password="test" />
My server version was "Oracle 11.2 Express", but solution should work on other versions too.
I had a case that I used DBMS where I had to fulfill a db connection form.
I put SID into the Database field and in the dropdown, next to the field, I had had 'Service Name' value instead of 'SID' value.
(normally I don't use Oracle database so I've not been aware of the difference)
That was the reason I got the error message.
The problem can be in the incorrect URL.
For example, I'm using Oracle database (inside VM) with Spring framework and having this issue.
I had in my application.properties file:
spring.datasource.url=jdbc:oracle:thin:#//localhost:1521/orcl12c
But the db version was defferent:
spring.datasource.url=jdbc:oracle:thin:#//localhost:1521/orclcdb
The correct URL can be found in the tnsnames.ora file (this file would be available where the Oracle server, so if you using VM, you should look for this file inside your host VM).
For example for Oracle in the VirtualBox the command to see this file is:
nano /u01/app/oracle/product/version/db_1/network/admin/tnsnames.ora
In my case for Linux environment, the oracle file at ORACLE_HOME/bin was highlighted in "Red" color with different permissions as below:
I changed the permissions of this file as below:
1) Stop Oracle -> sudo systemctl stop oracle.service
2) Change the permission of oracle file at ORACLE_HOME/bin directory as "sudo chmod 777 oracle"
3) Start Oracle -> sudo systemctl start oracle.service
Then after this change, I checked the status of listener using lsnrctl status.Here, I can see the db instances loaded successfully.
However, I can connect using sqldeveloper only, with sqlplus command line I'm getting ORA-12547: TNS Lost Contact error. So, this can a quick workaround to use sqldeveloper.
Note: Take a backup of oracle file before changing the permissions.