|Oracle® Database Platform Guide
11g Release 2 (11.2) for Microsoft Windows
|PDF · Mobi · ePub|
This appendix describes Oracle Net Services configuration for Windows. For more generic information on Oracle Net Services configuration, see Oracle Database Net Services Administrator's Guide.
This appendix contains these topics:
Oracle Database for Windows installations that use Automatic Storage Management (ASM) must use Windows native authentication, which is enabled by default. To ensure that it is, check that the
sqlnet.ora file, by default located in
\network\admin, has NTS enabled. For example:
See Also:"Windows Authentication Protocols"
The registry contains entries for Oracle Net Services parameters and subkeys. To successfully add or modify Oracle Net Services configuration parameters, you must understand where they are located and the rules that apply to them.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services contains subkeys that correspond to services. Depending on what is installed, your Oracle Net Services consist of all or a subset of the following:
Each service subkey contains the parameters shown in Table C-1.
Specifies service name.
Specifies fully qualified path name of the executable started by service and any command line arguments passed to executable at run time.
Specifies logon user account and computer to which service should log on.
In Oracle Database 10g Release 1 (10.1) or later, the listener is set to start automatically at system restart. If you intend to use only the listener for all of your databases, ensure that only the Windows service for the listener, as listed in the Control Panel, is set to start automatically.
Oracle usually recommends that you only have a single net listener service on a Windows computer at any one time. This single listener can support multiple databases. If you must have two different net listener services on a Windows computer at the same time, ensure that they are configured to listen on different TCP/IP port numbers.
If the same IP address and port are used for different listeners, you might expect that the second and subsequent listeners would fail to bind. Instead, Windows allows them all to listen on the same IP address and port, resulting in unexpected behavior of the listeners. This is a suspected Windows operating system problem with TCP/IP and has been reported to Microsoft.
You can use the following parameters on Windows:
Oracle Net Service first checks for the parameters as environment variables, and uses the values defined. If environment variables are not defined, it searches for these parameters in the registry.
You can use parameter
LOCAL to connect to Oracle Database without specifying a connect identifier in the connect string. The value of parameter
LOCAL is any connect identifier, such as a net service name. For example, if parameter
LOCAL is specified as
finance, you can connect to a database from SQL*Plus with:
SQL> CONNECT SCOTT Enter password: password
SQL> CONNECT SCOTT@finance Enter password: password
Oracle Net checks if
LOCAL is defined as an environment variable or as a parameter in the registry, and uses
finance as the service name. If it exists, Oracle Net connects.
You can add parameter
TNS_ADMIN to change the directory path of Oracle Net Services configuration files from the default location of
\network\admin. For example, if you set
\test\admin, the configuration files are used from
The use of shared sockets is enabled by default, that is the default value of
true. In this case, the network listener passes the socket descriptor for client connections to the database thread. As a result, the client does not establish a new connection to the database thread and the database connection time improves. All database connections also share the port number used by the network listener, which can be useful if you are setting third-party proxy servers.
This parameter only works in dedicated server mode in a TCP/IP environment. To reserve a dedicated server for an instance of Oracle Database not associated with the same Oracle home as the listener and with shared socket enabled, you must set
USE_SHARED_SOCKET parameter for both the Oracle homes.
Note:Do not set this parameter explicitly in your registry unless instructed by Oracle Support. Setting
falsedisables the use of shared sockets.
The following sections describe advanced configuration procedures specifically for Oracle Net Services on Windows operating systems:
Oracle Net Services provides authentication methods for Windows operating systems using Windows Native Authentication.
The network listener service may be unable to open the Named Pipe created by Oracle Names unless service
TNSListener has a valid user ID and password associated with it.
See Also:Your operating system documentation for instructions on setting up network listener permissions
This section supplements generic information provided in Oracle Database Net Services Administrator's Guide to configure a listener on Windows operating systems to exclusively handle external procedures. For a higher level of security, you are instructed to start the listener for external procedures from a user account with lower privileges than the
oracle user. For Windows operating systems, this requires that you change the user account from LocalSystem to a local, unprivileged user for the
Note:The following instructions assume that you have performed steps 1 through 5 in the section "Modifying Configuration of External Procedures for Higher Security" in Oracle Database Net Services Administrator's Guide.
To change the listener account:
Create a new user account and grant it Log on as a Service privilege.
Note:Ensure that this user account does not have general access to files owned by
oracle. Specifically, this user should not have permission to read or write to database files or to the Oracle Database server address space. In addition, this user should have read access to the
listener.orafile, but must not have write access to it.
See Also:Your operating system documentation for instructions on accessing the Services dialog and stopping services
extproc_listener_nameservice does not exist, issue the following command from the command prompt:
lsnrctl start extproc_listener_name
This creates the
extproc_listener_name service. When you return to the list of services, stop this service before proceeding to the next step of this procedure.
extproc_listener_name service in the Services dialog and then display the properties of the service.
Select This Account and enter the user name and password.
Start the listener by clicking Start. You must start the listener in this way because you cannot use the Listener Control utility to start the listener as an unprivileged local user.
Note:You can also use
NET START OracleHOME_NAMETNSListener
extproc_listener_nameto start the listener from the command prompt. the listener with lower privileges prevents you from using Listener Control utility
SETcommands to alter the configuration of this listener in file
listener.ora. You can perform other administrative tasks on this listener with the Listener Control utility, including stopping the listener. Oracle recommends that you complete
listener.orafile configuration before the listener.