Resolving ORA-12506: TNS:listener rejected connection based on service ACL filtering

Resolving ORA-12506: TNS:listener rejected connection based on service ACL filtering

I encountered this error when I moved the ADB to a Private End Point and tried to connect to it on a Compute Instance which was on a VCN that had access to the ADB. Weird huh?

If its contactable and on a Private End Point then why is it being blocked? I found out that if I found the external IP of the compute instance…

curl ipconfig.io

… and then added it to public access …

… then it connected. But that is weird; also, this is not the solution; I don’t want public access when I should be able to access it locally.

The solution

The solution is, after moving a Private End Point, to

  1. Re-download the wallet

  2. Add an Associated Private View

Re-Downloaded Wallet

This was my previous wallet tnsnames.ora file

matt_low = (
    description = (
        retry_count = 20
        retry_delay = 3
        address = (
            protocol = tcps
            port = 1522
            host = adb.eu-frankfurt-1.oraclecloud.com
        )
        connect_data = (
            service_name = g4c_matt_low.adb.oraclecloud.com
        )
        security = (
            ssl_server_dn_match = yes
        )
    )
)

and this is my new wallet (notice the new FQDN DB host)

matt_low = (
    description = (
        retry_count = 20
        retry_delay = 3
        address = (
            protocol = tcps
            port = 1522
            host = abcedfghij.adb.eu-frankfurt-1.oraclecloud.com
        )
        connect_data = (
            service_name = g4c_matt_low.adb.oraclecloud.com
        )
        security = (
            ssl_server_dn_match = no
        )
    )
)

and this is my public one (which is a replica of the previous wallet tns)

matt_public_low = (
    description = (
        retry_count = 20
        retry_delay = 3
        address = (
            protocol = tcps
            port = 1522
            host = adb.eu-frankfurt-1.oraclecloud.com
        )
        connect_data = (
            service_name = g4c_matt_low.adb.oraclecloud.com
        )
        security = (
            ssl_server_dn_match = yes
        )
    )
)

Whats happened in the new wallet is that:

Associated Private View

To access this on a compute on another VCN, if the host was an IP address - it would have worked. However its a FQDN, therefore, I also had to create an Assoicated Private View.

To do this, click OCI > Instance > VCN > DNS Resolver > Associated private views > Manage Private Views > Choose a private view > VCN of the ADB > Save Changes

It should look like this:

You should now be able to connect to your ADB on Private End Point.

ENJOY!

What’s the picture? A puddle just here. Visit Yorkshire!