Resolving ORA-12506: TNS:listener rejected connection based on service ACL filtering
I encountered this error when I moved the ADB to a Private End Point and tried to connect to it on a Compute Instance which was on a VCN that had access to the ADB. Weird huh?
If its contactable and on a Private End Point then why is it being blocked? I found out that if I found the external IP of the compute instance…
curl ipconfig.io
… and then added it to public access …
… then it connected. But that is weird; also, this is not the solution; I don’t want public access when I should be able to access it locally.
The solution
The solution is, after moving a Private End Point, to
Re-download the wallet
Add an Associated Private View
Re-Downloaded Wallet
This was my previous wallet tnsnames.ora file
matt_low = (
description = (
retry_count = 20
retry_delay = 3
address = (
protocol = tcps
port = 1522
host = adb.eu-frankfurt-1.oraclecloud.com
)
connect_data = (
service_name = g4c_matt_low.adb.oraclecloud.com
)
security = (
ssl_server_dn_match = yes
)
)
)
and this is my new wallet (notice the new FQDN DB host)
matt_low = (
description = (
retry_count = 20
retry_delay = 3
address = (
protocol = tcps
port = 1522
host = abcedfghij.adb.eu-frankfurt-1.oraclecloud.com
)
connect_data = (
service_name = g4c_matt_low.adb.oraclecloud.com
)
security = (
ssl_server_dn_match = no
)
)
)
and this is my public one (which is a replica of the previous wallet tns)
matt_public_low = (
description = (
retry_count = 20
retry_delay = 3
address = (
protocol = tcps
port = 1522
host = adb.eu-frankfurt-1.oraclecloud.com
)
connect_data = (
service_name = g4c_matt_low.adb.oraclecloud.com
)
security = (
ssl_server_dn_match = yes
)
)
)
Whats happened in the new wallet is that:
My previous matt_low has been effectively relocated to matt_public_low and the DB is accessed through the public hostname adb.eu-frankfurt-1.oraclecloud.com
A new matt_low has appeared where the host is accessed on a FQDN of abcedfghij.adb.eu-frankfurt-1.oraclecloud.com
Associated Private View
To access this on a compute on another VCN, if the host was an IP address - it would have worked. However its a FQDN, therefore, I also had to create an Assoicated Private View.
To do this, click OCI > Instance > VCN > DNS Resolver > Associated private views > Manage Private Views > Choose a private view > VCN of the ADB > Save Changes
It should look like this:
You should now be able to connect to your ADB on Private End Point.
ENJOY!
What’s the picture? A puddle just here. Visit Yorkshire!