oracle-databaseamazon-ec2oracle11gplsqldeveloperora-12170

ORA-12170 TNS listener in oracle 11g


I have setup a Windows Server 2008R2 with an oracle server 11g (11.2) and a small database (MYDB) in amazon EC2.

Now I want to connect from my computer to this database (I use PL/SQL developer but I don't mind using other tools)

In server side I have: (where ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com is the public DNS for my Win server.)
tnsnames.ora:

 MYDB =
   (DESCRIPTION =
     (ADDRESS = (PROTOCOL = TCP)(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
     (CONNECT_DATA =
      (SERVICE_NAME = MYDB)
     )
   )

listener.ora:

 # listener.ora Network Configuration File: C:\app\Administrator\product\11.2.0\dbhome_1\network\admin\listener.ora
 # Generated by Oracle configuration tools.

 LISTENER =
     (DESCRIPTION_LIST =
      (DESCRIPTION =
       (ADDRESS = (PROTOCOL = TCP)(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
       (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      )
    )

   ADR_BASE_LISTENER = C:\app\Administrator

At my pc at tnsnames.ora i have:

 MYDB=
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
    (CONNECT_DATA =
     (SERVICE_NAME = MYDB)
    )
  )

With these settings, I am able to connect locally at my server, but not through my computer.
I have setup up Security Groups at my EC2:

Inbound rules

Type                Protocol              Port Range     Source
RDP                 TCP                   3389           Anywhere 0.0.0.0/0
SSH                 TCP                   22             Anywhere 0.0.0.0/0
Custom ICMP Rule    Echo Reply            N/A            Anywhere 0.0.0.0/0

When I am trying to connect from my computer I get

ORA-12170:TNS:Connect timeout occurred.

Any ideas what I am doing wrong, or a troubleshooting plan?


Solution

  • Your security groups only allow RDP and SSH access, on ports 3389 and 22 (plus ICMP ping). When you attempt to connect to the database you're using port 1521, as your tnsnames.ora dictates:

    (HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
    

    So you need to add an inbound firewall rule to allow traffic on TCP port 1521 through to your EC2 instance, in addition to the existing ones for 3389 and 22. I have no idea if SQL*Net will be listed in the 'type' drop down, so you might need to select 'All TCP'.

    You might also want to make it more restrictive though - limiting the 'source' to your PC's IP address perhaps if this is private, or your company's outgoing Ip if not; if you have a static public IP from your ISP.