Page 1 of 1

Oracle Client: Access Denied / Client not found

PostPosted: Mon Jan 19, 2009 11:17 am
by admin
Users of the Oracle 9.2 client and later versions have reported getting an error message like

Oracle client and networking components were not found. These components are supplied by Oracle Corporation and are part of the Oracle Version 7.3.3 or later client software installation. Provider is unable to function until these components are installed.

or general permission denied errors when working with the client from Dynamic AI.

Some versions of Oracle client, install and grant permissions to Window's so called interactive accounts only. Interactive accounts are User Accounts that directly log on to the computer.
Dynamic AI usually runs as a machine account called IUSR_machinename. This account is not automatically granted permissions to execute the Oracle client software.

This means that the client would work when launched by a regular user -for instance by using ODBC / OLEDB to import Oracle data into Microsoft Access, but fail when accessed from Dynamic AI

Below is a solution, followed by a further explanation of the issue. It has to do with the machine account that runs the IIS webserver not having permissions to access the oracle client files. It is written specifically for Oracle 9.2 client, but applies to other versions as well


Solution Description
--------------------

Oracle 9.2 Client software requires that you give the Authenticated User
privilege to the Oracle Home by following these steps:

1. Log on to Windows as a user with Administrator privileges.

2. Launch Windows Explorer from the Start Menu and navigate to the
ORACLE_HOME folder. This is typically the "Ora92" folder under the
"Oracle" folder (i.e. D:\Oracle\Ora92).

3. Right-click on the ORACLE_HOME folder and choose the "Properties" option
from the drop down list. A "Properties" window should appear.

4. Click on the "Security" tab of the "Properties" window.

5. Click on "Authenticated Users" item in the "Name" list (on Windows XP
the "Name" list is called "Group or user names").

6. Uncheck the "Read and Execute" box in the "Permissions" list under the
"Allow" column (on Windows XP the "Permissions" list is called
"Permissions for Authenticated Users").

7. Re-check the "Read and Execute" box under the "Allow" column (this is
the box you just unchecked).

8. Click the "Advanced" button and in the "Permission Entries" list make
sure you see the "Authenticated Users" listed there with:

Permission = Read & Execute
Apply To = This folder, subfolders and files

If this is NOT the case, edit that line and make sure the "Apply onto"
drop-down box is set to "This folder, subfolders and files". This
should already be set properly but it is important that you verify this.

9. Click the "Ok" button until you close out all of the security properties
windows. The cursor may present the hour glass for a few seconds as it
applies the permissions you just changed to all subfolders and files.

10. Reboot your computer to assure that these changes have taken effect.


Re-execute the application and it should now work.



Problem Description
--------------------

When running an application using the Oracle9i Release 2 (9.2.0.1.0) install
of client software and that attempts to connect to an Oracle database with the
Authenticated User privilege (such as when you use Microsoft's Internet
Information Server (IIS)) through any of the following programmatic interfaces

1. Oracle Provider for OLE DB
2. Microsoft OLE DB Provider for Oracle
3. Oracle ODBC Driver
4. Microsoft ODBC for Oracle
5. Oracle Objects for OLE (OO4O)
6. Microsoft .NET Framework Data Provider for Oracle


you may receive one of the following errors:


(1) Oracle Provider for OLE DB

(a) Error Type: Microsoft OLE DB Service Components (0x80070005)

Access is denied.


(b) OraOLEDB.Oracle Provider is not registered on the local machine


(2) Microsoft OLE DB Provider for Oracle

(a) Error Type: Microsoft OLE DB Provider for Oracle (0x80004005)

Oracle client and networking components were not found. These
components are supplied by Oracle Corporation and are part of the
Oracle Version 7.3.3 or later client software installation. Provider
is unable to function until these components are installed.


(b) Error Type: Microsoft OLE DB Provider for Oracle (0x80004005)

Oracle error occurred, but error message could not be retrieved
from Oracle.


(3) Oracle ODBC Driver

(a) Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80004005)

Specified driver could not be loaded due to system error 5 (Oracle
in OraHome92).


(4) Microsoft ODBC for Oracle

(a) The Oracle(tm) client and networking components were not found.
These components are supplied by Oracle Corporation and are part
of the Oracle Version 7.3 (or greater) client software installation.

You will be unable to use this driver until these components have
been installed.


(b) Error number: -2147467259

Error Description: [Microsoft][ODBC Driver Manager] Driver's
SQLAllocHandle on SQL_HANDLE_ENV failed


(5) Oracle Objects for OLE

(a) while using a GLOBAL.ASA file

Error Type: Active Server Pages (0x0)

An error occurred while creating object 'OraSession'.


(b) not using a GLOBAL.ASA file

Error Type: Microsoft VBScript runtime (0x800A0046)

Permission denied: 'CreateObject'


(6) Microsoft .NET Framework Data Provider for Oracle

(a) System.DllNotFoundException: Unable to load DLL (oci.dll).
at System.Data.OracleClient.DBObjectPool.GetObject(Boolean&
isInTransaction)
at System.Data.OracleClient.OracleConnectionPoolManager.
GetPooledConnection(String encryptedConnectionString,
OracleConnectionString options, Boolean& isInTransaction)
at System.Data.OracleClient.OracleConnection.OpenInternal
(OracleConnectionString parsedConnectionString, Object transact)
at System.Data.OracleClient.OracleConnection.Open()
at WCWSItemAvailability.ETAAvailability.SingleAvailability(String
ItemNumber, String BusinessUnit, Int32 OrderQty, Int32&
AvailableQty, Int32& OnHandQty, String& ETADate, Int32& Error)
at WCWSItemAvailability.ETAAvailability.XMLAvailability(String
XMLInput)


(7) Other miscellaneous errors

(a) The Specified Module Could Not Be Found

(b) ORA-00604: error occurred at recursive SQL level 1
ORA-12705: invalid or unknown NLS parameter value specified

(c) Unable to load DLL (OraOps9.dll):
...
[DllNotFoundException: Unable to load DLL (OraOps9.dll).]

(d) System Error 998 trying to run ASP page




Explanation
-----------

If you install Oracle9i Release 2 (9.2.0.1.0) on a computer running Windows
with an NTFS partition, the contents of ORACLE_HOME directory will not be
visible to users who are authenticated on that machine. These permissions
were not set properly when the software was installed.

Applications that were working fine with previous versions of Oracle software
will stop working when they upgrade to Oracle 9.2.

NOTE: The application will continue to work if the user has logged onto the
machine as an Administrator.

Any application that is using the Authenticated User privilege will not work.
A notable example would be IIS which might service some of the requests based
on the Authenticated User privileges.

To demonstrate the problem in further detail, you can log on to the operating
system as an authenticated machine user. You won't be able browse the contents
of the ORACLE_HOME directory demonstrating your inability to load any Oracle DLLs
or make a connection.


Additional Information
----------------------

The above error messages may not only be encountered when using Oracle 9.2
client software but may also exists when running into general permissions
issues using third party products on a Windows platform.