NJS-521: connection to host *************** port **** received end-of-file on communication channel

[AlejandroPuenteCoreApps]

1. What versions are you using? oracledb = 6.0.0

platform = darwin version = v18.16.0 arch = x64

versionString = not supported by node-oracledb in Thin mode oracleClientVersionString =not supported by node-oracledb in Thin mode

2. Is it an error or a hang or a crash?

Error

3. What error(s) or behavior you are seeing?

An error occurred when attempting to test with connector 6.0.0 in Thin Mode. The database is an "Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production Version 21.6.0.0.0" located in OIC. Currently, I can make the connection from SQL Server, but when I try to run the example from Node, I get the error. We also have this same issue on Windows.

Node.js v18.16.0

4. Include a runnable Node.js script that shows the problem.

input:

const oracledb = require('oracledb');

oracledb.outFormat = oracledb.OUT_FORMAT_OBJECT;

async function run() {

    const connection = await oracledb.getConnection ({
        user          : process.env.USER,
        password      : process.env.PASSWORD,
        connectString : `(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=${process.env.HOST})(PORT=${process.env.PORT}))(CONNECT_DATA=(SERVICE_NAME=${process.env.SERVICE_NAME})))`
    });

    const result = await connection.execute(
        `select id from oap_auth_logins`,
    );

    console.log(result.rows);
    await connection.close();
}

run();

output: ` /Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/sqlnet/ntTcp.js:305 newErr = errors.getErr(errors.ERR_CONNECTION_CLOSED); ^

Error: NJS-500: connection to the Oracle Database was broken NJS-521: connection to host *** port **** received end-of-file on communication channel. (CONNECTION_ID=98YYWqtdz7YdDy/HEyMNJQ==) at NTTCP.checkErr (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/sqlnet/ntTcp.js:305:23) at NTTCP.receive (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/sqlnet/ntTcp.js:446:12) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async NetworkSession._recvPacket (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/sqlnet/networkSession.js:376:22) at async NetworkSession.recvPacket (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/sqlnet/networkSession.js:441:12) at async ReadPacket.waitForPackets (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/protocol/packet.js:288:20) at async Protocol._decodeMessage (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/protocol/protocol.js:70:5) at async Protocol._processMessage (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/protocol/protocol.js:148:9) at async ThinConnectionImpl.connect (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/thin/connection.js:533:7) at async Object.getConnection (/Users/alejandropuente/Proyectos/CoreApps/Cochez/node-oracledb/node_modules/oracledb/lib/oracledb.js:628:3) { code: 'NJS-500' } `

[anthony-tuininga]

I strongly suspect this is due to the fact that you have NNE (native network encryption) configured on your database. The database is closing the connection immediately after negotiation with the listener. You can confirm this by looking at the sqlnet.ora file on the server and confirming that those configuration parameters are present. You are not the first to run into this issue! See #1557 for details.

[AlejandroPuenteCoreApps]

I strongly suspect this is due to the fact that you have NNE (native network encryption) configured on your database. The database is closing the connection immediately after negotiation with the listener. You can confirm this by looking at the sqlnet.ora file on the server and confirming that those configuration parameters are present. You are not the first to run into this issue! See #1557 for details.

Thank you, Anthony Tuininga. I will carry out the test using the Thick Mode connection.

[anthony-tuininga]

Sounds good. If you can confirm that you are using NNE you can close this issue. Thanks!

[AlejandroPuenteCoreApps]

Sounds good. If you can confirm that you are using NNE you can close this issue. Thanks!

According to the preliminary response from the database administrators, NNE is activated by default. However, they will check with the security team to see if they can share the file with me.

[anthony-tuininga]

If they don't want to share the file with you, you can share the contents that indicate that NNE is mandated. It looks like this:

SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.CRYPTO_CHECKSUM_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256,AES192,AES128)
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA1)
SQLNET.ENCRYPTION_CLIENT=REQUIRED
SQLNET.CRYPTO_CHECKSUM_CLIENT=REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256,AES192,AES128)
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(SHA1)

[cjbj]

Login via SQL*Plus and query the NETWORK_SERVICE_BANNER column of the database view V$SESSION_CONNECT_INFO. (This is in our doc). The following shows an example with NNE enabled:

SQL> select NETWORK_SERVICE_BANNER from V$SESSION_CONNECT_INFO;

NETWORK_SERVICE_BANNER                                                                  
________________________________________________________________________________________
TCP/IP NT Protocol Adapter for Linux: Version 19.0.0.0.0 - Production                   
Encryption service for Linux: Version 19.0.1.0.0 - Production                           
AES256 Encryption service adapter for Linux: Version 19.0.1.0.0 - Production            
Crypto-checksumming service for Linux: Version 19.0.1.0.0 - Production                  
SHA256 Crypto-checksumming service adapter for Linux: Version 19.0.1.0.0 - Production   

The choices you have are either to disable NNE (and enable TLS instead if you want encryption), or use Thick mode with Oracle Client libraries.

[AlejandroPuenteCoreApps]

elect NETWORK_SERVICE_BANNER from V$SESSION_CONNECT_INFO

This is what I get when running the query.

TCP/IP NT Protocol Adapter for Linux: Version 21.0.0.0.0 - Production
Encryption service for Linux: Version 21.0.1.0.0 - Production
AES256 Encryption service adapter for Linux: Version 21.0.1.0.0 - Production
Crypto-checksumming service for Linux: Version 21.0.1.0.0 - Production
SHA1 Crypto-checksumming service adapter for Linux: Version 21.0.1.0.0 - Production
Oracle Bequeath NT Protocol Adapter for Linux: Version 21.0.0.0.0 - Production
Authentication service for Linux: Version 21.0.1.0.0 - Production

[anthony-tuininga]

That confirms that the server is using NNE, so thin will not suport it. We are looking into getting a better error message, though! So your options are to use thick mode or disable NNE on the server. Thanks for confirming. I'll close this now.

[marcusmigueell]

Faça login via SQL*Plus e consulte a coluna NETWORK_SERVICE_BANNER da exibição do banco de dados V$SESSION_CONNECT_INFO . (Isto está em nosso documento ). Veja a seguir um exemplo com NNE ativado:

SQL> select NETWORK_SERVICE_BANNER from V$SESSION_CONNECT_INFO;

NETWORK_SERVICE_BANNER                                                                  
________________________________________________________________________________________
TCP/IP NT Protocol Adapter for Linux: Version 19.0.0.0.0 - Production                   
Encryption service for Linux: Version 19.0.1.0.0 - Production                           
AES256 Encryption service adapter for Linux: Version 19.0.1.0.0 - Production            
Crypto-checksumming service for Linux: Version 19.0.1.0.0 - Production                  
SHA256 Crypto-checksumming service adapter for Linux: Version 19.0.1.0.0 - Production   

As opções que você tem são desativar o NNE (e ativar o TLS, se desejar criptografia) ou usar o modo Thick com as bibliotecas do Oracle Client.

I'm not knowing how to disable NNE, I'm new to oracle, could you help?

[sharadraju]

@marcusmigueell Can you please let us know the settings in your sqlnet.ora network configuration file (most likely present in $ORACLE_HOME/network/admin directory)? NNE settings are enabled in this file. Are you connecting your database to any Node.js application?

[cjbj]

@marcusmigueell if you cannot edit your sqlnet.ora file(s) to remove the NNE settings, instead you can use node-oracledb Thick mode, see https://node-oracledb.readthedocs.io/en/latest/user_guide/initialization.html#enabling-node-oracledb-thick-mode

If you remove NNE you probably will want to enable TLS to replace it. You would need to refer to Oracle security manuals to find the steps.

[marcusmigueell]

I have an initial question, because I forgot to mention it earlier, I'm on windows and install only WINDOWS.X64_193000_client.zip do I need to install WINDOWS.X64_193000_client_home.zip as well?

[cjbj]

@marcusmigueell No you do not need both those 'full' client installs.

In fact, using Instant Client would be easier than using either WINDOWS.X64_193000_client.zip or WINDOWS.X64_193000_client_home.zip, see https://node-oracledb.readthedocs.io/en/latest/user_guide/installation.html#clientwin

[marcusmigueell]

I bring application data:

npm init -y npm i oracledb

index.js files:

const oracledb = require('oracledb') oracledb.outFormat = oracledb.OUT_FORMAT_OBJECT

async function con() { let conexao;

try {

    await oracledb.createPool({
        user: user,
        password: pass,
        connectString: "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=host aws)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=service name created for connection)))",
    })

    conexao = await oracledb.getConnection()

    await conexao.close()

} catch (error) {
    console.log(error);
}

}

con()

error:

Error: NJS-500: connection to the Oracle Database was broken NJS-521: connection to host * port 1521 received end-of-file on communication channel. (CONNECTION_ID=) at NTTCP.checkErr (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\sqlnet\ntTcp.js:307:23) at NTTCP.receive (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\sqlnet\ntTcp.js:448:12) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async NetworkSession._recvPacket (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\sqlnet\networkSession.js:377:22) at async NetworkSession.recvPacket (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\sqlnet\networkSession.js:442:12) at async ReadPacket.waitForPackets (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\protocol\packet.js:287:20) at async Protocol._decodeMessage (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\protocol\protocol.js:70:5) at async Protocol._processMessage (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\protocol\protocol.js:148:9) at async ThinConnectionImpl.connect (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\connection.js:542:7) at async ThinPoolImpl._connect (C:\Users\Administrator\Desktop\Teste Padap\node_modules\oracledb\lib\thin\pool.js:207:5) { code: 'NJS-500' }

[anthony-tuininga]

That error strongly suggests you have NNE enabled on the server -- which is not supported in thin mode. You will have to switch to thick mode or disable NNE on the server (migrate to use of TLS?). Those are your only two options at the moment!

[egm9078]

Could your team provide some insight into why NNE isn't supported with Thin Mode? Generally could you provide some helpful points for me to share with my DB systems engineer related to this topic?

[cjbj]

@egm9078 because the Oracle DB security developers have asked us not to. They would like users to move to TLS.