My Oracle Support Banner

FailSafe Clustered Database Won't Start After EFS Encryption Applied To Database Filesystem (Doc ID 2271824.1)

Last updated on JANUARY 19, 2020

Applies to:

Oracle Fail Safe - Version 4.1 to 4.1
Microsoft Windows x64 (64-bit) - Version: 2008 R2

Symptoms

NOTE: In the images and/or the document content below, the user information and environment data used represents fictitious data from the Oracle sample schema(s), Public Documentation delivered with an Oracle database product or other training material. Any similarity to actual environments, actual persons, living or dead, is purely coincidental and not intended in any manner.

For the purposes of this document, the following fictitious environment is used as an example to describe the procedure:

service_name: OracleServiceMHP2TP72
db_ name: MHP2TP72
oracle_home: E:\app\oracle\product\12.1.0\dbhome_EF
ifile: H:\app\oracle\oradata\mhp2TP72\paramsMHP2TP72.ORA

 

=========================================

 

Using Microsoft file system encryption shared filesystem with the databases datafiles on it.
MircoSoft Encrypting Filesystem

I find one FAQ on this
https://www.oracle.com/technetwork/database/windows/faq-100614.html#EFS

Seems it is not widely used with Oracle, but is supported.

FailSafe Clustered database won't start after EFS encryption Applied to database files

When  rebooting the active node OFS moves the database group to the passive node which becomes active.
On node 2 the   database with EFS filesystem for datafiles is not started by OFS.

When moving the group back to node 1, again same issue OFS does not start database. 

Oracle Enterprise 12.1.0.2 with Oracle Fail Safe 4.1.1.3
Installed on a 2 node Windows 2012 R2 X64 MS FailOver cluster

Created database on cluster shared volume and added databae to Oracle Fails Safe without issue
At this point database workis fine until the folder containing the database files is encrypted via EFS
After which Neither the Windows Failover Manager nor the Oracle Fail Safe manager can start the databases

However, the database can be started by starting the Windows service for the database and then launching SQLPlus and starting the database from there.
After someone logging into the server with the Oracle Fail Safe service account the database can be started from the Windows Failover cluster manager and the Oracle Fail Safe Manager until the next server restart.

Note:EFS certificate has been imported into
Oracle home account
Oracle database service
Oracle Fail safe account
Oracle fail Safe Service
Local Computer
(xxx\Personal and xxx\Trusted Root Certification Authorities).

Once the database does start it is clear that only the Oracle Fail Safe Service account seems to touch the database files (shown as Client User)
Which differs from a non-clustered database start where the user starting the database is shown as the client user

Application event log:  

 

 

Changes

 Using MircoSoft Encrypting Filesystem (EFS) filesystem for datafiles with OFS on MS Cluster.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.