FailSafe Clustered Database Won't Start After EFS Encryption Applied To Database Filesystem
(Doc ID 2271824.1)
Last updated on MAY 22, 2018
Applies to:Oracle Fail Safe - Version 4.1 to 4.1
Microsoft Windows x64 (64-bit) - Version: 2008 R2
Using Microsoft file system encryption shared filesystem with the databases datafiles on it.
MircoSoft Encrypting Filesystem
I find one FAQ on this
Seems it is not widely used with Oracle, but is supported.
FailSafe Clustered database won't start after EFS encryption Applied to database files
When rebooting the active node OFS moves the database group to the passive node which becomes active.
On node 2 the database with EFS filesystem for datafiles is not started by OFS.
When moving the group back to node 1, again same issue OFS does not start database.
Oracle Enterprise 220.127.116.11 with Oracle Fail Safe 18.104.22.168
Installed on a 2 node Windows 2012 R2 X64 MS FailOver cluster
Created database on cluster shared volume and added databae to Oracle Fails Safe without issue
At this point database workis fine until the folder containing the database files is encrypted via EFS
After which Neither the Windows Failover Manager nor the Oracle Fail Safe manager can start the databases
However, the database can be started by starting the Windows service for the database and then launching SQLPlus and starting the database from there.
After someone logging into the server with the Oracle Fail Safe service account the database can be started from the Windows Failover cluster manager and the Oracle Fail Safe Manager until the next server restart.
Note:EFS certificate has been imported into
Oracle home account
Oracle database service
Oracle Fail safe account
Oracle fail Safe Service
(xxx\Personal and xxx\Trusted Root Certification Authorities).
Once the database does start it is clear that only the Oracle Fail Safe Service account seems to touch the database files (shown as Client User)
Which differs from a non-clustered database start where the user starting the database is shown as the client user
Application event log:
Information 2017-04-12 8:42:46 PM OracleMSCSServices 3 Oracle Database Oracle Fail Safe resource MHP2TP72 successfully forced offline.
Warning 2017-04-12 8:42:43 PM OracleMSCSServices 2 Oracle Database Oracle Fail Safe resource MHP2TP72 is being forced offline.
Error 2017-04-12 8:42:43 PM OracleMSCSServices 1 Oracle Database Oracle Fail Safe resource MHP2TP72 failed to start.
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
System event log:
Information 2017-04-12 8:42:43 PM Service Control Manager 7036 None The OracleServiceMHP2TP72 service entered the stopped state.
Error 2017-04-12 8:42:43 PM Microsoft-Windows-FailoverClustering 1069 Resource Control Manager "Cluster resource 'MHP2TP72' of type 'Oracle Database' in clustered role 'MHP-ORASVR2-OP1' failed.
Windows Sysinternals Process Monitor (ProcMon) shows this
High Resolution Date & Time: 2017-04-17 10:06:14.4258677 PM
Event Class: File System
Result: ACCESS DENIED
Path: H:\app\oracle\oradata\MHP2TP72\paramsMHP2TP72.ORA ifile in question
Desired Access: Generic Read
Options: Synchronous IO Non-Alert, Non-Directory File
ShareMode: Read, Write
Using MircoSoft Encrypting Filesystem (EFS) filesystem for datafiles with OFS on MS Cluster.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document