FailSafe Clustered Database Won't Start After EFS Encryption Applied To Database Filesystem
(Doc ID 2271824.1)
Last updated on JANUARY 19, 2020
Applies to:Oracle Fail Safe - Version 4.1 to 4.1
Microsoft Windows x64 (64-bit) - Version: 2008 R2
NOTE: In the images and/or the document content below, the user information and environment data used represents fictitious data from the Oracle sample schema(s), Public Documentation delivered with an Oracle database product or other training material. Any similarity to actual environments, actual persons, living or dead, is purely coincidental and not intended in any manner.
For the purposes of this document, the following fictitious environment is used as an example to describe the procedure:
db_ name: MHP2TP72
Using Microsoft file system encryption shared filesystem with the databases datafiles on it.
MircoSoft Encrypting Filesystem
I find one FAQ on this
Seems it is not widely used with Oracle, but is supported.
FailSafe Clustered database won't start after EFS encryption Applied to database files
When rebooting the active node OFS moves the database group to the passive node which becomes active.
On node 2 the database with EFS filesystem for datafiles is not started by OFS.
When moving the group back to node 1, again same issue OFS does not start database.
Oracle Enterprise 18.104.22.168 with Oracle Fail Safe 22.214.171.124
Installed on a 2 node Windows 2012 R2 X64 MS FailOver cluster
Created database on cluster shared volume and added databae to Oracle Fails Safe without issue
At this point database workis fine until the folder containing the database files is encrypted via EFS
After which Neither the Windows Failover Manager nor the Oracle Fail Safe manager can start the databases
However, the database can be started by starting the Windows service for the database and then launching SQLPlus and starting the database from there.
After someone logging into the server with the Oracle Fail Safe service account the database can be started from the Windows Failover cluster manager and the Oracle Fail Safe Manager until the next server restart.
Note:EFS certificate has been imported into
Oracle home account
Oracle database service
Oracle Fail safe account
Oracle fail Safe Service
(xxx\Personal and xxx\Trusted Root Certification Authorities).
Once the database does start it is clear that only the Oracle Fail Safe Service account seems to touch the database files (shown as Client User)
Which differs from a non-clustered database start where the user starting the database is shown as the client user
Application event log:
Using MircoSoft Encrypting Filesystem (EFS) filesystem for datafiles with OFS on MS Cluster.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document