My Oracle Support Banner

Connect / As Sysdba with NTS adapter fails due to username in UPN (Doc ID 562990.1)

Last updated on OCTOBER 10, 2022

Applies to:

Oracle Database - Enterprise Edition - Version 9.2.0.8 to 11.2.0.2 [Release 9.2 to 11.2]
Oracle Database - Enterprise Edition - Version 11.2.0.4 to 12.2.0.1 [Release 11.2 to 12.2]
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Information in this document applies to any platform.
 



Symptoms

On Windows when using the NTS authentication adapter by setting sqlnet.ora parameter

SQLNET.AUTHENTICATION_SERVICES = (NTS)

(this is the default and recommended setting) you get the following errors:

ORA-12638: Credential retrieval failed

ORA-12631: Username retrieval failed

When the sqlnet tracing is enabled at level 16 using sqlnet.ora trace parameter

TRACE_LEVEL_SERVER = 16

the following specific error can be seen in the resulting trace file:

 

[10-APR-2008 12:01:21:285] naun5validate: entry
[10-APR-2008 12:01:21:285] naun5validate: driver state is 1
[10-APR-2008 12:01:21:285] nacomrp: entry
[10-APR-2008 12:01:21:285] nacomrp: exit
[10-APR-2008 12:01:21:285] nacomrp: entry
[10-APR-2008 12:01:21:285] nacomrp: exit
[10-APR-2008 12:01:21:285] naun5validate: SSPI: 0x80090308 error in AcceptSecurityContext
[10-APR-2008 12:01:21:285] naun5validate: exit
[10-APR-2008 12:01:21:285] naunval: exit
[10-APR-2008 12:01:21:285] nau_scn: credential validation function failed
[10-APR-2008 12:01:21:285] nacomsd: entry
[10-APR-2008 12:01:21:285] nacomfsd: entry
[10-APR-2008 12:01:21:285] nacomfsd: exit
[10-APR-2008 12:01:21:285] nacomsd: exit
[10-APR-2008 12:01:21:285] nau_scn: failed with error 12631
[10-APR-2008 12:01:21:285] nau_scn: exit
[10-APR-2008 12:01:21:285] na_csrd: failed with error 12631
[10-APR-2008 12:01:21:285] na_csrd: exit
[10-APR-2008 12:01:21:285] nacomer: error 12631 received from authentication service
[10-APR-2008 12:01:21:285] nacomer: failed with error 12631


The interpretation of the above is the AcceptSecurityContext Windows API called by the Oracle module naun5validate throws the error 'SSPI: 0x80090308' which means SEC_E_INVALID_TOKEN.

Changes

 The Oracle service was changed from the default which is to run as LocalSystem.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.