During a connection to the database using operating system authentication, ORA-12638
"Credential retrieval failed" is logged intermittently. In some rare cases the problem is only seen when reconnecting. This can happen using any OCI based tool, like Sql*Plus.
As soon as clients are rebooted it works fine for a few days.
The database server is running on Windows 2003.
The Oracle client uses NTS authentication in sqlnet.ora.
SQLNET.AUTHENTICATION_SERVICES = (NTS)
In a sql*net server trace file (trace_level_server = 16) the following is reported:
[24-MAI-2007 14:24:29:638] naun5authent: Authentication type is 0
[24-MAI-2007 14:24:29:638] naun5authent: SSPI: 0x8009030e error in InitializeSecurityContext
[24-MAI-2007 14:24:29:638] naun5authent: exit
[24-MAI-2007 14:24:29:638] naunauthent: exit
[24-MAI-2007 14:24:29:638] nau_ccn: get credentials function failed
[24-MAI-2007 14:24:29:638] nau_ccn: failed with error 12638
Comment: the textual equivalent to 0x8009030e is SEC_E_NO_CREDENTIALS .
The problem is caused by a Microsoft issue.This is described in the following Microsoft article:
Users in a trusted external Kerberos realm cannot access resources from a Windows Server
2003-based forest to another forest by using a forest trust and a Kerberos trust