Налетел тут с доменом и криворуким его админом... ORA-12638
Цитата: During a connection to the database using operating system authentication, ORA-12638 "Credential retrieval failed" is logged intermittently. In some rare cases the problem is only seen when reconnecting. This can happen using any OCI based tool, like Sql*Plus.
As soon as clients are rebooted it works fine for a few days.
The database server is running on Windows 2003.
The Oracle client uses NTS authentication in sqlnet.ora.
SQLNET.AUTHENTICATION_SERVICES = (NTS)
In a sql*net server trace file (trace_level_server = 16) the following is reported:
[24-MAI-2007 14:24:29:638] naun5authent: Authentication type is 0
[24-MAI-2007 14:24:29:638] naun5authent: SSPI: 0x8009030e error in InitializeSecurityContext
[24-MAI-2007 14:24:29:638] naun5authent: exit
[24-MAI-2007 14:24:29:638] naunauthent: exit
[24-MAI-2007 14:24:29:638] nau_ccn: get credentials function failed
[24-MAI-2007 14:24:29:638] nau_ccn: failed with error 12638
Comment: the textual equivalent to 0x8009030e is SEC_E_NO_CREDENTIALS .
Cause
The problem is caused by a Microsoft issue.This is described in the following Microsoft article:
Abstract:
Users in a trusted external Kerberos realm cannot access resources from a Windows Server
2003-based forest to another forest by using a forest trust and a Kerberos trust
Добавлено через 20 минут 21 секунду
Еще до кучи, в 2008r2
Цитата: Configure the OS to work with DES:
1) Run gpedit.msc
2) Go to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options
3) Add the DES ciphers to “Network security: Configure encryption types allowed for Kerberos”
(проставил все галочки)