Re: Windows 2008 and run database service as a different user then the "Local System" account, database will not start via service

From: Patrick Roozen <>
Date: Wed, 14 Mar 2012 13:18:54 +0100
Message-ID: <>

Hi Niall and others,

We have given the permissions as described below in your post, and UAC is set to "Never Notify" aka disabled I believe. It still wont mount the database via the service when that service is not running as Local System.
In %ORACLE_HOME%\database\oradim.log we can see the following message: ORA-12631 username retrieval failed

Searching the web shows that setting sqlnet.ora (sqlnet.autentication_services=(NONE) will resolve this error but that means
that we cannot logon without supplying the password. Which the backup scripts we use cannot as they use "sqlplus / as sysdba" for all the logons. So this is not an option for us.

I have confirmed that either setting the sqlnet.autentication_services=(NONE) will allow the service to start the database normally
(and mounting/open etc).

Also using a local account with the neccessary rights will start the database. But then we cannot access the share we need to backup the FRA to.

Searching the event log viewer does not result in any extra messages that might show what is wrong.

But I eventually found a post (while writing this mail) in thread ( that showed us an other possibility and that worked. The entry that shows the solution is:
"Ok here is the solution for the problem: I 've changed log on information for the oracle service from account_at_domain to domain\account and now everything is working fine. Thanks to all who tried to help."

The entry is by a micky davis from 2006.

If you use the "browse" feature in windows and then "check names", then your DOMAIN\user entry is changed to user_at_DOMAIN and you will have this problem.

So thank you all (and Micky Davis) for the help and I hope that this will help someone else who runs into this problem as well.


Patrick Roozen

On Tue, Mar 13, 2012 at 6:01 PM, Niall Litchfield <> wrote:
> I believe that the account needs
> 1) To be a local administrator (i.e a direct member of the local
> administrators group on the box, group membership doesn't cut it)
> 2) To have the following rights
> Logon as a Service
> Logon as a Batch Job
> Replace a process level token
> Act as part of the operating system
> In addition UAC should be disabled for the server (much like SELinux should
> be disabled on a Linux box).
> I'll have to recheck later unless someone can show otherwise, but my memory
> is that RMAN allows backups to a UNC share without having to jump through
> the hoops above. Are you locating the FRA directly on the share and is a
> controlfile located in the FRA?
> On Tue, Mar 13, 2012 at 9:37 AM, Patrick Roozen <>
> wrote:
>> Hi All,
>> We need to run the database as a different user then the "Local
>> System" account because we need to make backups to an UNC share.
>> Therefore we have created a domain user that is in the local
>> administrator group on the windows machine. This user is allowed to
>> use the UNC share as well.
>> We run Oracle SE and Windows 2008 RC2 and followed this note
>> on metalink/oracle support (Doc ID 457363.1).
>> When starting the database service the database will not mount the
>> database and stops there. No extra messages in the alert file that
>> suggest any problem.
>> When we logon to the windows machine with the same account and connect
>> to the database we can start it manually (alter database mount/alter
>> database open) without any problems.
>> Has anyone run into this problem before and been able to fix this? We
>> have a SR with oracle but have not gotten any respons yet.
>> Regards,
>> Patrick
>> Oracle DBA
>> P.S. Off course running the service as "local system" will start the
>> database without any problems. And we also change the service of the
>> listener to run as the same user as the database service.
>> If you don't you cannot connect to the database via sqlnet.
>> --
> --
> Niall Litchfield
> Oracle DBA

Received on Wed Mar 14 2012 - 07:18:54 CDT

Original text of this message