Troubleshooting Oracle Database@Azure
Find troubleshooting tips for Oracle Database@Azure.
Purchasing Offers
Details: A private offer created for your organization by Oracle Sales is not displaying in Azure Marketplace.
Error: The private products collection rule is not enabled in Azure Private Marketplace by the administrator of the Marketplace collection that is configured for the Azure subscription being used for Oracle Database@Azure. For more information, see Collections overview in the Azure documentation.
Workaround: For instructions on enabling the private products collection rule, see Collection rules in the Azure documentation.
Details: A private offer created for your organization by Oracle Sales cannot be purchased in Azure Marketplace.
Error: Azure Marketplace purchases are disabled by the administrator of a subscription being used for Oracle Database@Azure. Either all purchases are denied, or only Free/BYOL SKUs are allowed.
Workaround: Have the subscription administrator enable the purchase of 3rd party services in Azure Marketplace. The Azure Marketplace authorization for the subscription must be "On", and can't be "Free/BYOL SKUs Only" or "Off". See Purchase control through EA billing administration under an Enterprise Agreement (EA) in the Azure documentation for more information.
Exadata VM Cluster Provisioning
Details: When creating an Exadata VM cluster, if you select a private DNS zone whose FQDN has more than 4 labels (delimited by a period '.'), you get this error. For example, a.b.c.d
is allowed, while a.b.c.d.e
is not allowed.
Error returned by CreateCloudVmCluster operation in Database service. (400, InvalidParameter, false) domain name cannot contain more than 4 labels
Workaround: Rename the private DNS that caused the error, or select a different private DNS whose FQDN has 4 or fewer labels.
When creating an Exadata VM cluster, if you select a private DNS zone created without any tags, the default OCI tag oracle-tags
is automatically generated for the VM cluster. This might cause the following error, if the tag namespace isn't authorized in the OCI tenancy:
404 NotAuthorizedOrNotFound
Workaround: Add the following policies to the OCI tenancy:
Allow any user to use tag-namespaces in tenancy where request.principal.type = ‘multicloudlink’
Allow any user to manage tag-defaults in tenancy where request.principal.type = ‘multicloudlink’
Microsoft Azure Locks
We recommend the removal of all Microsoft Azure locks to Oracle Database@Azure resources before terminating the resources. For example, if you're using a locked Microsoft Azure private endpoint with Oracle Database@Azure, confirm that the endpoint can be deleted, then remove the lock before deleting the Oracle Database@Azure resources. If you have a policy to prevent the deletion of locked resources, the Oracle Database@Azure work flow to delete system resources fails because Oracle Database@Azure can't delete a locked resource.
Networking
IP address requirements are different between Oracle Database@Azure and Exadata Database Service on Dedicated Infrastructure in Oracle Cloud Infrastructure (OCI). In the Requirements for IP Address Space documentation for Exadata in OCI, the following differences with the requirements of Oracle Database@Azure must be considered:
-
Oracle Database@Azure only supports Exadata X9M. All other shapes are unsupported.
-
Oracle Database@Azure reserves 13 IP addresses for the client subnet.
You can connect a Microsoft Azure VM to an Oracle Exadata VM cluster if both are in the same virtual network (VNet). This functionality is automatic, and requires no extra changes to network security group (NSG) rules. If you need to connect an Azure VM from a different VNet than the one used by the Exadata VM cluster, you must also configure NSG traffic rules to let the other VNet's traffic to flow to the Exadata VM cluster. For example, if you have 2 VNets ("A" and "B"), with VNet A serving the Microsoft Azure VM, and VNet B serving the Oracle Exadata VM cluster, you need to add VNet A's CIDR address to the NSG route table in OCI.
Direction | Source or destination | Protocol | Details | Description |
---|---|---|---|---|
Direction: Egress Stateless: No |
Destination Type: CIDR Destination: 0.0.0.0/0 |
All protocols |
Allow: All traffic for all ports |
Default NSG egress rule |
Direction: Ingress Stateless: No |
Source Type: CIDR Source: Microsoft Azure VNet CIDR |
TCP |
Source Port Range: All Destination Port Range: All Allow: TCP traffic for all ports |
Ingress for all TCP from Microsoft Azure VNet |
Direction: Ingress Stateless: No |
Source Type: CIDR Source: Microsoft Azure VNet CIDR |
ICMP |
Type: All Code: All Allow: ICMP traffic for all |
Ingress for all ICMP from Microsoft Azure VNet |
Direction | Source or Destination | Protocol | Details | Description |
---|---|---|---|---|
Direction: Egress Stateless: No |
Destination Type: Service Destination: OCI IAD object storage |
TCP |
Source Port Range: All Destination Port Range: 443 Allow: TCP traffic for port 443 HTTPS |
Allows access to Object Storage |
Direction: Ingress Stateless: No |
Source Type: CIDR Source: 0.0.0.0/0 |
ICMP |
Type: 3 Code: 4 Allow: ICMP traffic for 3, 4 Destination Unreachable: Fragmentation needed and "Don't Fragment" was set |
Allows Path MTU Discovery fragmentation messages |