Troubleshooting Oracle Database@Azure
Find troubleshooting tips for Oracle Database@Azure onboarding and cloud platform issues.
For Troubleshooting information specific to Oracle Exadata Database and Oracle Autonomous Database resources in Oracle Database@Azure deployments, see the following pages:
Purchasing Offers
Details: A private offer created for your organization by Oracle Sales is not displaying in Azure Marketplace.
Error: The private products collection rule is not enabled in Azure Private Marketplace by the administrator of the Marketplace collection that is configured for the Azure subscription being used for Oracle Database@Azure. For more information, see Collections overview in the Azure documentation.
Workaround: For instructions on enabling the private products collection rule, see Collection rules in the Azure documentation.
Details: A private offer created for your organization by Oracle Sales cannot be purchased in Azure Marketplace.
Error: Azure Marketplace purchases are disabled by the administrator of a subscription being used for Oracle Database@Azure. Either all purchases are denied, or only Free/BYOL SKUs are allowed.
Workaround: Have the subscription administrator enable the purchase of 3rd party services in Azure Marketplace. The Azure Marketplace authorization for the subscription must be "On", and can't be "Free/BYOL SKUs Only" or "Off". See Purchase control through EA billing administration under an Enterprise Agreement (EA) in the Azure documentation for more information.
Microsoft Azure Locks
We recommend the removal of all Microsoft Azure locks to Oracle Database@Azure resources before terminating the resources. For example, if you're using a locked Microsoft Azure private endpoint with Oracle Database@Azure, confirm that the endpoint can be deleted, then remove the lock before deleting the Oracle Database@Azure resources. If you have a policy to prevent the deletion of locked resources, the Oracle Database@Azure work flow to delete system resources fails because Oracle Database@Azure can't delete a locked resource.
Networking
IP address requirements are different between Oracle Database@Azure and Exadata Database Service on Dedicated Infrastructure in Oracle Cloud Infrastructure (OCI). In the Requirements for IP Address Space documentation for Exadata in OCI, the following differences with the requirements of Oracle Database@Azure must be considered:
-
Oracle Database@Azure only supports Exadata X9M. All other shapes are unsupported.
-
Oracle Database@Azure reserves 13 IP addresses for the client subnet.
You can connect a Microsoft Azure VM to an Oracle Exadata VM cluster if both are in the same virtual network (VNet). This functionality is automatic, and requires no extra changes to network security group (NSG) rules. If you need to connect an Azure VM from a different VNet than the one used by the Exadata VM cluster, you must also configure NSG traffic rules to let the other VNet's traffic to flow to the Exadata VM cluster. For example, if you have 2 VNets ("A" and "B"), with VNet A serving the Microsoft Azure VM, and VNet B serving the Oracle Exadata VM cluster, you need to add VNet A's CIDR address to the NSG route table in OCI.
| Direction | Source or destination | Protocol | Details | Description |
|---|---|---|---|---|
|
Direction: Egress Stateless: No |
Destination Type: CIDR Destination: 0.0.0.0/0 |
All protocols |
Allow: All traffic for all ports |
Default NSG egress rule |
|
Direction: Ingress Stateless: No |
Source Type: CIDR Source: Microsoft Azure VNet CIDR |
TCP |
Source Port Range: All Destination Port Range: All Allow: TCP traffic for all ports |
Ingress for all TCP from Microsoft Azure VNet |
|
Direction: Ingress Stateless: No |
Source Type: CIDR Source: Microsoft Azure VNet CIDR |
ICMP |
Type: All Code: All Allow: ICMP traffic for all |
Ingress for all ICMP from Microsoft Azure VNet |
| Direction | Source or Destination | Protocol | Details | Description |
|---|---|---|---|---|
|
Direction: Egress Stateless: No |
Destination Type: Service Destination: OCI IAD object storage |
TCP |
Source Port Range: All Destination Port Range: 443 Allow: TCP traffic for port 443 HTTPS |
Allows access to Object Storage |
|
Direction: Ingress Stateless: No |
Source Type: CIDR Source: 0.0.0.0/0 |
ICMP |
Type: 3 Code: 4 Allow: ICMP traffic for 3, 4 Destination Unreachable: Fragmentation needed and "Don't Fragment" was set |
Allows Path MTU Discovery fragmentation messages |
Deployment Failure for the Azure East US 2 Region
If you onboarded with Oracle Database@Azure before February 15, 2025 and you want to use the Azure East US 2 region for Oracle Database@Azure resources, you must create an OCI IAM policy in your OCI tenancy to enable access to Azure East US 2. If you try to deploy resources to East US 2 without the required permissions, the Azure Portal displays the "Your deployment failed" message:
The following instructions explain how to create the required policy.
- Open the navigation menu and select Identity & Security. Under Identity, select Policies.
- Select Create Policy.
- Name: Enter
Additional_Multicloud_Policy - Description: Optional. Enter a description. For example, "Policy to enable access to Azure East US 2 region."
-
In the Policy Builder, use the Show manual editor toggle switch to enable the manual policy editor field, then paste the following policy into the manual editor:
define tenancy networking-dataplane2 as ocid1.tenancy.oc1..aaaaaaaailqy63b6fbqoa6jyd324iyb5xoafpji2j6evpqqx5or74vwknv5a endorse any-user to {DRG_ATTACHMENT_READ, DRG_ATTACH, DRG_DETACH, VCN_ATTACH, DRG_ROUTE_TABLE_ATTACH, ROUTE_TABLE_ATTACH, ROUTE_TABLE_DETACH} in tenancy networking-dataplane2 where all { request.principal.type = 'multicloudlink' } - Select Create to create the policy. The new policy is listed in the Policies list view page.
If you onboarded with Oracle Database@Azure on or after February 15, 2025, your Oracle Database@Azure service can access the Azure East US 2 by default, and no action is required.