Troubleshooting Oracle Database@Azure
Find troubleshooting tips for Oracle Database@Azure onboarding and cloud platform issues.
For Troubleshooting information specific to Oracle Exadata Database and Oracle Autonomous Database resources in Oracle Database@Azure deployments, see the following pages:
Purchasing Offers
Details: A private offer created for your organization by Oracle Sales is not displaying in Azure Marketplace.
Error: The private products collection rule is not enabled in Azure Private Marketplace by the administrator of the Marketplace collection that is configured for the Azure subscription being used for Oracle Database@Azure. For more information, see Collections overview in the Azure documentation.
Workaround: For instructions on enabling the private products collection rule, see Collection rules in the Azure documentation.
Details: A private offer created for your organization by Oracle Sales cannot be purchased in Azure Marketplace.
Error: Azure Marketplace purchases are disabled by the administrator of a subscription being used for Oracle Database@Azure. Either all purchases are denied, or only Free/BYOL SKUs are allowed.
Workaround: Have the subscription administrator enable the purchase of 3rd party services in Azure Marketplace. The Azure Marketplace authorization for the subscription must be "On", and can't be "Free/BYOL SKUs Only" or "Off". See Purchase control through EA billing administration under an Enterprise Agreement (EA) in the Azure documentation for more information.
Microsoft Azure Locks
We recommend the removal of all Microsoft Azure locks to Oracle Database@Azure resources before terminating the resources. For example, if you're using a locked Microsoft Azure private endpoint with Oracle Database@Azure, confirm that the endpoint can be deleted, then remove the lock before deleting the Oracle Database@Azure resources. If you have a policy to prevent the deletion of locked resources, the Oracle Database@Azure work flow to delete system resources fails because Oracle Database@Azure can't delete a locked resource.
Networking
IP address requirements are different between Oracle Database@Azure and Exadata Database Service on Dedicated Infrastructure in Oracle Cloud Infrastructure (OCI). In the Requirements for IP Address Space documentation for Exadata in OCI, the following differences with the requirements of Oracle Database@Azure must be considered:
-
Oracle Database@Azure only supports Exadata X9M. All other shapes are unsupported.
-
Oracle Database@Azure reserves 13 IP addresses for the client subnet.
You can connect a Microsoft Azure VM to an Oracle Exadata VM cluster if both are in the same virtual network (VNet). This functionality is automatic, and requires no extra changes to network security group (NSG) rules. If you need to connect an Azure VM from a different VNet than the one used by the Exadata VM cluster, you must also configure NSG traffic rules to let the other VNet's traffic to flow to the Exadata VM cluster. For example, if you have 2 VNets ("A" and "B"), with VNet A serving the Microsoft Azure VM, and VNet B serving the Oracle Exadata VM cluster, you need to add VNet A's CIDR address to the NSG route table in OCI.
| Direction | Source or destination | Protocol | Details | Description |
|---|---|---|---|---|
|
Direction: Egress Stateless: No |
Destination Type: CIDR Destination: 0.0.0.0/0 |
All protocols |
Allow: All traffic for all ports |
Default NSG egress rule |
|
Direction: Ingress Stateless: No |
Source Type: CIDR Source: Microsoft Azure VNet CIDR |
TCP |
Source Port Range: All Destination Port Range: All Allow: TCP traffic for all ports |
Ingress for all TCP from Microsoft Azure VNet |
|
Direction: Ingress Stateless: No |
Source Type: CIDR Source: Microsoft Azure VNet CIDR |
ICMP |
Type: All Code: All Allow: ICMP traffic for all |
Ingress for all ICMP from Microsoft Azure VNet |
| Direction | Source or Destination | Protocol | Details | Description |
|---|---|---|---|---|
|
Direction: Egress Stateless: No |
Destination Type: Service Destination: OCI IAD object storage |
TCP |
Source Port Range: All Destination Port Range: 443 Allow: TCP traffic for port 443 HTTPS |
Allows access to Object Storage |
|
Direction: Ingress Stateless: No |
Source Type: CIDR Source: 0.0.0.0/0 |
ICMP |
Type: 3 Code: 4 Allow: ICMP traffic for 3, 4 Destination Unreachable: Fragmentation needed and "Don't Fragment" was set |
Allows Path MTU Discovery fragmentation messages |
Prerequisites for the Azure East US 2 Region
If you onboarded with Oracle Database@Azure before April 15, 2025 and you want to use the Azure East US 2 region, you need to create policies in your OCI tenancy that allow you to create Oracle Database@Azure resources and use metrics in Azure East US 2. Use the instructions in this section to create policies for resources creation and metrics.
Create the policy described in this section to enable resource creation in Azure East US 2. If you try to create resources to East US 2 without the required permissions, the Azure Portal displays the "Your deployment failed" message:
Create the required policy as follows:
- Open the navigation menu and select Identity & Security. Under Identity, select Policies.
- Select Create Policy.
- Name: Enter
Additional_Multicloud_Policy - Description: Optional. Enter a description. For example, "Policy to enable Oracle Database@Azure resource creation in the Azure East US 2 region."
-
In the Policy Builder, use the Show manual editor toggle switch to enable the manual policy editor field, then paste the following policy into the manual editor:
define tenancy networking-dataplane2 as ocid1.tenancy.oc1..aaaaaaaailqy63b6fbqoa6jyd324iyb5xoafpji2j6evpqqx5or74vwknv5a endorse any-user to {DRG_ATTACHMENT_READ, DRG_ATTACH, DRG_DETACH, VCN_ATTACH, DRG_ROUTE_TABLE_ATTACH, ROUTE_TABLE_ATTACH, ROUTE_TABLE_DETACH} in tenancy networking-dataplane2 where all { request.principal.type = 'multicloudlink' } - Select Create to create the policy. The new policy is listed in the Policies list view page.
If you onboarded with Oracle Database@Azure on or after April 15, 2025no action is required.
Create the required policy for observability (metrics) as follows:
- Open the navigation menu and select Identity & Security. Under Identity, select Policies.
- Select Create Policy.
- Name: Enter
Additional_Observabilioty_Multicloud_Policy - Description: Optional. Enter a description. For example, "Policy to enable Oracle Database@Azure metrics for Azure East US 2 region."
-
In the Policy Builder, use the Show manual editor toggle switch to enable the manual policy editor field, then paste the following policy into the manual editor:
define tenancy obs_tenancy_2 as ocid1.tenancy.oc1..aaaaaaaalfamrkmvchwc3mndr4c4htwtntx2ampbas3z42c6sxyqviit4gta define tenancy obs_cp_tenancy_2 as ocid1.tenancy.oc1..aaaaaaaa7bzfp55yuik3t2sesnqgsyohpbfr4ocl4vlq7foyhmaa34xktyja endorse any-user to use stream-push in tenancy obs_tenancy_2 where all { request.principal.type='multicloudlink' } endorse any-user to read streams in tenancy obs_tenancy_2 where all { request.principal.type='multicloudlink' } admit any-user of tenancy obs_tenancy_2 to use metrics in compartment id ocid1.compartment.oc1..aaaaaaaalro4yg4evjyyrtxrjedakvtg6tcqizdg4xulwbcxctwtpc3nvjdq where all {request.principal.type='serviceconnector'} admit any-user of tenancy obs_cp_tenancy_2 to { DATABASE_INSPECT, PLUGGABLE_DATABASE_INSPECT } in compartment id ocid1.compartment.oc1..aaaaaaaalro4yg4evjyyrtxrjedakvtg6tcqizdg4xulwbcxctwtpc3nvjdq where all { request.principal.type = 'workload', request.principal.namespace = 'obs-cp', request.principal.service_account = 'obs-cp-service-account’} - Select Create to create the policy. The new policy is listed in the Policies list view page.
If you onboarded with Oracle Database@Azure on or after April 15, 2025, no action is required.