Troubleshooting Autonomous Database on Dedicated Exadata Infrastructure
Use the following sections to help troubleshoot problems you have with Oracle Autonomous Database on Dedicated Exadata Infrastructure on Oracle Public Cloud and Exadata Cloud@Customer platforms.
- Unable to Access Master Encryption Keys
- Unable to Access Vault
- Backup to Network File System (NFS) is Failing
- Unable to Mount Network File System (NFS)
- Unable to write a file in Network File System (NFS)
- Unable to get outbound traffic from APEX
- Backup Retention Issues with ZDLRA
Parent topic: Reference
Unable to Access Master Encryption Keys
APPLIES TO: 
Oracle Public Cloud only
Potential Cause
Autonomous Exadata VM Cluster (AVMC) is unable to reach the master encryption key.
Suggested Action
Verify that the master encryption key is reachable from the AVMC.
Resolution
- Ensure Service Gateway is enabled for the AVMC Subnet with Destination: All IAD Services In Oracle Services Network.
- Ensure the following IAM policy is defined for the Dynamic Group:
allow dynamic-group <dynamic-group-name> to manage keys in compartment <vaults-and-keys-compartment> where all { target.key.id='<key_ocid>', request.permission!='KEY_DELETE', request.permission!='KEY_MOVE', request.permission!='KEY_IMPORT', request.permission!='KEY_BACKUP’ }
Further Reference
Unable to Access Vault
APPLIES TO: Oracle Public Cloud only
Potential Cause
Autonomous Exadata VM Cluster (AVMC) is unable to read the Vault.
Suggested Action
Verify that the Vault is reachable from the AVMC.
Resolution
- Ensure Service Gateway is enabled for the AVMC Subnet with Destination: All IAD Services In Oracle Services Network
- Ensure the following IAM policy is defined for the Dynamic Group
allow dynamic-group <dynamic-group> to read vaults in tenancy | compartment <vaults-and-keys-compartment>
Further Reference
Backup to Network File System (NFS) is Failing
APPLIES TO: Exadata Cloud@Customer only
Potential Cause
NFS destination may be unreachable due to a network issue.
Suggested Action
Verify that the NFS is reachable from the Autonomous Exadata VM Cluster (AVMC) network.
Resolution
- Verify the network routing and try again. All IP Addresses need to be reachable over backup network of the AVMC.
- Disconnect and re-attach the NFS.
- Attach Secondary NFS shared.
Further Reference
Documentation: About Backup and Recovery
Unable to Mount Network File System (NFS)
APPLIES TO: Exadata Cloud@Customer only
Potential Causes
- Incorrect export path.
- Lack of right permissions on the export path.
- No network access between Autonomous Exadata VM Cluster (AVMC) client IPs and NFS server.
Suggested Actions
- Verify the export path and permissions on the export path.
- Verify access ports are open between NFS server and client IPs.
Resolution
- Ensure the export_path is accurate.
- Ensure Oracle user has permission on the export_path
- uid:gid of the Oracle user for Autonomous VM Cluster should be 1001:1001
- Ensure no firewalls block network access between AVMC client IPs and the NFS server.
- If the network access to NFS is via backup IPs, then create an SR for the Autonomous Database operations to implement routing rules to divert traffic to NFS via backup IPs.
Unable to write a file in Network File System (NFS)
APPLIES TO: Exadata Cloud@Customer only
Potential Cause
Incorrect permissions on the NFS mount.
Suggested Action
Verify if the NFS mount has the right permission.
Resolution
- uid:gid of the Oracle user for Autonomous VM Cluster should be 1001:1001
Unable to get outbound traffic from APEX
Error Code
OPC :ORA-24247 WHILE TRYING TO USE APEX_INSTANCE_ADMIN.VALIDATE_EMAIL_CONFIGPotential Cause
Missing https & SMTP egress rules.
Suggested Action
Enable network access for APEX as per your requirement for tasks such as sending email, or accessing REST (or other HTTP based) resources. Access will only be available after the user configures it.
Resolution
- The principal name specified must match the APEX installation schema, for example it might be
APEX_210200. - The apex schema name for a particular deployment is version dependent and can be found with the following query:
select schema from dba_registry where comp_id='APEX' - ACLs created for other users, such as ADMIN, will not impact access through APEX. Such ACLs would only impact use cases where ADMIN or code owned by ADMIN directly called UTL_HTTP or UTL_SMTP.
Further Reference
- Documentation that demonstrates the wildcard rule that would allow access to any hosts, and a subsequent more restrictive rule that allowed localhost access: Enabling Network Services in Oracle Database
- More details about adding rules to allow specific hosts or wildcard patterns can be found here: APPEND_HOST_ACE Procedure
Backup Retention Issues with ZDLRA
APPLIES TO: Exadata Cloud@Customer only
Potential Cause
The root cause depends on the details in the diagnostic report generated per the suggestions below.
Suggested Action
- To help us understand and fix the issue, please follow the following My Oracle Support (MOS) note that explains you through collecting diagnostic data, which will help Support narrow down the cause of your problem.
- If the Recovery Appliance is higher than or equal to Version 19.2.1.1.2, the following command can also be used to generate the System Activity Report (SAR) but this will be generated in text format only:
racli run diagnostics --tag=sarThis command generates a Diagnostics package.
- Submit a Service Request (SR) in My Oracle Support with the diagnostic results.
Resolution
Once you submit the SR with the diagnostic results, the Oracle Support team will contact you with a resolution for the corresponding issue.
Further Reference
- Documentation: Create a Service Request in My Oracle Support