Skip to Main Content

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

ORA-29013: SSL MAC verification failure

Paul JorstadMar 16 2021

I'm trying to call a REST endpoint from the database. It is https and I've configured a wallet for such, and it works for many servers, but not one particular, I get ORA-29013: SSL MAC verification failure, but not 100% of the calls. Suddenly it works and then fails again. When searching for that error message, it says I have to open a SR, which I've done. But after over a week, I have still no soultion. So - is there other who have got this error and found a reason and a soultion for it?
Version 19.8, StandardEdtion, Windows 2016 server

Comments

Janis

we have the same problem, any ideas?

Ronnie Nagimesi

We have the EXACT same issue as described by Paul in his original post only that our SR has been going for weeks with no solution. Our database is 19.3.EE on Win 2016, we have tested it on a 19.9 database, same issue. We have tested this issue in 11.2.0.4 (Win 2008 R2) and 12.1.0.2 (Win 2012 R2) both EE databases and it works all the time. The 12.1 DB where it works is in Azure and so is the 19.3 and 19.9 where we are having the issue. The 11.2 is on-prem. Oracle in the SR says they cannot reproduce the issue on their side but they have zoomed into ours and can see our issue and have reviewed tons of logs that we have uploaded. Any help on this will be greatly appreciated!!

striv

We have the same problem when getting a "large" response (>5mb) from a REST.

Janis

to me it seems like some windows pathes are guilty, we had found some win 2012 r2 which works and other where more security patches applied dont for some requests and as well problems with windows 2019 server, if some one have some ideas would really appriciate.
Best regards

Paul Jorstad

Oracle SE 18c on Windows Server 2016 Standard - no problems
Oracle SE 19c on Windows Server 2016 Standard - MAC validation failure

Janis

some one have any updates on issue? thanks

Paul Jorstad

Janis, have you opened a SR at Oracle? We have, but it has run for over a month now at severity 2, and the progress is really weak. But I'll post the result here.

user8602157

We also have an open SR with Oracle which is very similar to the problem described. The problem starts to happen when the response is greater than 32KB, if it is smaller than this then there is no problem.
We have no problem on Oracle 11.2.0.4 but do on Oracle 19 on Windows and it doesn't matter if it is Windows 2012 R2 or 2016. We haven't tested other 12 series databases. It also doesn't seem to mater if it is SE2 or Enterprise. This is all on premise so not using cloud.
We think we have tracked the problem down to the database build process. If you upgrade a 11.2 database to 19 then there doesn't seem to be a problem. However a new clean build of the 19 causes the problem. Another observation is on systems with the problem the amount of corruption alternates between a lot and not very much. We have a simple test code which the first time you run it gets a lot of corruption, run it a second time and there is still corruption there but it's only a few odd bytes. Then run it a third time and the corruption is like the first time and it alternates like this.
There is also someone describing the same sort of problem here Oracle 19C - Corrupt webservice response / corrupt file download - Stack Overflow

Paul Jorstad

Thank you user8602157 for input. This thread was actually for the "MAC validation failure", but it might be relevant as well. Because there are something fishy with utl_http over https. I have another SR running for the problem you have. So maybe they are related. We are on version 19.2 now, but will soon upgrade to 19.8. Thanks for the link to the Stack Overflow article as well, highly relevant. Keep us posted :-)

user8602157

With our issue we also sometimes get the "MAC validation failure" as well depending upon how we make the call but our main problem is the corruption. I should have also said we never get the problem when using http.

Paul Jorstad

We have just upgraded from 19.8 to 19.10. We still have MAC verification error, but I'm not able to reproduce the "ORA-29263: HTTP protocol error" which we also got, looks like the same user8602157 describes, with responses bigger than 32K . At least I've not able to reproduce it after the upgrade to 19.10.
So - still working on the MAC verification error then :-/

user8602157

We have been given OOB patch for 19.9 which from our initial testing appears to fix the issue of the corruption and don't get the MAC verification, but that part was intermittent. We did try 19.10 but still got the corruption. Planning to upgrade our development system to 19.9 and apply the OOB patch so the developers can do a more thorough test.

Paul Jorstad

Oracle Support says "As this is not a generic issue from the database end we will not be able reproduce the issue.", meaning there are no errors with the database regarding this. If so, what is it then? Windows? The network? I'm so confused.....

Janis

problem is not on linux so far we had noticed, seems like windows with oracle together is some kinda problem...

Paul Jorstad

Ok, thanks for feedback on that Janis :-)

user8602157

The only information I currently have from Oracle support is "We found a not published BUG from Network team", I am waiting for more details from Oracle support. The patch itself only contains one main file which is oran19.dll. There are no scripts to run on the database afterwards.

Paul Jorstad

ok, that's interesting user8602157. Please let ut know the outcome, and maybe the bugnumber if you have. Also if you can send me your SR-number in PM here, I can update my SR-case with that.

Janis

btw there is patch available for 19.9 and and 19.10 and it seems to work . Apply Patch 32738356
have a good day!

Paul Jorstad

Yes, Janis, I got to know that from Oracle Support too, but we did not manage to apply it, as we got this in the log:
[2021-05-18 11:28:30] Error: prereq checks failed!
[2021-05-18 11:28:30] patch 32738356: XML descriptor does not exist in either the file system or SQL registry
[2021-05-18 11:28:30] Prereq check failed, exiting without installing any patches.
Do you happen to know what this is? (I have of course sent the log to Oracle Support, and awaiting their answer)

Janis

do you have 19.9 or 19.10 version of oracle db? to me all worked nice, only problems still with 19.11. so i rolled some test server back to 19.3 and applied 19.10 and then this patch .

Paul Jorstad

We have 19.10. Nice to know it worked well for you :-) I'm sure we also figure this out.

user8602157

We have also tried this on 19.9 and 19.10 and it has fixed our problem.

user8927736

We still have the problem on 19.11!
What can we do? Rollback to 19.10 or is it possible to Apply Patch 32738356 on a 19.11 DB?

Thanks

Paul Jorstad

@simon-lanzenlechner I would open an SR, as the patch is specified to 19.8 - 19.10 as far as I know. We have 19.10, but have not been able to appply the patch yet, du to errors like "patch 32738356: XML descriptor does not exist in either the file system or SQL registry". Oracle Support are working on it. However, we managed to get the patch "half" in, as the PDB's were patched but not the CDB. I tested the https-calls in a PDB, and were not able to reproduce any issues. So it seems that the patch works, as long as you are able to apply it without errors.

Janis

oracle promised as well patch for 19.11 . but still in progress, but you can try as well on 19.11 that patch maybe help.
Janis

TOM_1502-Oracle

Hi Paul, did you get an answer on this one: "patch 32738356: XML descriptor does not exist in either the file system or SQL registry"? I'm getting something similar.
Thanks,
Tom

Paul Jorstad

Yes, @tom-1502-oracle , just ignore it.
We ran "opatch apply 32738356 -force". I'm not sure if "force" was needed, but that way the patch is not stopped from installing. Ignore any error messages about xml descriptor. After applying, check "opatch -lsinventory" that it is applied. If yes, start the database and run "datapatch -apply 32738356 -force". You will get error messages like:
Error: prereq checks failed!
patch 32738356: Patch directory D:\Oracle\Product\sqlpatch\32738356 does not exist
Prereq check failed, exiting without installing any patches.
BUT - the patch was installed anyway. This is veryh concusing, indeed. But it seems that the issue was solved here.
Good luck!

Dejan T.

There is a bug within that patch 32738356. It seems, a developer did put the value "true" for the Datapatch, but there was no script to execute. The patch contains only a single .dll file.
I stumbled upon that issue and found also the workaround for it. I described it in my blog post:

Patch failing because of Datapatch bug [SQL_PATCH=true] – Oracle Ninja (0 Bytes)

1 - 28

Post Details

Added on Mar 16 2021
28 comments
2,275 views