2

Seemingly randomly I am unable to get a document from DocumentDB. I can be debugging, have it fail with the below message then try again and work. If this has to do with my MAC address i've also tried from a different workstation with the same result.

Microsoft.Azure.Documents.UnauthorizedException, message: {"Errors":["The MAC signature found in the HTTP request is not the same as the computed signature. Server used following string to sign - 'post\ndocs\nmo1oanohoga=\nwed, 25 feb 2015 12:35:57 gmt\n\n'"]}

How do I even go about a) reporting this and b) trying to fathom out what's going on?

Aravind Krishna R.
  • 7,885
  • 27
  • 37
paulinventome
  • 1,047
  • 2
  • 10
  • 11
  • MAC here refers to a [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code). This is a little bit of cryptography that is performed for each request to prove to Cosmos DB that you sent the request and that you knew the secret access key too (close enough). Nothing to do with a [media access control address](https://en.wikipedia.org/wiki/MAC_address) used on network cards. – chwarr Apr 24 '19 at 23:21

5 Answers5

2

I had the same problem. But the error was mine.

To fix i've changed the Uri method.

Before:

this._documentCollectionUri = UriFactory.CreateDocumentUri(this._dataBaseName, this._collectionName, this._dataBaseName);

Now:

this._documentCollectionUri = UriFactory.CreateDocumentCollectionUri(this._dataBaseName, this._collectionName);

a lack of attention or care

flw

Davidson Dd-harlie
  • 151
  • 1
  • 2
  • 9
1

We have confirmed this to be an issue isolated to the North Europe region. We are applying a hotfix to known accounts effected and will be deploying a fix shortly.

If you are NOT in North Europe and are experiencing this issue, or if you continue to see if within 2-3 days of this response, please reach out to us again so we can investigate further.

Ryan CrawCour
  • 2,704
  • 1
  • 19
  • 25
  • I got this error today. I'm in the East US zone. I only got it twice and I can't seem to duplicate now. Is this potentially an intermittent occurrence that I'll need to trap for? – Larry Maccherone Nov 10 '15 at 02:42
1

There seems to be a peculiar regression in the 1.9 version of the SDK that can cause this error to be raised. I appreciate that this has nothing to do with the original question, but if you search for this error you land here, so thought it would be an appropriate place to post it.

This (wrong) code will give different error messages in SDK 1.8 and 1.9:

docClient.CreateDocumentCollectionQuery(
     UriFactory.CreateDocumentCollectionUri(DbName, CollectionName))
  .Where(c => c.Id == CollectionName).ToList().Any()

In 1.8 you will correctly get ResourceType Collection is unexpected.

In 1.9 you will get The MAC signature found in the HTTP request is not the same as the computed signature. Server used following string to sign...

It looks like 1.9 for some reason returns the wrong error message (the one referenced by the OP) but as it is completely misleading you are going to have a hard time tracking down the problem.

To be clear; the code I posted is wrong. The problem I am explaining is that SDK version 1.9 returns the wrong error message.

flytzen
  • 7,348
  • 5
  • 38
  • 54
0

Can you please check if your system clock time is significantly different (< 5 minutes or greater than 20 minutes) from the one returned by the error message? This error can be returned due to clock skew. If that's the case, updating your clock time might resolve this issue.

The DocumentDB client constructs a Message Authentication Code (MAC) using the master key and the timestamp of the request to authenticate requests. The service rejects requests with a MAC outside of a small time window for security reasons.

Aravind Krishna R.
  • 7,885
  • 27
  • 37
  • That's a lovely idea, but no, my local time is pretty much bang on with the time in the message. But then the time in the message, isn't that generated by my local time? So it will be. What i need to know is what the remote time is, perhaps? Having said that the PC syncs with the windows time server, so it should be all okay. I though MAC was my MAC address, there's some acronym clash going on there. So the time thing is interesting but it seems to all be okay, could there be anything like that still going on? The master key is fine, because it works some of the time. But not always. – paulinventome Feb 25 '15 at 18:11
  • We're looking in to this - can you send me your activity Id (from the response headers) via e-mail: andrl {at} microsoft.com – Andrew Liu Feb 25 '15 at 23:09
  • I can confirm that the system clock where the cosmos db emulator is running *must* be the same as the machine that is accessing it. You have to change your server's time zone and then delete the CosmosDBData folder and restart it (inside user/appdata/local). This was a pain to figure out! – Sam Jul 26 '18 at 19:59
0

My previous answer was deleted (I believe, by mistake or misunderstood...)

You can check if you are trying to submit a write operation using a Read-Only key. Trying to write using a Read-only Key throws that exception.

If you are using an static class or method to generate a graph client, is possible that you are using an wrong instance of you client that uses a Read Only key.

Murilo Maciel Curti
  • 2,677
  • 1
  • 21
  • 26