Found the issue ...
Two things:
1. for some reason the RPC method handler keeps going even if there is a deserialization error. that looks like a bug to me.
2. I realised I need to encode the transaction ID as string but counter-intuitively, it is not actually "encoded" as string (which would usually be hex), it is simply the transaction ID's bytes treated as UTF8 even though they are not valid utf8.