Merge branch 'main' into Branch-CI6197

Author: AmandaAZ

support/azure/automation/runbooks/error-running-powershell-runbook.md

@@ -0,0 +1,40 @@
+---
+title: Troubleshoot Error Codes During Runbook Execution in Azure Automation
+description: Helps you troubleshoot some errors that occur during runbook execution in Azure Automation.
+ms.date: 06/27/2025
+ms.reviewer: adoyle, v-weizhu
+ms.service: azure-automation
+ms.custom: sap:Runbook not working as expected
+---
+# Troubleshoot error codes during runbook execution in Azure Automation
+
+When using runbooks in Azure Automation, you might encounter issues due to runtime or PowerShell exceptions or specific error messages. This article lists some issues and provides solutions to them.
+
+> [!NOTE]
+> Azure Automation enables recovery of runbooks deleted in the last 29 days. You can restore the deleted runbook by running a PowerShell script as a job in your Automation account.  For more information, see [Restore a deleted runbook](/azure/automation/manage-runbooks#restore-deleted-runbook).
+
+## Troubleshoot error messages
+
+Review the following table to resolve runbook execution-related error messages:
+
+|Error|Description|Solution|
+|-----|-----------|
+|Unable to create a new Automation job in the West Europe region.|This issue occurs due to the scalability limits of the Automation service in the West Europe region. |To resolve this issue, follow the steps in [Unable to create new Automation job in West Europe region](/azure/automation/troubleshoot/runbooks#scenario-unable-to-create-new-automation-job-in-west-europe-region).|
+|`The subscription cannot be found.`|This issue can occur when the runbook doesn't use a managed identity to access Azure resources. |To resolve this issue, follow the steps in [Unable to find the Azure subscription](/azure/automation/troubleshoot/runbooks#unable-to-find-subscription).|
+|`Strong authentication enrollment is required.`|If you have multifactor authentication on your Azure account, you can't use a Microsoft Entra user to authenticate to Azure.|To resolve this issue, see [Authentication to Azure fails because multifactor authentication is enabled](/azure/automation/troubleshoot/runbooks#auth-failed-mfa).|
+|Runbook fails with "No permission" or some variation.|The managed identity might not have the same permissions to Azure resources as your current account.|Make sure that your managed identity [has permission to access any resources](/azure/role-based-access-control/role-assignments-portal) used in your script.|
+|Error: "429: The request rate is currently too large. Please try again."|This error can occur when retrieving job output from a runbook that has many verbose streams.|To resolve this error, see [The request rate is too large](/azure/automation/troubleshoot/runbooks#429).|
+|`400 Bad Request.`|A "400 Bad Request" error can occur for several reasons. First, verify if the runbook works outside of Azure Automation. Typically, the runbook code doesn't work with this error due to:<br><br>- Missing values.<br>- Wrong values being passed.<br>- Older modules being used.<br>- A referenced resource being disabled; for example, the runbook calls a disabled or expired webhook.|To resolve this error, see [400 Bad Request status when calling a webhook](/azure/automation/troubleshoot/runbooks#expired%20webhook).|
+|`Resource not found.`|Check the values provided for the resource. |The three values to check are:<br><br>- Resource name<br>- Resource group name<br>- Subscription<br><br>Confirm that the runbook has permissions in the subscription that contains the resource. To change the subscription, you can use the `Set-AzContext` or `az account set` command together with the `-DefaultProfile` parameter. Many commands provide a subscription parameter that allows a different subscription to be used than the current one.<br>Sign in to the Microsoft Azure portal. Find the resource being used and examine the resource name, resource group, and subscription.|
+
+If none of these solutions addresses your issue, see [Troubleshoot runbook issues](/azure/automation/troubleshoot/runbooks).
+
+> [!NOTE]
+> Before opening a case, follow the steps in [Data to collect when opening a case for Azure Automation](/azure/automation/troubleshoot/collect-data-microsoft-azure-automation-case). This process will help us resolve your case as quickly as possible. 
+
+## References
+
+- [Start a runbook in Azure Automation](/azure/automation/start-runbooks)
+- [Run Automation runbooks on a Hybrid Runbook Worker](/azure/automation/automation-hrw-run-runbooks)
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/azure/automation/toc.yml

@@ -2,6 +2,8 @@
   href: welcome-automation.yml
 - name: Runbook not working as expected
   items:
+  - name: Troubleshoot error codes during runbook execution
+    href: runbooks/error-running-powershell-runbook.md
   - name: Runbook jobs get suspended
     href: runbooks/runbook-job-suspended.md
   - name: Troubleshoot issues with python packages

support/azure/automation/welcome-automation.yml

@@ -21,9 +21,11 @@ landingContent:
   - title: Runbook not working as expected
     linkLists:
       - linkListType: how-to-guide
-        links:                                                         
+        links:    
           - text: Runbook jobs get suspended
-            url: runbooks/runbook-job-suspended.md   
+            url: runbooks/runbook-job-suspended.md     
+          - text: Troubleshoot error codes during runbook execution
+            url: runbooks/error-running-powershell-runbook.md   
           - text: Troubleshoot issues with python packages
             url: runbooks/error-running-python-runbook.md
           - text: Troubleshoot issues with runbook execution start time

support/windows-server/remote/media/remote-desktop-listener-certificate-configurations/thumbprint-property-windows11.png

@@ -1,7 +1,7 @@
 ---
 title: Remote Desktop listener certificate configurations
 description: Describes the methods to configure RDP listener certificates in Windows Server 2012 R2 and Windows Server 2012.
-ms.date: 06/17/2025
+ms.date: 06/27/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
@@ -13,41 +13,34 @@ zone_pivot_groups: rdp-windows-server-versions
 ---
 # Remote Desktop listener certificate configurations
 
-This article describes the methods to configure listener certificates on a Windows Server that is not part of a Remote Desktop Services (RDS) deployment.
+This article describes the methods to configure listener certificates on a Windows Server that isn't part of a Remote Desktop Services (RDS) deployment.
 
 _Original KB number:_   3042780
 
 ## About Remote Desktop server listener availability
 
-The listener component runs on the Remote Desktop server and is responsible for listening to and accepting new Remote Desktop Protocol (RDP) client connections. This lets users establish new remote sessions on the Remote Desktop server. There is a listener for each Remote Desktop Services connection that exists on the Remote Desktop server. Connections can be created and configured by using the Remote Desktop Services Configuration tool.
+The listener component runs on the Remote Desktop server and is responsible for listening to and accepting new Remote Desktop Protocol (RDP) client connections. This lets users establish new remote sessions on the Remote Desktop server. There's a listener for each Remote Desktop Services connection that exists on the Remote Desktop server. Connections can be created and configured by using the Remote Desktop Services Configuration tool.
 
 ## Configure Remote Desktop server listener certificate
 
-The MMC method is not available starting from Windows Server 2012 or Windows Server 2012 R2. However, you can always configure the RDP listener by using WMI or the registry.
+### [WMI](#tab/wmi)
 
-::: zone pivot="windows-server-pre-2012"
-
-### [MMC](#tab/mmc)
-
-The Remote Desktop Configuration Manager MMC snap-in enables you direct access to the RDP listener. In the snap-in, you can bind a certificate to the listener and in turn, enforce SSL security for the RDP sessions.
-
-::: zone-end
-
-### [Windows Management Instrumentation (WMI)](#tab/wmi)
-
-The configuration data for the RDS listener is stored in the `Win32_TSGeneralSetting` class in WMI under the `Root\CimV2\TerminalServices` namespace.
+The configuration data for the RDS listener is stored in the `Win32_TSGeneralSetting` class in Windows Management Instrumentation (WMI) under the `Root\CimV2\TerminalServices` namespace.
 
 The certificate for the RDS listener is referenced through the **Thumbprint** value of that certificate on a **SSLCertificateSHA1Hash** property. The thumbprint value is unique to each certificate.
 
 > [!NOTE]
-> Before you run the wmic commands, the certificate that you want to use must be imported to the Personal certificate store for the computer account. If you do not import the certificate, you will receive an **Invalid Parameter** error.
+> Before you run the commands, the certificate that you want to use must be imported to the **Personal** certificate store for the computer account (via `certlm.msc`). If you don't import the certificate, you'll receive an **Invalid Parameter** error.
 
 To configure a certificate by using WMI, follow these steps:
 
 1. Open the properties dialog for your certificate and select the **Details** tab.
-2. Scroll down to the **Thumbprint** field and copy the space delimited hexadecimal string into something like Notepad.
 
-   The following screenshot is an example of the certificate thumbprint in the **Certificate** properties:
+::: zone pivot="windows-server-pre-2012"
+
+2. Scroll down to the **Thumbprint** field and copy the space-delimited hexadecimal string into something like Notepad.
+
+   The following screenshot shows an example of the certificate thumbprint in the **Certificate** properties:
 
    :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-property.png" alt-text="An example of the certificate thumbprint in the Certificate properties.":::
 
@@ -61,47 +54,65 @@ To configure a certificate by using WMI, follow these steps:
 
    Make sure that this ASCII character is removed before you run the command to import the certificate.
 
-3. Remove all spaces from the string. There may be an invisible ACSII character that is also copied. This is not visible in Notepad. The only way to validate is to copy directly into the Command Prompt window.
+3. Remove all spaces from the string. There may be an invisible ACSII character that is also copied. This character isn't visible in Notepad. To validate the string, copy the string directly into the Command Prompt window.
 
-4. At command prompt, run the following wmic command together with the thumbprint value that you obtain in step 3:
-
-::: zone pivot="windows-server-pre-2012"
+4. At command prompt, run the following `wmic` command together with the thumbprint value that you obtain in step 3:
 
    ```console
    wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
    ```
 
+    The following screenshot shows a successful example:
+
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the `wmic` command together with the thumbprint value that you obtain in step 3." border="false":::
+
 ::: zone-end
 ::: zone pivot="windows-server-2012"
 
+2. Scroll down to the **Thumbprint** field and copy the space-delimited hexadecimal string into a text editor like Notepad.
+
+   The following screenshot shows an example of the certificate thumbprint in the **Certificate** properties:
+
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-property.png" alt-text="An example of the certificate thumbprint in the Certificate properties.":::
+
+   When you copy the string into Notepad, it should look like the following screenshot:
+
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-string-in-notepad.png" alt-text="Copy and paste the thumbprint string into Notepad.":::
+
+   After you remove the spaces in the string, it still contains an invisible ASCII character that is only visible at the command prompt. The following screenshot shows an example:
+
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/ascii-character-in-command-prompt.png" alt-text="The invisible ASCII character that is only shown at the command prompt." border="false":::
+
+   Ensure that this ASCII character is removed before you run the command to import the certificate.
+
+3. Remove all spaces from the string. There might be an invisible ACSII character that is also copied. This character isn't visible in Notepad. To validate the string, copy the string directly into the Command Prompt window.
+
+4. At command prompt, run the following `wmic` command together with the thumbprint value that you obtain in step 3:
+
    ```console
    wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
    ```
 
-::: zone-end
-::: zone pivot="windows-11-or-server-2025"
+    The following screenshot shows a successful example:
 
-   ```console
-   Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices | Set-WmiInstance -Arguments @{SSLCertificateSHA1Hash="THUMBPRINT"}
-   ```
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the `wmic` command together with the thumbprint value that you obtain in step 3." border="false":::
 
 ::: zone-end
+::: zone pivot="windows-11-or-server-2025"
 
-   The following screenshot is a successful example:
+2. Scroll down to the **Thumbprint** field and copy it. The following screenshot is an example of the certificate thumbprint in the **Certificate** properties:
 
-::: zone pivot="windows-server-pre-2012"
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/thumbprint-property-windows11.png" alt-text="An example of the certificate thumbprint in the Certificate properties.":::
 
-   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the wmic command together with the thumbprint value that you obtain in step 3." border="false":::
+3. At command prompt, run the following PowerShell command together with the thumbprint value that you obtain in step 2:
 
-::: zone-end
-::: zone pivot="windows-server-2012"
+   ```console
+   Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices | Set-WmiInstance -Arguments @{SSLCertificateSHA1Hash="THUMBPRINT"}
+   ```
 
-   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-wmic-commands.png" alt-text="A successful example of running the wmic command together with the thumbprint value that you obtain in step 3." border="false":::
+    The following screenshot shows a successful example:
 
-::: zone-end
-::: zone pivot="windows-11-or-server-2025"
-
-   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-powershell-commands.png" alt-text="A successful example of running the powershell command together with the thumbprint value that you obtain in step 3." border="false":::
+   :::image type="content" source="./media/remote-desktop-listener-certificate-configurations/successful-example-to-run-powershell-commands.png" alt-text="A successful example of running the PowerShell command together with the thumbprint value that you obtain in step 2." border="false":::
 
 ::: zone-end
 
@@ -134,14 +145,30 @@ To configure a certificate by using registry editor, follow these steps:
 
    To change the permissions, follow these steps on the Certificates snap-in for the local computer:
 
-   1. Click **Start**, click **Run**, type *mmc*, and then click **OK**.
-   2. On the **File** menu, click **Add/Remove Snap-in**.
-   3. In the **Add or Remove Snap-ins**  dialog box, on the **Available snap-ins** list, click **Certificates**, and then click **Add**.
-   4. In the **Certificates** snap-in dialog box, click **Computer account**, and then click **Next**.
-   5. In the **Select Computer** dialog box, click **Local computer: (the computer this console is running on)**, and then click **Finish**.
-   6. In the **Add or Remove Snap-ins** dialog box, click **OK**.
+   1. Select **Start**, select **Run**, type *mmc*, and then select **OK**.
+   2. On the **File** menu, select **Add/Remove Snap-in**.
+   3. In the **Add or Remove Snap-ins**  dialog box, on the **Available snap-ins** list, select **Certificates**, and then select **Add**.
+   4. In the **Certificates** snap-in dialog box, select **Computer account**, and then select **Next**.
+   5. In the **Select Computer** dialog box, select **Local computer: (the computer this console is running on)**, and then select **Finish**.
+   6. In the **Add or Remove Snap-ins** dialog box, select **OK**.
    7. In the **Certificates** snap-in, on the console tree, expand **Certificates (Local Computer)**, expand **Personal**, and then select the SSL certificate that you want to use.
    8. Right-click the certificate, select **All Tasks**, and then select **Manage Private Keys**.
-   9. In the **Permissions** dialog box, click **Add**, type *NETWORK SERVICE*, click **OK**, select **Read** under the **Allow** check box, and then click **OK**.
+   9. In the **Permissions** dialog box, select **Add**, type *NETWORK SERVICE*, select **OK**, select **Read** under the **Allow** check box, and then select **OK**.
 
----
+### [MMC](#tab/mmc)
+
+::: zone pivot="windows-server-pre-2012"
+
+The Remote Desktop Configuration Manager Microsoft Management Console (MMC) snap-in enables you direct access to the RDP listener. In the snap-in, you can bind a certificate to the listener and in turn, enforce SSL security for the RDP sessions.
+
+::: zone-end
+::: zone pivot="windows-server-2012"
+
+The Microsoft Management Console (MMC) method isn't available starting from Windows Server 2012 or Windows Server 2012 R2. However, you can always configure the RDP listener by using WMI or the registry.
+
+::: zone-end
+::: zone pivot="windows-11-or-server-2025"
+
+The Microsoft Management Console (MMC) method isn't available starting from Windows Server 2012 or Windows Server 2012 R2. However, you can always configure the RDP listener by using WMI or the registry.
+
+::: zone-end