Merge branch 'main' into Branch-PostEdit

Author: AmandaAZ

.openpublishing.redirection.json

@@ -13679,6 +13679,10 @@
     {
       "source_path": "support/dynamics/gp/suta-futa-taxable-wages-are-off.md",
       "redirect_url": "/troubleshoot/dynamics/gp/welcome-gp"
+    },
+    {
+      "source_path": "support/windows-server/active-directory/dcs-cannot-be-located-high-rate-outbound-sessions.md",
+      "redirect_url": "/troubleshoot/windows-server/user-profiles-and-logon/dcs-cannot-be-located-high-rate-outbound-sessions"
     }
   ]
 }

support/azure/azure-kubernetes/create-upgrade-delete/429-too-many-requests-errors.md

@@ -82,7 +82,6 @@ For an AKS cluster, you can use [AKS Diagnose and Solve Problems](/azure/aks/aks
   - Host: The host where HTTP status 429 responses were detected. Azure Resource Manager throttles come from `management.azure.com`; anything else is a lower-layer resource provider.
   - User agent: Requests with a specified user agent that were throttled.
   - Operation: Operations where HTTP status 429 responses were detected.
-  - Client IP: The client IP address that sent the throttled requests.
 
 Request throttling can be caused by a combination of any cluster in this subscription, not just the request rate for this cluster.
 

support/azure/azure-kubernetes/storage/mountoptions-settings-azure-files.md

@@ -1,7 +1,7 @@
 ---
 title: Recommended and useful mountOptions settings on Azure Files
 description: Learn about the useful and recommended mountOptions settings when you configure the storage class object on Azure Files.
-ms.date: 04/25/2025
+ms.date: 04/27/2025
 ms.reviewer: chiragpa, nickoman, v-leedennis
 ms.service: azure-kubernetes-service
 #Customer intent: As an Azure Kubernetes user, I want to learn about mount option settings so that I can set up my Azure Files storage class object optimally on my Azure Kubernetes Service (AKS) cluster.
@@ -13,54 +13,56 @@ This article discusses recommended mount options when you configure the storage
 
 ## Recommended settings
 
-The following `mountOptions` are recommended for SMB and NFS shares:
+The following `mountOptions` settings are recommended for Server Message Block (SMB) and Network File System (NFS) shares:
 
-**SMB shares**
+- **SMB shares**
 
-```yaml
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: azurefile-csi
-provisioner: file.csi.azure.com
-allowVolumeExpansion: true
-parameters:
-  skuName: Premium_LRS  # available values: Premium_LRS, Premium_ZRS, Standard_LRS, Standard_GRS, Standard_ZRS, Standard_RAGRS, Standard_RAGZRS
-reclaimPolicy: Delete
-volumeBindingMode: Immediate
-mountOptions:
-  - dir_mode=0777  # modify this permission if you want to enhance the security
-  - file_mode=0777 # modify this permission if you want to enhance the security
-  - mfsymlinks    # support symbolic links
-  - cache=strict  # https://linux.die.net/man/8/mount.cifs
-  - nosharesock  # reduces probability of reconnect race
-  - actimeo=30  # reduces latency for metadata-heavy workload
-  - nobrl  # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
-```
+    ```yaml
+    apiVersion: storage.k8s.io/v1
+    kind: StorageClass
+    metadata:
+      name: azurefile-csi
+    provisioner: file.csi.azure.com
+    allowVolumeExpansion: true
+    parameters:
+      skuName: Premium_LRS  # available values: Premium_LRS, Premium_ZRS, Standard_LRS, Standard_GRS, Standard_ZRS, Standard_RAGRS, Standard_RAGZRS
+    reclaimPolicy: Delete
+    volumeBindingMode: Immediate
+    mountOptions:
+      - dir_mode=0777  # modify this permission if you want to enhance the security
+      - file_mode=0777 # modify this permission if you want to enhance the security
+      - mfsymlinks    # support symbolic links
+      - cache=strict  # https://linux.die.net/man/8/mount.cifs
+      - nosharesock  # reduces probability of reconnect race
+      - actimeo=30  # reduces latency for metadata-heavy workload
+      - nobrl  # disable sending byte range lock requests to the server and for applications which have challenges with posix locks
+    ```
 
-**NFS shares**
+- **NFS shares**
 
-```yaml
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: azurefile-csi-nfs
-provisioner: file.csi.azure.com
-parameters:
-  protocol: nfs
-  skuName: Premium_LRS     # available values: Premium_LRS, Premium_ZRS
-reclaimPolicy: Delete
-volumeBindingMode: Immediate
-allowVolumeExpansion: true
-mountOptions:
-  - nconnect=4  # improves performance by enabling multiple connections to share
-  - noresvport  # improves availability
-  - actimeo=30  # reduces latency for metadata-heavy workloads
-```
+    ```yaml
+    apiVersion: storage.k8s.io/v1
+    kind: StorageClass
+    metadata:
+      name: azurefile-csi-nfs
+    provisioner: file.csi.azure.com
+    parameters:
+      protocol: nfs
+      skuName: Premium_LRS     # available values: Premium_LRS, Premium_ZRS
+    reclaimPolicy: Delete
+    volumeBindingMode: Immediate
+    allowVolumeExpansion: true
+    mountOptions:
+      - nconnect=4  # improves performance by enabling multiple connections to share
+      - noresvport  # improves availability
+      - actimeo=30  # reduces latency for metadata-heavy workloads
+    ```
 
 > [!NOTE]
-> The location to configure mount options (mountOptions) depends on whether you're provisioning dynamic or static persistent volumes. If you're [dynamically provisioning a volume](/azure/aks/azure-csi-files-storage-provision#dynamically-provision-a-volume) with a storage class, specify the mount options on the storage class object (kind: StorageClass). If you’re [statically provisioning a volume](/azure/aks/azure-csi-files-storage-provision#statically-provision-a-volume), specify the mount options on the PersistentVolume object (kind: PersistentVolume). If you’re [mounting the file share as an inline volume](/azure/aks/azure-csi-files-storage-provision#mount-file-share-as-an-inline-volume), specify the mount options on the Pod object (kind: Pod).
+> The location for configuring mount options (`mountOptions`) depends on whether you provision dynamic or static persistent volumes. If you [dynamically provision a volume](/azure/aks/azure-csi-files-storage-provision#dynamically-provision-a-volume) with a storage class, specify the mount options on the storage class object (`kind: StorageClass`). If you [statically provision a volume](/azure/aks/azure-csi-files-storage-provision#statically-provision-a-volume), specify the mount options on the `PersistentVolume` object (`kind: PersistentVolume`). If you [mount the file share as an inline volume](/azure/aks/azure-csi-files-storage-provision#mount-file-share-as-an-inline-volume), specify the mount options on the `Pod` object (`kind: Pod`).
 
-For best practices when using Azure Files, see [Provision Azure Files storage](/azure/aks/azure-csi-files-storage-provision#best-practices).
+## More information
+
+For Azure Files best practices, see [Provision Azure Files storage](/azure/aks/azure-csi-files-storage-provision#best-practices).
 
 [!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/azure/azure-storage/files/file-sync/file-sync-troubleshoot-installation.md

@@ -175,6 +175,38 @@ When registering a server using *ServerRegistration.exe*, some resource groups a
 
 This issue occurs due to a known issue that has been fixed in File Sync Agent v19.1. To resolve this issue, install the latest version of the agent.
 
+
+
+**Server Registration displays the following message: "System.Net.Http, Version=4.2.0.0, Culture=neutral, PublicKeyToken=..."**
+
+This error occurs when the required version of the .NET Framework is missing on the server. Azure File Sync's server registration requires **.NET Framework 4.7.2. or higher** to function properly. 
+
+To resolve the issue:
+1. Downland and install .NET Framework 4.7.2. or higher.
+2. Restart the server after installation.
+3. Retry the server registration using the Server Registration UI or PowerShell.
+
+
+
+**Server registration fails with error: operation returned an invalid status code 'Unauthorized'**
+
+During server registration, if you encounter the following error:
+`Operation returned an invalid status code 'Unauthorized'`
+
+This issue occurs when authentication with Azure fails during the registration process. To resolve this issue: 
+
+Manually register the server using PowerShell:
+
+```powershell
+Connect-AzAccount -Subscription "<your-subscription-guid>" -Tenant "<your-tenant-guid>"
+Register-AzStorageSyncServer -ResourceGroupName "<your-resource-group-name>" -StorageSyncServiceName "<your-storage-sync-service-name>"
+```
+
+Replace the placeholder values with your subscription ID, tenant ID, resource group name, and Storage Sync Service name.
+
+After completing the manual registration, verify that the server appears under Registered servers in the Azure portal.
+
+
 <a id="server-already-registered"></a>**Server Registration displays the following message: "This server is already registered"**
 
 :::image type="content" source="media/file-sync-troubleshoot-installation/server-already-registered-error.png" alt-text="Screenshot that shows the Server Registration dialog box with the 'server is already registered' error message.":::

support/azure/virtual-machines/linux/serial-console-linux.md

@@ -33,25 +33,18 @@ For Serial Console documentation for Windows, see [Serial Console for Windows](.
 > [!NOTE]
 > Serial Console is compatible with a managed boot diagnostics storage account.
 
-## Prerequisites
+## Prerequisites to access the Azure Serial Console
 
-- Your VM or virtual machine scale set instance must use the resource management deployment model. Classic deployments aren't supported.
+To access the Serial Console on your VM or virtual machine scale set instance, you will need the following:
 
-- Your account that uses serial console must have the [Virtual Machine Contributor role](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) for the VM and the [boot diagnostics](../windows/boot-diagnostics.md) storage account
+- Boot diagnostics must be enabled for the VM.
+- A user account that uses password authentication must exist within the VM. You can create a password-based user with the [reset password](/azure/virtual-machines/extensions/vmaccess#reset-password) function of the VM access extension. Select **Reset password** from the **Help** section.
+- The Azure account accessing Serial Console must have [Virtual Machine Contributor role](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) for both the VM and the [boot diagnostics](../windows/boot-diagnostics.md) storage account.
+- Classic deployments aren't supported. Your VM or virtual machine scale set instance must use the Azure Resource Manager deployment model.
+- Serial Console is not supported when the storage account has **Allow storage account key access** disabled.
 
-- Your VM or virtual machine scale set instance must have a password-based user. You can create one with the [reset password](/azure/virtual-machines/extensions/vmaccess#reset-password) function of the VM access extension. Select **Reset password** from the **Help** section.
-
-- Your VM or virtual machine scale set instance must have [boot diagnostics](../windows/boot-diagnostics.md) enabled.
-
-    :::image type="content" source="media/serial-console-linux/diagnostics-settings.png" alt-text="Screenshot of the Diagnostics settings page in Azure portal. The Boot diagnostics option is enabled.":::
-
-- For settings specific to Linux distributions, see [Serial console Linux distribution availability](#serial-console-linux-distribution-availability).
-
-- Your VM or virtual machine scale set instance must be configured for serial output on `ttys0`. This is the default for Azure images, but you will want to double check this on custom images. Details [below](#custom-linux-images).
-
-> [!NOTE]
-> The serial console requires a local user with a configured password. VMs or virtual machine scale sets configured only with an SSH public key won't be able to sign in to the serial console. To create a local user with a password, use the [VMAccess Extension](/azure/virtual-machines/extensions/vmaccess), which is available in the portal by selecting **Reset password** in the Azure portal, and create a local user with a password.
-> You can also reset the administrator password in your account by [using GRUB to boot into single user mode](./serial-console-grub-single-user-mode.md).
+> [!IMPORTANT]
+> Serial Console is now compatible with [managed boot diagnostics storage accounts](../windows/boot-diagnostics.md) and custom storage account firewalls.
 
 ## Serial Console Linux distribution availability
 
@@ -143,7 +136,7 @@ After the IP addresses are successfully added to the storage account firewall, r
 
 ### Access security
 
-Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multi-factor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
+Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multifactor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
 
 ### Channel security
 

support/azure/virtual-machines/linux/troubleshoot-ssh-connection.md

@@ -81,7 +81,7 @@ Use Network Watcher's [Next hop](/azure/network-watcher/diagnose-vm-network-rout
 
 ## Use the Azure VM Serial Console
 
-The [Azure VM Serial Console](./serial-console-linux.md) provides access to a text-based console for Linux virtual machines. You can use the console to troubleshoot your SSH connection in an interactive shell. Ensure you have met the [prerequisites](./serial-console-linux.md#prerequisites) for using Serial Console and try the commands below to further troubleshoot your SSH connectivity.
+The [Azure VM Serial Console](./serial-console-linux.md) provides access to a text-based console for Linux virtual machines. You can use the console to troubleshoot your SSH connection in an interactive shell. Ensure you have met the [prerequisites](./serial-console-linux.md#prerequisites-to-access-the-azure-serial-console) for using Serial Console and try the commands below to further troubleshoot your SSH connectivity.
 
 ### Check that SSH service is running
 

support/azure/virtual-machines/windows/breadcrumb/toc.yml

@@ -65,4 +65,4 @@
         topicHref: /troubleshoot/azure/virtual-machines/windows/welcome-virtual-machines-windows
       - name: Virtual Machine running Windows
         tocHref: /troubleshoot/windows-server/installing-updates-features-roles/
-        topicHref: /troubleshoot/azure/virtual-machines/windows/welcome-virtual-machines-windows
+        topicHref: /troubleshoot/azure/virtual-machines/windows/welcome-virtual-machines-windows

support/azure/virtual-machines/windows/serial-console-windows.md

@@ -33,8 +33,6 @@ For serial console documentation for Linux, see [Azure Serial Console for Linux]
 > [!NOTE]
 > Serial Console is compatible with a managed boot diagnostics storage account.
 
-[Prerequisites to access the Azure Serial Console](serial-console-overview.md#prerequisites-to-access-the-azure-serial-console)
-
 ## Prerequisites
 
 The prerequisites to access the Azure Serial Console can be found [here](serial-console-overview.md#prerequisites-to-access-the-azure-serial-console).
@@ -191,7 +189,7 @@ After the IP addresses are successfully added to the storage account firewall, r
 
 ### Access security
 
-Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multi-factor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
+Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multifactor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
 
 ### Channel security
 
@@ -209,7 +207,7 @@ The Azure portal or [Azure CLI](/cli/azure/serial-console) act as remote termina
 
 ### Audit logs
 
-All access to the serial console is currently logged in the [boot diagnostics](./boot-diagnostics.md) logs of the virtual machine. Access to these logs are owned and controlled by the Azure virtual machine administrator.
+All access to the serial console is currently logged in the [boot diagnostics](./boot-diagnostics.md) logs of the virtual machine. Access to these logs is owned and controlled by the Azure virtual machine administrator.
 
 > [!CAUTION]
 > No access passwords for the console are logged. However, if commands run within the console contain or output passwords, secrets, user names, or any other form of personally identifiable information (PII), those will be written to the VM boot diagnostics logs. They will be written along with all other visible text, as part of the implementation of the serial console's scroll back function. These logs are circular and only individuals with read permissions to the diagnostics storage account have access to them. However, we recommend following the best practice of using the Remote Desktop for anything that may involve secrets and/or PII.
@@ -237,7 +235,7 @@ The serial console has screen reader support built in. Navigating around with a
 
 Scenario          | Actions in the serial console
 :------------------|:-----------------------------------------
-Incorrect firewall rules | Access serial console and fix Windows firewall rules.
+Incorrect firewall rules | Access Serial Console and fix Windows Firewall rules.
 Filesystem corruption/check | Access the serial console and recover the filesystem.
 RDP configuration issues | Access the serial console and change the settings. For more information, see the [RDP documentation](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access).
 Network lock down system | Access the serial console from the Azure portal to manage the system. Some network commands are listed in [Windows commands: CMD and PowerShell](serial-console-cmd-ps-commands.md).
@@ -255,7 +253,7 @@ SAC does not take up the entire Serial Console area in the browser | This is a k
 Unable to type at SAC prompt if kernel debugging is enabled. | RDP to VM and run `bcdedit /debug {current} off` from an elevated command prompt. If you can't RDP, you can instead attach the OS disk to another Azure VM and modify it while attached as a data disk by running `bcdedit /store <drive letter of data disk>:\boot\bcd /debug <identifier> off`, then swapping the disk back.
 Pasting into PowerShell in SAC results in a third character if the original content had a repeating character. | For a workaround, run `Remove-Module PSReadLine` to unload the PSReadLine module from the current session. This action will not delete or uninstall the module.
 Some keyboard inputs produce strange SAC output (for example, **[A**, **[3~**). | [VT100](/windows/console/console-virtual-terminal-sequences) escape sequences aren't supported by the SAC prompt.
-Pasting long strings doesn't work. | The serial console limits the length of strings pasted into the terminal to 2048 characters to prevent overloading the serial port bandwidth.
+Pasting long strings doesn't work. | The serial console limits the length of strings pasted into the terminal to 2,048 characters to prevent overloading the serial port bandwidth.
 
 ## Frequently asked questions