Merge pull request #8822 from MicrosoftDocs/main

Auto push to live 2025-04-28 10:35:22

Author: Deland-Han

.openpublishing.redirection.json

@@ -13679,6 +13679,10 @@
     {
       "source_path": "support/dynamics/gp/suta-futa-taxable-wages-are-off.md",
       "redirect_url": "/troubleshoot/dynamics/gp/welcome-gp"
+    },
+    {
+      "source_path": "support/windows-server/active-directory/dcs-cannot-be-located-high-rate-outbound-sessions.md",
+      "redirect_url": "/troubleshoot/windows-server/user-profiles-and-logon/dcs-cannot-be-located-high-rate-outbound-sessions"
     }
   ]
 }

support/azure/azure-kubernetes/create-upgrade-delete/429-too-many-requests-errors.md

@@ -82,7 +82,6 @@ For an AKS cluster, you can use [AKS Diagnose and Solve Problems](/azure/aks/aks
   - Host: The host where HTTP status 429 responses were detected. Azure Resource Manager throttles come from `management.azure.com`; anything else is a lower-layer resource provider.
   - User agent: Requests with a specified user agent that were throttled.
   - Operation: Operations where HTTP status 429 responses were detected.
-  - Client IP: The client IP address that sent the throttled requests.
 
 Request throttling can be caused by a combination of any cluster in this subscription, not just the request rate for this cluster.
 

support/azure/virtual-machines/linux/serial-console-linux.md

@@ -33,25 +33,18 @@ For Serial Console documentation for Windows, see [Serial Console for Windows](.
 > [!NOTE]
 > Serial Console is compatible with a managed boot diagnostics storage account.
 
-## Prerequisites
+## Prerequisites to access the Azure Serial Console
 
-- Your VM or virtual machine scale set instance must use the resource management deployment model. Classic deployments aren't supported.
+To access the Serial Console on your VM or virtual machine scale set instance, you will need the following:
 
-- Your account that uses serial console must have the [Virtual Machine Contributor role](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) for the VM and the [boot diagnostics](../windows/boot-diagnostics.md) storage account
+- Boot diagnostics must be enabled for the VM.
+- A user account that uses password authentication must exist within the VM. You can create a password-based user with the [reset password](/azure/virtual-machines/extensions/vmaccess#reset-password) function of the VM access extension. Select **Reset password** from the **Help** section.
+- The Azure account accessing Serial Console must have [Virtual Machine Contributor role](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) for both the VM and the [boot diagnostics](../windows/boot-diagnostics.md) storage account.
+- Classic deployments aren't supported. Your VM or virtual machine scale set instance must use the Azure Resource Manager deployment model.
+- Serial Console is not supported when the storage account has **Allow storage account key access** disabled.
 
-- Your VM or virtual machine scale set instance must have a password-based user. You can create one with the [reset password](/azure/virtual-machines/extensions/vmaccess#reset-password) function of the VM access extension. Select **Reset password** from the **Help** section.
-
-- Your VM or virtual machine scale set instance must have [boot diagnostics](../windows/boot-diagnostics.md) enabled.
-
-    :::image type="content" source="media/serial-console-linux/diagnostics-settings.png" alt-text="Screenshot of the Diagnostics settings page in Azure portal. The Boot diagnostics option is enabled.":::
-
-- For settings specific to Linux distributions, see [Serial console Linux distribution availability](#serial-console-linux-distribution-availability).
-
-- Your VM or virtual machine scale set instance must be configured for serial output on `ttys0`. This is the default for Azure images, but you will want to double check this on custom images. Details [below](#custom-linux-images).
-
-> [!NOTE]
-> The serial console requires a local user with a configured password. VMs or virtual machine scale sets configured only with an SSH public key won't be able to sign in to the serial console. To create a local user with a password, use the [VMAccess Extension](/azure/virtual-machines/extensions/vmaccess), which is available in the portal by selecting **Reset password** in the Azure portal, and create a local user with a password.
-> You can also reset the administrator password in your account by [using GRUB to boot into single user mode](./serial-console-grub-single-user-mode.md).
+> [!IMPORTANT]
+> Serial Console is now compatible with [managed boot diagnostics storage accounts](../windows/boot-diagnostics.md) and custom storage account firewalls.
 
 ## Serial Console Linux distribution availability
 
@@ -143,7 +136,7 @@ After the IP addresses are successfully added to the storage account firewall, r
 
 ### Access security
 
-Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multi-factor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
+Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multifactor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
 
 ### Channel security
 

support/azure/virtual-machines/linux/troubleshoot-ssh-connection.md

@@ -81,7 +81,7 @@ Use Network Watcher's [Next hop](/azure/network-watcher/diagnose-vm-network-rout
 
 ## Use the Azure VM Serial Console
 
-The [Azure VM Serial Console](./serial-console-linux.md) provides access to a text-based console for Linux virtual machines. You can use the console to troubleshoot your SSH connection in an interactive shell. Ensure you have met the [prerequisites](./serial-console-linux.md#prerequisites) for using Serial Console and try the commands below to further troubleshoot your SSH connectivity.
+The [Azure VM Serial Console](./serial-console-linux.md) provides access to a text-based console for Linux virtual machines. You can use the console to troubleshoot your SSH connection in an interactive shell. Ensure you have met the [prerequisites](./serial-console-linux.md#prerequisites-to-access-the-azure-serial-console) for using Serial Console and try the commands below to further troubleshoot your SSH connectivity.
 
 ### Check that SSH service is running
 

support/azure/virtual-machines/windows/serial-console-windows.md

@@ -33,17 +33,18 @@ For serial console documentation for Linux, see [Azure Serial Console for Linux]
 > [!NOTE]
 > Serial Console is compatible with a managed boot diagnostics storage account.
 
-## Prerequisites
+## Prerequisites to access the Azure Serial Console
 
-* Your VM or virtual machine scale set instance must use the resource management deployment model. Classic deployments aren't supported.
+To access the Serial Console on your VM or virtual machine scale set instance, you will need the following:
 
-* Your account that uses serial console must have the [Virtual Machine Contributor role](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) for the VM and the [boot diagnostics](boot-diagnostics.md) storage account
+- Boot diagnostics must be enabled for the VM.
+- A user account that uses password authentication must exist within the VM. You can create a password-based user with the [reset password](/azure/virtual-machines/extensions/vmaccess#reset-password) function of the VM access extension. Select **Reset password** from the **Help** section.
+- The Azure account accessing Serial Console must have [Virtual Machine Contributor role](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) for both the VM and the [boot diagnostics](boot-diagnostics.md) storage account.
+- Classic deployments aren't supported. Your VM or virtual machine scale set instance must use the Azure Resource Manager deployment model.
+- Serial Console is not supported when the storage account has **Allow storage account key access** disabled.
 
-* Your VM or virtual machine scale set instance must have a password-based user. You can create one with the [reset password](/azure/virtual-machines/extensions/vmaccess#reset-password) function of the VM access extension. Select **Reset password** from the **Help** section.
-
-* The VM for virtual machine scale set instance must have [boot diagnostics](boot-diagnostics.md) enabled.
-
-    :::image type="content" source="media/serial-console-windows/diagnostics-settings.png" alt-text="Screenshot of the Boot diagnostics option under the Diagnostics settings.":::
+> [!IMPORTANT]
+> Serial Console is now compatible with [managed boot diagnostics storage accounts](boot-diagnostics.md) and custom storage account firewalls.
 
 ## Enable Serial Console functionality for Windows Server
 
@@ -197,7 +198,7 @@ After the IP addresses are successfully added to the storage account firewall, r
 
 ### Access security
 
-Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multi-factor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
+Access to the serial console is limited to users who have an access role of [Virtual Machine Contributor](/azure/role-based-access-control/built-in-roles#virtual-machine-contributor) or higher to the virtual machine. If your Microsoft Entra tenant requires multifactor authentication (MFA), then access to the serial console will also need MFA because the serial console's access is through the [Azure portal](https://portal.azure.com).
 
 ### Channel security
 
@@ -215,7 +216,7 @@ The Azure portal or [Azure CLI](/cli/azure/serial-console) act as remote termina
 
 ### Audit logs
 
-All access to the serial console is currently logged in the [boot diagnostics](./boot-diagnostics.md) logs of the virtual machine. Access to these logs are owned and controlled by the Azure virtual machine administrator.
+All access to the serial console is currently logged in the [boot diagnostics](./boot-diagnostics.md) logs of the virtual machine. Access to these logs is owned and controlled by the Azure virtual machine administrator.
 
 > [!CAUTION]
 > No access passwords for the console are logged. However, if commands run within the console contain or output passwords, secrets, user names, or any other form of personally identifiable information (PII), those will be written to the VM boot diagnostics logs. They will be written along with all other visible text, as part of the implementation of the serial console's scroll back function. These logs are circular and only individuals with read permissions to the diagnostics storage account have access to them. However, we recommend following the best practice of using the Remote Desktop for anything that may involve secrets and/or PII.
@@ -243,7 +244,7 @@ The serial console has screen reader support built in. Navigating around with a
 
 Scenario          | Actions in the serial console
 :------------------|:-----------------------------------------
-Incorrect firewall rules | Access serial console and fix Windows firewall rules.
+Incorrect firewall rules | Access Serial Console and fix Windows Firewall rules.
 Filesystem corruption/check | Access the serial console and recover the filesystem.
 RDP configuration issues | Access the serial console and change the settings. For more information, see the [RDP documentation](/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-access).
 Network lock down system | Access the serial console from the Azure portal to manage the system. Some network commands are listed in [Windows commands: CMD and PowerShell](serial-console-cmd-ps-commands.md).
@@ -261,7 +262,7 @@ SAC does not take up the entire Serial Console area in the browser | This is a k
 Unable to type at SAC prompt if kernel debugging is enabled. | RDP to VM and run `bcdedit /debug {current} off` from an elevated command prompt. If you can't RDP, you can instead attach the OS disk to another Azure VM and modify it while attached as a data disk by running `bcdedit /store <drive letter of data disk>:\boot\bcd /debug <identifier> off`, then swapping the disk back.
 Pasting into PowerShell in SAC results in a third character if the original content had a repeating character. | For a workaround, run `Remove-Module PSReadLine` to unload the PSReadLine module from the current session. This action will not delete or uninstall the module.
 Some keyboard inputs produce strange SAC output (for example, **[A**, **[3~**). | [VT100](/windows/console/console-virtual-terminal-sequences) escape sequences aren't supported by the SAC prompt.
-Pasting long strings doesn't work. | The serial console limits the length of strings pasted into the terminal to 2048 characters to prevent overloading the serial port bandwidth.
+Pasting long strings doesn't work. | The serial console limits the length of strings pasted into the terminal to 2,048 characters to prevent overloading the serial port bandwidth.
 
 ## Frequently asked questions
 

support/windows-server/system-management-components/error-event-1601-click-roles-server-manager.md

@@ -1,42 +1,69 @@
 ---
 title: Error message when you select Roles in Server Manager on Windows Server
 description: Resolves the Windows Server problem in which selecting Roles in Server Manager generates an error message and Event 1601.
-ms.date: 01/15/2025
+ms.date: 04/28/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
-ms.reviewer: kaushika
+ms.reviewer: kaushika, warrenw, adrianlutai
 ms.custom:
 - sap:system management components\server manager
 - pcy:WinComm User Experience
 ---
 # Error message when you select Roles in Server Manager on Windows Server
 
-This article provides a resolution to the Windows Server problem in which selecting Roles in Server Manager generates an error message and event 1601.
+This article provides a resolution to the Windows Server problem in which selecting Roles in Server Manager generates an error message.
 
 _Original KB number:_   971509
 
 ## Symptoms
 
-When you click **Roles** in **Server Manager** on a Windows Server computer, your profile doesn't load correctly and you receive an error message. If you select **Error Details**, you see the following message:
+When you install roles in **Server Manager** on a Windows Server computer, your profile doesn't load correctly and you receive an error message. If you select **Error Details**, you see the following message:
 
 > **Server Manager:**  
-Unexpected error refreshing Server Manager; cannot open an anonymous level security token. (Exception from HRESULT: 0x00070543)
+Unexpected error refreshing Server Manager; cannot open an anonymous level security token. (Exception from HRESULT: 0x80070543)
 For more information, see the event log: Diagnostics, Event Viewer, Applications and Services Logs, Microsoft, Windows, Server Manager, Operational.
 
-To see the event details, open Event Viewer and navigate to **Applications and Services Logs\\Microsoft\\Windows\\Server Manager\\Operational**. Look for Event 1601. This entry provides the following information:
-
-> Log Name: Microsoft-Windows-Server Manager/Operational  
-Source: Microsoft-Windows-ServerManager  
-Date: MM/DD/YYYY hr:min:sec PM  
-Event ID: 1601  
-Task Category: None  
-Level: Error  
-Keywords:  
-User: XXXXXXXXXXXX  
-Computer: XXXXXX.XXXXX  
-Description:  
-Could not discover the state of the system. An unexpected exception was found: System.Runtime.InteropServices.COMException (0x80070543): Cannot open an anonymous level security token. (Exception from HRESULT: 0x80070543) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at Microsoft.Windows.ServerManager.ComponentInstaller.CreateSessionAndPackage(IntPtr& session, IntPtr& package) at Microsoft.Windows.ServerManager.ComponentInstaller.InitializeUpdateInfo() at Microsoft.Windows.ServerManager.ComponentInstaller.Initialize() at Microsoft.Windows.ServerManager.Common.Provider.Initialize(DocumentCollection documents) at Microsoft.Windows.ServerManager.ServerManagerModel.InternalRefreshModelResult(Object state)
+To see the event details, open Event Viewer and navigate to **Applications and Services Logs\\Microsoft\\Windows\\ServerManager-DeploymentProvider\\Operational** and **Applications and Services Logs\\Microsoft\\Windows\\ServerManager-MultiMachine\\Operational**. You might see the following errors:
+
+```output
+Log Name: Microsoft-Windows-ServerManager-DeploymentProvider/Operational
+Source: Microsoft-Windows-ServerManager-DeploymentProvider
+Date: MM/DD/YYYY hr:min:sec PM
+Event ID: 403
+Task Category: GetAlterationState method call.
+Level: Error
+Keywords:
+User: XXXXXXXXXXXX
+Computer: XXXXXX.XXXXX
+Description: GetAlterationState method returned Failed. Error: The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed. Cannot open an anonymous level security token. Error: 0x80070543
+```
+
+```output
+Log Name: Microsoft-Windows-ServerManager-DeploymentProvider/Operational
+Source: Microsoft-Windows-ServerManager-DeploymentProvider
+Date: MM/DD/YYYY hr:min:sec PM
+Event ID: 1315
+Task Category: GetServerComponent request on a separate thread.
+Level: Error
+Keywords:
+User: XXXXXXXXXXXX
+Computer: XXXXXX.XXXXX
+Description: Exception Detected: Installation of one or more roles, role services, or features failed. Cannot open an anonymous level security token. Error: 0x80070543 ErrorID: DISMAPI_Error__Failed_To_Enable_Updates
+```
+
+```output
+Log Name: Microsoft-Windows-ServerManager-MultiMachine/Operational
+Source: Microsoft-Windows-ServerManager-MultiMachine
+Date: MM/DD/YYYY hr:min:sec PM
+Event ID: 4002
+Task Category: Add-_InternalWindowsRole task.
+Level: Error
+Keywords:
+User: XXXXXXXXXXXX
+Computer: XXXXXX.XXXXX
+Description: Add-_InternalWindowsRole workflow reported an error installing or removing the requested component(s), TargetComputer:, RequestState:2, RebootRequired: false, ErrorMessage: The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed. Cannot open an anonymous level security token. Error: 0x80070543 , ErrorId: DISMAPI_Error__Failed_To_Enable_Updates, ErrorCategory: 7, Warning:
+```
 
 ## Cause