Merge pull request #10158 from MicrosoftDocs/main

learn-build-service-prod[bot] · web-flow · commit 6716f1a8973d · 2025-11-10T18:02:52.000Z
Auto Publish – main to live - 2025-11-10 18:00 UTC
diff --git a/support/azure/azure-kubernetes/logs/capture-system-insights-from-aks.md b/support/azure/azure-kubernetes/logs/capture-system-insights-from-aks.md
@@ -76,11 +76,7 @@ To complement the demo that's presented at the beginning of this article, we com
 
 ## How to install Inspektor Gadget in an AKS cluster
 
-### One-Click Inspektor Gadget deployment
-
-By selecting the following button, an AKS cluster will be automatically created, and Inspektor Gadget will be deployed in the cluster. After the deployment is finished, you can explore all the features of Inspektor Gadget in the provided shell environment.
-
-[![Deploy Inspektor Gadget in an AKS cluster](https://aka.ms/deploytoazurebutton)](https://go.microsoft.com/fwlink/?linkid=2286151)
+Learn how to deploy Inspektor Gadget in your cluster.
 
 ### Install Inspektor Gadget by running the "kubectl gadget" plug-in
 
diff --git a/support/azure/logic-apps/toc.yml b/support/azure/logic-apps/toc.yml
@@ -1,7 +1,11 @@
+items:
+
 - name: Welcome
   href: index.yml
 
 - name: Troubleshoot logic apps with connectors
   items:
-    - name:  Can't access the storage account services
+    - name: Can't access the storage account services
       href: common-error-deploy-logic-apps-private-storage-account.md
+    - name: Troubleshoot Azure Logic Apps setup and connectivity
+      href: troubleshoot-logic-apps-setup-connectivity.md
diff --git a/support/azure/logic-apps/troubleshoot-logic-apps-setup-connectivity.md b/support/azure/logic-apps/troubleshoot-logic-apps-setup-connectivity.md
@@ -0,0 +1,101 @@
+---
+title: Troubleshoot Azure Logic Apps Setup and Connectivity
+description: This troubleshooting checklist consolidates the required steps for resolving Azure Logic Apps setup and connectivity issues.
+ms.service: azure-logic-apps
+ms.reviewer: xuehongg, shrahman, v-ryanberg, v-gsitser
+ms.topic: troubleshooting
+ms.custom: Networking
+ms.date: 11/5/2025
+author: JarrettRenshaw
+ms.author: jarrettr
+---
+
+# Troubleshoot Azure Logic Apps setup and connectivity
+
+This troubleshooting checklist consolidates the required steps for resolving Azure Logic Apps setup and connectivity issues.
+
+## Troubleshooting checklist
+
+### Configure the logic app for VNet integration
+
+Make sure that the logic app is configured correctly for virtual network (VNet) integration:
+
+1. On the Azure portal, navigate to **Logic App > Settings > Networking > Outbound traffic configuration**.
+1. Select **Add virtual network integration**.
+1. Choose a virtual network that includes a subnet without any delegations. For more information, see [Prerequisites](/azure/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint#prerequisites).
+1. Add this app setting: **WEBSITE_VNET_ROUTE_ALL = 1**.
+
+### Verify storage account access
+
+Verify that the storage account has the necessary network rules and permissions to allow access from the logic app:
+
+1. Navigate to **Storage Account > Networking > Public network access > Enable from selected networks**.
+1. In **Virtual Networks**, add the logic app subnet.
+
+### Verify that private addresses are returned for endpoints
+
+If private endpoints are enabled, check DNS settings to make sure that private addresses are returned for endpoints.
+
+> [!IMPORTANT]
+> Make sure that you follow these steps if you use your own DNS server instead of Azure DNS.
+
+1. Create private DNS zones (for example: *privatelink.blob.core.windows.net*).
+1. Link the DNS zones to the VNet.
+1. Add these app settings:
+    - **WEBSITE_DNS_SERVER**
+    - **WEBSITE_DNS_ALT_SERVER**
+2. Verify these settings by using Kudu together with the `nameresolver` command.
+
+### Enable Allow storage account key access 
+
+Enable **Allow storage account key access** in the storage account configuration:
+
+1. Navigate to **Storage Account** > **Configuration**.
+1. Set **Allow storage account key access** to **Enabled**.
+
+### Ensure private endpoint connectivity
+
+Use the built-in connector for Azure Blob Storage to ensure private endpoint connectivity:
+
+1. Navigate to **Workflows**, and select the workflow that you want.
+1. On the workflow menu, select **Designer**.
+1. Select **Built-in > Azure Blob Storage**.
+1. Provide the storage account connection string.
+
+### Switch to built-in connectors
+
+Switch to using built-in connectors for scenarios that require private endpoint access:
+
+1. Select **Built-in connectors** for private endpoint scenarios.
+
+### Route outbound traffic through the VNet
+
+Make sure that the logic app's outbound traffic is correctly routed through the VNet:
+
+1. Select **Route All**.
+1. Associate an Azure Network Address Translation (NAT) Gateway for predictable outbound IPs.
+1. Verify the network security groups (NSG) and user-defined routes (UDR) rules.
+
+### Search for any missing app settings
+
+Check the logic app runtime configuration to determine whether any app settings are missing.
+
+### Deploy single-tenant logic apps that have private storage accounts
+
+If you still experience deployment failures, make sure that your configurations align with the requirements of your specific deployment scenario. For example, you might have to add the following app settings:
+
+- **WEBSITE_CONTENTOVERVNET = 1**
+- **WEBSITE_VNET_ROUTE_ALL = 1**
+
+Additionally, check DNS and host settings.
+
+## References
+
+- [Secure traffic between Standard workflows and virtual networks - Azure Logic Apps](/azure/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint)
+- [Deploy Standard logic apps to private storage accounts - Azure Logic Apps](/azure/logic-apps/deploy-single-tenant-logic-apps-private-storage-account)
+- [Install on-premises data gateway for logic app workflows - Azure Logic Apps](/azure/logic-apps/install-on-premises-data-gateway-workflows)
+- [Connect to on-premises data sources - Azure Logic Apps](/azure/logic-apps/connect-on-premises-data-sources?tabs=consumption)
+
+[!INCLUDE [Azure Help Support](~/includes/azure-help-support.md)]
+
+[!INCLUDE [Third-party contact disclaimer](~/includes/third-party-contact-disclaimer.md)]
diff --git a/support/mem/configmgr/cloud-services/public-ip-creation-error.md b/support/mem/configmgr/cloud-services/public-ip-creation-error.md
@@ -0,0 +1,84 @@
+---
+title: CMG Maintenance Task Fails to Update After Installaing KB32851084
+description: Troubleshoot the CMG Maintenance Task failure caused by Availability Zone conflicts in Public IP Resource updates for Configuration Manager version 2503.
+ms.service: configuration-manager
+ms.topic: troubleshooting
+ms.manager: dcscontentpm
+audience: itpro
+ms.date: 11/11/2025
+ms.reviewer: kaushika, payur
+ms.custom: sap:Cloud Services\Cloud Management Gateway (CMG)
+---
+# CMG maintenance task fails to update public IP resource after installing KB32851084
+
+*Applies to*: Configuration Manager (current branch)
+
+## Symptoms
+
+After you install the [Update Rollup for Microsoft Configuration Manager version 2503 (KB32851084)](/intune/configmgr/hotfix/2503/32851084), CloudMgr.log on the Service Connection Point might display the following error message:
+
+```output
+Resource Manager - Creating Public IP Address <Name of CMG> with deployment CreatePublicIPAddressXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX~~
+ERROR: Exception occured for service <Name of CMG> : System.AggregateException: One or more errors occurred.
+---> Azure.RequestFailedException: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.~~Status: 200 (OK)~~ErrorCode: DeploymentFailed~~~~Service request succeeded. Response content and headers are not included to avoid logging sensitive data.~~~~
+at Azure.Core.OperationInternal`1.GetResponseFromState(OperationState`1 state)~~
+at Azure.Core.OperationInternal`1.<UpdateStatusAsync>d__20.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~
+at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~
+at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~
+at Azure.Core.OperationInternalBase.<UpdateStatusAsync>d__13.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~
+at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~
+at Azure.Core.OperationPoller.<WaitForCompletionAsync>d__11.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~
+at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~
+at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~
+at Azure.Core.OperationInternalBase.<WaitForCompletionResponseAsync>d__19.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~
+at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~
+at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~
+at Azure.Core.OperationInternal`1.<WaitForCompletionAsync>d__19.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~
+at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~
+at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~
+at System.Threading.Tasks.ValueTask`1.get_Result()~~
+at Azure.Core.OperationInternal`1.<WaitForCompletionAsync>d__15.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~
+at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~
+at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~
+at Azure.ResourceManager.Resources.ArmDeploymentCollection.<CreateOrUpdateAsync>d__4.MoveNext()~~
+--- End of inner exception stack trace ---~~
+at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)~~
+at Microsoft.ConfigurationManager.AzureManagement.ResourceManager.StartAndMonitorDeployment(String resourceGroupName, String deploymentName, ArmDeploymentContent deploymentContent, Int32 secondsToWait, Int32 timeoutInMinutes)~~
+at Microsoft.ConfigurationManager.AzureManagement.Resource
+
+TaskManager: Task [Deployment Maintenance for service <Name of CMG>] status is Faulted~~
+
+ERROR: TaskManager: Task [Deployment Maintenance for service <Name of CMG>] has failed. Exception Azure.RequestFailedException, At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.~~Status: 200 (OK)~~ErrorCode: DeploymentFailed~~~~Service request succeeded. Response content and headers are not included to avoid logging sensitive data.~~.~~
+
+TaskManager: Scheduling task [Deployment Maintenance for service <Name of CMG>] for retry.~~
+```
+
+In the Azure portal, the Activity log of the Resource Group that contains the resources of the CMG displays the following error message:
+
+```output
+Operation Name: Create or Update Public Ip Address
+
+Summary - Message; Resource /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/<Name of CMG Resource Group>/providers/Microsoft.Network/publicIPAddresses/<Name of Public IP Address> has an existing availability zone constraint 1, 2, 3 and the request has availability zone constraint NoZone, which do not match. Zones cannot be added/updated/removed once the resource is created. The resource cannot be updated from regional to zonal or vice-versa.
+```
+
+The Cloud Management Gateway (CMG) state in the Configuration Manager console might then appear in "Error" status with the detailed information "Failed to perform maintenance" in "Status Description" and flipping back to "Ready" shortly afterwards.
+
+The error messages likely repeat every 20 minutes, aligning with the Deployment Maintenance Task retries.
+
+## Cause
+
+When you install the Update Rollup, it triggers a setup maintenance task for the CMG. This maintenance task launches deployments for CMG Resources in Azure. In the deployment associated to the Public IP Address, the maintenance task attempts to update its "Availability Zone" configuration property to **"No zone"**. If the existing Public IP resource already has "Availability Zone" property configured (for example, to "Zone 1", "Zone 2", or "Zone 3"), the deployment fails.
+
+The issue then affects the Azure regions where [Availability Zones](/azure/reliability/availability-zones-overview?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=azure-cli) are supported. The current list is available at [Azure regions list](/azure/reliability/regions-list#azure-regions-list-1).
+
+Current Configuration Manager releases don't specify Availability Zone when creating a new Public IP Address Resource for CMG. Hence, this issue doesn't affect new CMG deployments.
+
+## Resolution
+
+At this point, there's no confirmed impact from this behavior, so we recommend that you ignore these errors.
+
+Microsoft plans to resolve this problem in a future release of Microsoft Configuration Manager.
+
+## More information
+
+For more information about CMG monitoring, see [Monitor the CMG](/intune/configmgr/core/clients/manage/cmg/monitor-clients-cloud-management-gateway)
