Merge pull request #8894 from MicrosoftDocs/main

Auto push to live 2025-05-08 10:02:02

Author: Deland-Han

support/azure/azure-kubernetes/create-upgrade-delete/aks-common-issues-faq.yml

@@ -3,8 +3,8 @@ metadata:
   title: Azure Kubernetes Service (AKS) common issues FAQ
   description: Review a list of frequently asked questions (FAQ) about common issues when you're working with an Azure Kubernetes Service (AKS) cluster.
   ms.topic: faq
-  ms.date: 03/06/2025
-  ms.reviewer: chiragpa, nickoman, jotavar, v-leedennis, v-weizhu
+  ms.date: 05/08/2025
+  ms.reviewer: chiragpa, nickoman, jotavar, wilsondarko, v-leedennis, v-weizhu
   ms.service: azure-kubernetes-service
   ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool)
 
@@ -41,6 +41,8 @@ sections:
           - AKS node pool names must be all lowercase. The names must be 1-12 characters in length for Linux node pools and 1-6 characters for Windows node pools. A name must start with a letter, and the only allowed characters are letters and numbers.
 
           - The *admin-username*, which sets the administrator user name for Linux nodes, must start with a letter. This user name may only contain letters, numbers, hyphens, and underscores. It has a maximum length of 32 characters.
+
+          - The *aksmanagedap* is blocked as a reserved name for AKS system components. It can't be used for nodepools. 
           
           For more information about naming convention. see the following resources:
            - [Naming rules and restrictions for Azure resources](/azure/azure-resource-manager/management/resource-name-rules#microsoftcontainerservice)

support/azure/virtual-machines/windows/performance-diagnostics.md

@@ -10,7 +10,7 @@ tags: ''
 ms.service: azure-virtual-machines
 ms.workload: infrastructure-services
 ms.topic: troubleshooting
-ms.date: 05/02/2025
+ms.date: 05/08/2025
 ms.custom: sap:VM Performance
 ms.reviewer: guywild, poharjan
 ms.author: anandh
@@ -53,6 +53,26 @@ This article explains how to use Performance Diagnostics and what the continuous
 
 For detailed information about built-in roles for Azure Storage, refer to [Azure built-in roles for Storage](/azure/role-based-access-control/built-in-roles/storage).
 
+For more information about storage account settings, see [view and manage storage account and stored data](performance-diagnostics.md#view-and-manage-storage-account-and-stored-data).
+
+### Known issue
+
+Some users who previously ran Performance Diagnostics successfully encounter the following error when attempting to run it again:
+
+> 'Authorization failed for template resource '\<resource>' of type 'Microsoft.Storage/storageAccounts/providers/roleAssignments'. The client '\<client>' with object id '\<ID>' does not have permission to perform action 'Microsoft.Authorization/roleAssignments/write' at scope '\<scope>'.
+
+#### Cause
+
+A recent rollout has a bug that tries to grant the write permission to the storage account for the current user when initiating a run from the Azure portal. An Azure role that includes the `Microsoft.Storage/storageAccounts/listkeys/action` permission isn't enough to grant this permission, causing the run to fail.
+
+#### Status
+
+A fix is being deployed.
+
+#### Workaround
+
+If users still encounter this issue, grant the `Microsoft.Authorization/roleAssignments/write` permission to the storage account with the **Role Based Access Control Administrator** or **User Access Administrator** role. The latter role can grant higher permissions.
+
 ## Supported operating systems
 
 ### Windows

support/windows-server/active-directory/turn-on-debug-logging-in-windows-time-service.md

@@ -1,7 +1,7 @@
 ---
 title: Turn on debug logging in Windows Time Service
 description: Describes how to turn on debug logging for the Windows Time service
-ms.date: 01/15/2025
+ms.date: 05/08/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
@@ -53,3 +53,34 @@ To turn on debug logging in the Windows Time service:
     > The Data Type value must be of type REG_SZ (String). You must type the value exactly as shown (that is, type 0-116 ). The highest possible value is 0-300 for most detailed logging. The meaning of this value is: Log all entries within the range of 0 and 116.
 
 4. Restart the Windows Time service (W32Time) for the change to take effect.
+
+## Gather information by using TSS for Windows Time related issues
+
+If you need to contact Microsoft support, we recommend using the TroubleShootingScript (TSS) toolset to gather information about your issue.
+
+### Prerequisites
+
+Refer to [Introduction to TroubleShootingScript toolset (TSS)](../..//windows-client/windows-tss/introduction-to-troubleshootingscript-toolset-tss.md#prerequisites) for prerequisites for the toolset to run properly.
+
+### Gather key information before contacting Microsoft support
+
+1. Download [TSS](https://aka.ms/getTSS) and extract it in the *C:\\tss* folder.
+2. Open the *C:\\tss* folder from an elevated PowerShell command prompt.  
+    > [!NOTE]
+    > Don't use the Windows PowerShell Integrated Scripting Environment (ISE).
+3. Run the following cmdlets:
+
+    ```powershell
+    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
+    ```
+
+    ```powershell
+    .\TSS.ps1 -ADS_W32Time -Netsh -PSR -AcceptEula
+    ```
+
+4. Enter *A* for "Yes to All" for the execution policy change.
+
+> [!NOTE]
+>
+> - The traces are stored in a compressed file in the *C:\\MS_DATA* folder. After a support case is created, this file can be uploaded to the secure workspace for analysis.
+> - If you've downloaded this tool previously, we recommend downloading the latest version. It doesn't automatically update when running `-Collectlog ADS_W32Time`.