Update troubleshoot-direct-connectivity-issues.md

Celiazhou1 · web-flow · commit 80df6450b72d · 2025-05-19T11:05:12.000+08:00
diff --git a/support/power-platform/power-automate/desktop-flows/troubleshoot-direct-connectivity-issues.md b/support/power-platform/power-automate/desktop-flows/troubleshoot-direct-connectivity-issues.md
@@ -2,7 +2,7 @@
 title: Direct connectivity issues in Power Automate for desktop
 description: Provides more information about how to solve the direct connectivity issues in Power Automate for desktop.
 ms.reviewer: guco, madiazor, johndund, qliu
-ms.date: 05/15/2025
+ms.date: 05/19/2025
 ms.custom: sap:Desktop flows
 ---
 # Direct connectivity issues in Power Automate for desktop
@@ -27,7 +27,7 @@ When attempting to run your desktop flows from a cloud flow or manage your deskt
 #### Scenario 2
 
 - Desktop flows run on a registered machine as long as a user session is running (attended runs) or even for some minutes after the last user signs out (unattended runs).
-- The connection to the machine is lost after some minutes (for example, 15 minutes.)
+- The connection to the machine is lost after some minutes (for example, 15 minutes).
 - The connection is re-established once a user signs back in to the machine.
 
 #### Scenario 3
@@ -40,7 +40,7 @@ Direct to machine connectivity uses [Azure Windows Communication Foundation (WCF
 
 The most common cause of relay connectivity issues is the machine losing connection to the network. This can be caused by your machine not being powered on or losing network when no user is signed in to the machine.
 
-The Power Automate service runs under its own Windows account (NT Service\UIFlowService by default) which must have access to the network and be able to connect to _*.servicebus.windows.net_ (for more information, see [network requirements](/power-automate/ip-address-configuration#desktop-flows-services-required-for-runtime).)
+The Power Automate service runs under its own Windows account (NT Service\UIFlowService by default) which must have access to the network and be able to connect to _*.servicebus.windows.net_. For more information, see [network requirements](/power-automate/ip-address-configuration#desktop-flows-services-required-for-runtime).
 
 > [!NOTE]
 > If you use an Azure virtual machine (VM) to run Power Automate for desktop, make sure the Microsoft.ServiceBus endpoint is turned off at the subnet level where the Azure VM is located. This is a known limitation. For more information, see [Azure Relay doesn't support network service endpoints](/azure/azure-relay/network-security).
@@ -51,9 +51,9 @@ A common culprit in both scenarios is a network proxy or a firewall that restric
 
 In particular, authenticated proxies that use the credentials of the connected Windows user, given that the Power Automate service runs under its own dedicated account.
 
-You can refer to [Proxy setup](/power-automate/desktop-flows/how-to/proxy-settings) if you determine that you need to override the default proxy settings used by the Power Automate service. You may also need to [change the on-premises service account](/power-automate/desktop-flows/troubleshoot#change-the-on-premises-service-account).
+You can refer to [Proxy setup](/power-automate/desktop-flows/how-to/proxy-settings) if you determine that you need to override the default proxy settings used by the Power Automate service. You might also need to [change the on-premises service account](/power-automate/desktop-flows/troubleshoot#change-the-on-premises-service-account).
 
-Azure Relay requires to have all the relay gateways used by the primary and secondary namespaces allowed by the proxy and firewall configurations.
+For Azure Relay to function properly, it's necessary to configure the proxy and firewall settings to permit the relay gateways associated with both the primary and secondary namespaces. This ensures that the communication between these gateways isn't blocked by the network security settings.
 
 ## How to investigate
 
@@ -63,14 +63,14 @@ Azure Relay requires to have all the relay gateways used by the primary and seco
 
 2. Understand network topology.
 
-   - Trace the path of traffic through network devices (for example, NAT, firewalls, proxies) to the public internet.
+   - Trace the path of traffic through network devices (for example, NAT, firewalls, and proxies) to the public internet.
    - Collect logs from devices during impacted runs and confirm traffic to _*.servicebus.windows.net_ successfully reaches the public internet.
 
 3. If your network traffic runs though a proxy, consider [changing the on-premises account](/power-automate/desktop-flows/troubleshoot#change-the-on-premises-service-account) used by the Power Automate service (UIFlowService).
 
 4. Get WCF logs from the Power Automate service (UIFlowService). For more information, see [Enable WCF tracing](#enable-wcf-tracing).
 
-5. Make sure your network configuration allows web socket traffic and long-running connections. Connections terminated after a set time may cause issues.
+5. Make sure your network configuration allows web socket traffic and long-running connections. Some network devices, like proxies, might automatically terminate connections after a certain period, which can disrupt the communication.
 
 6. Make sure firewall allows connections to Azure Relay gateways:
 
@@ -83,21 +83,21 @@ Azure Relay requires to have all the relay gateways used by the primary and seco
     3. Wait for the diagnostics to complete.
     4. Select **Generate the report**.
     5. Open the generated XLS file and locate the **Data** column.
-    6. Extract the namespace part from the URLs of **PrimaryRelay** and **SecondaryRelay** (for example, https://\<namespace>/guid_guid.)
+    6. Extract the namespace part from the URLs of **PrimaryRelay** and **SecondaryRelay**. For example, https://\<namespace>/guid_guid.
 
     **Step 2: Configure the firewall with the DNS names required for both the primary and secondary relays**
 
     1. Configure your firewalls with the Domain Name System (DNS) names of all the Relay gateways.
 
-       The DNS names can be found by running the [script](https://github.com/Azure/azure-relay-dotnet/blob/dev/tools/GetNamespaceInfo.ps1). This script will resolve the fully qualified domain names (FQDNs) of all the gateways to which you need to establish a connection.
+       The DNS names can be found by running the [script](https://github.com/Azure/azure-relay-dotnet/blob/dev/tools/GetNamespaceInfo.ps1). This script resolves the fully qualified domain names (FQDNs) of all the gateways to which you need to establish a connection.
 
     2. Configure firewall rules to allow the DNS names on port 443 instead of IP addresses.
 
     **Step 3: Perform manual connectivity tests**
 
-    WCF tracing can be enabled on the machine if there's cloud connectivity issue. For more information, see [Enable WCF tracing](#enable-wcf-tracing).
+    WCF tracing can be enabled on the machine if there's a cloud connectivity issue. For more information, see [Enable WCF tracing](#enable-wcf-tracing).
 
-    The WCF log should contain exceptions related to connectivity for a specific DNS or IP address or point to missing proxy configuration.
+    The WCF log should contain exceptions related to connectivity for a specific DNS or IP address, or point to missing proxy configuration.
 
     To test the connection between the machine and the endpoint, run a TCP ping from PowerShell using the following command:
 
@@ -143,14 +143,14 @@ If the issue still persists, you can open a support ticket with Microsoft by pro
     </system.diagnostics>
     ```
 
-    - You can substitute the `c:\logs\PADwcfTraces.svclog` value with any valid path you'd like but the folder (the `c:\logs` in this example) must exist, otherwise it won't be created and logs won't be written.
-    - The Power Automate service must have permission to write in the chosen folder, granting the 'Everyone' user full control over the folder works. You can get the service user's Sid by running `sc showsid UIFlowService` in a command line if you want to give permissions to only that user.
+    - You can substitute the `c:\logs\PADwcfTraces.svclog` value with any valid path you want, but the folder (`c:\logs` in this example) must exist. Otherwise, it isn't be created and logs aren't be written.
+    - The Power Automate service needs permissions to write logs into the specified folder. You can grant full control to the `Everyone` user, allowing any user or service to write to the folder. Alternatively, to restrict permissions to only the Power Automate service, find the service user's Security Identifier (Sid) by running `sc showsid UIFlowService`, and then grant permissions to that user.
 
 3. After saving the config file, restart the Power Automate service.
 
-   1. Open the Windows Services tool (search for "services" in the **Start** menu).
-   2. Find **Power Automate service**, right-click, and select **Restart**.
+   1. Search for "services" in the **Start** menu to open the Windows Services tool.
+   2. Find **Power Automate service**, right-click it, and select **Restart**.
 
-   :::image type="content" source="media/direct-connectivity-troubleshooting/restart-power-automate-service.png" alt-text="Restart the Power Automate Service in the Services tool.":::
+   :::image type="content" source="media/direct-connectivity-troubleshooting/restart-power-automate-service.png" alt-text="Screenshot of restarting the Power Automate Service in the Services tool.":::
 
-Traces will be saved to the specified file, providing detailed logs to diagnose connectivity issues.
+Traces are saved to the specified file, providing detailed logs to diagnose connectivity issues.
