Merge pull request #8506 from MicrosoftDocs/main

Auto push to live 2025-03-19 02:00:02

Author: Deland-Han

support/azure/azure-kubernetes/availability-performance/node-not-ready-then-recovers.md

@@ -1,19 +1,19 @@
 ---
 title: Node not ready but then recovers
 description: Troubleshoot scenarios in which the status of an AKS cluster node is Node Not Ready, but then the node recovers.
-ms.date: 12/09/2024
-ms.reviewer: rissing, chiragpa, momajed, v-leedennis
+ms.date: 2/25/2024
+ms.reviewer: rissing, chiragpa, momajed, v-leedennis, novictor
 ms.service: azure-kubernetes-service
 #Customer intent: As an Azure Kubernetes user, I want to prevent the Node Not Ready status for nodes that later recover so that I can avoid future errors within an AKS cluster.
 ms.custom: sap:Node/node pool availability and performance
 ---
 # Troubleshoot Node Not Ready failures that are followed by recoveries
 
-This article provides a guide to troubleshoot and resolve "Node Not Ready" issues in Azure Kubernetes Service (AKS) clusters. When a node enters a "Not Ready" state, it can disrupt the application's functionality and cause it to stop responding. Typically, the node recovers automatically after a short period. However, to prevent recurring issues and maintain a stable environment, it's important to understand the underlying causes to be able to implement effective resolutions. 
+This article provides a guide to troubleshoot and resolve Node Not Ready" issues in Azure Kubernetes Service (AKS) clusters. When a node enters a "NotReady" state, it can disrupt the application's functionality and cause it to stop responding. Typically, the node recovers automatically after a short period. However, to prevent recurring issues and maintain a stable environment, it's important to understand the underlying causes to be able to implement effective resolutions.  
 
 ## Cause
 
-There are several scenarios that could cause a "Not Ready" state to occur:
+There are several scenarios that could cause a "NotReady" state to occur:
 
 - The unavailability of the API server. This causes the readiness probe to fail. This prevents the pod from being attached to the service so that traffic is no longer forwarded to the pod instance.
 
@@ -24,7 +24,12 @@ There are several scenarios that could cause a "Not Ready" state to occur:
 
 ## Resolution
 
-Check the API server availability by running the `kubectl get apiservices` command. Make sure that the readiness probe is correctly configured in the deployment YAML file.
+To resolve this issue, follow these steps:
+
+1. Run `kubectl describe node <node-name>` to review detail information about the node's status. Look for any error messages or warnings that might indicate the root cause of the issue.
+2. Check the API server availability by running the `kubectl get apiservices` command. Make sure that the readiness probe is correctly configured in the deployment YAML file.
+3. Verify the node's network configuration to make sure that there are no connectivity issues.
+4. Check the node's resource usage, such as CPU, memory, and disk, to identify potential constraints. For more informations see [Monitor your Kubernetes cluster performance with Container insights](/azure/azure-monitor/containers/container-insights-analyze#view-performance-directly-from-a-cluster)
 
 For further steps, see [Basic troubleshooting of Node Not Ready failures](node-not-ready-basic-troubleshooting.md).
 

support/azure/azure-kubernetes/create-upgrade-delete/troubleshoot-aks-cluster-start-issues.md

@@ -1,8 +1,8 @@
 ---
 title: Troubleshoot Azure Kubernetes Service cluster startup issues
 description: Learn about basic troubleshooting methods to use when you can't start an Azure Kubernetes Service (AKS) cluster.
-ms.date: 01/25/2024
-ms.reviewer: chiragpa, v-weizhu, jovieir
+ms.date: 03/14/2025
+ms.reviewer: chiragpa, v-weizhu, jovieir, addobres
 ms.service: azure-kubernetes-service
 ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool), devx-track-azurecli
 #Customer intent: As an Azure Kubernetes user, I want to take basic troubleshooting measures to resolve issues that occur when I try to start an Azure Kubernetes Service (AKS) cluster.

support/azure/azure-monitor/app-insights/telemetry/opentelemetry-troubleshooting-java.md

@@ -1,20 +1,22 @@
 ---
 title: Troubleshoot OpenTelemetry issues in Java
 description: Learn how to troubleshoot OpenTelemetry issues in Java. Test connectivity between your application host and the ingestion service.
-ms.date: 06/24/2024
+ms.date: 03/19/2025
 editor: v-jsitser
 ms.service: azure-monitor
 ms.devlang: java
-ms.reviewer: mmcc, lechen, aaronmax, v-leedennis
+ms.reviewer: mmcc, lechen, aaronmax
 ms.custom: sap:Missing or Incorrect data after enabling Application Insights in Azure Portal
 ---
 
 # Troubleshoot OpenTelemetry issues in Java
 
-This article discusses how to troubleshoot OpenTelemetry issues in Java.
+This article discusses how to troubleshoot OpenTelemetry issues in Java. 
 
 ## Troubleshooting checklist
 
+Starting from version 3.0.3, you can use configuration options to suppress specific autocollected telemetry. For more information, see [Suppress specific autocollected telemetry](/azure/azure-monitor/app/java-standalone-config#suppress-specific-autocollected-telemetry).
+
 ### Step 1: Enable diagnostic logging
 
 By default, diagnostic logging is enabled in Azure Monitor Application Insights. For more information, see [Troubleshoot guide: Azure Monitor Application Insights for Java](java-standalone-troubleshoot.md).

support/azure/azure-monitor/diagnostic-settings/data-flow/deleted-event-hub-automatically-recreated.md

@@ -0,0 +1,38 @@
+---
+title: Deleted Event Hub Is Automatically Re-created by Diagnostic Settings
+description: Resolves issues with an Azure event hub that is automatically re-created by diagnostic settings after being deleted.
+ms.date: 03/19/2025
+ms.reviewer: jfanjoy, v-weizhu
+ms.service: azure-monitor
+ms.custom: sap:Issues with configuring diagnostic settings
+---
+# Deleted Azure event hub is automatically re-created by diagnostic settings
+
+This article provides a solution to an issue where a deleted Azure event hub is automatically re-created by Azure diagnostic settings or their configuration cache.
+
+## Symptoms
+
+You might see the following symptoms:
+
+- When you delete an event hub from an Event Hubs namespace, the event hub is re-created automatically by the data flowing into it through the diagnostic settings.
+- After you delete an event hub and all diagnostic settings configured to send data to it, the event hub is re-created automatically.
+
+## Cause
+
+Here are the causes of the issue:
+
+- When a diagnostic setting is configured to send data to an Azure event hub, if it receives an error indicating that the event hub doesn't exist, the diagnostic setting will try to create it and then continue trying to send the data.
+- Azure diagnostic settings maintain a cache of configurations for approximately one hour. During this period, even if the diagnostic settings were removed, they'll continue to send data to the destination, such as a deleted event hub, causing the event hub to be re-created.
+
+## Solution
+
+In a scenario where you delete an event hub from an Event Hubs namespace, use one of the following methods to resolve the issue:
+
+- Update the diagnostic settings to prevent them from sending data to the event hub.
+- Delete the diagnostic settings.
+
+In a scenario where you delete an event hub and related diagnostic settings, use this method to resolve the issue:
+
+- Update the diagnostic settings to prevent them from sending data to the event hub, delete them, wait at least one hour to allow their configuration cache to expire, and then delete the event hub.
+
+[!INCLUDE [Azure Help Support](../../../../includes/azure-help-support.md)]

support/azure/azure-monitor/toc.yml

@@ -142,3 +142,7 @@ items:
     - name: Advanced troubleshooting steps
       href: azure-monitor-agent/ama-windows-installation-issues-advanced-troubleshooting-steps.md
 
+- name: Diagnostic settings
+  items:
+  - name: Deleted event hub is automatically re-created
+    href: diagnostic-settings/data-flow/deleted-event-hub-automatically-recreated.md

support/azure/cosmos-db/index.yml

@@ -6,9 +6,10 @@ metadata:
   title: Troubleshoot Azure Cosmos DB issues
   description: Documentation for troubleshooting common issues with Azure Cosmos DB.
   author: seesharprun
-  editor: v-jsitser
   ms.author: sidandrews
   ms.reviewer: ouryba, v-jayaramanp
+  editor: v-jsitser
+  ms.service: azure-cosmos-db
   ms.topic: landing-page
   ms.date: 01/18/2024
 

support/azure/virtual-machines/linux/support-linux-open-source-technology.md

@@ -33,7 +33,7 @@ Microsoft Azure supports the [Linux operating system](https://azure.microsoft.co
 
 Microsoft Support provides assistance with the Azure platform or services. Microsoft also provides commercially viable support for Linux. A support plan is required to receive Microsoft Support.
 
-- In Azure Marketplace, Linux distributions such as Rocky, AlmaLinux, Kali, and many others are available. Microsoft assists with these distributions but may require customers to engage with vendors to allow collaboration between organization. Vendors must provide distribution-specific fixes.
+- In Azure Marketplace, Linux distributions are available. Microsoft assists with these distributions but may require customers to engage with vendors to allow collaboration between organization. Vendors must provide distribution-specific fixes.
 - In Azure Marketplace, you may select a highly customized Linux image, such as a firewall appliance. Microsoft assists you with these images, but the Linux vendor must be engaged to troubleshoot specific system-related problems. Microsoft may collaborate with the vendor for those issues.
 - Microsoft Support doesn't assist with basic Linux administration, design, architecture, or deployment of applications or solutions on Azure.
 - The ability to customize Linux is one of the hallmarks of the operating system. We encourage you to use a Linux solution that benefits your organization. However, the Linux vendor may not support some modifications such as custom kernels or modules. For vendor support, you may be required to use stock kernels or libraries for your image.

support/azure/virtual-machines/windows/in-place-system-upgrade.md

@@ -5,7 +5,7 @@ ms.date: 3/18/2025
 ms.reviewer: joscon, scotro, azurevmcptcic, maulikshah, yogitagohel, v-weizhu
 ms.service: azure-virtual-machines
 ms.collection: windows
-ms.custom: sap: Windows Update, Guest Patching and OS Upgrades
+ms.custom: sap:Windows Update, Guest Patching and OS Upgrades
 ---
 # In-place upgrade for supported VMs running Windows in Azure
 

support/entra/entra-id/app-integration/error-code-aadsts50000-issuing-token-sign-in-service.md

@@ -0,0 +1,86 @@
+---
+title: Error AADSTS50000 - There was an error issuing a token or an issue with our sign-in service
+description: Provides a solution to the AADSTS50000 error that occurs when you try to sign in to an Azure app by using Microsoft Entra ID.
+ms.service: entra-id
+ms.date: 03/12/2025
+ms.author: bachoang
+ms.custom: sap:Issues Signing In to Applications
+---
+
+# Error AADSTS50000 getting a token or signing in to an Azure app
+
+The AADSTS50000 error can occur during the authentication process or token acquisition flow that uses the token endpoint. These errors can have multiple causes. This article provides common scenarios and resolutions for this error.
+
+## Symptoms
+
+When a user tries to sign in to an application that's integrated into Microsoft Entra ID, the user receives the following error message:
+
+> AADSTS50000: There was an error issuing a token or an issue with our sign-in service.
+
+## Cause 1: The user password is expired, invalid, or out of sync
+
+This issue is common in hybrid environments. The user's federated account password might be out of sync between the on-premises Active Directory and Microsoft Entra ID. Additionally, this issue can also occur when a user session is being revoked.
+
+### Solution for cause 1
+
+Reset the user password, and then verify that the new password can successfully authenticate to Microsoft Entra ID.
+
+## Cause 2: Parameters are incorrectly configured in the token acquisition request
+
+This problem commonly occurs in the on-behalf-of (OBO) flow. Certain parameters that are required for token acquisition might be missing or invalid.
+
+### Solution for cause 2
+
+Make sure that the client ID is valid and that other required parameters are configured correctly. For more information, see [Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow](/entra/identity-platform/v2-oauth2-on-behalf-of-flow).
+
+## Cause 3: Consent-related issues
+
+This issue can occur in an OAuth2 Device code grant flow to the token endpoint. After the user signs in to a browser window and accepts the consent dialog, this error occurs.
+
+### Solution 3 for cause 3: Verify application consent settings
+
+1. In the [Azure portal](https://portal.azure.com), make sure that the client application (Service Principal) exists on the tenant's **Enterprise Applications** page. You can search for the application by App ID.
+2. Verify that the user can consent to the application. Check the user settings on the **Enterprise Applications** page or review relevant policies that affect user consent.
+
+## Cause 4: Symmetric signing key is used in the application or service principal object
+
+Microsoft Identity Platform (v2 endpoint) tokens must be signed by a certificate (asymmetric key). Errors might occur if a symmetric signing key is used.
+
+### Solution for cause 4
+
+#### Step 1: Check whether symmetric key is used in application object
+
+1. In the Azure portal, go to the **App Registrations**.
+2. In the **Manage** section,  select **Manifest**.
+3. Check whether an entry exists in the `keyCredentials` section that includes `type=Symmetric` and `usage=Sign`.
+
+    :::image type="content" source="./media/error-code-aadsts50000-issuing-token-sign-in-service/manifest-sample.png" alt-text="Screenshot that shows the Application Manifest Key Credentials code" lightbox="./media/error-code-aadsts50000-issuing-token-sign-in-service/manifest-sample.png":::
+
+Alternatively, use the Microsoft Graph PowerShell cmdlet [Get-MgApplication](/powershell/module/azuread/get-azureadapplicationkeycredential) to retrieve key credentials.
+
+#### Step 2: Check whether symmetric key is used in service principal object
+
+1. If the application is not found in the **App Registrations** page in the Azure portal, browse to the **Enterprise Applications** page.
+2. Locate the application, and then get the **Object ID** of the Service Principal.
+3. Use [Get-MgServicePrincipal](/powershell/module/microsoft.graph.applications/get-mgserviceprincipal) to retrieve the key credentials.
+
+#### Step 3: Remove symmetric signing key
+
+If the symmetric key exists:
+
+- Use [Remove-MgApplicationKey](/powershell/module/microsoft.graph.applications/remove-mgapplicationkey) to remove the symmetric key for the app registration.
+- Use [Remove-MgServicePrincipalKey](/powershell/module/microsoft.graph.applications/remove-mgserviceprincipalkey) to remove the symmetric key for the service principal object.
+
+If a signing key is required, use a signing certificate instead. For more information, see [SAML-based single sign-on: Configure a signing certificate](/graph/application-saml-sso-configure-api?tabs=http%2Cpowershell-script#step-6-configure-a-signing-certificate).
+
+## Cause 5: No delegated permission exposed in the resource application (web API)
+
+This error might occur in the following scenario:
+
+- You have a multitenant resource application that's registered in Tenant A. This application exposes only the **Application Permission** type.
+- In Tenant B, you have a client application registered. In the **API permission** page for this application, you configure the permission for the resource application that's registered in Tenant A.
+- You use an OAuth 2 delegated grant flow (for instance auth code grant flow) to request an access token for the resource app that uses `/.default` as the value of the web API scope.
+
+### Solution for cause 5
+
+Configure the resource application to expose the delegated permission, and then consent to that delegated permission in the client application.