MicrosoftDocs
diff --git a/‎articles/azure-arc/data/toc.yml
Lines changed: 2 additions & 0 deletions b/‎articles/azure-arc/data/toc.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/azure-arc/data/troubleshoot-managed-instance.md
Lines changed: 218 additions & 0 deletions b/‎articles/azure-arc/data/troubleshoot-managed-instance.md
Lines changed: 218 additions & 0 deletions
diff --git a/‎articles/azure-functions/functions-reference.md
Lines changed: 10 additions & 6 deletions b/‎articles/azure-functions/functions-reference.md
Lines changed: 10 additions & 6 deletions
@@ -126,6 +126,8 @@ items:
           href: troubleshoot-guide.md
         - name: Get logs
           href: troubleshooting-get-logs.md
+        - name: Troubleshoot deployments
+          href: troubleshoot-managed-instance.md
 - name: Azure Arc-enabled SQL Managed Instance
   items:
     - name: Overview
 
@@ -0,0 +1,218 @@
+---
+title: Troubleshoot connection to failover group - Azure Arc-enabled SQL Managed Instance
+description: Describes how to troubleshoot issues with connections to failover group resources in Azure Arc-enabled data services
+author: MikeRayMSFT
+ms.author: mikeray
+ms.topic: troubleshooting-general 
+ms.date: 03/15/2023
+---
+
+# Troubleshoot Azure Arc-enabled SQL Managed Instance deployments
+
+This article identifies potential issues, and describes how to diagnose root causes for these issues for deployments of Azure Arc-enabled data services. 
+
+## Connection to Azure Arc-enabled SQL Managed Instance failover group
+
+This section describes how to troubleshoot issues connecting to a failover group.
+
+### Check failover group connections & synchronization state
+
+```console
+kubectl -n $nameSpace get fog $fogName -o jsonpath-as-json='{.status}'
+```
+
+**Results**:
+
+On each side, there are two replicas for one failover group. Check the value of `connectedState`, and `synchronizationState` for each replica.
+
+If one of `connectedState` isn't equal to `CONNECTED`, see the instructions under [Check parameters](#check-parameters).
+
+If one of `synchronizationState` isn't equal to `HEALTHY`, focus on the instance which `synchronizationState` isn't equal to `HEALTHY`". Refer to [Can't connect to Arc-enabled SQL Managed Instance](#cant-connect-to-arc-enabled-sql-managed-instance) for how to debug.
+
+### Check parameters
+
+On both geo-primary and geo-secondary, check failover spec against `$sqlmiName` instance on other side.
+
+### Command on local
+
+Run the following command against the local instance to get the spec for the local instance.
+
+```console
+kubectl -n $nameSpace get fog $fogName -o jsonpath-as-json='{.spec}'
+```
+
+### Command on remote
+
+Run the following command against the remote instance:
+
+```console
+kubectl -n $nameSpace get sqlmi $sqlmiName -o jsonpath-as-json='{.status.highAvailability.mirroringCertificate}'
+kubectl -n $nameSpace get sqlmi $sqlmiName -o jsonpath-as-json='{.status.endpoints.mirroring}'
+```
+
+**Results**:
+
+Compare the results from the remote instance with the results from the local instance. 
+
+* `partnerMirroringURL`, and `partnerMirroringCert` from the local instance has to match remote instance values from:
+  * `kubectl -n $nameSpace get sqlmi $sqlmiName -o jsonpath-as-json='{.status.endpoints.mirroring}'`
+  * `kubectl -n $nameSpace get sqlmi $sqlmiName -o jsonpath-as-json='{.status.highAvailability.mirroringCertificate}'`
+
+* `partnerMI` from `kubectl -n $nameSpace get fog $fogName -o jsonpath-as-json='{.spec}'` has to match with `$sqlmiName` from remote instance.
+
+* `sharedName` from `kubectl -n $nameSpace get fog $fogName -o jsonpath-as-json='{.spec}'` is optional. If it isn't presented, it's same as `sourceMI`. The `sharedName` from both site should be same if presented. 
+
+* Role from `kubectl -n $nameSpace get fog $fogName -o jsonpath-as-json='{.spec}'` should be different between two sites. One side should be primary, other should be secondary.
+
+If any one of values described doesn't match the comparison, delete failover group on both sites and re-create.
+
+If nothing is wrong, follow the instructions under [Check mirroring endpoints for both sides](#check-mirroring-endpoints-for-both-sides).
+
+### Check mirroring endpoints for both sides
+
+On both geo-primary and geo-secondary, checks external mirroring endpoint is exposed by following commands.
+
+```console
+kubectl -n test get services $sqlmiName-external-svc -o jsonpath-as-json='{.spec.ports}'
+```
+
+**Results**
+
+* `port-mssql-mirroring` should be presented on the list. The failover group on the other side should use the same value for `partnerMirroringURL`. If the values don't match, correct the mistake and retry from the beginning.
+
+### Verify SQL Server can reach external endpoint of another site
+
+Although you can't ping mirroring endpoint of another site directly, use the following command to reach another side external endpoint of the SQL Server tabular data stream (TDS) port.
+
+```console
+kubectl exec -ti -n $nameSpace $sqlmiName-0 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S $remotePrimaryEndpoint -U $remoteUser -P $remotePassword -Q "SELECT @@ServerName"
+```
+
+**Results**
+
+If SQL server can use external endpoint TDS, there is a good chance it can reach external mirroring endpoint because they are defined and activated in the same service, specifically `$sqlmiName-external-svc`.
+
+## Can't connect to Arc-enabled SQL Managed Instance
+
+This section identifies specific steps you can take to troubleshoot connections to Azure Arc-enabled SQL managed instances.
+
+> [!NOTE]
+> You can't connect to an Azure Arc-enabled SQL Managed Instance if the instance license type is `DisasterRecovery`.
+
+### Check the managed instance status
+
+SQL Managed Instance (SQLMI) status info indicates if the instance is ready or not.
+
+```console
+kubectl -n $nameSpace get sqlmi $sqlmiName -o jsonpath-as-json='{.status}'
+```
+
+**Results**
+
+The state should be `Ready`. If the value isn't `Ready`, you need to wait. If state is error, get the message field, collect logs, and contact support. See [Collecting the logs](#collecting-the-logs).
+
+### Check the routing label for stateful set
+The routing label for stateful set is used to route external endpoint to a matched pod. The name of the label is `role.ag.mssql.microsoft.com`.
+
+```console
+kubectl -n $nameSpace get pods $sqlmiName-0 -o jsonpath-as-json='{.metadata.labels}'
+kubectl -n $nameSpace get pods $sqlmiName-1 -o jsonpath-as-json='{.metadata.labels}'
+kubectl -n $nameSpace get pods $sqlmiName-2 -o jsonpath-as-json='{.metadata.labels}'
+```
+
+**Results**
+
+If you didn't find primary, kill the pod that doesn't have any `role.ag.mssql.microsoft.com` label. If this doesn't resolve the issue, collect logs and contact support. See [Collecting the logs](#collecting-the-logs).
+
+### Get Replica state from local container connection
+
+Use `localhost,1533` to connect sql in each replica of `statefulset`. This connection should always succeed. Use this connection to query the SQL HA replica state.
+
+```console
+kubectl exec -ti -n $nameSpace $sqlmiName-0 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S localhost,1533 -U $User -P $Password -Q "SELECT * FROM sys.dm_hadr_availability_replica_states"
+kubectl exec -ti -n $nameSpace $sqlmiName-1 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S localhost,1533 -U $User -P $Password -Q "SELECT * FROM sys.dm_hadr_availability_replica_states"
+kubectl exec -ti -n $nameSpace $sqlmiName-2 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S localhost,1533 -U $User -P $Password -Q "SELECT * FROM sys.dm_hadr_availability_replica_states"
+```
+
+**Results**
+
+All replicas should be connected & healthy. Here is the detailed description of the query results [sys.dm_hadr_availability_replica_states](/sql/relational-databases/system-dynamic-management-views/sys-dm-hadr-availability-replica-states-transact-sql).
+
+If you find it isn't synchronized or not connected unexpectedly, try to kill the pod which has the problem. If problem persists, collect logs and contact support. See [Collecting the logs](#collecting-the-logs).
+
+> [!NOTE]
+> If there are some large database in the instance, the seeding process to secondary could take a while. If this happens, wait for seeding to complete.
+
+## Check SQLMI SQL engine listener
+
+SQL engine listener is the component which routes connections to the failover group.
+
+```console
+kubectl exec -ti -n $nameSpace $sqlmiName-0 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U $User -P $Password -Q "SELECT @@ServerName"
+kubectl exec -ti -n $nameSpace $sqlmiName-1 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U $User -P $Password -Q "SELECT @@ServerName"
+kubectl exec -ti -n $nameSpace $sqlmiName-2 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U $User -P $Password -Q "SELECT @@ServerName"
+```
+
+**Results**
+
+You should get `ServerName` from `Listener` of each replica. If you can't get `ServerName`, kill the pods which have the problem. If the problem persists after recovery, collect logs and contact support. See [Collecting the logs](#collecting-the-logs).
+
+### Check Kubernetes network connection
+
+Inside Kubernetes cluster, there is kubernetes network on top which allow communication between pods and routing. Check if SQLMI pods can communicate with each other via cluster IP. Run this for all the replicas.
+
+
+```console
+kubectl exec -ti -n $nameSpace $sqlmiName-0 -c arc-sqlmi -- /opt/mssql-tools/bin/sqlcmd -S $(kubectl -n test get service $sqlmiName-p-svc -o jsonpath={'.spec.clusterIP'}),1533 -U $User -P $Password -Q "SELECT @@ServerName"
+```
+
+**Results**
+
+You should be able to reach any Cluster IP address for the pods of stateful set from another pod. If this isn't the case, refer to [Kubernetes documentation - Cluster networking](https://kubernetes.io/docs/concepts/cluster-administration/networking/) for detailed information or get service provider to resolve the issue.
+
+### Check the Kubernetes load balancer or `nodeport` services
+
+Load balancer or `nodeport` services are the services that expose a service port to the external network.
+
+```console
+kubectl -n $nameSpace expose pod $sqlmiName-0 --port=1533  --name=ha-$sqlmiName-0 --type=LoadBalancer
+kubectl -n $nameSpace expose pod $sqlmiName-1 --port=1533  --name=ha-$sqlmiName-1 --type=LoadBalancer
+kubectl -n $nameSpace expose pod $sqlmiName-2 --port=1533  --name=ha-$sqlmiName-2 --type=LoadBalancer
+```
+
+**Results**
+
+You should be able to connect to exposed external port (which has been confirmed from internal at step 3). If you can't connect to external port, refer to [Kubernetes documentation - Create an external load balancer](https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/) and get service provider help on the issues.
+
+You can use any client like `SqlCmd`, SQL Server Management Studio (SSMS), or Azure Data Studio (ADS) to test this out.
+
+## Collecting the logs
+
+If the previous steps all succeeded without any problem and you still can't log in, collect the logs and contact support
+
+### Collection controller logs
+
+```console
+MyController=$(kubectl -n $nameSpace get pods --selector=app=controller -o jsonpath='{.items[*].metadata.name}')
+kubectl -n $nameSpace cp  $MyController:/var/log/controller $localFolder/controller -c controller
+```
+
+### Get SQL Server and supervisor logs for each replica
+
+Run the following command for each replica to get SQL Server and supervisor logs
+
+```console
+kubectl -n $nameSpace cp $sqlmiName-0:/var/opt/mssql/log $localFolder/$sqlmiName-0/log -c  arc-sqlmi
+kubectl -n $nameSpace cp $sqlmiName-0:/var/log/arc-ha-supervisor $localFolder/$sqlmiName-0/arc-ha-supervisor -c arc-ha-supervisor
+```
+
+### Get orchestrator logs
+
+```console
+kubectl -n $nameSpace  cp $sqlmiName-ha-0:/var/log $localFolder/$sqlmiName-ha-0/log -c arc-ha-orchestrator
+```
+
+
+## Next steps
+
+[Get logs to troubleshoot Azure Arc-enabled data services](troubleshooting-get-logs.md)
@@ -1,5 +1,5 @@
 ---
-title: Guidance for developing Azure Functions 
+title: Guidance for developing Azure Functions
 description: Learn the Azure Functions concepts and techniques that you need to develop functions in Azure, across all programming languages and bindings.
 ms.assetid: d8efe41a-bef8-4167-ba97-f3e016fcd39e
 ms.topic: conceptual
@@ -43,7 +43,7 @@ The `bindings` property is where you configure both triggers and bindings. Each
 | name | Function identifier.<br><br>For example, `myQueue`. | string | The name that is used for the bound data in the function. For C#, this is an argument name; for JavaScript, it's the key in a key/value list. |
 
 ## Function app
-A function app provides an execution context in Azure in which your functions run. As such, it is the unit of deployment and management for your functions. A function app is comprised of one or more individual functions that are managed, deployed, and scaled together. All of the functions in a function app share the same pricing plan, deployment method, and runtime version. Think of a function app as a way to organize and collectively manage your functions. To learn more, see [How to manage a function app](functions-how-to-use-azure-function-app-settings.md). 
+A function app provides an execution context in Azure in which your functions run. As such, it is the unit of deployment and management for your functions. A function app is comprised of one or more individual functions that are managed, deployed, and scaled together. All of the functions in a function app share the same pricing plan, deployment method, and runtime version. Think of a function app as a way to organize and collectively manage your functions. To learn more, see [How to manage a function app](functions-how-to-use-azure-function-app-settings.md).
 
 > [!NOTE]
 > All functions in a function app must be authored in the same language. In [previous versions](functions-versions.md) of the Azure Functions runtime, this wasn't required.
@@ -105,7 +105,7 @@ For example, the `connection` property for an Azure Blob trigger definition migh
 
 > [!NOTE]
 > When using [Azure App Configuration](../azure-app-configuration/quickstart-azure-functions-csharp.md) or [Key Vault](../key-vault/general/overview.md) to provide settings for Managed Identity connections, setting names should use a valid key separator such as `:` or `/` in place of the `__` to ensure names are resolved correctly.
-> 
+>
 > For example, `Storage1:blobServiceUri`.
 
 ### Configure an identity-based connection
@@ -122,7 +122,8 @@ Identity-based connections are supported by the following components:
 | Azure Event Hubs triggers and bindings     | All             | [Azure Event Hubs extension version 5.0.0 or later][eventhubv5],<br/>[Extension bundle 3.3.0 or later][eventhubv5]   |
 | Azure Service Bus triggers and bindings       | All             | [Azure Service Bus extension version 5.0.0 or later][servicebusv5],<br/>[Extension bundle 3.3.0 or later][servicebusv5] |
 | Azure Cosmos DB triggers and bindings         | All | [Azure Cosmos DB extension version 4.0.0 or later][cosmosv4],<br/> [Extension bundle 4.0.2 or later][cosmosv4]|
-| Durable Functions storage provider (Azure Storage) | All | [Durable Functions extension version 2.7.0 or later][durable-identity],<br/>[Extension bundle 3.3.0 or later][durable-identity] | 
+| Azure SignalR triggers and bindings           | All | [Azure SignalR extension version 1.7.0 or later][signalr] <br/>[Extension bundle 3.6.1 or later][signalr] |
+| Durable Functions storage provider (Azure Storage) | All | [Durable Functions extension version 2.7.0 or later][durable-identity],<br/>[Extension bundle 3.3.0 or later][durable-identity] |
 | Host-required storage ("AzureWebJobsStorage") - Preview | All             | [Connecting to host storage with an identity](#connecting-to-host-storage-with-an-identity-preview)                        |
 
 [blobv5]: ./functions-bindings-storage-blob.md#install-extension
@@ -131,6 +132,7 @@ Identity-based connections are supported by the following components:
 [servicebusv5]: ./functions-bindings-service-bus.md
 [cosmosv4]: ./functions-bindings-cosmosdb-v2.md?tabs=extensionv4
 [tablesv1]: ./functions-bindings-storage-table.md#table-api-extension
+[signalr]: ./functions-bindings-signalr-service.md#install-extension
 [durable-identity]: ./durable/durable-functions-configure-durable-functions-with-credentials.md
 
 [!INCLUDE [functions-identity-based-connections-configuration](../../includes/functions-identity-based-connections-configuration.md)]
@@ -161,6 +163,8 @@ Choose a tab below to learn about permissions for each component:
 
 [!INCLUDE [functions-cosmos-permissions](../../includes/functions-cosmos-permissions.md)]
 
+# [Azure SignalR extension](#tab/signalr)
+You'll need to create a role assignment that provides access to Azure SignalR Service data plane REST APIs. We recommend you to use the built-in role [SignalR Service Owner](../role-based-access-control/built-in-roles.md#signalr-service-owner). Management roles like [Owner](../role-based-access-control/built-in-roles.md#owner) aren't sufficient.
 
 # [Durable Functions storage provider (preview)](#tab/durable)
 
@@ -186,7 +190,7 @@ Additional options may be supported for a given connection type. Please refer to
 ##### Local development with identity-based connections
 
 > [!NOTE]
-> Local development with identity-based connections requires updated versions of the [Azure Functions Core Tools](./functions-run-local.md). You can check your currently installed version by running `func -v`. For Functions v3, use version `3.0.3904` or later. For Functions v4, use version `4.0.3904` or later. 
+> Local development with identity-based connections requires updated versions of the [Azure Functions Core Tools](./functions-run-local.md). You can check your currently installed version by running `func -v`. For Functions v3, use version `3.0.3904` or later. For Functions v4, use version `4.0.3904` or later.
 
 When running locally, the above configuration tells the runtime to use your local developer identity. The connection will attempt to get a token from the following locations, in order:
 
@@ -207,7 +211,7 @@ In some cases, you may wish to specify use of a different identity. You can add
 | Client ID | `<CONNECTION_NAME_PREFIX>__clientId` |  The client (application) ID of an app registration in the tenant. |
 | Client secret | `<CONNECTION_NAME_PREFIX>__clientSecret` | A client secret that was generated for the app registration. |
 
-Here is an example of `local.settings.json` properties required for identity-based connection to Azure Blobs: 
+Here is an example of `local.settings.json` properties required for identity-based connection to Azure Blobs:
 
 ```json
 {