Merge pull request #79157 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/Microsoft/azure-docs (branch master)

Author: huypub

articles/active-directory/authentication/howto-password-ban-bad-on-premises-deploy.md

@@ -33,6 +33,7 @@ After the feature has been running in audit mode for a reasonable period, you ca
 
 ## Deployment requirements
 
+* Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the [Azure Active Directory pricing page](https://azure.microsoft.com/pricing/details/active-directory/).
 * All domain controllers that get the DC Agent service for Azure AD password protection installed must run Windows Server 2012 or later. This requirement does not imply that the Active Directory domain or forest must also be at Windows Server 2012 domain or forest functional level. As mentioned in [Design Principles](concept-password-ban-bad-on-premises.md#design-principles), there is no minimum DFL or FFL required for either the DC agent or proxy software to run.
 * All machines that get the DC agent service installed must have .NET 4.5 installed.
 * All machines that get the proxy service for Azure AD password protection installed must run Windows Server 2012 R2 or later.

articles/active-directory/devices/hybrid-azuread-join-manual.md

@@ -138,7 +138,7 @@ The `Initialize-ADSyncDomainJoinedComputerSync` cmdlet:
 
 * Uses the Active Directory PowerShell module and Azure Active Directory Domain Services (Azure AD DS) tools. These tools rely on Active Directory Web Services running on a domain controller. Active Directory Web Services is supported on domain controllers running Windows Server 2008 R2 and later.
 * Is only supported by the MSOnline PowerShell module version 1.1.166.0. To download this module, use [this link](https://msconfiggallery.cloudapp.net/packages/MSOnline/1.1.166.0/).
-* If the Azure AD DS tools are not installed, `Initialize-ADSyncDomainJoinedComputerSync` will fail. You can install the Azure AD DS tools through Server Manager under **Features** > **Remote Server Administration Tools** > **Role Administration Tools**.
+* If the AD DS tools are not installed, `Initialize-ADSyncDomainJoinedComputerSync` will fail. You can install the AD DS tools through Server Manager under **Features** > **Remote Server Administration Tools** > **Role Administration Tools**.
 
 For domain controllers running Windows Server 2008 or earlier versions, use the following script to create the service connection point. In a multi-forest configuration, use the following script to create the service connection point in each forest where computers exist.
 

articles/automation/automation-dsc-diagnostics.md

@@ -45,27 +45,27 @@ To begin importing data from Azure Automation DSC into Azure Monitor logs, compl
 
    ```powershell
    # Find the ResourceId for the Automation Account
-   Get-AzureRmResource -ResourceType 'Microsoft.Automation/automationAccounts'
+   Get-AzResource -ResourceType 'Microsoft.Automation/automationAccounts'
    ```
 
 1. Get the _ResourceId_ of your Log Analytics workspace by running the following PowerShell command:
    (if you have more than one workspace, choose the _ResourceID_ for the workspace you want to configure).
 
    ```powershell
    # Find the ResourceId for the Log Analytics workspace
-   Get-AzureRmResource -ResourceType 'Microsoft.OperationalInsights/workspaces'
+   Get-AzResource -ResourceType 'Microsoft.OperationalInsights/workspaces'
    ```
 
 1. Run the following PowerShell command, replacing `<AutomationResourceId>` and `<WorkspaceResourceId>` with the _ResourceId_ values from each of the previous steps:
 
    ```powershell
-   Set-AzureRmDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $true -Categories 'DscNodeStatus'
+   Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $true -Category 'DscNodeStatus'
    ```
 
 If you want to stop importing data from Azure Automation State Configuration into Azure Monitor logs, run the following PowerShell command:
 
 ```powershell
-Set-AzureRmDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $false -Categories 'DscNodeStatus'
+Set-AzDiagnosticSetting -ResourceId <AutomationResourceId> -WorkspaceId <WorkspaceResourceId> -Enabled $false -Category 'DscNodeStatus'
 ```
 
 ## View the State Configuration logs

articles/azure-monitor/platform/agent-linux-troubleshoot.md

@@ -183,6 +183,33 @@ Below the output plugin, uncomment the following section by removing the `#` in
 ## Issue: You see a 500 and 404 error in the log file right after onboarding
 This is a known issue that occurs on first upload of Linux data into a Log Analytics workspace. This does not affect data being sent or service experience.
 
+
+## Issue: You see omiagent using 100% CPU
+
+### Probable causes
+A regression in nss-pem package [v1.0.3-5.el7](https://centos.pkgs.org/7/centos-x86_64/nss-pem-1.0.3-5.el7.x86_64.rpm.html) caused a severe performance issue, that we've been seeing come up a lot in Redhat/Centos 7.x distributions. To learn more about this issue, check the following documentation: Bug [1667121 Performance regression in libcurl](https://bugzilla.redhat.com/show_bug.cgi?id=1667121).
+
+Performance related bugs don't happen all the time, and they are very difficult to reproduce. If you experience such issue with omiagent you should use the script omiHighCPUDiagnostics.sh which will collect the stack trace of the omiagent when exceeding a certain threshold.
+
+1. Download the script <br/>
+`wget https://raw.githubusercontent.com/microsoft/OMS-Agent-for-Linux/master/tools/LogCollector/source/omiHighCPUDiagnostics.sh`
+
+2. Run diagnostics for 24 hours with 30% CPU threshold <br/>
+`bash omiHighCPUDiagnostics.sh --runtime-in-min 1440 --cpu-threshold 30`
+
+3. Callstack will be dumped in omiagent_trace file, If you notice many Curl and NSS function calls, follow resolution steps below.
+
+### Resolution (step by step)
+
+1. Upgrade the nss-pem package to [v1.0.3-5.el7_6.1](https://centos.pkgs.org/7/centos-updates-x86_64/nss-pem-1.0.3-5.el7_6.1.x86_64.rpm.html). <br/>
+`sudo yum upgrade nss-pem`
+
+2. If nss-pem is not available for upgrade (mostly happens on Centos), then downgrade curl to 7.29.0-46. If by mistake you run "yum update", then curl will be upgraded to 7.29.0-51 and the issue will happen again. <br/>
+`sudo yum downgrade curl libcurl`
+
+3. Restart OMI: <br/>
+`sudo scxadmin -restart`
+
 ## Issue: You are not seeing any data in the Azure portal
 
 ### Probable causes

articles/cognitive-services/text-analytics/how-tos/text-analytics-how-to-keyword-extraction.md

@@ -7,8 +7,8 @@ manager: nitinme
 ms.service: cognitive-services
 ms.subservice: text-analytics
 ms.topic: sample
-ms.date: 04/16/2019
-ms.author: aahi
+ms.date: 06/05/2019
+ms.author: raymondl
 ---
 
 # Example: How to extract key phrases using Text Analytics
@@ -17,7 +17,7 @@ The [Key Phrase Extraction API](https://westcentralus.dev.cognitive.microsoft.co
 
 This capability is useful if you need to quickly identify the main points in a collection of documents. For example, given input text "The food was delicious and there were wonderful staff", the service returns the main talking points: "food" and "wonderful staff".
 
-Currently, Key Phrase Extraction supports English, German, Spanish, and Japanese. Other languages are in preview. For more information, see [Supported languages](../text-analytics-supported-languages.md).
+See the [Supported languages](../text-analytics-supported-languages.md) article for more information. 
 
 > [!TIP]
 > Text Analytics also provides a Linux-based Docker container image for key phrase extraction, so you can [install and run the Text Analytics container](text-analytics-how-to-install-containers.md) close to your data.

articles/container-registry/container-registry-roles.md

@@ -19,7 +19,7 @@ The Azure Container Registry service supports a set of Azure roles that provide
 | ---------| --------- | --------- | --------- | --------- | --------- | --------- | --------- |
 | Owner | X | X | X | X | X | X |  |  
 | Contributor | X | X | X |  X | X | X |  |  
-| Reader | X |  |  | X |  |  |  |
+| Reader | X |  |  |  |  |  |  |
 | AcrPush |  |  | X | X | |  |  |  
 | AcrPull |  |  |  | X |  |  |  |  
 | AcrDelete |  |  |  |  | X |  |  |

articles/logic-apps/logic-apps-pricing.md

@@ -135,7 +135,7 @@ instances might take some time before they completely stop.
 
 ## Integration accounts
 
-Consumption pricing applies to [integration accounts](logic-apps-enterprise-integration-create-integration-account.md) 
+The fixed pricing model applies to [integration accounts](logic-apps-enterprise-integration-create-integration-account.md) 
 where you can explore, develop, and test the 
 [B2B and EDI](logic-apps-enterprise-integration-b2b.md) 
 and [XML processing](logic-apps-enterprise-integration-xml.md) 
@@ -209,4 +209,4 @@ under **Inputs link** and **Outputs link**.
 ## Next steps
 
 * [Learn more about Azure Logic Apps](logic-apps-overview.md)
-* [Create your first logic app](quickstart-create-first-logic-app-workflow.md)
+* [Create your first logic app](quickstart-create-first-logic-app-workflow.md)

articles/vpn-gateway/point-to-site-about.md

@@ -18,9 +18,9 @@ A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection
 
 Point-to-site VPN can use one of the following protocols:
 
-* **OpenVPN® Protocol**, an SSL/TLS based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443, which SSL uses. OpenVPN can be used to connect from Android, iOS (versions 11.0 and above), Windows, Linux and Mac devices (OSX versions 10.13 and above).
+* **OpenVPN® Protocol**, an SSL/TLS based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which SSL uses. OpenVPN can be used to connect from Android, iOS (versions 11.0 and above), Windows, Linux and Mac devices (OSX versions 10.13 and above).
 
-* Secure Socket Tunneling Protocol (SSTP), a proprietary SSL-based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443, which SSL uses. SSTP is only supported on Windows devices. Azure supports all versions of Windows that have SSTP (Windows 7 and later).
+* Secure Socket Tunneling Protocol (SSTP), a proprietary SSL-based VPN protocol. An SSL VPN solution can penetrate firewalls, since most firewalls open TCP port 443 outbound, which SSL uses. SSTP is only supported on Windows devices. Azure supports all versions of Windows that have SSTP (Windows 7 and later).
 
 * IKEv2 VPN, a standards-based IPsec VPN solution. IKEv2 VPN can be used to connect from Mac devices (OSX versions 10.11 and above).
 
@@ -92,6 +92,12 @@ A P2S configuration requires quite a few specific steps. The following articles
 
 * [Configure OpenVPN](vpn-gateway-howto-openvpn.md)
 
+## How do I remove the configuration of a P2S connection?
+
+A P2S configuration can be removed using az cli and the following command : 
+
+`az network vnet-gateway update --name <gateway-name> --resource-group <resource-group name> --remove "vpnClientConfiguration"`
+ 
 ## <a name="faqcert"></a>FAQ for native Azure certificate authentication
 
 [!INCLUDE [vpn-gateway-point-to-site-faq-include](../../includes/vpn-gateway-faq-p2s-azurecert-include.md)]
@@ -106,4 +112,4 @@ A P2S configuration requires quite a few specific steps. The following articles
 
 * [Configure a P2S connection - Azure native certificate authentication](vpn-gateway-howto-point-to-site-rm-ps.md)
 
-**"OpenVPN" is a trademark of OpenVPN Inc.**
+**"OpenVPN" is a trademark of OpenVPN Inc.**

includes/vpn-gateway-faq-p2s-all-include.md

@@ -34,11 +34,11 @@ The following client operating systems are supported:
 
 Azure supports three types of Point-to-site VPN options:
 
-* Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the TCP port that 443 SSL uses.
+* Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
 
-* OpenVPN. OpenVPN is a SSL-based solution that can penetrate firewalls since most firewalls open the TCP port that 443 SSL uses.
+* OpenVPN. OpenVPN is a SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
 
-* IKEv2 VPN. IKEv2 VPN is a standards-based IPsec VPN solution that uses UDP port 500 and 4500 and IP protocol no. 50. Firewalls do not always open these ports, so there is a possibility of IKEv2 VPN not being able to traverse proxies and firewalls.
+* IKEv2 VPN. IKEv2 VPN is a standards-based IPsec VPN solution that uses outbound UDP ports 500 and 4500 and IP protocol no. 50. Firewalls do not always open these ports, so there is a possibility of IKEv2 VPN not being able to traverse proxies and firewalls.
 
 ### If I restart a client computer configured for Point-to-Site, will the VPN automatically reconnect?