Merge pull request #183008 from kryalama/kryalama/troubledocs

fix Java agent troubleshooting docs

Author: GitHubber17

articles/azure-monitor/app/java-in-process-agent.md

@@ -369,7 +369,7 @@ If you want to attach custom dimensions to your logs, use [Log4j 1.2 MDC](https:
 
 1. Create a TelemetryClient:
     
-      ```java
+    ```java
     static final TelemetryClient telemetryClient = new TelemetryClient();
     ```
 

articles/azure-monitor/app/java-standalone-troubleshoot.md

@@ -72,49 +72,47 @@ and the JVM arg will point you to your custom keystore.
 
 Typically the default Java keystore will already have all of the CA root certificates. However there might be some exceptions, such as the ingestion endpoint certificate might be signed by a different root certificate. So we recommend the following three steps to resolve this issue:
 
-1.	Check if the root certificate that was used to sign the Application Insights endpoint is already present in the default keystore. The trusted CA certificates, by default, are stored in `$JAVA_HOME/jre/lib/security/cacerts`. To list certificates in a Java keystore use the following command:
+1.	Check if the SSL certificate that was used to sign the Application Insights endpoint is already present in the default keystore. The trusted CA certificates, by default, are stored in `$JAVA_HOME/jre/lib/security/cacerts`. To list certificates in a Java keystore use the following command:
     > `keytool -list -v -keystore $PATH_TO_KEYSTORE_FILE`
 
     You can redirect the output to a temp file like this (will be easy to search later)
     > `keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts > temp.txt`
 
-2. Once you have the list of certificates, follow these [steps](#steps-to-download-ssl-certificate) to download the root certificate that was used to sign the Application Insights endpoint.
+2. Once you have the list of certificates, follow these [steps](#steps-to-download-ssl-certificate) to download the SSL certificate that was used to sign the Application Insights endpoint.
 
     Once you have the certificate downloaded, generate a SHA-1 hash on the certificate using the below command:
-    > `keytool -printcert -v -file "your_downloaded_root_certificate.cer"`
+    > `keytool -printcert -v -file "your_downloaded_ssl_certificate.cer"`
  
-    Copy the SHA-1 value and check if this value is present in "temp.txt" file you saved previously.  If you are not able to find the SHA-1 value in the temp file, it indicates that the downloaded root cert is missing in default Java keystore.
+    Copy the SHA-1 value and check if this value is present in "temp.txt" file you saved previously.  If you are not able to find the SHA-1 value in the temp file, it indicates that the downloaded SSL cert is missing in default Java keystore.
 
 
-3. Import the root certificate to the default Java keystore using the following command:
+3. Import the SSL certificate to the default Java keystore using the following command:
     >   `keytool -import -file "the cert file" -alias "some meaningful name" -keystore "path to cacerts file"`
  
     In this case it will be
 
-    > `keytool -import -file "your downloaded root cert file" -alias "some meaningful name" $JAVA_HOME/jre/lib/security/cacerts`
+    > `keytool -import -file "your downloaded ssl cert file" -alias "some meaningful name" $JAVA_HOME/jre/lib/security/cacerts`
 
 
 ### If using a custom Java keystore:
 
-If you are using a custom Java keystore, you may need to import the Application Insights endpoint(s) root SSL certificate(s) into it.
+If you are using a custom Java keystore, you may need to import the Application Insights endpoint(s) SSL certificate(s) into it.
 We recommend the following two steps to resolve this issue:
-1. Follow these [steps](#steps-to-download-ssl-certificate) to download the root certificate from the Application Insights endpoint.
-2. Use the following command to import the root SSL certificate to the custom Java keystore:
+1. Follow these [steps](#steps-to-download-ssl-certificate) to download the SSL certificate from the Application Insights endpoint.
+2. Use the following command to import the SSL certificate to the custom Java keystore:
     > `keytool -importcert -alias your_ssl_certificate -file "your downloaded SSL certificate name.cer" -keystore "Your KeyStore name" -storepass "Your keystore password" -noprompt`
 
 ### Steps to download SSL certificate
 
-1.	Open your favorite browser and go to the `IngestionEndpoint` URL present in the connection string that's used to instrument your application.
-
-    :::image type="content" source="media/java-ipa/troubleshooting/ingestion-endpoint-snippet.png" alt-text="Screenshot that shows an Application Insights connection string." lightbox="media/java-ipa/troubleshooting/ingestion-endpoint-snippet.png":::
+1.	Open your favorite browser and go to the URL from which you want to download the SSL certificate.
 
 2.	Select the **View site information** (lock) icon in the browser, and then select the **Certificate** option.
 
     :::image type="content" source="media/java-ipa/troubleshooting/certificate-icon-capture.png" alt-text="Screenshot of the Certificate option in site information." lightbox="media/java-ipa/troubleshooting/certificate-icon-capture.png":::
 
-3.  Instead of downloading the 'leaf' certificate you should download the 'root' certificate as shown below. Later, you have to click on the "Certificate Path" -> Select the Root Certificate -> Click on 'View Certificate'. This will pop up a new certificate menu and you can download the certificate, from the new menu.
+3.  Later, you have to click on the "Certificate Path" -> Select the root Certificate -> Click on 'View Certificate'. This will pop up a new certificate menu and you can download the certificate, from the new menu.
 
-    :::image type="content" source="media/java-ipa/troubleshooting/root-certificate-selection.png" alt-text="Screenshot of how to select the root certificate." lightbox="media/java-ipa/troubleshooting/root-certificate-selection.png":::
+    :::image type="content" source="media/java-ipa/troubleshooting/root-certificate.png" alt-text="Screenshot of how to select the root certificate." lightbox="media/java-ipa/troubleshooting/root-certificate.png":::
 
 4.	Go to the **Details** tab and select **Copy to file**.
 5.	Select the **Next** button, select **Base-64 encoded X.509 (.CER)** format, and then select **Next** again.
@@ -127,3 +125,8 @@ We recommend the following two steps to resolve this issue:
 > You'll need to repeat these steps to get the new certificate before the current certificate expires. You can find the expiration information on the **Details** tab of the **Certificate** dialog box.
 >
 > :::image type="content" source="media/java-ipa/troubleshooting/certificate-details.png" alt-text="Screenshot that shows SSL certificate details." lightbox="media/java-ipa/troubleshooting/certificate-details.png":::
+
+## Understanding UnknownHostException
+
+If you see this exception after upgrading to Java agent version greater than 3.2.0, upgrading your network to resolve the new endpoint shown in the exception might resolve the exception. The reason for the difference between Application Insights versions is that versions greater than 3.2.0 point to the new ingestion endpoint `v2.1/track` compared to the older `v2/track`. The new ingestion endpoint automatically redirects you to the ingestion endpoint (new endpoint shown in exception) nearest to the storage for your Application Insights resource.
+