Merge pull request #8164 from MicrosoftDocs/main

Push2Live

Author: Deland-Han

.openpublishing.redirection.json

@@ -12659,6 +12659,10 @@
       "source_path": "support/dynamics-365/sales/errorinternalservertransienterror-error.md",
       "redirect_url": "/troubleshoot/power-platform/dataverse/email-exchange-synchronization/an-error-occurred-while-synchronizing-item",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "support/dynamics/gp/integration-manager-log-file-does-not-print.md",
+      "redirect_url": "/dynamics-gp/installation/developer-tools"
     }
   ]
 }

support/azure/azure-kubernetes/error-codes/unsatisfiablepdb-error.md

@@ -0,0 +1,81 @@
+---
+title: AKS cluster upgrade fails with UnsatisfiablePDB error
+description: Provides solutions to the UnsatisfiablePDB error when you try to upgrade an Azure Kubernetes Service (AKS) cluster.
+ms.date: 10/27/2023
+ms.reviewer: chiragpa, v-weizhu
+ms.service: azure-kubernetes-service
+ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool)
+#Customer intent: As an Azure Kubernetes Services (AKS) user, I want to troubleshoot an Azure Kubernetes Service cluster upgrade that failed because of a UnsatisfiablePDB error so that I can upgrade the cluster successfully.
+---
+
+# Error "UnsatisfiablePDB" when upgrading an AKS cluster
+
+This article discusses how to identify and resolve the "UnsatisfiablePDB" error that might occur when you try to [upgrade an Azure Kubernetes Service (AKS) cluster](/azure/aks/upgrade-aks-cluster).
+
+## Prerequisites
+
+This article requires Azure CLI version 2.53.0 or a later version. Run `az --version` to find your installed version. If you need to install or upgrade the Azure CLI, see [How to install the Azure CLI](/cli/azure/install-azure-cli).
+
+## Symptoms
+
+An AKS cluster upgrade operation fails with the following error message:
+
+> Code: UnsatisfiablePDB  
+> Message: 1 error occurred:  
+> \* PDB \<pdb-namespace>/\<pdb-name> has maxunavailble == 0 can't proceed with put operation
+
+## Cause
+
+Before starting an upgrade operation, AKS checks the cluster for any existing [Pod Disruption Budgets (PDBs)](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets) that have the `maxUnavailable` parameter set to 0. Such PDBs are likely to block node drain operations. If node drain operations are blocked, the cluster upgrade operation can't complete successfully. This might potentially cause the cluster to be in a failed state.
+
+After receiving the "UnsatisfiablePDB" error, you can confirm the PDB's status by running the following command:
+
+```console
+$ kubectl get pdb <pdb-name> -n <pdb-namespace>
+```
+
+The output of this command should be similar to the following one:
+
+```output
+NAME         MIN AVAILABLE   MAX UNAVAILABLE   ALLOWED DISRUPTIONS   AGE
+<pdb-name>   N/A             0                 0                     49s
+```
+
+If the value of `MAX UNAVAILABLE` is 0, the node drain fails during the upgrade process.
+
+To resolve this issue, use one of the following solutions.
+
+## Solution 1: Adjust the PDB's "maxUnavailable" parameter
+
+> [!NOTE]
+> Use this solution if you can edit the PDB resource directly.
+
+1. Set the PDB's `maxUnavailable` parameter to `1` or a greater value. For more information, see [Specifying a PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget).
+2. Retry the AKS cluster upgrade operation.
+
+## Solution 2: Back up, delete, and redeploy the PDB
+
+> [!NOTE]
+> Use this solution if directly editing the PDB resource isn't viable.
+
+1. Back up the PDB using the following command:
+
+   ```console
+   $ kubectl get pdb <pdb-name> -n <pdb-namespace> -o yaml > pdb_backup.yaml
+   ```
+
+2. Delete the PDB using the following command:
+
+   ```console
+   $ kubectl delete pdb <pdb-name> -n <pdb-namespace>
+   ```
+
+3. Retry the AKS cluster upgrade operation.
+
+4. If the AKS cluster upgrade operation succeeds, redeploy the PDB using the following command:
+
+   ```console
+   $ kubectl apply -f pdb_backup.yaml
+   ```
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/azure/azure-kubernetes/extensions/istio-add-on-minor-revision-upgrade.md

@@ -1,13 +1,13 @@
 ---
 title: Istio service mesh add-on minor revision upgrade troubleshooting
 description: Learn how to do minor revision upgrade troubleshooting on the Istio service mesh add-on for Azure Kubernetes Service (AKS).
-ms.date: 04/26/2024
+ms.date: 02/07/2025
 author: SanyaKochhar
 ms.author: kochhars
 editor: v-jsitser
-ms.reviewer: fuyuanbie, shasb, nshankar, ddama, v-leedennis
-ms.service: azure-kubernetes-service
+ms.reviewer: fuyuanbie, shasb, nshankar, ddama, v-leedennis, v-weizhu
 ms.custom: sap:Extensions, Policies and Add-Ons
+ms.service: azure-kubernetes-service
 #Customer intent: As an Azure Kubernetes user, I want to troubleshoot minor revision upgrades of the Istio add-on so that I can use the Istio service mesh successfully.
 ---
 # Istio service mesh add-on minor revision upgrade troubleshooting
@@ -29,9 +29,10 @@ The following table lists various problems and the different scenarios and solut
 
 | Scenario | Problem | Solution |
 |--|--|--|
-| Data plane workloads are dropped from the mesh. | Data plane and control plane revisions didn't correspond before you completed or rolled back an upgrade. | <p>Follow these steps:</p><ol> <li><p>Relabel namespaces that contain workloads by specifying the revision that's expected to exist after the upgrade completion or rollback. To do this, run the [kubectl label](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_label/) command:</p><pre>kubectl label namespace default istio.io/rev=asm-x-y --overwrite</pre></li> <li><p>Restart the corresponding workload deployments to trigger sidecar reinjection of the correct revision. To do this, run the [kubectl rollout restart](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_restart/) command:</p><pre>kubectl rollout restart deployment \<deployment name></pre></li> <li><p>Verify that the sidecar images exist. To do this, run the [kubectl get](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/) command:</p><pre>kubectl get pods --namespace \<namespace> --output yaml \| grep mcr.microsoft.com/oss/istio/proxyv2:</pre></li> </ol> |
+| Data plane workloads are dropped from the mesh. | Data plane and control plane revisions didn't correspond before you completed or rolled back an upgrade. | <p>Follow these steps:</p><ol> <li><p>Relabel namespaces that contain workloads by specifying the revision that's expected to exist after the upgrade completion or rollback:</p><pre>kubectl label namespace default istio.io/rev=asm-x-y --overwrite</pre></li> <li><p>Restart the corresponding workload deployments using the [kubectl rollout restart](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_rollout/kubectl_rollout_restart/) command to trigger sidecar reinjection of the correct revision:</p><pre>kubectl rollout restart deployment \<deployment name></pre></li> <li><p>Verify that the sidecar images exist using the [kubectl get](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_get/) command:</p><pre>kubectl get pods --namespace \<namespace> --output yaml \| grep mcr.microsoft.com/oss/istio/proxyv2:</pre></li> </ol> |
 | Control plane pods are in the pending state. | The pods lack capacity. | Verify the state of the pods by running the [kubectl describe](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_describe/) command. If capacity is the problem, you can scale up your cluster to add another node. For more information, see [Manually scale the node count in an Azure Kubernetes Service (AKS) cluster](/azure/aks/scale-cluster). |
-| The [az aks mesh get-upgrades](/cli/azure/aks/mesh#az-aks-mesh-get-upgrades) command returns no available upgrades. | The newest Istio revision might be incompatible with the current AKS cluster version. | You can use the [az aks mesh get-revisions](/cli/azure/aks/mesh#az-aks-mesh-get-revisions) command to discover whether newer Istio revisions exist. The output includes a list of compatible cluster versions for each Istio revision. Therefore, you can determine whether a cluster upgrade is necessary. |
+| The [az aks mesh get-upgrades](/cli/azure/aks/mesh#az-aks-mesh-get-upgrades) command returns no available upgrades. | The next Istio revision might be incompatible with the current AKS cluster version. | You can use the [az aks mesh get-revisions](/cli/azure/aks/mesh#az-aks-mesh-get-revisions) command to discover whether newer Istio revisions exist. The output includes a list of compatible cluster versions for each Istio revision. Therefore, you can determine whether a cluster upgrade is necessary. If _both_ mesh and cluster are no longer supported, upgrade the cluster version first, and then the mesh revision. To recover from this scenario, a cluster upgrade is permitted even if it's incompatible with the mesh revision. |
+
 
 > [!NOTE]
 > To avoid unintended behavior and broken functionality, and also make sure that you're receiving updates for security vulnerabilities, we strongly recommend that you upgrade to a supported and up-to-date [AKS version](/azure/aks/supported-kubernetes-versions) and Istio add-on revision. Remember that the add-on revision should also be within the supported Kubernetes version range for the given AKS cluster. As highlighted in the [Minor revision upgrade](/azure/aks/istio-upgrade#minor-revision-upgrade) section of the Istio upgrade article, you can run the `az aks mesh get-revisions` and `az aks mesh get-upgrades` commands to learn about available add-on revisions, upgrades, and compatibility information.
@@ -40,7 +41,10 @@ The following table lists various problems and the different scenarios and solut
 
 - A downgrade to an older revision (outside the canary rollback process) isn't allowed.
 
-- Skipping from one revision to a nonconsecutive revision is allowed only if AKS no longer supports both the current revision and the next upgrade revision. At this point, the only upgrade that's available to you is the lowest supported revision.
+- Available upgrades for a revision depend on whether it's currently supported. For example, if `n` is the currently installed revision and `n+2` is the latest revision:
+  - If `n` is supported, you may upgrade to the next revision `n+1` or directly to the newest revision `n+2`.
+  - If both `n` and `n+1` (next consecutive) are unsupported, the only available upgrade is `n+2` (next supported).
+  - If `n` has been unsupported for a while, it's possible both of the next two consecutive revisions are unsupported. In this case, the only available upgrade is the lowest supported revision.
 
 - The Istio `sidecar.istio.io/inject` label doesn't enable sidecar injection for the Istio add-on. You must use the `istio.io/rev` label when you label and relabel your namespaces during the canary upgrade.
 

support/azure/azure-kubernetes/toc.yml

@@ -366,3 +366,6 @@
       href: error-codes/vmextensionerror-k8sapiserverconnfail.md
     - name: VMExtensionError_K8SAPIServerDNSLookupFail error
       href: error-codes/vmextensionerror-k8sapiserverdnslookupfail.md
+    - name: VMExtensionError_K8SAPIServerDNSLookupFail error
+  - name: UnsatisfiablePDB error
+    href: error-codes/unsatisfiablepdb-error.md

support/dynamics/gp/integration-manager-log-file-does-not-print.md

@@ -154,8 +154,6 @@
     href: initialization-errors-when-removing-or-installing-integration-manager.md
   - name: Input string was not in a correct format
     href: input-string-was-not-a-correct-format.md
-  - name: Integration Manager log file doesn't print
-    href: integration-manager-log-file-does-not-print.md
   - name: Integration performance decreases after an upgrade
     href: integration-performance-decreases-use-sql-source-file.md
   - name: Invalid Unit Cost when doing PA Timesheet integration

support/dynamics/gp/toc.yml

@@ -1,7 +1,7 @@
 ---
 title: How to disable the lookup of isolated names
 description: Provides a resolution to the poor performance when calling lookup functions to resolve names. Gives a method to disable the lookup of isolated names in trusted domain.
-ms.date: 01/15/2025
+ms.date: 02/06/2025
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
@@ -16,7 +16,7 @@ When calling the **LookupAccountName** or **LsaLookupNames** function to resolve
 
 For example, poor performance might occur when using scripts or tools (such as *Cacls.exe*, *Xcacls.exe*, *icacls.exe*, *Dsacls.exe*, and *Subinacl.exe*) to call the functions to edit security settings.
 
-The problem may show up when you have many trusted domains or forests (applies to both external and forest trusts), and/or some of these domains or forests are offline or slow to respond.
+The problem may show up when you have many trusted domains or external forest trusts, and/or some of these domains or forests are offline or slow to respond.
 
 When the functions are called for an isolated name (the format is AccountName in contrast to domain\AccountName), a remote procedure call (RPC) is made to domain controllers on all trusted domains/forests. This issue might occur if the primary domain has many trust relationships with other domains/forests or if it's doing many lookups at a same time. For example, a script is configured to run at the startup of many clients, or many trusted domains/forests use the same script simultaneously.