You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -253,6 +253,32 @@ You can also try the [monitoring solutions for Java native](/azure/azure-monitor
253
253
- With Spring Boot, the Microsoft distribution of the OpenTelemetry starter.
254
254
- With Quarkus, the Quarkus Opentelemetry Exporter for Microsoft Azure.
255
255
256
+
257
+
## Understand duplicated operation IDs
258
+
259
+
Application logic can result in an operation ID being reused by multiple telemetry items, as shown in [this example](/azure/azure-monitor/app/distributed-trace-data#example). The duplication might also come from incoming requests. To identify this, use one of the following methods:
260
+
261
+
* Enable the capture of the `traceparent` header in the **applicationinsigths.json** file as follows:
262
+
263
+
```json
264
+
{
265
+
"preview": {
266
+
"captureHttpServerHeaders": {
267
+
"requestHeaders": [
268
+
"traceparent"
269
+
]
270
+
}
271
+
}
272
+
}
273
+
```
274
+
* Enable [self-diagnostics](/azure/azure-monitor/app/java-standalone-config#self-diagnostics) at the DEBUG level and restart the application.
275
+
276
+
In the following log example, the operation ID comes from an incoming request, not Application Insights:
Copy file name to clipboardExpand all lines: support/azure/virtual-machines/linux/serial-console-linux.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.collection: linux
12
12
ms.topic: article
13
13
ms.tgt_pltfrm: vm-linux
14
14
ms.workload: infrastructure-services
15
-
ms.date: 11/21/2024
15
+
ms.date: 01/09/2025
16
16
ms.author: mbifeld
17
17
---
18
18
@@ -116,7 +116,7 @@ Serial Console uses the storage account configured for boot diagnostics in its c
116
116
| Australia | Australia Central, Australia Central 2, Australia East, Australia Southeast | 4.198.45.55, 4.200.251.224, 20.167.131.228, 20.53.52.250, 20.53.53.224, 20.53.55.174, 20.70.222.112, 20.70.222.113, 68.218.123.133 |
117
117
| Brazil | Brazil South, Brazil Southeast | 20.206.0.192, 20.206.0.193, 20.206.0.194, 20.226.211.157, 108.140.5.172, 191.234.136.63, 191.238.77.232, 191.238.77.233 |
| Canary (EUAP) |US Central EUAP, US East 2 EUAP | 20.45.242.18, 20.45.242.19, 20.45.242.20, 20.47.232.186, 20.47.232.187, 20.51.21.252, 68.220.123.194, 168.61.232.59|
120
120
| China | China North 3, China East 3 | 163.228.102.122, 163.228.102.123, 52.131.192.182, 52.131.192.183, 159.27.255.76, 159.27.253.236, 163.228.102.122, 163.228.102.123, 52.131.192.182, 52.131.192.183 |
121
121
| Europe | Europe North, Europe West | 4.210.131.60, 20.105.209.72, 20.105.209.73, 40.113.178.49, 52.146.137.65, 52.146.139.220, 52.146.139.221, 98.71.107.78 |
122
122
| France | France Central, France South | 20.111.0.244, 40.80.103.247, 51.138.215.126, 51.138.215.127, 52.136.191.8, 52.136.191.9, 52.136.191.10, 98.66.128.35 |
Copy file name to clipboardExpand all lines: support/azure/virtual-machines/windows/serial-console-windows.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.collection: windows
11
11
ms.topic: article
12
12
ms.tgt_pltfrm: vm-windows
13
13
ms.workload: infrastructure-services
14
-
ms.date: 11/22/2024
14
+
ms.date: 01/10/2025
15
15
ms.author: mbifeld
16
16
ms.custom: sap:VM Admin - Windows (Guest OS)
17
17
---
@@ -170,7 +170,7 @@ Serial Console uses the storage account configured for boot diagnostics in its c
170
170
| Australia | Australia Central, Australia Central 2, Australia East, Australia Southeast | 4.198.45.55, 4.200.251.224, 20.167.131.228, 20.53.52.250, 20.53.53.224, 20.53.55.174, 20.70.222.112, 20.70.222.113, 68.218.123.133 |
171
171
| Brazil | Brazil South, Brazil Southeast | 20.206.0.192, 20.206.0.193, 20.206.0.194, 20.226.211.157, 108.140.5.172, 191.234.136.63, 191.238.77.232, 191.238.77.233 |
| Canary (EUAP) |US Central EUAP, US East 2 EUAP | 20.45.242.18, 20.45.242.19, 20.45.242.20, 20.47.232.186, 20.47.232.187, 20.51.21.252, 68.220.123.194, 168.61.232.59|
174
174
| China | China North 3, China East 3 | 163.228.102.122, 163.228.102.123, 52.131.192.182, 52.131.192.183, 159.27.255.76, 159.27.253.236, 163.228.102.122, 163.228.102.123, 52.131.192.182, 52.131.192.183 |
175
175
| Europe | Europe North, Europe West | 4.210.131.60, 20.105.209.72, 20.105.209.73, 40.113.178.49, 52.146.137.65, 52.146.139.220, 52.146.139.221, 98.71.107.78 |
176
176
| France | France Central, France South | 20.111.0.244, 40.80.103.247, 51.138.215.126, 51.138.215.127, 52.136.191.8, 52.136.191.9, 52.136.191.10, 98.66.128.35 |
Copy file name to clipboardExpand all lines: support/developer/webapps/iis/site-behavior-performance/http-403-forbidden-access-website.md
+16-16Lines changed: 16 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,20 +1,20 @@
1
1
---
2
2
title: HTTP Error 403.16 when you access a website
3
-
description: This article describes the problem where an HTTP 403.16 error occurs when you try to access a website that's hosted by IIS 7.0.
4
-
ms.date: 03/26/2020
3
+
description: This article describes the problem where an HTTP 403.16 error occurs when you try to access a website that's hosted on IIS.
4
+
ms.date: 01/09/2025
5
5
ms.custom: sap:Site Behavior and Performance\Runtime errors and exceptions, including HTTP 400 and 50x errors
6
-
ms.reviewer: mlaing
6
+
ms.reviewer: mlaing, paulboc
7
7
---
8
-
# HTTP Error 403.16 when you try to access a website that's hosted on IIS 7.0
8
+
# HTTP Error 403.16 when you try to access a website that's hosted on IIS
9
9
10
-
This article helps you resolve the **HTTP 403.16 - Forbidden** error that occurs when you access a website that's hosted on Internet Information Services (IIS) 7.0.
10
+
This article helps you resolve the "HTTP 403.16 - Forbidden" error that occurs when you access a website that's hosted on Internet Information Services (IIS).
11
11
12
-
_Original product version:_ Internet Information Services 7.0
12
+
_Original product version:_ Internet Information Services
13
13
_Original KB number:_ 942061
14
14
15
15
## Symptoms
16
16
17
-
You have a website that's hosted on IIS 7.0. When you try to access the site through a web browser, you receive an error message that resembles one of the following examples.
17
+
You have a website hosted on the IIS web server that ships with Windows Server 2016 or later. When you try to access the site through a web browser, you receive an error message that resembles one of the following examples:
18
18
19
19
- Error message 1
20
20
@@ -35,13 +35,9 @@ This problem occurs because the root certificate of the certification authority
35
35
> [!NOTE]
36
36
> The root certificate of the certification authority is used to issue the client certificate.
37
37
38
-
## Cause 2: Non-self-signed certificates are in Trusted Root Certification Authorities Certificate store
39
-
40
-
There are one or more non-self-signed certificates in the Trusted Root Certification Authorities Certificate store. A non-self-signed certificate is any certificate for which the `Issued To` and `Issued By` values aren't an exact match.
41
-
42
-
## Resolution for cause 1
38
+
### Resolution for cause 1
43
39
44
-
1. On the IIS Web server, select **Start**, type *mmc.exe* in the **Start Search** box, right-click mmc.exe, and then select **Run as administrator**.
40
+
1. On the IIS Web server, select **Start**, type *mmc.exe* in the **Start Search** box, right-click **mmc.exe**, and then select **Run as administrator**.
45
41
46
42
> [!NOTE]
47
43
> If you are prompted for an administrator password or for a confirmation, type the password, or select **Continue**.
@@ -51,12 +47,16 @@ There are one or more non-self-signed certificates in the Trusted Root Certifica
51
47
4. Select **Computer account**, and then select **Next**.
52
48
5. Select **Local computer**, select **Finish**, and then select **Close**.
53
49
6. To exit the wizard, select **OK**.
54
-
7. Expand **Certificates**, expand**Trusted Root Certification Authorities**, right-click **Certificates**, point to **All Tasks**, and then select **Import**.
50
+
7. Expand **Certificates** >**Trusted Root Certification Authorities**, right-click **Certificates**, point to **All Tasks**, and then select **Import**.
55
51
8. In the Certificate Import Wizard, select **Next**.
56
52
9. In the **File name** box, type the location of the root certificate of the certification authority, and then select **Next**.
57
-
10. Select **Next**, and then select **Finish**.
53
+
10. Select **Next** > **Finish**.
54
+
55
+
## Cause 2: Non-self-signed certificates are in Trusted Root Certification Authorities Certificate store
56
+
57
+
There are one or more non-self-signed certificates in the Trusted Root Certification Authorities Certificate store. A non-self-signed certificate is any certificate for which the `Issued To` and `Issued By` values aren't an exact match.
58
58
59
-
## Resolution for cause 2
59
+
###Resolution for cause 2
60
60
61
61
Move any non-self-signed certificated out of the Trusted Root Certification Authorities Certificate store and into the Intermediate Certification Authorities Certificate store.
Copy file name to clipboardExpand all lines: support/developer/webapps/iis/www-authentication-authorization/http-bad-request-response-kerberos.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,9 +1,9 @@
1
1
---
2
2
title: HTTP 400 error responses to HTTP requests
3
3
description: Works around an HTTP 400 error that the HTTP request header is too long.
4
-
ms.date: 05/14/2021
4
+
ms.date: 01/10/2025
5
5
ms.custom: sap:WWW Authentication and Authorization\Windows Authentication
6
-
ms.reviewer: ivanpash
6
+
ms.reviewer: ivanpash, paulboc
7
7
---
8
8
# HTTP 400 Bad Request (Request Header too long) responses to HTTP requests
9
9
@@ -34,8 +34,7 @@ Decrease the number of Active Directory groups that the user is a member of.
34
34
35
35
Increase the settings for the `MaxFieldLength` and the `MaxRequestBytes` registry entries on the server so that the user's request headers don't exceed these values. To determine the appropriate settings, use the following calculations:
36
36
37
-
1. Calculate the size of the user's Kerberos token by using the formula described in the following article:
38
-
[Problems with Kerberos authentication when a user belongs to many groups](https://support.microsoft.com/kb/327825).
37
+
1. Calculate the size of the user's Kerberos token by using the formula described in [Problems with Kerberos authentication when a user belongs to many groups](../../../../windows-server/windows-security/kerberos-authentication-problems-if-user-belongs-to-groups.md).
39
38
40
39
2. Set the value of `MaxFieldLength` and `MaxRequestBytes` on the server to 4/3 * T bytes, where T is the user's token size in bytes. HTTP encodes the Kerberos token by using base64 encoding.
41
40
@@ -48,7 +47,8 @@ Depending on your application environment, you might also work around this probl
48
47
49
48
By default, there is no `MaxFieldLength` registry entry. This entry specifies the maximum size limit of each HTTP request header. The `MaxRequestBytes` registry entry specifies the upper limit for the total size of the Request line and the headers. Typically, this registry entry is configured together with the `MaxRequestBytes` registry entry. If the `MaxRequestBytes` value is lower than the `MaxFieldLength` value, the `MaxFieldLength` value is adjusted. In large Active Directory environments, users may experience logon failures if the values for both these entries aren't set to a sufficiently high value.
50
49
51
-
For IIS 6.0 and later, the `MaxFieldLength` and `MaxRequestBytes` registry keys are located at the following sub key:
50
+
For IIS versions shipped with Windows Server 2016 and later, the `MaxFieldLength` and `MaxRequestBytes` registry keys are located in the following subkey:
Set the key values as shown in the following table:
@@ -68,12 +68,12 @@ Set the key values as shown in the following table:
68
68
> [!IMPORTANT]
69
69
> Changing these registry keys should be considered to be extremely dangerous. These keys allow larger HTTP packets to be sent to IIS. This, in turn, may cause Http.sys to use more memory. Therefore, such changes can increase the computer's vulnerability to malicious attacks.
70
70
71
-
If `MaxFieldLength` is set to its maximum value of 64 KB, the `MaxTokenSize` registry value should be set to 3/4 * 64 = 48 KB. For more information about the `MaxTokenSize` setting, see [Problems with Kerberos authentication when a user belongs to many groups](https://support.microsoft.com/help/327825).
71
+
If `MaxFieldLength` is set to its maximum value of 64 KB, the `MaxTokenSize` registry value should be set to 3/4 * 64 = 48 KB. For more information about the `MaxTokenSize` setting, see [Problems with Kerberos authentication when a user belongs to many groups](../../../../windows-server/windows-security/kerberos-authentication-problems-if-user-belongs-to-groups.md).
72
72
73
73
## References
74
74
75
-
-[Http.sys registry settings for IIS](https://support.microsoft.com/help/820129/http-sys-registry-settings-for-windows)
75
+
-[Http.sys registry settings for IIS](../iisadmin-service-inetinfo/httpsys-registry-windows.md)
76
76
77
-
-[Error logging in HTTP API](https://support.microsoft.com/help/820729/error-logging-in-http-apis)
77
+
-[Error logging in the HTTP server API](/windows/win32/http/error-logging-in-the-http-server-api)
78
78
79
-
-[Problems with Kerberos authentication when a user belongs to many groups](https://support.microsoft.com/help/327825)
79
+
-[Problems with Kerberos authentication when a user belongs to many groups](../../../../windows-server/windows-security/kerberos-authentication-problems-if-user-belongs-to-groups.md)
0 commit comments