Merge pull request #8295 from MicrosoftDocs/main

Auto push to live 2025-02-24 18:00:03

Author: Deland-Han

support/azure/azure-container-instances/connectivity/web-socket-is-closed-or-could-not-be-opened.md

@@ -1,11 +1,11 @@
 ---
 title: Error - Web socket is closed or could not be opened
 description: Learn how to resolve the (Web socket is closed or could not be opened) error. This error prevents you from connecting to your container from a virtual network.
-ms.date: 12/28/2023
+ms.date: 02/24/2025
 author: tysonfms
 ms.author: tysonfreeman
 editor: v-jsitser
-ms.reviewer: v-leedennis
+ms.reviewer: albarqaw, v-weizhu, v-leedennis
 ms.service: azure-container-instances
 ms.custom: sap:Connectivity
 #Customer intent: As an Azure administrator, I want to learn how to resolve the "Web socket is closed or could not be opened" error so that I can successfully deploy an image onto a container instance.
@@ -22,10 +22,12 @@ When you try to connect to your container from the Azure portal, you receive the
 
 ## Cause
 
-Your firewall blocks access to port 19390. This port is required to connect to Container Instances from the Azure portal when container groups are deployed in virtual networks.
+Your firewall or corporate proxy blocks access to port 19390. This port is required to connect to Container Instances from the Azure portal when container groups are deployed in virtual networks.
 
 ## Solution
 
-Allow ingress to TCP port 19390 in your firewall. At a minimum, make sure that your firewall gives access to that port for all public client IP addresses that the Azure portal has to connect to.
+To resolve this error, allow ingress to TCP port 19390 in your firewall. At a minimum, make sure that your firewall gives access to that port for all public client IP addresses that the Azure portal has to connect to.
+
+In some scenarios where the corporate proxy blocks port 19390, allow this port for corporate proxy, and then verify the traffic by using the **Network** tab in the browser developer tools.
 
 [!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/azure/azure-kubernetes/create-upgrade-delete/error-code-poddrainfailure.md

@@ -1,7 +1,7 @@
 ---
 title: Troubleshoot UpgradeFailed errors due to eviction failures caused by PDBs
 description: Learn how to troubleshoot UpgradeFailed errors due to eviction failures caused by Pod Disruption Budgets when you try to upgrade an Azure Kubernetes Service cluster.
-ms.date: 12/21/2023
+ms.date: 02/23/2025
 editor: v-jsitser
 ms.reviewer: chiragpa, v-leedennis, v-weizhu
 ms.service: azure-kubernetes-service

support/dynamics-365/supply-chain/toc.yml

@@ -302,6 +302,8 @@
       href: warehousing/load-weight-positive-numbers.md
     - name: Location profile disallows negative inventory, but negative on-hand is permitted
       href: warehousing/location-profile-set.md
+    - name: Many printing jobs are queued in the Document Routing Agent (DRA)
+      href: warehousing/clear-document-rounting-agent-printing-queue.md  
     - name: Multiple SKU option doesn't evaluate multiple location directive actions
       href: warehousing/evaluate-multiple-location-directive-actions.md
     - name: Mixed license plate receiving doesn't work for any disposition code but Credit

support/dynamics-365/supply-chain/warehousing/clear-document-rounting-agent-printing-queue.md

@@ -0,0 +1,49 @@
+---
+title: Many Printing Jobs Are Queued in Document Routing Agent
+description: Provides resolutions on how to clear the printing queue within the Document Routing Agent (DRA) in Microsoft Dynamics 365 Supply Chain Management.
+ms.date: 02/25/2025
+# ms.search.form:
+audience: Application User
+ms.reviewer: kamaybac, ivanma
+ms.search.region: Global
+ms.author: mirzaab
+ms.search.validFrom: 2025-02-10
+ms.dyn365.ops.version: 10.0.39
+ms.custom: sap:Warehouse management
+---
+# Many printing jobs might be queued in the Document Routing Agent (DRA)
+
+This article provides resolutions on how to clear the printing queue within the Document Routing Agent (DRA) used in Microsoft Dynamics 365 Supply Chain Management.
+
+## Symptoms
+
+You might notice that many printing jobs are queued in the [Document Routing Agent (DRA)](/dynamics365/fin-ops-core/dev-itpro/analytics/install-document-routing-agent), causing delays or preventing new print jobs from being processed.
+
+## Solution 1 - Clean up printing queue for one printer
+
+Starting from [Dynamics 365 for Finance and Operations platform update 23](/dynamics365/fin-ops-core/dev-itpro/get-started/whats-new-platform-update-23#manage-access-to-network-printers-across-legal-entities), you can manually clear the printing queue for a specific printer by deleting it from the **System network printers** page. This action removes all pending documents for that printer. Follow these steps to delete and re-register the printer from the DRA client:
+
+1. Navigate to the **Manage Network Printers** page by selecting **Organization administration** > **Setup** > **Network printers**.
+2. Expand the **Options** menu and select the **System network printers** button in the **Preview** section.
+3. Select the network printer and select the **Delete** button.
+
+4. After deletion, pending printing jobs remain in the document routing status list for auditing purposes. However, the actual printing queue is already cleared for that printer.
+
+5. [Re-register the same printer from the DRA client](/dynamics365/fin-ops-core/dev-itpro/analytics/install-document-routing-agent#register-network-printers), and try to print some documents.
+
+   > [!NOTE]
+   >
+   > - Except for the first document, the rest should be printed responsively. The first document might be slow due to a one-time 3-minute cache refresh interval after a new printer is registered.
+   > - If the same printer name is used again, there is no need to set up the document routing again.
+   > - If a new printer name is used, you should set up the document routing with the new printer name for all relevant work order types. For more information, see [Set up license plate label routing](/dynamics365/supply-chain/warehousing/print-license-plate-labels-using-label-layouts#routing).
+
+## Solution 2 - Clean up printing queue and job status for all printers
+
+The [Document routing history cleanup](/dynamics365/fin-ops-core/dev-itpro/analytics/install-document-routing-agent#adjust-the-document-routing-history-cleanup-batch-job) batch job can be used to delete all the document routing jobs older than seven days (168 hours). By default, this batch job runs daily and is first created when a document is sent to the DRA.
+
+Follow these steps to use the **Document routing history cleanup** batch job:
+
+1. Change the document routing job history retention period length from seven days to one hour to delete all printing jobs older than one hour.
+1. Copy the **Document routing history cleanup** batch job to a new batch job, and then update the copied batch job recurrence to run immediately.
+1. Wait for the copied batch to complete, and then delete the copied batch job.
+1. Restore the retention period from one hour to seven days.

support/entra/entra-id/app-integration/error-code-aadsts50017-certificate-based-authentication-failed.md

@@ -0,0 +1,66 @@
+---
+title: Error AADSTS50017 - Validation of Given Certificate for Certificate-Based Authentication Failed
+description: Provides solutions to the Microsoft Entra authentication AADSTS50017 error that occurs when you access an application or resource with certificate-based authentication (CBA).
+ms.reviewer: laks, joaos, willfid, v-weizhu
+ms.service: entra-id
+ms.date: 02/25/2025
+ms.custom: sap:Issues Signing In to Applications
+---
+# Error AADSTS50017 - Validation of given certificate for certificate-based authentication failed
+
+This article provides solutions to the Microsoft Entra authentication AADSTS50017 error that occurs when you access an application or resource with certificate-based authentication (CBA).
+
+## Symptoms
+
+When you try to access an application or resource with CBA, the sign-in process fails and the following error message is displayed:
+
+> AADSTS50017: Validation of given certificate for certificate based authentication failed.
+
+## Cause 1: Certificate chain failures or validation failures
+
+The AADSTS50017 error might occur because of the following problems:
+
+- Certificate chain failures due to missing certificate authority (CA) certificates in store.
+- Validation failures with Subject Key Identifier (SKI) and Authority Key Identifier (AKI) values.
+
+     In Public Key Infrastructure (PKI), the certificate chain validation process ensures the integrity and authenticity of the certificate chain. The SKI and AKI play crucial roles in this process. The SKI provides a unique identifier for the public key held by the certificate. The AKI is used to identify the CA that issues the certificate. 
+
+To resolve this issue, follow these steps:
+
+1. Check if issuing certificate is correctly uploaded to the trusted certificate list.
+
+    A certificate chain consists of multiple certificates linked together. The end user's certificate can be issued by a root CA or a non-root CA (intermediate CA). If you have a non-root issuing CA (intermediate CA), both intermediate and root CA certificates must be uploaded to the Microsoft Entra CA trusted store.
+
+2. Check the SKI value of your certificate and confirm if the AKI value matches any intermediate or root CA certificate that's uploaded to the trusted store.
+
+    If there is no match, your certificate or the missing CA certificate should be changed accordingly. To do this, [configure certificate authorities by using the Microsoft Entra admin center](/entra/identity/authentication/how-to-certificate-based-authentication#configure-certificate-authorities-by-using-the-microsoft-entra-admin-center).
+
+    To get the SKI and AKI values, check the details of your certificate and uploaded issuing CA certificates.
+
+     :::image type="content" source="media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-chain-ski-aki-value.png" alt-text="Screenshot that shows a certificate chain." lightbox="media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-chain-ski-aki-value.png":::
+
+    |Certificate type|Characteristic|
+    |---|---|
+    |Root CA certificate|It has its own SKI. It can issue the intermediate certificates when applicable. It doesn't contain the AKI field.|
+    |Issuing or intermediate CA certificate (when applicable)|Its AKI points to the Root CA certificate's SKI. It has its own SKI that matches the AKI on a user certificate. It can issue user certificates, and issue intermediate certificates when applicable. Multiple intermediate CA certificates can exist.|
+    |End-Entity (User or Client) certificate|It has its own SKI. Its AKI points to the issuing CA certificate's SKI.|
+
+## Cause 2: Invalid certificates
+
+If any certificates in the certificate chain are missing valid extension identifiers, such as certificate policy extensions, the AADSTS50017 error might occur.
+
+To resolve this error, validate the certificate policy extensions for all certificates within the certificate chain, including user certificates, intermediate CA certificates, and the root CA certificate. Ensure that the certificate policy extension and its Object Identifiers (OIDs) are consistent and valid across the entire chain.
+
+To verify the policy OIDs for consistency and validity, retrieve the relevant certificates in chain and validate them as follows: 
+
+:::image type="content" source="media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-policies.png" alt-text="Screenshot that shows certificate policies." lightbox="media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-policies.png":::
+
+If any certificates are missing certificate policy extensions, reissue the CA certificate or end user certificate with the appropriate certificate policy extensions embedded.  
+
+For more information about policy extension and other supported extensions, see [Supported Extensions](/windows/win32/seccertenroll/supported-extensions).
+
+## AADSTS error code reference
+
+For a full list of authentication and authorization error codes, see [Microsoft Entra authentication and authorization error codes](/entra/identity-platform/reference-error-codes). To investigate individual errors, search at https://login.microsoftonline.com/error.
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/entra/entra-id/app-integration/media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-chain-ski-aki-value.png

@@ -79,6 +79,8 @@
         href: app-integration/error-code-AADSTS50020-user-account-identity-provider-does-not-exist.md
       - name: Error AADSTS530004 - AcceptCompliantDevice setting isn't configured
         href: app-integration/error-code-aadsts530004-acceptcompliantdevice-setting-not-configured.md
+      - name: Error AADSTS50017 - Validation of given certificate for certificate-based authentication failed
+        href: app-integration/error-code-aadsts50017-certificate-based-authentication-failed.md
       - name: Error AADSTS50057 - user account is disabled
         href: app-integration/error-code-aadsts50057-user-account-is-disabled.md
       - name: AADSTS500011 - Resource Principal Not Found

support/entra/entra-id/app-integration/media/error-code-aadsts50017-certificate-based-authentication-failed/certificate-policies.png

@@ -33,7 +33,7 @@ SQL Server 2019 CU14 introduced a [fix to address wrong results in parallel plan
 
 ### Issue two: Patching a read-scale availability group (Windows or Linux) causes the availability group on the patched replica to be removed
 
-If you use the read-scale availability group (AG) feature in SQL Server on Windows or Linux, you should **not** install this CU.
+If you use the read-scale availability group (AG) feature in SQL Server on Windows or Linux, do **not** install this CU.
 
 This CU introduced [a fix to support AG names longer than 64 characters](#3548672). However, when the patch is installed on an instance that has the read-scale AG configured, the AG metadata is dropped. This issue affects read-scale AGs in both [Windows](/sql/database-engine/availability-groups/windows/read-scale-availability-groups) and [Linux](/sql/linux/sql-server-linux-availability-group-configure-rs), which means that the `CLUSTER_TYPE` of the AG is either `NONE` or `EXTERNAL`.