Merge remote-tracking branch 'upstream/main' into AB#7781

Author: v-tappelgate

support/azure/azure-storage/files/connectivity/files-troubleshoot-smb-connectivity.md

@@ -62,7 +62,7 @@ If users are accessing the Azure file share using identity-based authentication,
 
 #### Solution for cause 3
 
-Validate that share-level permissions are configured correctly. See [Assign share-level permissions](/azure/storage/files/storage-files-identity-assign-share-level-permissions). Share-level permission assignments are supported for groups and users that have been synced from AD DS to Microsoft Entra ID using Microsoft Entra Connect Sync or Microsoft Entra Connect cloud sync. Confirm that groups and users being assigned share-level permissions aren't unsupported "cloud-only" groups.
+Validate that share-level permissions are configured correctly. See [Assign share-level permissions](/azure/storage/files/storage-files-identity-assign-share-level-permissions).
 
 ### <a id="error53-67-87"></a>Error 53, Error 67, or Error 87 when you mount or unmount an Azure file share
 

support/azure/azure-storage/files/security/files-troubleshoot-smb-authentication.md

@@ -40,20 +40,14 @@ When you try to mount a file share, you might receive the following error:
 
 ### Cause: Share-level permissions are incorrect
 
-If end users are accessing the Azure file share using Active Directory Domain Services (AD DS) or Microsoft Entra Domain Services authentication, access to the file share fails with "Access is denied" error if share-level permissions are incorrect. 
+If end users are accessing the Azure file share using identity-based authentication, access to the file share fails with "Access is denied" error if share-level permissions are incorrect. 
 
 > [!NOTE]
 > This error might be caused by issues other than incorrect share-level permissions. For information on other possible causes and solutions, see [Troubleshoot Azure Files connectivity and access issues](../connectivity/files-troubleshoot-smb-connectivity.md#error5).
 
 ### Solution
 
-Validate that permissions are configured correctly:
-
-- **Active Directory Domain Services (AD DS)** see [Assign share-level permissions](/azure/storage/files/storage-files-identity-assign-share-level-permissions).
-
-    Share-level permission assignments are supported for groups and users that are synced from AD DS to Microsoft Entra ID using Microsoft Entra Connect Sync or Microsoft Entra Connect cloud sync. Confirm that groups and users being assigned share-level permissions aren't unsupported "cloud-only" groups.
-
-- **Microsoft Entra Domain Services** see [Assign share-level permissions](/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal#assign-share-level-permissions).
+Validate that permissions are configured correctly. See [Assign share-level permissions](/azure/storage/files/storage-files-identity-assign-share-level-permissions).
 
 <a name='error-aaddstenantnotfound-in-enabling-azure-ad-ds-authentication-for-azure-files-unable-to-locate-active-tenants-with-tenant-id-aad-tenant-id'></a>
 

support/azure/virtual-machines/linux/apt-common-issues-in-ubuntu.md

@@ -10,7 +10,7 @@ ms.collection: linux
 ms.topic: troubleshooting-problem-resolution
 ms.workload: infrastructure-services
 ms.tgt_pltfrm: vm-linux
-ms.custom: linux-related-content
+ms.custom: linux-related-content, VM Admin - Linux (Guest OS)
 ms.date: 06/07/2024
 #customer intent: As an Azure Linux virtual machine (VM) administrator, I want troubleshoot issues in the APT tools so that I can successfully install or update applications on my VMs.
 ---
@@ -20,9 +20,6 @@ ms.date: 06/07/2024
 
 This article discusses and provides solutions to common issues that you might encounter when you use the `apt` command-line tool to install or update applications on Microsoft Azure virtual machines (VMs).
 
-> [!CAUTION]
-> Standard support for Canonical Ubuntu 18.04 LTS is no longer available. If you're affected, see [Canonical Ubuntu 18.04 LTS is out of standard support on May 31, 2023](upgrade-canonical-ubuntu-18dot04-lts.md) to review your options.
-
 ## Overview
 
 The `apt` (Advanced Package Tool) command on Ubuntu is a powerful tool that's used for package management. It enables you to install, remove, update, and manage software packages on the Ubuntu system. You can use `apt` to search for available packages, install specific versions of packages, and handle dependencies efficiently. It simplifies the process of software management by providing a command-line interface to interact with the APT libraries.
@@ -115,7 +112,7 @@ An Azure firewall or virtual appliance might be acting as a protective barrier b
 
 #### Solution 3: Make sure that the Ubuntu address is allowed
 
-Make sure that `azure.archive.ubuntu.com` and any other repository URLs are fully accessible. To do this, take the following actions:
+Make sure that `azure.archive.ubuntu.com` and any other repository URLs are fully accessible. To do this step, take the following actions:
 
 1. Verify that the destination URLs are allowed in firewall policies.
 
@@ -149,13 +146,13 @@ Acquire::https::Proxy "http://[username]:[password]@ [proxy-web-or-IP-address]:[
 
 Additionally, for Ubuntu and other Unix-like operating systems, you can set up a proxy for HTTP and HTTPS traffic by using environment variables. The relevant environment variables are `http_proxy` and `https_proxy`. To verify whether a proxy is configured, run the following command.
 
-> [!IMPORTANT]
-> If no proxy server exists between the Ubuntu VM and the Ubuntu repository addresses, search for and remove any proxy configuration settings that are in the */etc/apt/apt.conf* file.
-
 ```bash
 env | grep -i proxy
 ```
 
+> [!IMPORTANT]
+> If no proxy server exists between the Ubuntu VM and the Ubuntu repository addresses, search for and remove any proxy configuration settings that are in the */etc/apt/apt.conf* file.
+
 </details>
 
 ## Scenario 2: "apt update" command fails and returns "Failed to fetch \<url> 470 status code 470"
@@ -317,11 +314,11 @@ E: Sub-process /usr/bin/dpkg returned an error code (1)
 
 ### Cause: A syntax error exists in /etc/default/grub
 
-A syntax error in the */etc/default/grub* configuration file exists. The post-installation script for the *linux-image-5.4.0-1051-azure* package is probably encountering this error while it tries to parse the configuration.
+A syntax error in the */etc/default/grub* configuration file exists. The post-installation script for the *linux-image-5.4.0-1051-azure* package likely encounters this error when it tries to parse the configuration.
 
 #### Solution: Fix the syntax error in /etc/default/grub
 
-Look for any syntax errors in the */etc/default/grub* file, particularly around the line that the post-installation script is probably encountering. Fix any syntax errors that you find. The syntax for this file is crucial for the correct functioning of the GRand Unified Bootloader (GRUB).
+Look for any syntax errors in the */etc/default/grub* file, particularly around the line that the post-installation script is probably encountering. Fix any syntax errors that you find. The syntax for this file is crucial for the correct functioning of the Grand Unified Bootloader (GRUB).
 
 In the following example, the missing closing quotation mark in the `GRUB_CMDLINE_LINUX` line causes a syntax error in the GRUB configuration file:
 
@@ -391,10 +388,71 @@ If any application automatically edits the *sources.list* file or adds a reposit
 
 #### Solution: Remove or comment out armhf information from sources.list
 
-Remove or comment out the lines that reference the ARM processor architecture in the */etc/apt/sources.list* file or */etc/apt/sources.list.d/\*.list*.
+Remove or comment out the lines that reference the ARM processor architecture in the `/etc/apt/sources.list` file or `/etc/apt/sources.list.d/*.list`.
 
 </details>
 
-[!INCLUDE [Third-party contact disclaimer](../../../includes/third-party-contact-disclaimer.md)]
+## Scenario 7: "Unknown apt-key errors when executing apt update"
+
+<details>
+<summary>Scenario 7 details</summary>
+
+When you run the `apt update` command, the system tries to fetch package information from multiple sources. However, you receive an error message that mentions `Unknown error executing apt-key`, as shown in the following output:
+
+```bash
 
-[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]
+(base)
+$ sudo apt update
+Hit:1 http://azure.archive.ubuntu.com/ubuntu jammy InRelease
+Hit:2 http://azure.archive.ubuntu.com/ubuntu jammy-updates InRelease
+Hit:3 http://azure.archive.ubuntu.com/ubuntu jammy-backports InRelease
+Hit:4 http://azure.archive.ubuntu.com/ubuntu jammy-security InRelease
+Err:1 http://azure.archive.ubuntu.com/ubuntu jammy InRelease
+Unknown error executing apt-key
+Err:2 http://azure.archive.ubuntu.com/ubuntujammy-updatesInRelease
+Unknown error executing apt-key
+Err: 3 http://azure.archive.ubuntu.com/ubuntujammy-backports InRelease
+Unknown error executing apt-key
+5yr: 4 http://azure.archive.ubuntu.com/ubuntujammy-security InRelease
+'Unknown error executing apt-key
+Reading package lists... Done Building dependency tree... Done Reading state information... Done
+6 packages can be upgraded. Run 'apt list --upgradable' to see them.
+w: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://azure.archive.ubuntu.com/ubuntu jammy InRelease: Unknown error executing apt-key
+W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://azure.archive.ubuntu.com/ubuntu jammy-updates InRelease: Unknown error executing apt-key
+W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://azure.archive.ubuntu.com/ubuntu jammy-backports InRelease: Unknown error executing apt-key
+W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://azure. archive.ubuntu.com/ubuntu jammy-security InRelease: Unknown error executing apt-key
+```
+
+### Cause
+
+Permission issues affect the keys under `/etc/apt/trusted.gpg.d`. These issues appear if you run apt together with debug flags:
+
+```bash
+$ sudo apt update -oDebug::Acquire::gpgv=1
+...
+...
+http://azure.archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-archive-2018.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
+http://azure.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/microsoft-release.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
+http://azure.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-archive-2012.gpg.are ignored as the file is not readable by user '_ apt' executing apt-key.
+...
+...
+```
+
+#### Solution
+
+Correct the permissions to be **644** for the key files under `/etc/apt/trusted.gpg.d`. Additionally, check the default umask for your installation.
+
+1. Correct the permission for the keyring files:
+
+```bash
+$ sudo chown 644 /etc/apt/trusted.gpg.d/*.gpg
+```
+
+2. Check the default umask set by running the following code:
+
+```bash
+$ sudo umask
+```
+
+The default umask for most distros is usually set under `/etc/login.defs`. It's set to **0022**. In some cases, the umask is set to **0777**. This setting causes null permissions for created files.
+</details>

support/azure/virtual-machines/linux/linux-upgrade-sles.md

@@ -282,11 +282,11 @@ Not ready to read within timeout.
 Skipping repository 'SLE-Module-HPC12-Updates' because of the above error.
 Error retrieving metadata for 'SLE-Module-Legacy12-Pool' :
 Not ready to read within timeout.
-Skipping repository 'SLE-Module-Legacy12-Pool' because of the above err Error retrieving metadata for 'SLE-Module-Legacy12-Updates' :
+Skipping repository 'SLE-Module-Legacy12-Pool' because of the above Error retrieving metadata for 'SLE-Module-Legacy12-Updates' :
 Not ready to read within timeout.
 Skipping repository 'SLE-Module-Legacy12-Updates' because of the above Error retrieving metadata for 'SLE-Module-Public-Cloud12-Pool' :
 Not ready to read within timeout.
-Skipping repository 'SLE-Module-Public-Cloud12-Pool' because of the abo Error retrieving metadata for 'SLE-Module-Public-Cloud12-Updates' :
+Skipping repository 'SLE-Module-Public-Cloud12-Pool' because of the above Error retrieving metadata for 'SLE-Module-Public-Cloud12-Updates' :
 Not ready to read within timeout.
 Skipping repository 'SLE-Module-Public-Cloud12-Updates' because of the
 ````
@@ -550,7 +550,7 @@ You can also find this output in the `/var/log/messages` or `/var/log/distro-mig
 
 ### Cause 
 
-Midway through 2023, SUSE changed the GPG signing key for the SUSE Linux Enterprise 15 products, and products that are based on them (such asSUSE Enterprise Storage, SUSE Manager, and SUSE CaaSP) to the RSA 4096 bit key, as specified in SUSE article [SUSE Signing Keys](https://www.suse.com/support/security/keys).
+Midway through 2023, SUSE changed the GPG signing key for the SUSE Linux Enterprise 15 products, and products that are based on them (such as SUSE Enterprise Storage, SUSE Manager, and SUSE CaaSP) to the RSA 4096 bit key, as specified in SUSE article [SUSE Signing Keys](https://www.suse.com/support/security/keys).
 
 ### Resolution
 

support/azure/virtual-machines/windows/activation-watermark-appears.md

@@ -16,6 +16,8 @@ ms.topic: troubleshooting-problem-resolution
 
 This document discusses how to resolve the continued presence of a Windows activation watermark on Microsoft Azure virtual machines.
 
+[!INCLUDE [virtual-machines-windows-activation-troubleshoot-tools](~/includes/azure/virtual-machines-windows-activation-troubleshoot-tools.md)]
+
 ## Prerequisites
 
 - [Azure CLI](/cli/azure/install-azure-cli-windows)

support/azure/virtual-machines/windows/custom-routes-enable-kms-activation.md

@@ -21,6 +21,8 @@ ms.author: jarrettr
 
 This article describes how to resolve the KMS activation problem that you might experience when you enable forced tunneling in site-to-site VPN connection or ExpressRoute scenarios.
 
+[!INCLUDE [virtual-machines-windows-activation-troubleshoot-tools](~/includes/azure/virtual-machines-windows-activation-troubleshoot-tools.md)]
+
 ## Symptom
 
 You enable [forced tunneling](/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm) on Azure virtual network subnets to direct all Internet-bound traffic back to your on-premises network. In this scenario, the Azure virtual machines (VMs) that run Windows fail to activate Windows.

support/azure/virtual-machines/windows/troubleshoot-activation-problems.md

@@ -21,6 +21,8 @@ ms.custom: sap:Cannot activate my Windows VM
 
 This article helps you troubleshoot an activation issue that occurs when you create a Microsoft Azure Windows virtual machine (VM).
 
+[!INCLUDE [virtual-machines-windows-activation-troubleshoot-tools](~/includes/azure/virtual-machines-windows-activation-troubleshoot-tools.md)]
+
 ## Understanding Azure KMS endpoints for Windows product activation of Azure VMs
 
 Azure uses different endpoints for Key Management Services (KMS) activation depending on the cloud region in which the VM resides. When using this troubleshooting guide, use the appropriate KMS endpoint that applies to your region.

support/azure/virtual-machines/windows/windows-activation-duplicate-client-machine-id.md

@@ -15,6 +15,8 @@ We generally recommend using Azure Key Management Services (KMS) servers to acti
 > [!NOTE]
 > This article applies only when you use a self-hosted KMS server for activation. It doesn't apply when you use Azure KMS for activation.
 
+[!INCLUDE [virtual-machines-windows-activation-troubleshoot-tools](~/includes/azure/virtual-machines-windows-activation-troubleshoot-tools.md)]
+
 ## Symptoms
 
 When you use a self-hosted KMS server for activation and try to activate more than one Windows Server VM, the activation fails after the evaluation period, and your self-hosted KMS server reports the following error in the **Duplicate Client Machine ID Report**:

support/azure/virtual-machines/windows/windows-activation-stopped-working.md

@@ -13,6 +13,8 @@ ms.custom: sap:Cannot activate my Windows VM
 
 This article discusses important changes that were made to Key Management Services (KMS) IP addresses that cause problems for Microsoft Windows virtual machine (VM) activation in Windows Azure. These changes affect Azure Global cloud users who configured custom routes or firewall rules to allow KMS IP addresses and who were previously able to activate Windows VMs successfully.
 
+[!INCLUDE [virtual-machines-windows-activation-troubleshoot-tools](~/includes/azure/virtual-machines-windows-activation-troubleshoot-tools.md)] 
+
 ## Overview
 
 #### Who's affected

support/azure/virtual-machines/windows/windows-virtual-machine-activation-faq.yml

@@ -14,7 +14,7 @@ metadata:
   ms.reviewer: cwhitley, jusilver, scotro, v-naqviadil, v-leedennis, v-weizhu
   ms.custom: sap:Cannot activate my Windows VM
   appliesto: Windows VMs
-    
+        
 title: Azure Windows virtual machine activation FAQ
 summary: This article answers frequently asked questions (FAQ) about activating a Microsoft Windows virtual machine (VM) in Azure.
 sections:
@@ -46,4 +46,5 @@ additionalContent: |
   - [Troubleshoot Windows virtual machine activation problems in Azure](./troubleshoot-activation-problems.md)
   - [Advanced troubleshooting - Microsoft Windows activation error codes](../../../windows-server/deployment/troubleshoot-activation-error-codes.md)
   
+  [!INCLUDE [virtual-machines-windows-activation-troubleshoot-tools](~/includes/azure/virtual-machines-windows-activation-troubleshoot-tools.md)]
   [!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]