Recent Discussions
Azure Build Issues >> Publish Through VS 2022 Community Edition is causing 404 Errors at Many Action
Hi everyone, Problem: My .NET Core App, hosted on Azure App Services, is encountering 404 Exceptions for various UI actions. App Overview: It's an ASP.NET Core App hosted on Azure (PaaS/Azure App Services). Publishing Details: We're using VS 2022 Community Edition and performing a manual publish. Local Testing: Everything works smoothly during local testing. Temporary Fix: The problem is sometimes resolved by publishing again or restarting the App Services. Seeking Help: Any insights into what might be causing this issue? Could there be any missing configurations either in Azure or Microsoft? Thanks! Ashish Tripathi
Convert Azure Files Storage account to AES256
Hi, Mild panic attack, so storage accounts used for Azure files were oriignally set up without AES256, looks like the hybrid join script now defaults to AES256. Which is great. So following this guide: Use Azure Active Directory Domain Services (Azure AD DS) to authorize user access to Azure Files over SMB | Microsoft Learn Looks like the original storage accounts were set up with RC4, we need to convert our existing storage accounts from RC4 to AES256. As a test, I created a new storage account on RC4, ran the PowerShell command to convert to AES256. Looks like it worked fine. Did this on the production AVD storage account. Lost access to the share, my heart sank. I can see KerberosEncryptionType was originally empty: Get-AdComputer avdprofilestorage -KerberosEncryptionType ran the command Set-AdComputer avdprofilestorage -KerberosEncryptionType AES256 few moments later, lost access. To revert there was no way to set a null command so ran: Set-AdComputer avdprofilestorage -KerberosEncryptionType RC4 then everything came back. Maximum compatibility is set on the storage account. Just wondering if there is anything else I have missed? Worst case scenario is being locked out of the share. ThanksLog Analytics query the logs that are not in IP range
Hi All, I'm struggling with writing a query that will find sign-ins in logs that are not in IP ranges. So we have Log Analytics Workplace which is collecting sign-in logs. And we want to trigger an alert when an account is signed in from an IP that is not in one of our IP ranges. We have a lot of known network rages and we have to use an external repository like github with a txt file of those rages. I've tried to use the function "ipv4_is_match()", but from my understanding, it's looking just like to like, but not looking foreach. That being said I've tried something like this, but it doesn't work. Does anyone experienced here can help with writing such a query, or even answer if it's possible? let ipList = externaldata (IPAddress:string) [ @"https://raw.githubusercontent.com/NameOfRepository/IPv4Range.txt" ]; SigninLogs | where UserPrincipalName contains "email address removed for privacy reasons" | where IsInteractive == true | where not (ipv4_is_match(IPAddress , ipList)How do I use Azure Data Studio with schemas?
I had thought that a database schema was the name of the structure on which tables are interconnected by primary keys and foreign keys. But in the tool, Azure Data Studio, the user is asked to select from a pre-defined set of schemas when creating a table. What is more is that when setting up or createing a database through Azure, we are given the opportuniityh to use a sample database and this is where "SalesLT" comes from and so there must be some place where we can define a schema with Azure Data Studio. Where would that be? It was generated when deciding to use a demo sample database. So there must be some way, using SQL code or otherwise, to generate a schema.
How do I send Azure APIM product subscription approval to different email adresses
I am trying to identify if we have a Azure APIM instance shared between different teams then how can I send approval emails to different email addresses for different APIs/Products. I need to send approval emails for each product to the respective team's approver. How can this be achieved because by default APIM instance will send the approval to the APIM administrator's email address.
DFS referral taget on Azure VM
Hello guys, I've a problem on DFS. I've two entries as a target folder on DFS namespace, I set the second target as "Last among all targets" so users should never be referred to this target unless all other targets are unavailable. I don't understand why randomly on this shared folder I find some files duplicated ending with the name of the both target server, so it means that second target server was used due to the first one was not available (I think) But I am not sure of this, so there are logs to find out what's happaned to the first target? and why these files was been created? thanks for your support. Andrew
RD Client fails to connect if Screen Capture Protection enabled
Hi there, I have tested this by disabling the reg key (fEnableScreenCaptureProtect) that the policy applies, and I can then connect via my Android app. Is this something that will be addressed as my organization enables Screen Capture Protection but it prevents me from using my Android phone.H.264/AVC 444 mode on non-GPU enabled series in Azure Virtual Desktop
Hi, does enabling H.264/AVC 444 mode on non-GPU enabled (N series) VMs makes any sense in an Azure Virtual Desktop environment? Will it leverage the internal video card for encoding or it needs a dedicated GPU like in "N" series? Thanks a lot. AndreaEnable version-level immutability support
Hi, I have downnloaded azure sdk from https://github.com/Azure/azure-sdk-for-cpp. I need to set "Enable version-level immutability support" while creating container. But I cloud not find a way to set this option in c++ sdk. Could you help on this which API in c++ sdk to set the Version-level immutability? When I tried with azure cli, it says --enable-vlw is under review. az storage container-rm create --name sptestVersion --storage-account srinivasaraopcloud --resource-group 'QoreStor-Devs' --enable-vlw Argument '--enable-vlw' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatusBacking up Azure Files - High cost Read operations
I have found that Azure Files is unusable for large deployments due to the high cost of backups, especially for deployments with lots of small files. Most backup solutions have a changed block tracking mechanism and filter driver that can quickly determine what has changed between the prior backup. If nothing has changed since the last backup, the job quickly makes this determination and the backup job can take seconds to complete. But with Azure Backup backing up Azure Files, it appears to me that each backup has to enumerate every file and blob before making this determination. I first noticed this when I created a 1TB file share and nothing changed with the files from the prior backup and the job took 12 hours to complete. I then looked at my bill and it was $12 in read operations just for that backup where no files have changed. Azure Files is an awesome product, but securing your backups in a vault using Azure Backup just isn't doable from a price perspective. Does anyone know if there are changes on the horizon to Azure Backup in terms of a more robust change block tracking system?WindowsAppRuntime 1.4 Failures in AVD Multi-Session – Event ID 404 Production Case
We recently experienced a production issue in an Azure Virtual Desktop multi-session environment that initially looked random — but turned out to be a shared framework instability amplified by scale. Environment: AVD multi-session host pools FSLogix profile containers MSIX App Attach Intune-managed Clean golden image Everything looked healthy. Yet packaged applications started failing across multiple host pools. Symptoms observed Users reported: Error 0x80070005 AppXDeploymentServer Event ID 404 WindowsAppRuntime 1.4 marked as NeedsRemediation Failures persisted after: Reboots Host redeployments Image rebuild This was not: A profile corruption issue An App Attach packaging issue An Intune deployment failure What actually broke Under session churn conditions (logoff / new session / runtime re-validation), WindowsAppRuntime 1.4 entered a NeedsRemediation state. Event Viewer showed: AppXDeploymentServer Event ID 404 HRESULT 0x80070005 Runtime file creation failure under WindowsApps Multi-session did not cause the issue. It amplified it. Shared framework registration timing under concurrent sessions made a rare condition systemic. Why multi-session exposed it In single-session environments, runtime inconsistencies remain isolated. In multi-session: Shared framework dependencies are reused Concurrent validation occurs Host pools recycle under load Registration timing becomes critical What would be a rare edge case became recurring instability. Remediation approach Instead of periodic polling, we moved to event-driven self-healing. Detection trigger: AppXDeploymentServer Event ID 404 Remediation logic: Restart AppXSVC Re-provision WindowsAppRuntime 1.4 Prevent concurrent duplicate execution Log execution We implemented a Scheduled Task: Monitoring Operational log Triggering immediately on Event ID 404 Running under SYSTEM Deployed via Intune Win32 package Detection logic validating task presence This converted reactive troubleshooting into automated correction across host pools. Architectural takeaway Multi-session environments amplify shared dependency weaknesses. WindowsAppRuntime is not “just another component” — it is a platform dependency. If the runtime layer drifts, everything layered above it collapses: MSIX App Attach Packaged apps Registration consistency Self-healing must be part of AVD design. For the structured technical case study (including deployment pattern and remediation logic), full write-up here: https://modernendpoint.tech/avd-multi-session-failure-analysis/ Has anyone else observed WindowsAppRuntime 1.4 entering a NeedsRemediation state under multi-session load? Curious if others saw correlation with specific Windows updates. — Menahem Suissa Modern Endpoint ArchitectUnable to logon using Dell WYSE terminals
Hi all, I'm having an issue logging into AVD from Dell WYSE terminals. I have created a dynamic host group and added a service principal for them per guidance from Microsoft, and that has fixed an issue where the permission granting pop up was not displaying. After that, logon works fine with the web client but it will not complete sign-on with the Dell WYSE client. I have found the following errors in Azure AD but at a loss how to resolve as I have already added a service principal to the dynamic groups for hosts and unable to add a service principal for Windows Virtual Desktop AME.macOS: SSO no longer fully functional on AVD (Win11 25H2)
Hello everyone, Since updating our Test Azure Virtual Desktop Session Hosts from Windows 11 23h2 to 25H2 (26200.7462) , we've been experiencing an SSO issue that exclusively affects macOS clients. Symptoms For macOS users (Windows App), the following issues occur: Example Teams Teams shows the user as "Unknown User" Chat and collaboration features fail to load Error message: "You need to sign in again. This may be a requirement from your IT department or Teams, or the result of a password update. - Sign in" After clicking "Sign in," only a window appears with "Continue with sign-in" (no PW/MFA prompt) After this, all other applications work without further authentication Technical Details macOS Device: AppleM4 Pro macOS Tahoe 26.2 Installed WindowsApp version: 11.3.2 (2848) dsregcmd /status: No errors detected PRT is active and was updated for sign-in Entra Sign-In Logs: Error code: 9002341 EventLog on Session Host (AAD-Operational): Event ID: 1098 Error: 0xCAA2000C The request requires user interaction. Code: interaction_required Description: AADSTS9002341: User is required to permit SSO. Event ID: 1097 Error: 0xCAA90056 Renew token by the primary refresh token failed. Logged at RefreshTokenRequest.cpp, line: 148, method: RefreshTokenRequest::AcquireToken. Observations Affects: Both managed (internal) and unmanaged (external) macOS devices Does NOT affect: Windows clients connecting via Windows App Interesting: If a macOS user starts the session (with the error) and then reconnects on a Windows device, authentication works automatically there Workaround The issue can be resolved for macOS clients by removing the "DE" flag from "Automatic app sign-in" in the following file: C:\Windows\System32\IntegratedServicesRegionPolicySet.json Questions Is this a known issue? Has anyone experienced similar issues with macOS clients after the 25H2 update? Why does this issue only occur with macOS clients? Why does SSO only work after removing the "DE" flag for macOS devices, and why are Windows devices not affected? I would appreciate any insights or confirmation of this issue! Thank you and greetings FT_1Help! - How is VNet traffic reaching vWAN/on‑prem when the VNet isn’t connected to the vWAN hub
Hello, I needed some clarity on how the following is working: Attached is a network diagram of our current setup. The function apps (in VNet-1) initiate a connection(s) to a specific IP:Port or FQDN:Port in the on-premises network(s). A Private DNS zone ensures that any FQDN is resolved to the correct internal IP address of the on-prem endpoint. In our setup, both the function app and the external firewall reside in the same VNet. This firewall is described as “Unattached” because it is not the built-in firewall of a secured vWAN hub, but rather an independent Azure Firewall deployed in that VNet. The VNet has a user-defined default route (0.0.0.0/0) directing all outbound traffic to the firewall’s IP. The firewall then filters the traffic, allowing only traffic destined to whitelisted on-premises IP: Port or FQDN: Port combinations (using IP Groups), and blocking everything else. The critical question and the part that I am unable to figure out is: Once the firewall permits a packet, how does Azure know to route it to the vWAN hub and on to the site-to-site VPN? Because VNet-1 truly has no connection at all to the vWAN hub (no direct attachment, no peering, no VPN from the NVA). But the traffic is still reaching the on-prem sites. Unable to figure out how this is happening. Am I missing something obvious? Any help on this would be appreciated. Thank you!
Fixing "Authentication to Linux machines should require SSH keys"
I have many Linux VMs running Centos 7.8 that are currently failing on this policy. Policy source is https://github.com/Azure/azure-policy/blob/58fcf068ecb5e96d23958d9799cf872e687a1a4a/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxNoPasswordForSSH_AINE.json and the "then" clause is: "then": { "effect": "[parameters('effect')]", "details": { "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", "name": "LinuxNoPasswordForSSH", "existenceCondition": { "field": "Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus", "equals": "Compliant" } } } My VMs are configured as follows without the "guestConfiguration" but with password login disabled. { "id": "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/REDACTED", "name": "REDACTED", "type": "Microsoft.Compute/virtualMachines", "location": "westeurope", "tags": { ... }, "properties": { "vmId": "REDACTED", "hardwareProfile": { "vmSize": "Standard_B1ms" }, "storageProfile": { "imageReference": { "publisher": "OpenLogic", "offer": "CentOS", "sku": "7_8", "version": "7.8.2021020400", "exactVersion": "7.8.2021020400" }, "osDisk": { "osType": "Linux", "name": "REDACTED", "createOption": "FromImage", "caching": "ReadOnly", "managedDisk": { "id": "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/disks/REDACTED" }, "deleteOption": "Detach" }, "dataDisks": [ { "lun": 0, "name": "REDACTED", "createOption": "Empty", "caching": "ReadOnly", "managedDisk": { "id": "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/disks/REDACTED" }, "deleteOption": "Detach", "toBeDetached": false } ] }, "osProfile": { "computerName": "REDACTED", "adminUsername": "REDACTED", "linuxConfiguration": { "disablePasswordAuthentication": true, "ssh": { "publicKeys": [ { "path": "REDACTED", "keyData": "REDACTED" } ] }, "provisionVMAgent": true, "patchSettings": { "patchMode": "ImageDefault", "assessmentMode": "ImageDefault" }, "enableVMAgentPlatformUpdates": false }, "secrets": [], "allowExtensionOperations": true }, "networkProfile": { "networkInterfaces": [ { "id": "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Network/networkInterfaces/REDACTED", "properties": { "primary": true } } ] }, "provisioningState": "Succeeded", "timeCreated": "2023-01-16T00:14:48.5932025+00:00" }, "resources": [ { "name": "LinuxAgent.AzureSecurityCenter", "id": "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/REDACTED/extensions/LinuxAgent.AzureSecurityCenter", "type": "Microsoft.Compute/virtualMachines/extensions", "location": "westeurope", "properties": { "autoUpgradeMinorVersion": false, "provisioningState": "Succeeded", "publisher": "Qualys", "type": "LinuxAgent.AzureSecurityCenter", "typeHandlerVersion": "1.0", "settings": { "LicenseCode": "REDACTED", "GrayLabel": { "CustomerID": "REDACTED", "ResourceID": "REDACTED" } } } }, { "name": "OmsAgentForLinux", "id": "/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.Compute/virtualMachines/REDACTED/extensions/OmsAgentForLinux", "type": "Microsoft.Compute/virtualMachines/extensions", "location": "westeurope", "properties": { "autoUpgradeMinorVersion": true, "provisioningState": "Succeeded", "enableAutomaticUpgrade": false, "publisher": "Microsoft.EnterpriseCloud.Monitoring", "type": "OmsAgentForLinux", "typeHandlerVersion": "1.0", "settings": { "workspaceId": "REDACTED" } } } ] } What is the added value of having guest configuration in this case and how to deploy the resources needed to comply with this policy? I deploy VMs using Ansible
Azure Virtual Desktop (Pooled) – Sessions ending unexpectedly and users stuck across session hosts
Hi, We are currently investigating an issue in an Azure Virtual Desktop (AVD) environment where users are intermittently disconnected during sign-in or are unable to reconnect to their sessions. Environment: Azure Virtual Desktop Host pool: Pooled OS: Windows 10 / Windows 11 Enterprise multi-session FSLogix enabled Client: Windows App (Remote Desktop) Error message seen by users: "Your Remote Desktop Services session has ended. The administrator has ended the session, an error occurred while the connection was being established, or a network problem occurred." What we are seeing: Users fail to connect or get disconnected shortly after login. Session hosts appear healthy and powered on. No admin-initiated logoff is taking place. Rebooting the affected session host sometimes resolves the issue, but only temporarily. Actions already taken: Restarted AVD agent services on the session hosts. Placed affected hosts in drain mode. Rebooted the VMs. What we suspect: Some users may still have active or disconnected sessions on previous session hosts, possibly combined with FSLogix profile locks, which could be preventing new sessions from starting correctly. Questions: What is the recommended way to identify which users are logged into which session hosts across a pooled host pool? Are there best practices using the Azure Portal or PowerShell to detect and clean up stuck or disconnected sessions? Has anyone seen similar behavior in pooled AVD environments with Windows 10/11 and FSLogix enabled? Any advice or pointers would be appreciated. Thanks.
API Query Results Different from Azure Portal
Hello Team, i 'm running a query that i have connect an API with excel. The results for example for a specific user for a specific a day for a conditional access that blocks legacy authentication are more than the results i m getting from azure portal. What results i 'll trust?
Copy data to Oracle destination
We are trying to copy data to an Oracle DWH, and we are facing issue when trying with different setups on the “Write Batch Size” parameter. The copy activity works when we set the “Write Batch Size” to 1, but of course performances are bad, it writes about 10.000 rows in 5 minutes. To speed up copy we are trying to set the parameter to the default value of 10.000 But in this case, copy data fails with the following error: Failure happened on 'Sink' side. ErrorCode=UserErrorOdbcOperationFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=ERROR [HY000] [Microsoft][ODBC Oracle Wire Protocol driver][Oracle]ORA-00604: error occurred at recursive SQL level 1 ORA-01031: insufficient privileges Error in parameter 1.,Source=Microsoft.DataTransfer.ClientLibrary.Odbc.OdbcConnector,''Type=Microsoft.DataTransfer.ClientLibrary.Odbc.Exceptions.OdbcException,Message=ERROR [HY000] [Microsoft][ODBC Oracle Wire Protocol driver][Oracle]ORA-00604: error occurred at recursive SQL level 1 ORA-01031: insufficient privileges Error in parameter 1.,Source=msora28.dll,' So far we have INSERT privileges on Oracle Schema (in fact writing works with parameter = 1 and using direct SQL), but it looks like something different is used with the default value on Write Batch Size We don’t want to focus on the error message, it is obvious that it has been raised on the Oracle Side. But we need more information in order to understand what’s causing the issue. It looks like ADF is using two different ways to copy data depending on the value of the parameter. Any help would be greatly appreciated. Thanks in advance AlessandroTraffic processing BGP Azure VPN gateway A/A
Hello, Can someone explain how Azure processes the traffic with implemented a VPN gateway in Active Active mode?. Azure firewall premium is also configured. BGP is without preferences. The user route definition is set up to the next hop Azure firewall . Is it possible in this scenario occurs the asymmetric routing with traffic drop by azure firewall ? In my understand is that, if we need to configure User route definition on Gateway subnet to inspect traffic to peering subnet, so the firewall don't see traffic passing through VPN gateway. Traffic going through ipsec tunnels can go different paths and firewall do not interfere because everything is routed to it by user route definition.Azure application insights workspace based migration related questions
Hello, We have migrated our classic application insights instances to workspace based successfully. After migration, I see that new data post migration is getting stored in linked log analytics workspace (which is expected) and also new data is getting stored at classic application insights as well. As per your documentation, after migration, old data will remain in classic application insight and new data will be stored in linked log analytics workspace. https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource Questions Why new data is still getting stored in old classic app insights after migration? This is not mentioned in https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource. Let us assume that it is getting stored to support the backward compatibility. How many days this is supported after migration? We have existing powerbi reports which are pulling data from classic application insights. After migration, let us suppose if I want some data from old app insights and some from new app insights, in this case, I have to write two separate queries and combine the results. Is my understanding correct?
Events
Build, buy, or blend? Gain the insights you need as a manufacturer to scale AI apps and agents across the factory floor using Microsoft Marketplace. We’ll go beyond AI theory and focus on practical m...
Online
Tune in for updates, insights, and live Q&A to help you buy from the Microsoft Marketplace. Follow this page for updates on the topics that will be covered during this month's session. Note: Offic...
Online
Recent Blogs
- The Solutions — An Optimization Stack for Enterprise Inference The optimizations below are ordered by implementation priority — starting with the highest-leverage. The Three-Layer Serving Stack ...Mar 06, 2026
- Introduction The AI agent ecosystem is evolving rapidly, and with it comes a scaling challenge that many developers are hitting context window bloat. When building systems that integrate with multi...Mar 06, 2026
