Category: Microsoft
Category Archives: Microsoft
Shifted to Edge from chrome – 3 things I miss
Hi I shifted to edge, after using chrome for 10 years.
1. Edge should allow multiple user profiles on Mobile like chrome and multiple microsoft account login.
2. Please give user choice to which extensions to import while importing chrome data. ?
3. Please make new tab page clean, it took me 1 month to make it clean and now my edge is faster than chrome.
Hi I shifted to edge, after using chrome for 10 years. 1. Edge should allow multiple user profiles on Mobile like chrome and multiple microsoft account login. 2. Please give user choice to which extensions to import while importing chrome data. ?3. Please make new tab page clean, it took me 1 month to make it clean and now my edge is faster than chrome. Read More
Azure AI Services on AKS
Host your AI Language Containers and Web Apps on Azure Kubernetes Cluster: Flask Web App Sentiment Analysis
In this post, we’ll explore how to integrate Azure AI Containers into our applications running on Azure Kubernetes Service (AKS). Azure AI Containers enable you to harness the power of Azure’s AI services directly within your AKS environment, giving you complete control over where your data is processed. By streamlining the deployment process and ensuring consistency, Azure AI Containers simplify the integration of cutting-edge AI capabilities into your applications. Whether you’re developing tools for education, enhancing accessibility, or creating innovative user experiences, this guide will show you how to seamlessly incorporate Azure’s AI Containers into your web apps running on AKS.
Why Containers ?
Azure AI services provides several Docker containers that let you use the same APIs that are available in Azure, on-premises. Using these containers gives you the flexibility to bring Azure AI services closer to your data for compliance, security or other operational reasons. Container support is currently available for a subset of Azure AI services.
Azure AI Containers offer:
Immutable infrastructure: Consistent and reliable system parameters for DevOps teams, with flexibility to adapt and avoid configuration drift.Data control: Choose where data is processed, essential for data residency or security requirements.Model update control: Flexibility in versioning and updating deployed models.Portable architecture: Deploy on Azure, on-premises, or at the edge, with Kubernetes support.High throughput/low latency: Scale for demanding workloads by running Azure AI services close to data and logic.Scalability: Built on scalable cluster technology like Kubernetes for high availability and adaptable performance.
Source: https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-container-support
Workshop
Our Solution will utilize the Azure Language AI Service with the Text Analytics container for Sentiment Analysis. We will build a Python Flask Web App, containerize it with Docker and push it to Azure Container Registry. An AKS Cluster which we will create, will pull the Flask Image along with the Microsoft provided Sentiment Analysis Image directly from mcr.microsoft.com and we will make all required configurations on our AKS Cluster to have an Ingress Controller with SSL Certificate presenting a simple Web UI to write our Text, submit it for analysis and get the results. Our Web UI will look like this:
Azure Kubernetes Cluster, Azure Container Registry & Azure Text Analytics
These are our main resources and a Virtual Network of course for the AKS which is deployed automatically. Our Solution is hosted entirely on AKS with a Let’s Encrypt Certificate we will create separately offering secure HTTP with an Ingress Controller serving publicly our Flask UI which is calling via REST the Sentiment Analysis service, also hosted on AKS. The difference is that Flask is build with a custom Docker Image pulled from Azure Container Registry, while the Sentiment Analysis is a Microsoft ready Image which we pull directly.
In case your Azure Subscription does not have an AI Service you have to create a Language Service of Text Analytics using the Portal due to the requirement to accept the Responsible AI Terms. For more detail go to https://go.microsoft.com/fwlink/?linkid=2164190 .
My preference as a best practice, is to create an AKS Cluster with the default System Node Pool and add an additional User Node Pool to deploy my Apps, but it is really a matter of preference at the end of the day. So let’s start deploying! Start from your terminal by logging in with az login and set your Subscription with az account set –subscription ‘YourSubName”
## Change the values in < > with your values and remove < >!
## Create the AKS Cluster
az aks create
–resource-group <your-resource-group>
–name <your-cluster-name>
–node-count 1
–node-vm-size standard_a4_v2
–nodepool-name agentpool
–generate-ssh-keys
–nodepool-labels nodepooltype=system
–no-wait
–aks-custom-headers AKSSystemNodePool=true
–network-plugin azure
## Add a User Node Pool
az aks nodepool add
–resource-group <your-resource-group>
–cluster-name <your-cluster-name>
–name userpool
–node-count 1
–node-vm-size standard_d4s_v3
–no-wait
## Create Azure Container Registry
az acr create
–resource-group <your-resource-group>
–name <your-acr-name>
–sku Standard
–location northeurope
## Attach ACR to AKS
az aks update -n <your-cluster-name> -g <your-resource-group> –attach-acr <your-acr-name>
The Language Service is created from the Portal for the reasons we explained earlier. Search for Language and create a new Language service leaving the default selections ( No Custom QnA, no Custom Text Classification) on the F0 (Free) SKU. You may see a VNET menu appear in the Networking Tab, just ignore it, as long as you leave the default Public Access enabled it won’t create a Virtual Network. The presence of the Cloud Resource is for Billing and Metrics.
A Flask Web App has a directory structure where we store index.html in the Templates directory and our CSS and images in the Static directory. So in essence it looks like this:
-sentiment-aks
–flaskwebapp
app.py
requirements.txt
Dockerfile
—static
1.style.css
2.logo.png
—templates
1.index.html
The requirements.txt should have the needed packages :
## requirements.txt
Flask==3.0.0
requests==2.31.0## index.html
<!DOCTYPE html>
<html>
<head>
<title>Sentiment Analysis App</title>
<link rel=”stylesheet” type=”text/css” href=”{{ url_for(‘static’, filename=’style.css’) }}”>
</head>
<body>
<img src=”{{ url_for(‘static’, filename=’logo.png’) }}” class=”icon” alt=”App Icon”>
<h2>Sentiment Analysis</h2>
<form id=”textForm”>
<textarea name=”text” placeholder=”Enter text here…”></textarea>
<button type=”submit”>Analyze</button>
</form>
<div id=”result”></div>
<script>
document.getElementById(‘textForm’).onsubmit = async function(e) {
e.preventDefault();
let formData = new FormData(this);
let response = await fetch(‘/analyze’, {
method: ‘POST’,
body: formData
});
let resultData = await response.json();
let results = resultData.results;
if (results) {
let displayText = `Document: ${results.document}nSentiment: ${results.overall_sentiment}n`;
displayText += `Confidence – Positive: ${results.confidence_positive}, Neutral: ${results.confidence_neutral}, Negative: ${results.confidence_negative}`;
document.getElementById(‘result’).innerText = displayText;
} else {
document.getElementById(‘result’).innerText = ‘No results to display’;
}
};
</script>
</body>
</html>## style.css
body {
font-family: Arial, sans-serif;
background-color: #f0f8ff; /* Light blue background */
margin: 0;
padding: 0;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
height: 100vh;
}
h2 {
color: #0277bd; /* Darker blue for headings */
}
.icon {
height: 100px; /* Adjust the size as needed */
margin-top: 20px; /* Add some space above the logo */
}
form {
background-color: white;
padding: 20px;
border-radius: 8px;
width: 300px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
}
textarea {
width: 100%;
box-sizing: border-box;
height: 100px;
margin-bottom: 10px;
border: 1px solid #0277bd;
border-radius: 4px;
padding: 10px;
}
button {
background-color: #029ae4; /* Blue button */
color: white;
border: none;
padding: 10px 15px;
border-radius: 4px;
cursor: pointer;
}
button:hover {
background-color: #0277bd;
}
#result {
margin-top: 20px;
}
And here is the most interesting file, our app.py. Notice the use of a REST API call directly to the Sentiment Analysis endpoint which we will declare in the YAML file for the Kubernetes deployment.
## app.py
from flask import Flask, render_template, request, jsonify
import requests
import os
app = Flask(__name__)
@app.route(‘/’, methods=[‘GET’])
def index():
return render_template(‘index.html’) # HTML file with input form
@app.route(‘/analyze’, methods=[‘POST’])
def analyze():
# Extract text from the form submission
text = request.form[‘text’]
if not text:
return jsonify({‘error’: ‘No text provided’}), 400
# Fetch API endpoint and key from environment variables
endpoint = os.environ.get(“CONTAINER_API_URL”)
# Ensure required configurations are available
if not endpoint:
return jsonify({‘error’: ‘API configuration not set’}), 500
# Construct the full URL for the sentiment analysis API
url = f”{endpoint}/text/analytics/v3.1/sentiment”
headers = {
‘Content-Type’: ‘application/json’
}
body = {
‘documents’: [{‘id’: ‘1’, ‘language’: ‘en’, ‘text’: text}]
}
# Make the HTTP POST request to the sentiment analysis API
response = requests.post(url, json=body, headers=headers)
if response.status_code != 200:
return jsonify({‘error’: ‘Failed to analyze sentiment’}), response.status_code
# Process the API response
data = response.json()
results = data[‘documents’][0]
detailed_results = {
‘document’: text,
‘overall_sentiment’: results[‘sentiment’],
‘confidence_positive’: results[‘confidenceScores’][‘positive’],
‘confidence_neutral’: results[‘confidenceScores’][‘neutral’],
‘confidence_negative’: results[‘confidenceScores’][‘negative’]
}
# Return the detailed results to the client
return jsonify({‘results’: detailed_results})
if __name__ == ‘__main__’:
app.run(host=’0.0.0.0′, port=5001, debug=False)
And finally we need a Dockerfile, pay attention to have it on the same level as your app.py file.
## Dockerfile
# Use an official Python runtime as a parent image
FROM python:3.10-slim
# Set the working directory in the container
WORKDIR /app
# Copy the current directory contents into the container at /app
COPY . /app
# Install any needed packages specified in requirements.txt
RUN pip install –no-cache-dir -r requirements.txt
# Make port 5001 available to the world outside this container
EXPOSE 5001
# Define environment variable
ENV CONTAINER_API_URL=”http://sentiment-service/”
# Run app.py when the container launches
CMD [“python”, “app.py”]
Our Web UI is ready to build ! We need Docker running on our development environment and we need to login to Azure Container Registry:
## Login to ACR
az acr login -n <your-acr-name>
## Build and Tag our image
docker build -t <acr-name>.azurecr.io/flaskweb:latest .
docker push <acr-name>.azurecr.io/flaskweb:latest
You can go to the Portal and from Azure Container Registry, Repositories you will find our new Image ready to be pulled!
Kubernetes Deployments
Let’s start deploying our AKS services ! As we already know we can pull the Sentiment Analysis Container from Microsoft directly and that’s what we are going to do with the following tasks. First, we need to login to our AKS Cluster so from Azure Portal head over to your AKS Cluster and click on the Connect link on the menu. Azure will provide the command to connect from our terminal:
Select Azure CLI and just copy-paste the commands to your Terminal.
Now we can run kubectl commands and manage our Cluster and AKS Services.
We need a YAML file for each service we are going to build, including the Certificate at the end. For now let’s create the Sentiment Analysis Service, as a Container, with the following file. Pay attention as you need to get the Language Service Key and Endpoint from the Text Analytics resource we created earlier, and in the nodeSelector block we must enter the name of the User Node Pool we created.
apiVersion: apps/v1
kind: Deployment
metadata:
name: sentiment-deployment
spec:
replicas: 1
selector:
matchLabels:
app: sentiment
template:
metadata:
labels:
app: sentiment
spec:
containers:
– name: sentiment
image: mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:latest
ports:
– containerPort: 5000
resources:
limits:
memory: “8Gi”
cpu: “1”
requests:
memory: “8Gi”
cpu: “1”
env:
– name: Eula
value: “accept”
– name: Billing
value: “https://<your-Language-Service>.cognitiveservices.azure.com/”
– name: ApiKey
value: “xxxxxxxxxxxxxxxxxxxx”
nodeSelector:
agentpool: userpool
—
apiVersion: v1
kind: Service
metadata:
name: sentiment-service
spec:
selector:
app: sentiment
ports:
– protocol: TCP
port: 5000
targetPort: 5000
type: ClusterIP
Save the file and run from your Terminal:
kubectl apply -f sentiment-deployment.yaml
In a few seconds you can observe the service running from the AKS Services and Ingresses menu.
Let’s continue to bring our Flask Container now. In the same manner create a new YAML:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-service
spec:
replicas: 1
selector:
matchLabels:
app: flask
template:
metadata:
labels:
app: flask
spec:
containers:
– name: flask
image: <your-ACR-name>.azurecr.io/flaskweb:latest
ports:
– containerPort: 5001
env:
– name: CONTAINER_API_URL
value: “http://sentiment-service:5000”
resources:
requests:
cpu: “500m”
memory: “256Mi”
limits:
cpu: “1”
memory: “512Mi”
nodeSelector:
agentpool: userpool
—
apiVersion: v1
kind: Service
metadata:
name: flask-lb
spec:
type: LoadBalancer
selector:
app: flask
ports:
– protocol: TCP
port: 80
targetPort: 5001
kubectl apply -f flask-service.yaml
Observe the Sentiment Analysis Environment Value. It is directly using the Service name of our Sentiment Analysis container as AKS has it’s own DNS resolver for easy communication between services. In fact if we hit the Service Public IP we will have HTTP access to the Web UI.
But let’s see how we can import our Certificate. We won’t describe how to get a Certificate. All we need is the PEM files, meaning the privatekey.pem and the cert.pem. IF we have a PFX we can export them with OpenSSL. Once we have these files in place we will create a secret in AKS that will hold our Certificate key and file. We just need to run this command from within the directory of our PEM files:
kubectl create secret tls flask-app-tls –key privkey.pem –cert cert.pem –namespace default
Once we create our Secret we will deploy a Kubernetes Ingress Controller which will manage HTTPS and will point to the Flask Service. Remember to add an A record to your DNS registrar with the DNS Hostname you are going to use and the Public IP, once you see the IP Address:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: flask-app-ingress
namespace: default
spec:
tls:
– hosts:
– your.domain.host
secretName: flask-app-tls
rules:
– host: your.domain.host
http:
paths:
– path: /
pathType: Prefix
backend:
service:
name: flask-lb
port:
number: 80
kubectl apply -f flask-app-ingress.yaml
From AKS – Services and Ingresses – Ingresses you will see the assigned Public IP. Add it to your DNS and once the Name Servers are updated you can hit your Hostname using HTTPS!
Final Thoughts
As we’ve explored, the combination of Azure AI Containers and AKS offers a powerful and flexible solution for deploying AI-driven applications in cloud-native environments. By leveraging these technologies, you gain granular control over your data and model deployments, while maintaining the scalability and portability essential for modern applications. Remember, this is just the starting point. As you delve deeper, consider the specific requirements of your project and explore the vast possibilities that Azure AI Containers unlock. Embrace the power of AI within your AKS deployments, and you’ll be well on your way to building innovative, intelligent solutions that redefine what’s possible in the cloud.
Architecture
Host your AI Language Containers and Web Apps on Azure Kubernetes Cluster: Flask Web App Sentiment Analysis In this post, we’ll explore how to integrate Azure AI Containers into our applications running on Azure Kubernetes Service (AKS). Azure AI Containers enable you to harness the power of Azure’s AI services directly within your AKS environment, giving you complete control over where your data is processed. By streamlining the deployment process and ensuring consistency, Azure AI Containers simplify the integration of cutting-edge AI capabilities into your applications. Whether you’re developing tools for education, enhancing accessibility, or creating innovative user experiences, this guide will show you how to seamlessly incorporate Azure’s AI Containers into your web apps running on AKS.Why Containers ?Azure AI services provides several Docker containers that let you use the same APIs that are available in Azure, on-premises. Using these containers gives you the flexibility to bring Azure AI services closer to your data for compliance, security or other operational reasons. Container support is currently available for a subset of Azure AI services.Azure AI Containers offer:Immutable infrastructure: Consistent and reliable system parameters for DevOps teams, with flexibility to adapt and avoid configuration drift.Data control: Choose where data is processed, essential for data residency or security requirements.Model update control: Flexibility in versioning and updating deployed models.Portable architecture: Deploy on Azure, on-premises, or at the edge, with Kubernetes support.High throughput/low latency: Scale for demanding workloads by running Azure AI services close to data and logic.Scalability: Built on scalable cluster technology like Kubernetes for high availability and adaptable performance.Source: https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-container-supportWorkshopOur Solution will utilize the Azure Language AI Service with the Text Analytics container for Sentiment Analysis. We will build a Python Flask Web App, containerize it with Docker and push it to Azure Container Registry. An AKS Cluster which we will create, will pull the Flask Image along with the Microsoft provided Sentiment Analysis Image directly from mcr.microsoft.com and we will make all required configurations on our AKS Cluster to have an Ingress Controller with SSL Certificate presenting a simple Web UI to write our Text, submit it for analysis and get the results. Our Web UI will look like this: Azure Kubernetes Cluster, Azure Container Registry & Azure Text AnalyticsThese are our main resources and a Virtual Network of course for the AKS which is deployed automatically. Our Solution is hosted entirely on AKS with a Let’s Encrypt Certificate we will create separately offering secure HTTP with an Ingress Controller serving publicly our Flask UI which is calling via REST the Sentiment Analysis service, also hosted on AKS. The difference is that Flask is build with a custom Docker Image pulled from Azure Container Registry, while the Sentiment Analysis is a Microsoft ready Image which we pull directly.In case your Azure Subscription does not have an AI Service you have to create a Language Service of Text Analytics using the Portal due to the requirement to accept the Responsible AI Terms. For more detail go to https://go.microsoft.com/fwlink/?linkid=2164190 .My preference as a best practice, is to create an AKS Cluster with the default System Node Pool and add an additional User Node Pool to deploy my Apps, but it is really a matter of preference at the end of the day. So let’s start deploying! Start from your terminal by logging in with az login and set your Subscription with az account set –subscription ‘YourSubName” ## Change the values in < > with your values and remove < >!
## Create the AKS Cluster
az aks create
–resource-group <your-resource-group>
–name <your-cluster-name>
–node-count 1
–node-vm-size standard_a4_v2
–nodepool-name agentpool
–generate-ssh-keys
–nodepool-labels nodepooltype=system
–no-wait
–aks-custom-headers AKSSystemNodePool=true
–network-plugin azure
## Add a User Node Pool
az aks nodepool add
–resource-group <your-resource-group>
–cluster-name <your-cluster-name>
–name userpool
–node-count 1
–node-vm-size standard_d4s_v3
–no-wait
## Create Azure Container Registry
az acr create
–resource-group <your-resource-group>
–name <your-acr-name>
–sku Standard
–location northeurope
## Attach ACR to AKS
az aks update -n <your-cluster-name> -g <your-resource-group> –attach-acr <your-acr-name> The Language Service is created from the Portal for the reasons we explained earlier. Search for Language and create a new Language service leaving the default selections ( No Custom QnA, no Custom Text Classification) on the F0 (Free) SKU. You may see a VNET menu appear in the Networking Tab, just ignore it, as long as you leave the default Public Access enabled it won’t create a Virtual Network. The presence of the Cloud Resource is for Billing and Metrics. A Flask Web App has a directory structure where we store index.html in the Templates directory and our CSS and images in the Static directory. So in essence it looks like this: -sentiment-aks
–flaskwebapp
app.py
requirements.txt
Dockerfile
—static
1.style.css
2.logo.png
—templates
1.index.html The requirements.txt should have the needed packages : ## requirements.txt
Flask==3.0.0
requests==2.31.0## index.html
<!DOCTYPE html>
<html>
<head>
<title>Sentiment Analysis App</title>
<link rel=”stylesheet” type=”text/css” href=”{{ url_for(‘static’, filename=’style.css’) }}”>
</head>
<body>
<img src=”{{ url_for(‘static’, filename=’logo.png’) }}” class=”icon” alt=”App Icon”>
<h2>Sentiment Analysis</h2>
<form id=”textForm”>
<textarea name=”text” placeholder=”Enter text here…”></textarea>
<button type=”submit”>Analyze</button>
</form>
<div id=”result”></div>
<script>
document.getElementById(‘textForm’).onsubmit = async function(e) {
e.preventDefault();
let formData = new FormData(this);
let response = await fetch(‘/analyze’, {
method: ‘POST’,
body: formData
});
let resultData = await response.json();
let results = resultData.results;
if (results) {
let displayText = `Document: ${results.document}nSentiment: ${results.overall_sentiment}n`;
displayText += `Confidence – Positive: ${results.confidence_positive}, Neutral: ${results.confidence_neutral}, Negative: ${results.confidence_negative}`;
document.getElementById(‘result’).innerText = displayText;
} else {
document.getElementById(‘result’).innerText = ‘No results to display’;
}
};
</script>
</body>
</html>## style.css
body {
font-family: Arial, sans-serif;
background-color: #f0f8ff; /* Light blue background */
margin: 0;
padding: 0;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
height: 100vh;
}
h2 {
color: #0277bd; /* Darker blue for headings */
}
.icon {
height: 100px; /* Adjust the size as needed */
margin-top: 20px; /* Add some space above the logo */
}
form {
background-color: white;
padding: 20px;
border-radius: 8px;
width: 300px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
}
textarea {
width: 100%;
box-sizing: border-box;
height: 100px;
margin-bottom: 10px;
border: 1px solid #0277bd;
border-radius: 4px;
padding: 10px;
}
button {
background-color: #029ae4; /* Blue button */
color: white;
border: none;
padding: 10px 15px;
border-radius: 4px;
cursor: pointer;
}
button:hover {
background-color: #0277bd;
}
#result {
margin-top: 20px;
} And here is the most interesting file, our app.py. Notice the use of a REST API call directly to the Sentiment Analysis endpoint which we will declare in the YAML file for the Kubernetes deployment. ## app.py
from flask import Flask, render_template, request, jsonify
import requests
import os
app = Flask(__name__)
@app.route(‘/’, methods=[‘GET’])
def index():
return render_template(‘index.html’) # HTML file with input form
@app.route(‘/analyze’, methods=[‘POST’])
def analyze():
# Extract text from the form submission
text = request.form[‘text’]
if not text:
return jsonify({‘error’: ‘No text provided’}), 400
# Fetch API endpoint and key from environment variables
endpoint = os.environ.get(“CONTAINER_API_URL”)
# Ensure required configurations are available
if not endpoint:
return jsonify({‘error’: ‘API configuration not set’}), 500
# Construct the full URL for the sentiment analysis API
url = f”{endpoint}/text/analytics/v3.1/sentiment”
headers = {
‘Content-Type’: ‘application/json’
}
body = {
‘documents’: [{‘id’: ‘1’, ‘language’: ‘en’, ‘text’: text}]
}
# Make the HTTP POST request to the sentiment analysis API
response = requests.post(url, json=body, headers=headers)
if response.status_code != 200:
return jsonify({‘error’: ‘Failed to analyze sentiment’}), response.status_code
# Process the API response
data = response.json()
results = data[‘documents’][0]
detailed_results = {
‘document’: text,
‘overall_sentiment’: results[‘sentiment’],
‘confidence_positive’: results[‘confidenceScores’][‘positive’],
‘confidence_neutral’: results[‘confidenceScores’][‘neutral’],
‘confidence_negative’: results[‘confidenceScores’][‘negative’]
}
# Return the detailed results to the client
return jsonify({‘results’: detailed_results})
if __name__ == ‘__main__’:
app.run(host=’0.0.0.0′, port=5001, debug=False) And finally we need a Dockerfile, pay attention to have it on the same level as your app.py file. ## Dockerfile
# Use an official Python runtime as a parent image
FROM python:3.10-slim
# Set the working directory in the container
WORKDIR /app
# Copy the current directory contents into the container at /app
COPY . /app
# Install any needed packages specified in requirements.txt
RUN pip install –no-cache-dir -r requirements.txt
# Make port 5001 available to the world outside this container
EXPOSE 5001
# Define environment variable
ENV CONTAINER_API_URL=”http://sentiment-service/”
# Run app.py when the container launches
CMD [“python”, “app.py”] Our Web UI is ready to build ! We need Docker running on our development environment and we need to login to Azure Container Registry: ## Login to ACR
az acr login -n <your-acr-name>
## Build and Tag our image
docker build -t <acr-name>.azurecr.io/flaskweb:latest .
docker push <acr-name>.azurecr.io/flaskweb:latest You can go to the Portal and from Azure Container Registry, Repositories you will find our new Image ready to be pulled!Kubernetes DeploymentsLet’s start deploying our AKS services ! As we already know we can pull the Sentiment Analysis Container from Microsoft directly and that’s what we are going to do with the following tasks. First, we need to login to our AKS Cluster so from Azure Portal head over to your AKS Cluster and click on the Connect link on the menu. Azure will provide the command to connect from our terminal: Select Azure CLI and just copy-paste the commands to your Terminal.Now we can run kubectl commands and manage our Cluster and AKS Services.We need a YAML file for each service we are going to build, including the Certificate at the end. For now let’s create the Sentiment Analysis Service, as a Container, with the following file. Pay attention as you need to get the Language Service Key and Endpoint from the Text Analytics resource we created earlier, and in the nodeSelector block we must enter the name of the User Node Pool we created. apiVersion: apps/v1
kind: Deployment
metadata:
name: sentiment-deployment
spec:
replicas: 1
selector:
matchLabels:
app: sentiment
template:
metadata:
labels:
app: sentiment
spec:
containers:
– name: sentiment
image: mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:latest
ports:
– containerPort: 5000
resources:
limits:
memory: “8Gi”
cpu: “1”
requests:
memory: “8Gi”
cpu: “1”
env:
– name: Eula
value: “accept”
– name: Billing
value: “https://<your-Language-Service>.cognitiveservices.azure.com/”
– name: ApiKey
value: “xxxxxxxxxxxxxxxxxxxx”
nodeSelector:
agentpool: userpool
—
apiVersion: v1
kind: Service
metadata:
name: sentiment-service
spec:
selector:
app: sentiment
ports:
– protocol: TCP
port: 5000
targetPort: 5000
type: ClusterIP Save the file and run from your Terminal:kubectl apply -f sentiment-deployment.yamlIn a few seconds you can observe the service running from the AKS Services and Ingresses menu.Let’s continue to bring our Flask Container now. In the same manner create a new YAML: apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-service
spec:
replicas: 1
selector:
matchLabels:
app: flask
template:
metadata:
labels:
app: flask
spec:
containers:
– name: flask
image: <your-ACR-name>.azurecr.io/flaskweb:latest
ports:
– containerPort: 5001
env:
– name: CONTAINER_API_URL
value: “http://sentiment-service:5000”
resources:
requests:
cpu: “500m”
memory: “256Mi”
limits:
cpu: “1”
memory: “512Mi”
nodeSelector:
agentpool: userpool
—
apiVersion: v1
kind: Service
metadata:
name: flask-lb
spec:
type: LoadBalancer
selector:
app: flask
ports:
– protocol: TCP
port: 80
targetPort: 5001 kubectl apply -f flask-service.yamlObserve the Sentiment Analysis Environment Value. It is directly using the Service name of our Sentiment Analysis container as AKS has it’s own DNS resolver for easy communication between services. In fact if we hit the Service Public IP we will have HTTP access to the Web UI.But let’s see how we can import our Certificate. We won’t describe how to get a Certificate. All we need is the PEM files, meaning the privatekey.pem and the cert.pem. IF we have a PFX we can export them with OpenSSL. Once we have these files in place we will create a secret in AKS that will hold our Certificate key and file. We just need to run this command from within the directory of our PEM files:kubectl create secret tls flask-app-tls –key privkey.pem –cert cert.pem –namespace defaultOnce we create our Secret we will deploy a Kubernetes Ingress Controller which will manage HTTPS and will point to the Flask Service. Remember to add an A record to your DNS registrar with the DNS Hostname you are going to use and the Public IP, once you see the IP Address: apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: flask-app-ingress
namespace: default
spec:
tls:
– hosts:
– your.domain.host
secretName: flask-app-tls
rules:
– host: your.domain.host
http:
paths:
– path: /
pathType: Prefix
backend:
service:
name: flask-lb
port:
number: 80 kubectl apply -f flask-app-ingress.yamlFrom AKS – Services and Ingresses – Ingresses you will see the assigned Public IP. Add it to your DNS and once the Name Servers are updated you can hit your Hostname using HTTPS! Final ThoughtsAs we’ve explored, the combination of Azure AI Containers and AKS offers a powerful and flexible solution for deploying AI-driven applications in cloud-native environments. By leveraging these technologies, you gain granular control over your data and model deployments, while maintaining the scalability and portability essential for modern applications. Remember, this is just the starting point. As you delve deeper, consider the specific requirements of your project and explore the vast possibilities that Azure AI Containers unlock. Embrace the power of AI within your AKS deployments, and you’ll be well on your way to building innovative, intelligent solutions that redefine what’s possible in the cloud.Architecture Read More
My Teams invites go straight to the recipients spam folder
Hello all,
I have been using Teams at my previous job, and now that I tried to use it with my personal Microsoft 365 account, I seem to be running into an issue.
I use the browser version of Teams to schedule meetings, but they go straight to my recipients’ spam folder. Even if they are able to recover the invite when they accept, they get this message:
Your message wasn’t delivered to email address removed for privacy reasons because the address couldn’t be found or is unable to receive mail.
Apparently the invites are being sent from this outlook email (no idea where that came from) instead of the email I have in my Microsoft 365 and Teams account.
Please help!
Hello all,I have been using Teams at my previous job, and now that I tried to use it with my personal Microsoft 365 account, I seem to be running into an issue.I use the browser version of Teams to schedule meetings, but they go straight to my recipients’ spam folder. Even if they are able to recover the invite when they accept, they get this message:Your message wasn’t delivered to email address removed for privacy reasons because the address couldn’t be found or is unable to receive mail.Apparently the invites are being sent from this outlook email (no idea where that came from) instead of the email I have in my Microsoft 365 and Teams account.Please help! Read More
Windows Time
We have an issue with the Windows clock on the taskbar falling behind on Windows 11 workstations (4 so far) deployed out of box. The System Time seems to be find. Rebooting a machine brings the clock back to normal.
We have a Windows Active Directory in house; and began deploying Windows 11 Pro machines as a Desktop Refresh initiative. Each machine on the domain is synchronizing to Active Directory (except the 3 DCs; which are synchronizing to the ntp.org).
We have an issue with the Windows clock on the taskbar falling behind on Windows 11 workstations (4 so far) deployed out of box. The System Time seems to be find. Rebooting a machine brings the clock back to normal. We have a Windows Active Directory in house; and began deploying Windows 11 Pro machines as a Desktop Refresh initiative. Each machine on the domain is synchronizing to Active Directory (except the 3 DCs; which are synchronizing to the ntp.org). Read More
Can I change just the sheet, but keep the cells in multiple references
I have a workbook that tracks data in monthly tabs. I also have a sheet that pulls multiple datapoints from each worksheet for an easily printable report.
Since each of the monthly sheets is identical, is there a way that, as I go into a new month, I can change just which sheet my report pulls from, but keeps the cell references?
For example if I have data pulling from =May!A1 , =May!C3, =May!F45, is there an easy way to change all of the Mays to Junes?
Thanks in advance.
I have a workbook that tracks data in monthly tabs. I also have a sheet that pulls multiple datapoints from each worksheet for an easily printable report. Since each of the monthly sheets is identical, is there a way that, as I go into a new month, I can change just which sheet my report pulls from, but keeps the cell references? For example if I have data pulling from =May!A1 , =May!C3, =May!F45, is there an easy way to change all of the Mays to Junes? Thanks in advance. Read More
Text Element – Broken aria-describedby Error element
When creating a form with a text element, by default it includes a broken aria-described by element. Here is a sample test form for example with just a text input. That text input includes the following code:
<input aria-label=”Single line text” maxlength=”4000″ placeholder=”Enter your answer” aria-labelledby=”QuestionId_rf7ddf945f19f48f7a19e9be4ce25a328 QuestionInfo_rf7ddf945f19f48f7a19e9be4ce25a328″ aria-describedby=”rf7ddf945f19f48f7a19e9be4ce25a328_validationError” class=”-as-61″ spellcheck=”true” data-automation-id=”textInput”>
With the problematic aria-describedby=”rf7ddf945f19f48f7a19e9be4ce25a328_validationError” tag. In this case, I don’t think that tag is needed and could just be removed to resolve the issue.
When creating a form with a text element, by default it includes a broken aria-described by element. Here is a sample test form for example with just a text input. That text input includes the following code: <input aria-label=”Single line text” maxlength=”4000″ placeholder=”Enter your answer” aria-labelledby=”QuestionId_rf7ddf945f19f48f7a19e9be4ce25a328 QuestionInfo_rf7ddf945f19f48f7a19e9be4ce25a328″ aria-describedby=”rf7ddf945f19f48f7a19e9be4ce25a328_validationError” class=”-as-61″ spellcheck=”true” data-automation-id=”textInput”> With the problematic aria-describedby=”rf7ddf945f19f48f7a19e9be4ce25a328_validationError” tag. In this case, I don’t think that tag is needed and could just be removed to resolve the issue. Read More
腾龙集团腾龙账号注册开户微yx0503123
有些东西沉默就是答案,闪躲就是答案,没有主动也是答案。
52.喜欢塞着耳机然后一直走,在夜色里看灯火阑珊,看街边卖的烧烤小吃糖水,看来来往往手牵手的情侣,低下头不断的换着歌不觉得孤独,我可以一直就这样走下去多晚回家都没关系,洗个澡躺在床上又是一天,很孤单,却说一个人真好 。
53.世界上有不绝的风景,我有不老的心情。
54.其实,我们只是想找一个谈得来、合脾性,在一起舒坦、分开久了有点想念,安静久了想闹腾一下、吵架了又立马会后悔认输的人 。爱情如此,友情同理 。
55.在没去了解之前,每个人看起来都很好。
56.人间荒唐市侩,不如山中做怪。
57.命运要你成长的时候,总会安排一些让你不顺心的人或事刺激你。这是规律。
58. 都在用不同的方式长大,谁也没轻轻松松。
59.既然去不了诗和远方,那就到村口路上走走,看看落日与夕阳。人生处处皆是风景。
60.张小娴曾写道:我没有很刻意的去想念你,因为我知道,遇到了就应该感恩,路过了就需要释怀。我只是在很多很多的小瞬间,想起你。比如一部电影,一首歌,一句歌词,一条马路和无数个闭上眼睛的瞬间。
61.一个人身边的位置只有那么多,你能给的也只有那么多,在这个狭小的圈子里,有些人要进来,就有一些人不得不离开。
62.无效社交摧毁有趣灵魂。
63. 我不快乐大概是因为我得不到又忘不掉还不敢说。
64.所以我该用什么语气,什么样的言语,来表达我杂七杂八的心情呢。
65.看淡一点再努力一点,这世上,没有谁活得比谁容易,只是有人在呼天喊地,有人在静默坚守。
66.只要有人的地方就有恩怨,有恩怨就会有江湖,人就是江湖。
有些东西沉默就是答案,闪躲就是答案,没有主动也是答案。52.喜欢塞着耳机然后一直走,在夜色里看灯火阑珊,看街边卖的烧烤小吃糖水,看来来往往手牵手的情侣,低下头不断的换着歌不觉得孤独,我可以一直就这样走下去多晚回家都没关系,洗个澡躺在床上又是一天,很孤单,却说一个人真好 。53.世界上有不绝的风景,我有不老的心情。54.其实,我们只是想找一个谈得来、合脾性,在一起舒坦、分开久了有点想念,安静久了想闹腾一下、吵架了又立马会后悔认输的人 。爱情如此,友情同理 。55.在没去了解之前,每个人看起来都很好。56.人间荒唐市侩,不如山中做怪。57.命运要你成长的时候,总会安排一些让你不顺心的人或事刺激你。这是规律。58. 都在用不同的方式长大,谁也没轻轻松松。59.既然去不了诗和远方,那就到村口路上走走,看看落日与夕阳。人生处处皆是风景。60.张小娴曾写道:我没有很刻意的去想念你,因为我知道,遇到了就应该感恩,路过了就需要释怀。我只是在很多很多的小瞬间,想起你。比如一部电影,一首歌,一句歌词,一条马路和无数个闭上眼睛的瞬间。61.一个人身边的位置只有那么多,你能给的也只有那么多,在这个狭小的圈子里,有些人要进来,就有一些人不得不离开。62.无效社交摧毁有趣灵魂。63. 我不快乐大概是因为我得不到又忘不掉还不敢说。64.所以我该用什么语气,什么样的言语,来表达我杂七杂八的心情呢。65.看淡一点再努力一点,这世上,没有谁活得比谁容易,只是有人在呼天喊地,有人在静默坚守。66.只要有人的地方就有恩怨,有恩怨就会有江湖,人就是江湖。 Read More
Looking for MSOLAP OLEDB Driver lower than 16.0.134.22 (64bit)
Hello,
I currently have issues using the latest driver of MSOLAP OLEDB in Visual Studio SSIS (2022) for connecting and querying AAS instances. The error message is:
TITLE: Connection Manager
——————————
Test connection failed because of an error in initializing provider. Internal error: An unexpected error occurred (file ‘pfadalauthinfo.cpp’, line 1031, function ‘PFAdalAuthInfoConfigurationsWrapper::GetInstance’).
Does anyone knows a link to a version higher than 16.0.20.201 but lower 16.0.134.22 ?
Thank you!
Hello, I currently have issues using the latest driver of MSOLAP OLEDB in Visual Studio SSIS (2022) for connecting and querying AAS instances. The error message is:TITLE: Connection Manager——————————Test connection failed because of an error in initializing provider. Internal error: An unexpected error occurred (file ‘pfadalauthinfo.cpp’, line 1031, function ‘PFAdalAuthInfoConfigurationsWrapper::GetInstance’).Does anyone knows a link to a version higher than 16.0.20.201 but lower 16.0.134.22 ?Thank you! Read More
腾龙娱乐公司账号注册开户微yx0503123
有些东西沉默就是答案,闪躲就是答案,没有主动也是答案。
52.喜欢塞着耳机然后一直走,在夜色里看灯火阑珊,看街边卖的烧烤小吃糖水,看来来往往手牵手的情侣,低下头不断的换着歌不觉得孤独,我可以一直就这样走下去多晚回家都没关系,洗个澡躺在床上又是一天,很孤单,却说一个人真好 。
53.世界上有不绝的风景,我有不老的心情。
54.其实,我们只是想找一个谈得来、合脾性,在一起舒坦、分开久了有点想念,安静久了想闹腾一下、吵架了又立马会后悔认输的人 。爱情如此,友情同理 。
55.在没去了解之前,每个人看起来都很好。
56.人间荒唐市侩,不如山中做怪。
57.命运要你成长的时候,总会安排一些让你不顺心的人或事刺激你。这是规律。
58. 都在用不同的方式长大,谁也没轻轻松松。
59.既然去不了诗和远方,那就到村口路上走走,看看落日与夕阳。人生处处皆是风景。
60.张小娴曾写道:我没有很刻意的去想念你,因为我知道,遇到了就应该感恩,路过了就需要释怀。我只是在很多很多的小瞬间,想起你。比如一部电影,一首歌,一句歌词,一条马路和无数个闭上眼睛的瞬间。
61.一个人身边的位置只有那么多,你能给的也只有那么多,在这个狭小的圈子里,有些人要进来,就有一些人不得不离开。
62.无效社交摧毁有趣灵魂。
63. 我不快乐大概是因为我得不到又忘不掉还不敢说。
64.所以我该用什么语气,什么样的言语,来表达我杂七杂八的心情呢。
65.看淡一点再努力一点,这世上,没有谁活得比谁容易,只是有人在呼天喊地,有人在静默坚守。
66.只要有人的地方就有恩怨,有恩怨就会有江湖,人就是江湖。
有些东西沉默就是答案,闪躲就是答案,没有主动也是答案。52.喜欢塞着耳机然后一直走,在夜色里看灯火阑珊,看街边卖的烧烤小吃糖水,看来来往往手牵手的情侣,低下头不断的换着歌不觉得孤独,我可以一直就这样走下去多晚回家都没关系,洗个澡躺在床上又是一天,很孤单,却说一个人真好 。53.世界上有不绝的风景,我有不老的心情。54.其实,我们只是想找一个谈得来、合脾性,在一起舒坦、分开久了有点想念,安静久了想闹腾一下、吵架了又立马会后悔认输的人 。爱情如此,友情同理 。55.在没去了解之前,每个人看起来都很好。56.人间荒唐市侩,不如山中做怪。57.命运要你成长的时候,总会安排一些让你不顺心的人或事刺激你。这是规律。58. 都在用不同的方式长大,谁也没轻轻松松。59.既然去不了诗和远方,那就到村口路上走走,看看落日与夕阳。人生处处皆是风景。60.张小娴曾写道:我没有很刻意的去想念你,因为我知道,遇到了就应该感恩,路过了就需要释怀。我只是在很多很多的小瞬间,想起你。比如一部电影,一首歌,一句歌词,一条马路和无数个闭上眼睛的瞬间。61.一个人身边的位置只有那么多,你能给的也只有那么多,在这个狭小的圈子里,有些人要进来,就有一些人不得不离开。62.无效社交摧毁有趣灵魂。63. 我不快乐大概是因为我得不到又忘不掉还不敢说。64.所以我该用什么语气,什么样的言语,来表达我杂七杂八的心情呢。65.看淡一点再努力一点,这世上,没有谁活得比谁容易,只是有人在呼天喊地,有人在静默坚守。66.只要有人的地方就有恩怨,有恩怨就会有江湖,人就是江湖。 Read More
Outlook Web Search Progressively getting Worse – is the Archive Box the issue?
I’m using the new Outlook desktop app and outlook web app to manage my emails. I’ve noticed my search feature has been getting progressively worse the past few weeks. Before when I would search up an individuals name their email would typically pop up instantly as a search option. Same thing for general key words. I would search a keyword and get results almost instantly
Now it can take 1-2 minutes for searches to load. Often times when I type names of individuals I mail on a regular basis they don’t even pop up as a search option.
I started using the Archive box back in February and I practice inbox zero. So my inbox typically only has 10-20 emails in it at any given point with everything else in the Archive box.
Would the archive box impact Outlooks ability to search and return search results?
I’m using the new Outlook desktop app and outlook web app to manage my emails. I’ve noticed my search feature has been getting progressively worse the past few weeks. Before when I would search up an individuals name their email would typically pop up instantly as a search option. Same thing for general key words. I would search a keyword and get results almost instantlyNow it can take 1-2 minutes for searches to load. Often times when I type names of individuals I mail on a regular basis they don’t even pop up as a search option.I started using the Archive box back in February and I practice inbox zero. So my inbox typically only has 10-20 emails in it at any given point with everything else in the Archive box.Would the archive box impact Outlooks ability to search and return search results? Read More
Sum row until a blank cell is reached
Hello! What formula can I enter to sum a row of data until a blank cell is reached. I know the AutoSum function does this, but I am trying to create a template that has this formula entered for numerous rows of data, not just one row. I appreciate any guidance you can provide!
Hello! What formula can I enter to sum a row of data until a blank cell is reached. I know the AutoSum function does this, but I am trying to create a template that has this formula entered for numerous rows of data, not just one row. I appreciate any guidance you can provide! Read More
SUSDB errors when it’s trying to perform maintenance (SMS_WSUS_SYNC_MANAGER)
This started a few weeks ago – let it hang out for a bit to see if it was a random blip, but unfortunately this is still happening.
I inherited this from someone who left the company abruptly, so i’m unsure unfortunately about how this was setup and haven’t ran into any WSUS issues previously.
Note : if i do turn off the 2 maintenance requirements that are erroring, obviously it’s fine. if i turn them back on.
CM Version : 2309
Component : SMS_WSUS_SYNC_MANAGER
Errors :
– ConfigMgr failed to connect to SUSDB and could not delete obselete updates.
– ConfigMgr failed to connect to SUSDB and could not add custom indexes.
Went to my management point and checked the WSyncmgr log
– It looks fine and connecting as it’s doing some maintenance, but not indexes or some obsolete updates which is confusing as per the component status above.
ErrorsIndexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: [SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: adcmecm02.a-dec.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)
I found one men
Full WSYNCmgr log for one sync this morning at 4am
Wakeup for scheduled regular sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Starting Sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Performing sync on regular schedule SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Read SUPs from SCF for {OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Found 1 SUPs SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Found active SUP {OMITTED}{OMITTED}.{OMITTED}.com from SCF File. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:00.365 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Sync Surface Drivers option is not set SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
Synchronizing WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:01.402 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)
Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)
Synchronizing WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)
sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)
sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:13 AM 8480 (0x2120)
sync: WSUS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:19 AM 8480 (0x2120)
sync: WSUS synchronizing updates, processed 344 out of 344 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Done synchronizing WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Sync Catalog Drivers SCF value is set to : 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
SyncGracePeriod not set, use default 120000 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Sleeping 120 more seconds for WSUS server sync results to become available SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17601 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)
Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)
Synchronizing SMS database with WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
Third party updates are enabled, SMS sync operations will use default WSUS server exclusively. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
STATMSG: ID=6705 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:02:51.313 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Synchronizing SMS database with WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Syncing updates arrived after 05/17/2024 00:02:42 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Checking WSUS for third-party signing certificate… SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Getting signing certificate from WSUS server. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
WSUS signing certificate details: Thumbprint: ‘{OMITTED}’, Start Date: ’06/19/2023 11:55:01′, Expiration Date: ’06/19/2028 11:55:01′, Issuer: ‘CN=PatchMyPC Service’, Subject: ‘CN=PatchMyPC Service’ SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Getting active WSUS signing certificate thumbprint from database. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Found WSUS signing certificate with thumbprint {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
WSUS signing certificate has not changed. Thumbprint: {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Successfully downloaded and stored WSUS signing certificate with thumbprint {OMITTED}. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
Finished checking for third-party signing certificate. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
sync: SMS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
sync: SMS synchronizing categories, processed 0 out of 456 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
sync: SMS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
SyncBatchCount not set, using default 1 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
SyncBatchMinCreationDate not set, using default 01/01/2001 00:00:00 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
sync: SMS synchronizing updates, processed 0 out of 3 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)
Synchronizing update 75b807d5-5b8a-49cc-83a3-603b6602aa61 – Security Intelligence Update for Windows Defender Antivirus – KB915597 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)
Synchronizing update 28118802-b197-4337-9825-112d7721bff9 – Security Intelligence Update for Microsoft Endpoint Protection – KB2461484 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:04 AM 18368 (0x47C0)
Synchronizing update 2c31ad9b-64a8-4e60-9fce-6bc6df61839b – Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:30 AM 18368 (0x47C0)
sync: SMS synchronizing updates, processed 3 out of 3 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)
sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)
Removed 178 unreferenced updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)
Done synchronizing SMS with WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)
Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17602 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)
Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)
Starting cleanup on WSUS, default server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)
Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)
https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Cleaning up WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Syncing updates arrived after 05/17/2024 04:02:51 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:06:26.136 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)
Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)
STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:07:25.699 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
Done Indexing SUSDB. Custom indexes were created if they didn’t exist previously. {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
Cleanup processed 1086 total updates and declined 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)
Done Declining updates in WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)
Starting Deletion of ObseleteUpdates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)
STATMSG: ID=6719 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:08:56.025 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)
Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)
Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)
0 update(s) were deleted from SUSDB in Server: \.pipeMICROSOFT##WIDtsqlquery Database: SUSDB SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)
Deletion Completed SMS_WSUS_SYNC_MANAGER 5/17/2
This started a few weeks ago – let it hang out for a bit to see if it was a random blip, but unfortunately this is still happening. I inherited this from someone who left the company abruptly, so i’m unsure unfortunately about how this was setup and haven’t ran into any WSUS issues previously. Note : if i do turn off the 2 maintenance requirements that are erroring, obviously it’s fine. if i turn them back on. CM Version : 2309 Component : SMS_WSUS_SYNC_MANAGER Errors : – ConfigMgr failed to connect to SUSDB and could not delete obselete updates.- ConfigMgr failed to connect to SUSDB and could not add custom indexes. Went to my management point and checked the WSyncmgr log- It looks fine and connecting as it’s doing some maintenance, but not indexes or some obsolete updates which is confusing as per the component status above.ErrorsIndexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: [SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: adcmecm02.a-dec.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560) I found one men Full WSYNCmgr log for one sync this morning at 4am Wakeup for scheduled regular sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Starting Sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Performing sync on regular schedule SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Read SUPs from SCF for {OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Found 1 SUPs SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Found active SUP {OMITTED}{OMITTED}.{OMITTED}.com from SCF File. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:00.365 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Sync Surface Drivers option is not set SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)Synchronizing WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:01.402 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)Synchronizing WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:13 AM 8480 (0x2120)sync: WSUS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:19 AM 8480 (0x2120)sync: WSUS synchronizing updates, processed 344 out of 344 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Done synchronizing WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Sync Catalog Drivers SCF value is set to : 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)SyncGracePeriod not set, use default 120000 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Sleeping 120 more seconds for WSUS server sync results to become available SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17601 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)Synchronizing SMS database with WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)Third party updates are enabled, SMS sync operations will use default WSUS server exclusively. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)STATMSG: ID=6705 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:02:51.313 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Synchronizing SMS database with WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Syncing updates arrived after 05/17/2024 00:02:42 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Checking WSUS for third-party signing certificate… SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Getting signing certificate from WSUS server. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)WSUS signing certificate details: Thumbprint: ‘{OMITTED}’, Start Date: ’06/19/2023 11:55:01′, Expiration Date: ’06/19/2028 11:55:01′, Issuer: ‘CN=PatchMyPC Service’, Subject: ‘CN=PatchMyPC Service’ SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Getting active WSUS signing certificate thumbprint from database. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Found WSUS signing certificate with thumbprint {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)WSUS signing certificate has not changed. Thumbprint: {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Successfully downloaded and stored WSUS signing certificate with thumbprint {OMITTED}. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)Finished checking for third-party signing certificate. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)sync: SMS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)sync: SMS synchronizing categories, processed 0 out of 456 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)sync: SMS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)SyncBatchCount not set, using default 1 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)SyncBatchMinCreationDate not set, using default 01/01/2001 00:00:00 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)sync: SMS synchronizing updates, processed 0 out of 3 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)Synchronizing update 75b807d5-5b8a-49cc-83a3-603b6602aa61 – Security Intelligence Update for Windows Defender Antivirus – KB915597 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)Synchronizing update 28118802-b197-4337-9825-112d7721bff9 – Security Intelligence Update for Microsoft Endpoint Protection – KB2461484 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:04 AM 18368 (0x47C0)Synchronizing update 2c31ad9b-64a8-4e60-9fce-6bc6df61839b – Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:30 AM 18368 (0x47C0)sync: SMS synchronizing updates, processed 3 out of 3 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)Removed 178 unreferenced updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)Done synchronizing SMS with WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17602 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)Starting cleanup on WSUS, default server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Cleaning up WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Syncing updates arrived after 05/17/2024 04:02:51 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:06:26.136 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:07:25.699 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Done Indexing SUSDB. Custom indexes were created if they didn’t exist previously. {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Cleanup processed 1086 total updates and declined 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)Done Declining updates in WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)Starting Deletion of ObseleteUpdates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)STATMSG: ID=6719 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:08:56.025 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)0 update(s) were deleted from SUSDB in Server: \.pipeMICROSOFT##WIDtsqlquery Database: SUSDB SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)Deletion Completed SMS_WSUS_SYNC_MANAGER 5/17/2 Read More
Visual Studio component Microsoft.Net.4.X.X.FullRedist install error when using application deployme
I’ve recently hit an issue with deployment of Visual Studio using an application deployment in Configuration Manager.
I am attempting to deploy a few workloads and have the following in the response.json file:
“includeRecommended”: true”includeOptional”: true”Microsoft.VisualStudio.Workload.ManagedDesktop””Microsoft.VisualStudio.Workload.ManagedGame””Microsoft.VisualStudio.Workload.NetWeb”
When installing the above using an application deployment, the deployment completes, however it generates a warning and thus Configuration Manager marks the installation as failed. If we run the Visual Studio Installer application on the machine that VS is deployed to, we see an error:
Couldn’t install Microsoft.Net.4.X.X.FullRedist (when we initially looked at this it was version 4.8.1 that was installed as part of the deployment).
Following quite a lot of digging (see https://developercommunity.visualstudio.com/t/Items-in-1774-fail-to-install-when-usi/10486002?ftype=problem) I have been told that ‘.NET installer uses high compression and needs about ~540MB of memory to run the decompression process. SCCM’s “Application” deployment is limited to a little less than 512MB of memory. Can you please check if you are using “Application” deployment, and if this issue repro when you change deployment to “Package”?’.
While deploying VS as a package does work, we lose all of the goodness that an application deployment gives us (including the ability to supercede an old version with a newer one).
Is there any way to increase the amount of RAM available to the application type deployment on the client in Configuration Manager?
I’ve recently hit an issue with deployment of Visual Studio using an application deployment in Configuration Manager. I am attempting to deploy a few workloads and have the following in the response.json file:”includeRecommended”: true”includeOptional”: true”Microsoft.VisualStudio.Workload.ManagedDesktop””Microsoft.VisualStudio.Workload.ManagedGame””Microsoft.VisualStudio.Workload.NetWeb” When installing the above using an application deployment, the deployment completes, however it generates a warning and thus Configuration Manager marks the installation as failed. If we run the Visual Studio Installer application on the machine that VS is deployed to, we see an error:Couldn’t install Microsoft.Net.4.X.X.FullRedist (when we initially looked at this it was version 4.8.1 that was installed as part of the deployment). Following quite a lot of digging (see https://developercommunity.visualstudio.com/t/Items-in-1774-fail-to-install-when-usi/10486002?ftype=problem) I have been told that ‘.NET installer uses high compression and needs about ~540MB of memory to run the decompression process. SCCM’s “Application” deployment is limited to a little less than 512MB of memory. Can you please check if you are using “Application” deployment, and if this issue repro when you change deployment to “Package”?’.While deploying VS as a package does work, we lose all of the goodness that an application deployment gives us (including the ability to supercede an old version with a newer one).Is there any way to increase the amount of RAM available to the application type deployment on the client in Configuration Manager? Read More
Excel Auto Open Macro
I bought a book on VBA programming for MS Office and I’m trying to do one of the examples. It’s a macro that automatically maximizes the window and opens the most recent document when you start excel, but it’s not working. There is no error message, excel just opens like normal. I’ve gone through the instructions a couple of times but can’t find any issues. My code is below:
Option Explicit
Private Sub Auto_Open()
Application.WindowState = xlMaximized
Application.RecentFiles(1).Open
End Sub
Any thoughts? Thanks in advance.
I bought a book on VBA programming for MS Office and I’m trying to do one of the examples. It’s a macro that automatically maximizes the window and opens the most recent document when you start excel, but it’s not working. There is no error message, excel just opens like normal. I’ve gone through the instructions a couple of times but can’t find any issues. My code is below: Option ExplicitPrivate Sub Auto_Open()Application.WindowState = xlMaximizedApplication.RecentFiles(1).Open End Sub Any thoughts? Thanks in advance. Read More
REGISTER TODAY: Americas Partner Insider Call | June 5th
Mark your calendar for the next Americas Partner Insider Call on June 5th at 10:00 AM PT.
Reserve your spot today to gain valuable insights from our expert speakers. Connect with fellow partners, learn about the latest developments, and elevate your partnership with Microsoft.
Register now and unlock your potential!
As a valued partner, we want to provide you with the resources and tools you need to succeed. That’s why we are sharing with you the on-demand video and PowerPoint presentation from the May Partner Insider Call:
Click here to view the recording of the event.
Click here to view the PowerPoint presentation.
For May, Tech for Social Impact was a featured guest. Also, take a moment to listen to the Demystifying Copilot Licensing portion of the virtual event.
Mark your calendar for the next Americas Partner Insider Call on June 5th at 10:00 AM PT.
Reserve your spot today to gain valuable insights from our expert speakers. Connect with fellow partners, learn about the latest developments, and elevate your partnership with Microsoft.
Register now and unlock your potential!
As a valued partner, we want to provide you with the resources and tools you need to succeed. That’s why we are sharing with you the on-demand video and PowerPoint presentation from the May Partner Insider Call:
Click here to view the recording of the event.
Click here to view the PowerPoint presentation.
For May, Tech for Social Impact was a featured guest. Also, take a moment to listen to the Demystifying Copilot Licensing portion of the virtual event.
Read More
I have file need help with formula not working some reason for Time.
I have file need help with formula not working some reason for Time.
I have file call NFL Schedule have teams for friends. in time it not display any time that get data from Yearly schedule worksheet. I need new update formula to get the Time working again.
Thanks You very much.
I have file need help with formula not working some reason for Time. I have file call NFL Schedule have teams for friends. in time it not display any time that get data from Yearly schedule worksheet. I need new update formula to get the Time working again. Thanks You very much. Read More
Securing the value in a cell
Hi!
Say I have a small shop at a sports stadium, and want to calculate profits on each product I sell for the season.
The way I’ve done it is having three sheets; ‘sales’, ‘cost’ and ‘result’.
In the ‘cost’ sheet, I have
A1 product name
B1 amount I sell it for
C1 amount I bought it for
In the ‘sales’ sheet, I have
Column A: Product names
Column B-> G: Opponent for the team
Row 2: Number of sales
Example:
A2: Popcorn B2: 52 (sales vs Miami), C2: 15 (sales vs Tampa) etc
In the ‘result’ sheet, I have:
A2 Popcorn
B2 The amount of popcorn sold in total (B2:G2 from ‘sales’))
C2: B2*’cost’!b1 (amount of popcorn x sale price)
D2: B2*’cost’!c1 (amount of popcorn x amount I purchased the popcorn for)
E2: C2-D2 (turnover minus cost)
All this is fine, and this is obviously a simplified version of it.
BUT! Halfway through the season, my provider increased their prices so my total result will be lower. If I change the prize on ‘cost’ C1, it will change all of the sales I’ve had, including the time before the price went up.
Is there a way that I can freeze the values in the cells from the beginning of the season so it’s not affected by the changing of the purchasing price moving forward?
Basically, if I buy the popcorn for $5 and sell it for $10 in May, but buy it for $6 and sell it for $10 in June that will have an effect on my total revenue.
I hope this made sense and that anyone can help me!
Cheers,
Frank
Hi! Say I have a small shop at a sports stadium, and want to calculate profits on each product I sell for the season. The way I’ve done it is having three sheets; ‘sales’, ‘cost’ and ‘result’. In the ‘cost’ sheet, I have A1 product nameB1 amount I sell it forC1 amount I bought it for In the ‘sales’ sheet, I haveColumn A: Product namesColumn B-> G: Opponent for the teamRow 2: Number of sales Example:A2: Popcorn B2: 52 (sales vs Miami), C2: 15 (sales vs Tampa) etc In the ‘result’ sheet, I have:A2 PopcornB2 The amount of popcorn sold in total (B2:G2 from ‘sales’)) C2: B2*’cost’!b1 (amount of popcorn x sale price) D2: B2*’cost’!c1 (amount of popcorn x amount I purchased the popcorn for) E2: C2-D2 (turnover minus cost) All this is fine, and this is obviously a simplified version of it. BUT! Halfway through the season, my provider increased their prices so my total result will be lower. If I change the prize on ‘cost’ C1, it will change all of the sales I’ve had, including the time before the price went up. Is there a way that I can freeze the values in the cells from the beginning of the season so it’s not affected by the changing of the purchasing price moving forward? Basically, if I buy the popcorn for $5 and sell it for $10 in May, but buy it for $6 and sell it for $10 in June that will have an effect on my total revenue. I hope this made sense and that anyone can help me! Cheers, Frank Read More
Building Better Apps: Better Together
Helping you build better apps has been one of our key focus areas in Azure. Our latest tooling focuses on providing guidance for architecting, optimizing, and deploying apps. Whether you’re creating a new proof of concept or improving an existing app, these capabilities can boost productivity and performance. These capabilities are all in Preview, so please give them a try and let us know what you think!
Starting Right: Architecting Your Azure App
Let’s say you’re starting a proof of concept for a new application. Normally, you might spend a lot of time picking services, architecting apps, and deploying them based on industry best practices. Better Together can streamline this process with the below capabilities.
Better Together in Microsoft Copilot for Azure
The Better Together capability which can be accessed from Copilot can be helpful to understanding if you’re on the right track when building your app. In the past it might’ve been time-consuming to learn about the kinds of services that similar apps are using through docs and videos. This capability can streamline some of this process by recommending services based on patterns that other similar apps have used.
To give this a try, navigate to the Azure Portal and select the Copilot button in the toolbar to open the chat window. Here you can ask questions to recommended services for your app, or architecture, including, “What are popular services that are deployed with App Service apps like mine?” and “Which database should I use with my ACA app?”, and “What services would you recommend to implement distributed caching?”
Sometimes it’s important to validate if you’re on the right track. When you ask architectural or infrastructure-level questions to Azure Copilot, it helps you discover the most commonly used services for your specific use case. In the example below, after identifying performance bottlenecks in your app and considering implementing distributed caching to enhance performance, the recommendation points to Azure Cache for Redis. This service is widely deployed by many App Service apps similar to yours.
Boosting Performance: Optimizing Your Azure App
If your App Service app is running a little slower than expected, or if you’re suspecting any performance bottlenecks, these are some capabilities that can diagnose and optimize these problems.
Diagnostics Insights (Preview)
Diagnostic logs can return pages of information that are difficult to interpret. This capability can make it easier to identify anomalies and quickly identify bottlenecks . In the Azure Portal, you can efficiently evaluate your application’s CPU usage and track any anomalies by navigating to Diagnose & Solve Problems > Web App Slow. Within this section, you’ll find a chart that provides insights into performance and latency.
Notably, over the last 24 hours, approximately 90% of users accessing this web app experienced low latency.
Another way to access suggestions is to type in “my web app is slow” into Copilot for Azure, which will offer suggestions around any bottlenecks.
Diagnostic charts can sometimes be time-consuming to analyze. However, Copilot offers a helpful Summarization capability. When you input variations of “summarize this page,” Copilot will generate concise summaries of the insights, allowing you to quickly grasp the main points without having to read through every chart and detail.
Application Insights Code Optimizations (Preview)
Performance can be improved by making code-level changes. Code Optimizations helps identify where to make these improvements. By leveraging AI, Code Optimizations detects CPU and memory bottlenecks of your application during runtime. It is available for .NET applications that have Application Insights Profiler enabled. To access Code Optimizations in the Azure Portal, navigate to the Performance blade in Application Insights. For App Service, it’s also available in Diagnose & Solve Problems > Web App Slow.
In this example, some of the performance issues identified may be caused by inefficient code, which can be investigated.
Selecting any of these suggestions will open more details about the performance issue, show where and when in the code it’s occurring, and show the recommended solution.
For many recommendations, a code fix can be generated using the Code Optimizations extension (currently in limited preview) for Visual Studio and Visual Studio Code – Insiders. You can sign up here.
Learn more about Code Optimizations.
Making Improvements: Augmenting Your Azure App
If you have deployed an App Service app and you’re unsure which services to use to improve scalability and reliability for it, these capabilities can help optimize without reinventing the wheel.
Better Together (Preview) in Azure Portal
It can be time-consuming to pick, create, deploy, and connect a service to your App Service app. Better Together can help you deploy and connect popular services for your App Service app. This capability primarily focuses on connecting newly-created resources to your App Service app more easily. Navigate to Better Together for your App Service app through the Azure Portal using the menu item Better Together.
Enabling Azure Cache for Redis will automatically create a new Redis instance and establish the connection with your existing App Service app. If you choose to “Create” any of the other services, you’ll be directed to their onboarding flow, where you’ll receive guidance on creating and connecting the service. Stay tuned for the next release for a more customized experience!
Take a look at these capabilities in action with the video below.
Conclusion: Better Together
Azure strives to empower you to create robust, high-performing apps. Whether you’re starting a new app or improving an existing one, we are creating tools and services that can help. Please give these capabilities a try and let us know what you think by leaving a comment or emailing us at bettertogetherteam@microsoft.com.
Microsoft Tech Community – Latest Blogs –Read More
Deep Dive: Secure Orchestration of Confidential Containers on Azure Kubernetes Service
Introduction
Building on our previous blog post about Confidential Containers on Azure Kubernetes Services (AKS) powered by Azure Linux, this blog post dives into the design and implementation of the stack’s security policy. The security policy feature is a critical building block for the trustworthy orchestration of confidential Kubernetes workloads on IaaS platforms. The feature protects the interface between the cloud provider’s stack and the user’s trusted computing base (TCB). The user’s confidential workloads run inside the TCB within virtual machines (VMs) which are encrypted by a hardware-based Trusted Execution Environment (TEE), such as AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). Trust in the security policy and its enforcement can be established via remote attestation. We will explore establishing this trust and how end users can generate and apply security policies using our new genpolicy tool.
Protecting the Trust Boundary Interface
One of the main components of the Kata Containers system architecture is the Kata Agent, which we will refer to as Agent. When using Kata Containers to implement Confidential Containers, the Agent is executed inside the hardware-based TEE and therefore is part of the TCB. As shown in the Figure 1, the Agent provides a set of ttRPC APIs allowing the system components outside of the TEE, i.e., the Kata Shim, to create and manage Kubernetes pods inside confidential VMs (CVMs) transparent to the Kubernetes stack. From a confidentiality standpoint, the Kata Shim to Agent communication represents a control channel crossing the TCB boundary, which is why the Agent must protect itself from potentially malicious Agent API calls.
To systematically secure this control channel, we designed and implemented a security policy feature for the Kata Containers project, known as the Kata “Agent Policy” feature. This feature allows the owner of a confidential pod deployment to specify a document articulating the security policy a priori to running the pod. This policy document dictates what API calls are allowed and disallowed for the pod.
The policy document can be added in the form of an encoded string as an annotation to Kubernetes pod manifests, allowing the policy document to naturally travel through kubelet and containerd to the Kata Shim, which we will refer to as Shim. The Shim then provides the policy document to the Agent during early CVM initialization. Since the policy document travels through components that are not part of the TCB prior to reaching the Agent, the policy is not inherently trustworthy at CVM initialization. We can establish trustworthiness through remote attestation which will be explained in an upcoming section.
Structure of the Security Policy Document
The security policy document is composed using the Rego policy language and describes all the Agent’s ttRPC API calls along with their parameters that are expected for creating and managing the confidential pod. This section takes a closer look at the three high-level sections of the policy document – the rules, default values and data sections.
Rules
The rules section is a static part of the policy document, independent of the individual pod deployment. Rules express the semantics for validating API calls, and in particular implement input parameter validation for parametrized calls. An example for a simple rule is the one for the unparametrized WriteStreamRequest call which explicitly enforces that the call can only be made if the policy document’s default value for the call is set to true:
WriteStreamRequest {
policy_data.request_defaults.WriteStreamRequest == true
}
Let’s now look at a rule for the parametrized CreateContainerRequest call which implements input parameter validation:
CreateContainerRequest {
i_oci := input.OCI
i_storages := input.storages
…
some p_container in policy_data.containers
p_pidns := p_container.sandbox_pidns
i_pidns := input.sandbox_pidns
p_pidns == i_pidns
p_oci := p_container.OCI
p_oci.Version == i_oci.Version
p_oci.Root.Readonly == i_oci.Root.Readonly
…
p_storages := p_container.storages
…
}
This rule validates all input parameters by comparing them with the expected parameters based on the document’s data section and rejects when a change to fields like the command line, storage mount, execution security context, or environment variables is detected. In the code snippet, the variables starting with “i_” are the input parameters whereas the variables starting with “p_” represent the expected values based on the policy document’s data section.
Default Values
Default values for API calls determine the behavior when no rule for a given call was positively evaluated:
default CreateContainerRequest := false
The default value of false means that any CreateContainer API call will be rejected unless a set of policy rules explicitly allows that call.
default GuestDetailsRequest := true
The default value of true means that calls from outside of the TEE to the GuestDetailsRequest API are always allowed to be executed. One would set this default value to true when the data returned by this API is not considered sensitive for confidentiality of the workloads.
Data
The data section contains expected values that are derived from a Kubernetes pod manifest and that are compared during policy rule evaluation with the actual values from the input parameters of a ttRPC API request. With this, the data section directly depends on the individual pod deployment with its containers. Based on the result of the comparison between the values, a rule can either allow or deny the call by returning true or false.
Coming back to the above rule for CreateContainerRequest, all the characteristics of a container are specified in a fine-granular way in the policy document’s data section: image integrity information, command line, storage volumes and mounts, the execution security context, environment variables, and other fields from the Open Container Initiative (OCI) container runtime configuration. An example for the command line section is the following:
policy_data := {
“containers”: [
{
“OCI”: {
…
“Args”: [
“/bin/sh”
],
…
},
…
},
…
Any diverging command line observed in the CreateContainerRequest for the given container will be rejected by policy. Another example is for the validation of the storages input field of the CreateContainerRequest:
policy_data := {
“containers”: [
{
“OCI”: {
…
},
“storages”: [
{
“driver”: “blk”,
“driver_options”: [],
“source”: “”,
“fstype”: “tar”,
“options”: [
“$(hash0)”
],
“mount_point”: “$(layer0)”,
“fs_group”: null
},
…
This example shows how the security policy constrains the way block devices can be mapped from the host into the CVM. In this example, a tar filesystem type block device is expected to be mapped to a certain mount point into the CVM.
Policy Enforcement in the Kata Agent
The Agent is responsible for enforcing the security policy by evaluating the policy for each Agent ttRPC API call. We implemented the enforcement of the security policy using the Open Policy Agent (OPA) – a graduated project of the Cloud Native Computing Foundation (CNCF). Before carrying out the actions corresponding to the API, the Agent queries OPA by using the OPA REST API to check if the policy rules and data allow or block the call. The Agent provides the policy document and all input data from the API request parameters as a JSON format representation to OPA. OPA uses the rules to check if the inputs are consistent with policy data. OPA tries to find at least one rule with the same name as the ttRPC API call to return true while considering the call’s potential input parameters.
For example, when the Agent receives a CreateContainerRequest call, any rules defined in the policy that are using the name CreateContainerRequest are evaluated. OPA evaluates these rules and tries to find at least one CreateContainerRequest rule that returns value true. If at least one CreateContainerRequest rule returns true, OPA returns a true result to the Agent, and the Agent creates the container as requested by the Shim. On the other hand, if the API inputs are not allowed by the document’s rules or if no rule exists, OPA returns the default value for that API to the Agent, or false when no default value is supplied. In the case false is returned, the Agent rejects the API call by returning a “blocked by policy” error message.
We achieved this behavior by adding a gate to the Agent’s RPC interface implementation for each call. We added the is_allowed() function call early in every call handler:
async fn exec_process(…) -> ttrpc::Result<Empty> {
…
is_allowed(&req).await?;
…
}
The function enforces above-described logic and can be found in the Agent policy implementation.
An important policy enforcement aspect of the CreateContainerRequest call is the Agent’s protection of the integrity of block devices, as described in the example for the storages input field of the CreateContainerRequest from the previous section and replicated below.
policy_data := {
“containers”: [
{
“OCI”: {
…
},
“storages”: [
{
“driver”: “blk”,
“driver_options”: [],
“source”: “”,
“fstype”: “tar”,
“options”: [
“$(hash0)”
],
“mount_point”: “$(layer0)”,
“fs_group”: null
},
…
As each container image layer is exposed as a read-only virtio block device to the CVM, the Agent protects the integrity of these block devices using the dm-verity technology of the CVM’s Linux kernel, enforcing the root value of the dm-verity hash tree through policy enforcement. The policy document’s data section contains the expected root values of the dm-verity hash tree for each container image layer, hash0 in the above example. These root values are verified at runtime by the Agent via calling OPA to compare the received input values with the expected values using policy rules semantics as defined by the policy document. With this, not only the security policy enforcement but also the integrity of the container image layers can be verified by remote attestation, as described next.
Security Policy and Remote Attestation
Before handling sensitive information, confidential workloads should perform remote attestation to prove to any relying party that exactly the desired workload with the user’s desired policy, using exactly the expected versions of the TEE, and of the CVM’s software stack has been orchestrated by the control plane.
Figure 2 depicts the confidential container creation flow starting with a user deploying a pod manifest to running the workload in the CVM. The pod manifest depicted in orange color reaches the Shim which in turn brings up the CVM with the help of the VMM and HV. The Shim uses the CreateVM call the VMM exposes through its API.
Before triggering this call, the Shim computes the SHA256 hash of the user-provided policy document that the VMM uses to set a field measured by the TEE. In the case of AMD SEV-SNP, the VMM sets the HOST_DATA field to the hash value which the AMD SEV-SNP TEE includes in the attestation evidence. This action creates a strong binding between the contents of the policy and the CVM. This TEE field cannot be modified later by the software executed inside or outside of the CVM. However, it is readable within the TEE after launch.
As the Shim launches the CVM and the CVM OS boots, the Agent starts up using an initial security policy that is included in the CVMs root file system. This initial security policy only allows the Shim to set a new policy document through the SetPolicyRequest ttRPC call once the Agent’s ttRPC interface becomes available. Upon receiving the policy from the Shim, the Agent verifies that the hash of the policy matches the value in the immutable TEE field. The Agent rejects the incoming policy if it detects a hash mismatch. If the hash matches, the Agent enforces the new policy and listens for ttRPC calls. After the Agent receives and validates the Shim’s CreateContainerRequest call, the Agent creates the workload container pertaining to the user’s pod manifest.
The remote attestation procedure can be implemented in different ways. One option is to implement in a container running inside the CVM that obtains the signed attestation evidence from the AMD SEV-SNP TEE. With the policy hash being part of one of the measured TEE fields above, the attestation service can verify the integrity of the security policy by comparing the value of this field with the expected hash of the pod policy that was preconfigured by the user.
Microsoft’s Azure Attestation (MAA) provides an end-to-end attestation solution for workloads in Azure. We have added support for Confidential Containers on AKS to MAA by utilizing the open-source confidential sidecar container as the attestation client. So, MAA just needs to be seeded with relevant policy measurements for confidential pods to enable remote attestation.
Policy Document Creation using the genpolicy Tool
To simplify creating the policy document for container workloads, we built the genpolicy tool to automate the generation of the security policy document with its policy data, rules, and default values derived from the users’ individual Kubernetes pod manifests. The genpolicy tool encodes the security policy document in base64 format and adds it to the Kubernetes pod manifest as an annotation. An example is a pod manifest for Confidential Containers on AKS where the given runtimeClassName field indicates that the pod is to be run as a confidential container:
apiVersion: v1
kind: Pod
metadata:
annotations:
io.katacontainers.config.agent.policy: cGFja2FnZSBhZ2VudF<…>
spec:
runtimeClassName: kata-cc-isolation
…
The annotation value can be decoded using “base64 -d”, revealing the set of default values, rules, and data, for example:
…
# default values for API calls
default CopyFileRequest := false
…
default ExecProcessRequest := false
…
# rules for API calls
CreateContainerRequest { … }
…
CreateSandboxRequest { … }
…
WriteStreamRequest { … }
…
# data, for instance listing the pod’s containers and fields
policy_data := {
“containers”: [
{
“OCI”: {
“Version”: “1.1.0-rc.1”,
…
}
To generate the policy, run the following command:
genpolicy -y <path/to/pod.yaml>
This will embed the policy into the pod yaml file. Then the pod manifest can be deployed onto a cluster supporting confidential containers as normal, for instance, using:
kubectl apply -f <path/to/pod.yaml>
If any policy violations are detected, the Agent will refuse to execute the relevant ttRPC call, resulting in the following failure when using kubectl describe pod:
Error: failed to create containerd task: failed to create shim task: “CreateContainerRequest is blocked by policy”
Users should review the auto-generated policy document and verify that the policy fits the desired confidentiality goals and modify the policy as needed. To change the behavior of the tool, the user can specify further parameters:
genpolicy -p <path/to/rules.rego> -j <path/to/genpolicy-settings.json> -y <path/to/pod.yaml>
Using these parameters, the policy’s default values and rules and data fields can be modified by supplying custom rules.rego and settings JSON files. More details and examples are provided in the upstream Kata Agent policy documentation.
To simplify genpolicy usage in Azure, the Azure CLI ‘confcom’ extension wraps the latest releases of the genpolicy tool to enable end users generating pod security policies via the Azure CLI, which is as simple as calling:
az confcom katapolicygen -y <path/to/pod.yaml>
An end-to-end example starting with cluster deployment and running a confidential container with attached security policy can be found in our confidential container deployment documentation.
Conclusion
We have walked through the security policy of our Confidential Containers on AKS offering – from the syntax of the policy file to the enforcement with OPA, to establishing trust with remote attestation, and how to automatically generate and embed the policy using our genpolicy tool. The Azure Linux team collaborated with the Confidential Containers and Kata Containers communities on the design and implementation of Confidential Containers, as part of Microsoft’s commitment to open source. We contributed the policy implementation upstream – the Agent code responsible for enforcing the security policy, the Shim and Agent code for setting the policy and reading its measured hash value with different VMMs and HVs for AMD SEV-SNP and Intel TDX, and the genpolicy tool to create the security policy document. Along with this, a how-to for the policy feature and a README for the genpolicy tool can be found. We will continue to contribute and expand the security policy implementation upstream with the Kata Containers and Confidential Containers communities, so join us there to build this feature with us.
Microsoft Tech Community – Latest Blogs –Read More