Category: News
Outlook Web Search Progressively getting Worse – is the Archive Box the issue?
I’m using the new Outlook desktop app and outlook web app to manage my emails. I’ve noticed my search feature has been getting progressively worse the past few weeks. Before when I would search up an individuals name their email would typically pop up instantly as a search option. Same thing for general key words. I would search a keyword and get results almost instantly
Now it can take 1-2 minutes for searches to load. Often times when I type names of individuals I mail on a regular basis they don’t even pop up as a search option.
I started using the Archive box back in February and I practice inbox zero. So my inbox typically only has 10-20 emails in it at any given point with everything else in the Archive box.
Would the archive box impact Outlooks ability to search and return search results?
I’m using the new Outlook desktop app and outlook web app to manage my emails. I’ve noticed my search feature has been getting progressively worse the past few weeks. Before when I would search up an individuals name their email would typically pop up instantly as a search option. Same thing for general key words. I would search a keyword and get results almost instantlyNow it can take 1-2 minutes for searches to load. Often times when I type names of individuals I mail on a regular basis they don’t even pop up as a search option.I started using the Archive box back in February and I practice inbox zero. So my inbox typically only has 10-20 emails in it at any given point with everything else in the Archive box.Would the archive box impact Outlooks ability to search and return search results? Read More
Sum row until a blank cell is reached
Hello! What formula can I enter to sum a row of data until a blank cell is reached. I know the AutoSum function does this, but I am trying to create a template that has this formula entered for numerous rows of data, not just one row. I appreciate any guidance you can provide!
Hello! What formula can I enter to sum a row of data until a blank cell is reached. I know the AutoSum function does this, but I am trying to create a template that has this formula entered for numerous rows of data, not just one row. I appreciate any guidance you can provide! Read More
SUSDB errors when it’s trying to perform maintenance (SMS_WSUS_SYNC_MANAGER)
This started a few weeks ago – let it hang out for a bit to see if it was a random blip, but unfortunately this is still happening.
I inherited this from someone who left the company abruptly, so i’m unsure unfortunately about how this was setup and haven’t ran into any WSUS issues previously.
Note : if i do turn off the 2 maintenance requirements that are erroring, obviously it’s fine. if i turn them back on.
CM Version : 2309
Component : SMS_WSUS_SYNC_MANAGER
Errors :
– ConfigMgr failed to connect to SUSDB and could not delete obselete updates.
– ConfigMgr failed to connect to SUSDB and could not add custom indexes.
Went to my management point and checked the WSyncmgr log
– It looks fine and connecting as it’s doing some maintenance, but not indexes or some obsolete updates which is confusing as per the component status above.
ErrorsIndexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: [SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: adcmecm02.a-dec.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)
I found one men
Full WSYNCmgr log for one sync this morning at 4am
Wakeup for scheduled regular sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Starting Sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Performing sync on regular schedule SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Read SUPs from SCF for {OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Found 1 SUPs SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Found active SUP {OMITTED}{OMITTED}.{OMITTED}.com from SCF File. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:00.365 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)
Sync Surface Drivers option is not set SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
Synchronizing WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:01.402 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)
https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)
Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)
Synchronizing WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)
sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)
sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:13 AM 8480 (0x2120)
sync: WSUS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:19 AM 8480 (0x2120)
sync: WSUS synchronizing updates, processed 344 out of 344 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Done synchronizing WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Sync Catalog Drivers SCF value is set to : 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
SyncGracePeriod not set, use default 120000 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Sleeping 120 more seconds for WSUS server sync results to become available SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)
Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17601 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)
Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)
Synchronizing SMS database with WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
Third party updates are enabled, SMS sync operations will use default WSUS server exclusively. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
STATMSG: ID=6705 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:02:51.313 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)
https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Synchronizing SMS database with WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Syncing updates arrived after 05/17/2024 00:02:42 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Checking WSUS for third-party signing certificate… SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Getting signing certificate from WSUS server. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
WSUS signing certificate details: Thumbprint: ‘{OMITTED}’, Start Date: ’06/19/2023 11:55:01′, Expiration Date: ’06/19/2028 11:55:01′, Issuer: ‘CN=PatchMyPC Service’, Subject: ‘CN=PatchMyPC Service’ SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Getting active WSUS signing certificate thumbprint from database. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Found WSUS signing certificate with thumbprint {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
WSUS signing certificate has not changed. Thumbprint: {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)
Successfully downloaded and stored WSUS signing certificate with thumbprint {OMITTED}. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
Finished checking for third-party signing certificate. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
sync: SMS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
sync: SMS synchronizing categories, processed 0 out of 456 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)
sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
sync: SMS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
SyncBatchCount not set, using default 1 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
SyncBatchMinCreationDate not set, using default 01/01/2001 00:00:00 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)
sync: SMS synchronizing updates, processed 0 out of 3 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)
Synchronizing update 75b807d5-5b8a-49cc-83a3-603b6602aa61 – Security Intelligence Update for Windows Defender Antivirus – KB915597 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)
Synchronizing update 28118802-b197-4337-9825-112d7721bff9 – Security Intelligence Update for Microsoft Endpoint Protection – KB2461484 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:04 AM 18368 (0x47C0)
Synchronizing update 2c31ad9b-64a8-4e60-9fce-6bc6df61839b – Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:30 AM 18368 (0x47C0)
sync: SMS synchronizing updates, processed 3 out of 3 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)
sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)
Removed 178 unreferenced updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)
Done synchronizing SMS with WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)
Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17602 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)
Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)
Starting cleanup on WSUS, default server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)
Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)
https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Cleaning up WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Syncing updates arrived after 05/17/2024 04:02:51 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)
STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:06:26.136 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)
Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)
STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:07:25.699 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
Done Indexing SUSDB. Custom indexes were created if they didn’t exist previously. {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)
Cleanup processed 1086 total updates and declined 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)
Done Declining updates in WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)
Starting Deletion of ObseleteUpdates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)
STATMSG: ID=6719 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:08:56.025 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)
Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)
Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)
0 update(s) were deleted from SUSDB in Server: \.pipeMICROSOFT##WIDtsqlquery Database: SUSDB SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)
Deletion Completed SMS_WSUS_SYNC_MANAGER 5/17/2
This started a few weeks ago – let it hang out for a bit to see if it was a random blip, but unfortunately this is still happening. I inherited this from someone who left the company abruptly, so i’m unsure unfortunately about how this was setup and haven’t ran into any WSUS issues previously. Note : if i do turn off the 2 maintenance requirements that are erroring, obviously it’s fine. if i turn them back on. CM Version : 2309 Component : SMS_WSUS_SYNC_MANAGER Errors : – ConfigMgr failed to connect to SUSDB and could not delete obselete updates.- ConfigMgr failed to connect to SUSDB and could not add custom indexes. Went to my management point and checked the WSyncmgr log- It looks fine and connecting as it’s doing some maintenance, but not indexes or some obsolete updates which is confusing as per the component status above.ErrorsIndexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: [SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {SERVER}com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: adcmecm02.a-dec.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560) I found one men Full WSYNCmgr log for one sync this morning at 4am Wakeup for scheduled regular sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Starting Sync SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Performing sync on regular schedule SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Read SUPs from SCF for {OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Found 1 SUPs SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Found active SUP {OMITTED}{OMITTED}.{OMITTED}.com from SCF File. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)STATMSG: ID=6701 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:00.365 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:00 AM 23720 (0x5CA8)Sync Surface Drivers option is not set SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)Synchronizing WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)STATMSG: ID=6704 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:00:01.402 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 23720 (0x5CA8)https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:01 AM 8480 (0x2120)Synchronizing WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)sync: Starting WSUS synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:02 AM 8480 (0x2120)sync: WSUS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:13 AM 8480 (0x2120)sync: WSUS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:19 AM 8480 (0x2120)sync: WSUS synchronizing updates, processed 344 out of 344 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Done synchronizing WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Sync Catalog Drivers SCF value is set to : 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)SyncGracePeriod not set, use default 120000 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Sleeping 120 more seconds for WSUS server sync results to become available SMS_WSUS_SYNC_MANAGER 5/17/2024 4:00:49 AM 8480 (0x2120)Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17601 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:49 AM 23720 (0x5CA8)Synchronizing SMS database with WSUS, default server is {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)Third party updates are enabled, SMS sync operations will use default WSUS server exclusively. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)STATMSG: ID=6705 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=23720 GMTDATE=Fri May 17 11:02:51.313 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 23720 (0x5CA8)https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Synchronizing SMS database with WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Syncing updates arrived after 05/17/2024 00:02:42 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Checking WSUS for third-party signing certificate… SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Getting signing certificate from WSUS server. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)WSUS signing certificate details: Thumbprint: ‘{OMITTED}’, Start Date: ’06/19/2023 11:55:01′, Expiration Date: ’06/19/2028 11:55:01′, Issuer: ‘CN=PatchMyPC Service’, Subject: ‘CN=PatchMyPC Service’ SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Getting active WSUS signing certificate thumbprint from database. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Found WSUS signing certificate with thumbprint {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)WSUS signing certificate has not changed. Thumbprint: {OMITTED} SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:51 AM 18368 (0x47C0)Successfully downloaded and stored WSUS signing certificate with thumbprint {OMITTED}. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)Finished checking for third-party signing certificate. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)sync: SMS synchronizing categories SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)sync: SMS synchronizing categories, processed 0 out of 456 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:52 AM 18368 (0x47C0)sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)sync: SMS synchronizing categories, processed 456 out of 456 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)sync: SMS synchronizing updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)SyncBatchCount not set, using default 1 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)SyncBatchMinCreationDate not set, using default 01/01/2001 00:00:00 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:54 AM 18368 (0x47C0)sync: SMS synchronizing updates, processed 0 out of 3 items (0%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)Synchronizing update 75b807d5-5b8a-49cc-83a3-603b6602aa61 – Security Intelligence Update for Windows Defender Antivirus – KB915597 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:02:56 AM 18368 (0x47C0)Synchronizing update 28118802-b197-4337-9825-112d7721bff9 – Security Intelligence Update for Microsoft Endpoint Protection – KB2461484 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:04 AM 18368 (0x47C0)Synchronizing update 2c31ad9b-64a8-4e60-9fce-6bc6df61839b – Security Intelligence Update for Microsoft Defender Antivirus – KB2267602 (Version 1.411.196.0) – Current Channel (Broad) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:03:30 AM 18368 (0x47C0)sync: SMS synchronizing updates, processed 3 out of 3 items (100%) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:09 AM 18368 (0x47C0)Removed 178 unreferenced updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)Done synchronizing SMS with WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:24 AM 18368 (0x47C0)Set content version of update source {EFCD7126-2DA5-4E15-830F-880A0266C41D} for site {OMITTED} to 17602 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)Resetting MaxInstall RunTime for Cumulative updates. SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:25 AM 23720 (0x5CA8)Starting cleanup on WSUS, default server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)Using account {OMITTED}srvsmssvc to connect to WSUS Server SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 23720 (0x5CA8)https://{OMITTED}{OMITTED}.{OMITTED}.com:8531 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Attempting connection to WSUS server: {OMITTED}{OMITTED}.{OMITTED}.com, port: 8531, useSSL: True SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Cleaning up WSUS server {OMITTED}{OMITTED}.{OMITTED}.com … SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)sync: Starting SMS database synchronization SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)requested localization languages: en SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Syncing updates arrived after 05/17/2024 04:02:51 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)Requested categories: Company=Patch My PC, Company=Patch My PC, Product=Microsoft SQL Server Management Studio v18, Product=Visual Studio 2022, Product=Microsoft Application Virtualization 5.0, Product=Visual Studio 2015, Product=Office 2016, Product=PowerShell – x64, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=.NET 6.0, Product=.NET 7.0, Product=Microsoft SQL Server 2012, Product=Visual Studio 2019, Product=Visual Studio 2017, Product=Microsoft Advanced Threat Analytics, Product=Office 2013, Product=Windows 11, Product=.NET Core 3.1, Product=.NET Core 2.1, Product=Microsoft Defender Antivirus, Product=Microsoft SQL Server 2016, Product=Microsoft SQL Server 2019, Product=Visual Studio 2005, Product=System Center Endpoint Protection, Product=Windows 10, Product=Visual Studio 2012, Product=Microsoft SQL Server 2022, Product=Windows 10, version 1903 and later, Product=.NET 5.0, Product=Microsoft Application Virtualization 4.6, Product=Visual Studio 2010, Product=Microsoft SQL Server 2017, Product=Microsoft SQL Server 2014, Product=Visual C++ Redist for Visual Studio 2012, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2013, Product=Windows 10 LTSB, Product=Microsoft SQL Server Management Studio v17, Product=Visual Studio 2010 Tools for Office Runtime, Product=Visual Studio 2015 Update 3, Product=Visual Studio 2008, Product=Microsoft SQL Server Management Studio v19, ProductFamily=Windows Subsystem for Linux, ProductFamily=Windows Admin Center, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:05:26 AM 25952 (0x6560)STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:06:26.136 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:06:26 AM 25952 (0x6560)STATMSG: ID=6717 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:07:25.699 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Indexing Failed. Could not connect to SUSDB. SqlException thrown while connect to SUSDB in Server: {OMITTED}{OMITTED}.{OMITTED}.com. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Done Indexing SUSDB. Custom indexes were created if they didn’t exist previously. {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)sync: SMS performing cleanup SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:25 AM 25952 (0x6560)Cleanup processed 1086 total updates and declined 0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)Done Declining updates in WSUS Server {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)Starting Deletion of ObseleteUpdates SMS_WSUS_SYNC_MANAGER 5/17/2024 4:07:56 AM 25952 (0x6560)STATMSG: ID=6719 SEV=E LEV=M SOURCE=”SMS Server” COMP=”SMS_WSUS_SYNC_MANAGER” SYS={OMITTED}.{OMITTED}.COM SITE={OMITTED} PID=23936 TID=25952 GMTDATE=Fri May 17 11:08:56.025 2024 ISTR0=”” ISTR1=”” ISTR2=”” ISTR3=”” ISTR4=”” ISTR5=”” ISTR6=”” ISTR7=”” ISTR8=”” ISTR9=”” NUMATTRS=0 LE=0X0 SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Could not Delete Obselete Updates because ConfigManager could not connect to SUSDB: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) UpdateServer: {OMITTED}{OMITTED}.{OMITTED}.com SMS_WSUS_SYNC_MANAGER 5/17/2024 4:08:56 AM 25952 (0x6560)Sql Exeception was thrown while attempting to delete obselete updates. Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)0 update(s) were deleted from SUSDB in Server: \.pipeMICROSOFT##WIDtsqlquery Database: SUSDB SMS_WSUS_SYNC_MANAGER 5/17/2024 4:09:10 AM 25952 (0x6560)Deletion Completed SMS_WSUS_SYNC_MANAGER 5/17/2 Read More
Visual Studio component Microsoft.Net.4.X.X.FullRedist install error when using application deployme
I’ve recently hit an issue with deployment of Visual Studio using an application deployment in Configuration Manager.
I am attempting to deploy a few workloads and have the following in the response.json file:
“includeRecommended”: true”includeOptional”: true”Microsoft.VisualStudio.Workload.ManagedDesktop””Microsoft.VisualStudio.Workload.ManagedGame””Microsoft.VisualStudio.Workload.NetWeb”
When installing the above using an application deployment, the deployment completes, however it generates a warning and thus Configuration Manager marks the installation as failed. If we run the Visual Studio Installer application on the machine that VS is deployed to, we see an error:
Couldn’t install Microsoft.Net.4.X.X.FullRedist (when we initially looked at this it was version 4.8.1 that was installed as part of the deployment).
Following quite a lot of digging (see https://developercommunity.visualstudio.com/t/Items-in-1774-fail-to-install-when-usi/10486002?ftype=problem) I have been told that ‘.NET installer uses high compression and needs about ~540MB of memory to run the decompression process. SCCM’s “Application” deployment is limited to a little less than 512MB of memory. Can you please check if you are using “Application” deployment, and if this issue repro when you change deployment to “Package”?’.
While deploying VS as a package does work, we lose all of the goodness that an application deployment gives us (including the ability to supercede an old version with a newer one).
Is there any way to increase the amount of RAM available to the application type deployment on the client in Configuration Manager?
I’ve recently hit an issue with deployment of Visual Studio using an application deployment in Configuration Manager. I am attempting to deploy a few workloads and have the following in the response.json file:”includeRecommended”: true”includeOptional”: true”Microsoft.VisualStudio.Workload.ManagedDesktop””Microsoft.VisualStudio.Workload.ManagedGame””Microsoft.VisualStudio.Workload.NetWeb” When installing the above using an application deployment, the deployment completes, however it generates a warning and thus Configuration Manager marks the installation as failed. If we run the Visual Studio Installer application on the machine that VS is deployed to, we see an error:Couldn’t install Microsoft.Net.4.X.X.FullRedist (when we initially looked at this it was version 4.8.1 that was installed as part of the deployment). Following quite a lot of digging (see https://developercommunity.visualstudio.com/t/Items-in-1774-fail-to-install-when-usi/10486002?ftype=problem) I have been told that ‘.NET installer uses high compression and needs about ~540MB of memory to run the decompression process. SCCM’s “Application” deployment is limited to a little less than 512MB of memory. Can you please check if you are using “Application” deployment, and if this issue repro when you change deployment to “Package”?’.While deploying VS as a package does work, we lose all of the goodness that an application deployment gives us (including the ability to supercede an old version with a newer one).Is there any way to increase the amount of RAM available to the application type deployment on the client in Configuration Manager? Read More
How to practice matlab programs?
Which website gives practice programs.Please help.Which website gives practice programs.Please help. Which website gives practice programs.Please help. program in matlab MATLAB Answers — New Questions
Hydrostatic pressure in PDE toolbox
Hi,
I have this rectangular box in stl file which i have imported. I did mesh it and now i want to apply varying hydrostatic pressure on the side face, how do i do that.
Thanks,
JigarHi,
I have this rectangular box in stl file which i have imported. I did mesh it and now i want to apply varying hydrostatic pressure on the side face, how do i do that.
Thanks,
Jigar Hi,
I have this rectangular box in stl file which i have imported. I did mesh it and now i want to apply varying hydrostatic pressure on the side face, how do i do that.
Thanks,
Jigar hydrostatic, pressure, pde, toolbox MATLAB Answers — New Questions
A equstion about the function CONTRAST
You wrote on the help webpage that contrast supports inputting true color images of type m-by-n-by-3, but when I input the code, the following error occurred
Can you help me deal with this problem?You wrote on the help webpage that contrast supports inputting true color images of type m-by-n-by-3, but when I input the code, the following error occurred
Can you help me deal with this problem? You wrote on the help webpage that contrast supports inputting true color images of type m-by-n-by-3, but when I input the code, the following error occurred
Can you help me deal with this problem? contrast, m-by-n-by-3, color images MATLAB Answers — New Questions
mask rcnn does not detect mask
I’m practicing mrcnn.
I entered img, box, labeling, and mask well to proceed with the training.
The trained network recognizes and distinguishes boxes and labels well.
Mask appears as the same single array as the number of boxes.
But the mask was an array that was all zeros.
In this case, the problem is that you entered the mask incorrectly?
Or this net still unable to distinguish it due to the small amount of training?
I did not allocate much time to training due to a problem with computer specifications. It is a network that did 10 epoch 900 iteration.I’m practicing mrcnn.
I entered img, box, labeling, and mask well to proceed with the training.
The trained network recognizes and distinguishes boxes and labels well.
Mask appears as the same single array as the number of boxes.
But the mask was an array that was all zeros.
In this case, the problem is that you entered the mask incorrectly?
Or this net still unable to distinguish it due to the small amount of training?
I did not allocate much time to training due to a problem with computer specifications. It is a network that did 10 epoch 900 iteration. I’m practicing mrcnn.
I entered img, box, labeling, and mask well to proceed with the training.
The trained network recognizes and distinguishes boxes and labels well.
Mask appears as the same single array as the number of boxes.
But the mask was an array that was all zeros.
In this case, the problem is that you entered the mask incorrectly?
Or this net still unable to distinguish it due to the small amount of training?
I did not allocate much time to training due to a problem with computer specifications. It is a network that did 10 epoch 900 iteration. mask rcnn, rcnn, cnn, mask, train, deep learning, machine learning MATLAB Answers — New Questions
Excel Auto Open Macro
I bought a book on VBA programming for MS Office and I’m trying to do one of the examples. It’s a macro that automatically maximizes the window and opens the most recent document when you start excel, but it’s not working. There is no error message, excel just opens like normal. I’ve gone through the instructions a couple of times but can’t find any issues. My code is below:
Option Explicit
Private Sub Auto_Open()
Application.WindowState = xlMaximized
Application.RecentFiles(1).Open
End Sub
Any thoughts? Thanks in advance.
I bought a book on VBA programming for MS Office and I’m trying to do one of the examples. It’s a macro that automatically maximizes the window and opens the most recent document when you start excel, but it’s not working. There is no error message, excel just opens like normal. I’ve gone through the instructions a couple of times but can’t find any issues. My code is below: Option ExplicitPrivate Sub Auto_Open()Application.WindowState = xlMaximizedApplication.RecentFiles(1).Open End Sub Any thoughts? Thanks in advance. Read More
REGISTER TODAY: Americas Partner Insider Call | June 5th
Mark your calendar for the next Americas Partner Insider Call on June 5th at 10:00 AM PT.
Reserve your spot today to gain valuable insights from our expert speakers. Connect with fellow partners, learn about the latest developments, and elevate your partnership with Microsoft.
Register now and unlock your potential!
As a valued partner, we want to provide you with the resources and tools you need to succeed. That’s why we are sharing with you the on-demand video and PowerPoint presentation from the May Partner Insider Call:
Click here to view the recording of the event.
Click here to view the PowerPoint presentation.
For May, Tech for Social Impact was a featured guest. Also, take a moment to listen to the Demystifying Copilot Licensing portion of the virtual event.
Mark your calendar for the next Americas Partner Insider Call on June 5th at 10:00 AM PT.
Reserve your spot today to gain valuable insights from our expert speakers. Connect with fellow partners, learn about the latest developments, and elevate your partnership with Microsoft.
Register now and unlock your potential!
As a valued partner, we want to provide you with the resources and tools you need to succeed. That’s why we are sharing with you the on-demand video and PowerPoint presentation from the May Partner Insider Call:
Click here to view the recording of the event.
Click here to view the PowerPoint presentation.
For May, Tech for Social Impact was a featured guest. Also, take a moment to listen to the Demystifying Copilot Licensing portion of the virtual event.
Read More
I have file need help with formula not working some reason for Time.
I have file need help with formula not working some reason for Time.
I have file call NFL Schedule have teams for friends. in time it not display any time that get data from Yearly schedule worksheet. I need new update formula to get the Time working again.
Thanks You very much.
I have file need help with formula not working some reason for Time. I have file call NFL Schedule have teams for friends. in time it not display any time that get data from Yearly schedule worksheet. I need new update formula to get the Time working again. Thanks You very much. Read More
Securing the value in a cell
Hi!
Say I have a small shop at a sports stadium, and want to calculate profits on each product I sell for the season.
The way I’ve done it is having three sheets; ‘sales’, ‘cost’ and ‘result’.
In the ‘cost’ sheet, I have
A1 product name
B1 amount I sell it for
C1 amount I bought it for
In the ‘sales’ sheet, I have
Column A: Product names
Column B-> G: Opponent for the team
Row 2: Number of sales
Example:
A2: Popcorn B2: 52 (sales vs Miami), C2: 15 (sales vs Tampa) etc
In the ‘result’ sheet, I have:
A2 Popcorn
B2 The amount of popcorn sold in total (B2:G2 from ‘sales’))
C2: B2*’cost’!b1 (amount of popcorn x sale price)
D2: B2*’cost’!c1 (amount of popcorn x amount I purchased the popcorn for)
E2: C2-D2 (turnover minus cost)
All this is fine, and this is obviously a simplified version of it.
BUT! Halfway through the season, my provider increased their prices so my total result will be lower. If I change the prize on ‘cost’ C1, it will change all of the sales I’ve had, including the time before the price went up.
Is there a way that I can freeze the values in the cells from the beginning of the season so it’s not affected by the changing of the purchasing price moving forward?
Basically, if I buy the popcorn for $5 and sell it for $10 in May, but buy it for $6 and sell it for $10 in June that will have an effect on my total revenue.
I hope this made sense and that anyone can help me!
Cheers,
Frank
Hi! Say I have a small shop at a sports stadium, and want to calculate profits on each product I sell for the season. The way I’ve done it is having three sheets; ‘sales’, ‘cost’ and ‘result’. In the ‘cost’ sheet, I have A1 product nameB1 amount I sell it forC1 amount I bought it for In the ‘sales’ sheet, I haveColumn A: Product namesColumn B-> G: Opponent for the teamRow 2: Number of sales Example:A2: Popcorn B2: 52 (sales vs Miami), C2: 15 (sales vs Tampa) etc In the ‘result’ sheet, I have:A2 PopcornB2 The amount of popcorn sold in total (B2:G2 from ‘sales’)) C2: B2*’cost’!b1 (amount of popcorn x sale price) D2: B2*’cost’!c1 (amount of popcorn x amount I purchased the popcorn for) E2: C2-D2 (turnover minus cost) All this is fine, and this is obviously a simplified version of it. BUT! Halfway through the season, my provider increased their prices so my total result will be lower. If I change the prize on ‘cost’ C1, it will change all of the sales I’ve had, including the time before the price went up. Is there a way that I can freeze the values in the cells from the beginning of the season so it’s not affected by the changing of the purchasing price moving forward? Basically, if I buy the popcorn for $5 and sell it for $10 in May, but buy it for $6 and sell it for $10 in June that will have an effect on my total revenue. I hope this made sense and that anyone can help me! Cheers, Frank Read More
Building Better Apps: Better Together
Helping you build better apps has been one of our key focus areas in Azure. Our latest tooling focuses on providing guidance for architecting, optimizing, and deploying apps. Whether you’re creating a new proof of concept or improving an existing app, these capabilities can boost productivity and performance. These capabilities are all in Preview, so please give them a try and let us know what you think!
Starting Right: Architecting Your Azure App
Let’s say you’re starting a proof of concept for a new application. Normally, you might spend a lot of time picking services, architecting apps, and deploying them based on industry best practices. Better Together can streamline this process with the below capabilities.
Better Together in Microsoft Copilot for Azure
The Better Together capability which can be accessed from Copilot can be helpful to understanding if you’re on the right track when building your app. In the past it might’ve been time-consuming to learn about the kinds of services that similar apps are using through docs and videos. This capability can streamline some of this process by recommending services based on patterns that other similar apps have used.
To give this a try, navigate to the Azure Portal and select the Copilot button in the toolbar to open the chat window. Here you can ask questions to recommended services for your app, or architecture, including, “What are popular services that are deployed with App Service apps like mine?” and “Which database should I use with my ACA app?”, and “What services would you recommend to implement distributed caching?”
Sometimes it’s important to validate if you’re on the right track. When you ask architectural or infrastructure-level questions to Azure Copilot, it helps you discover the most commonly used services for your specific use case. In the example below, after identifying performance bottlenecks in your app and considering implementing distributed caching to enhance performance, the recommendation points to Azure Cache for Redis. This service is widely deployed by many App Service apps similar to yours.
Boosting Performance: Optimizing Your Azure App
If your App Service app is running a little slower than expected, or if you’re suspecting any performance bottlenecks, these are some capabilities that can diagnose and optimize these problems.
Diagnostics Insights (Preview)
Diagnostic logs can return pages of information that are difficult to interpret. This capability can make it easier to identify anomalies and quickly identify bottlenecks . In the Azure Portal, you can efficiently evaluate your application’s CPU usage and track any anomalies by navigating to Diagnose & Solve Problems > Web App Slow. Within this section, you’ll find a chart that provides insights into performance and latency.
Notably, over the last 24 hours, approximately 90% of users accessing this web app experienced low latency.
Another way to access suggestions is to type in “my web app is slow” into Copilot for Azure, which will offer suggestions around any bottlenecks.
Diagnostic charts can sometimes be time-consuming to analyze. However, Copilot offers a helpful Summarization capability. When you input variations of “summarize this page,” Copilot will generate concise summaries of the insights, allowing you to quickly grasp the main points without having to read through every chart and detail.
Application Insights Code Optimizations (Preview)
Performance can be improved by making code-level changes. Code Optimizations helps identify where to make these improvements. By leveraging AI, Code Optimizations detects CPU and memory bottlenecks of your application during runtime. It is available for .NET applications that have Application Insights Profiler enabled. To access Code Optimizations in the Azure Portal, navigate to the Performance blade in Application Insights. For App Service, it’s also available in Diagnose & Solve Problems > Web App Slow.
In this example, some of the performance issues identified may be caused by inefficient code, which can be investigated.
Selecting any of these suggestions will open more details about the performance issue, show where and when in the code it’s occurring, and show the recommended solution.
For many recommendations, a code fix can be generated using the Code Optimizations extension (currently in limited preview) for Visual Studio and Visual Studio Code – Insiders. You can sign up here.
Learn more about Code Optimizations.
Making Improvements: Augmenting Your Azure App
If you have deployed an App Service app and you’re unsure which services to use to improve scalability and reliability for it, these capabilities can help optimize without reinventing the wheel.
Better Together (Preview) in Azure Portal
It can be time-consuming to pick, create, deploy, and connect a service to your App Service app. Better Together can help you deploy and connect popular services for your App Service app. This capability primarily focuses on connecting newly-created resources to your App Service app more easily. Navigate to Better Together for your App Service app through the Azure Portal using the menu item Better Together.
Enabling Azure Cache for Redis will automatically create a new Redis instance and establish the connection with your existing App Service app. If you choose to “Create” any of the other services, you’ll be directed to their onboarding flow, where you’ll receive guidance on creating and connecting the service. Stay tuned for the next release for a more customized experience!
Take a look at these capabilities in action with the video below.
Conclusion: Better Together
Azure strives to empower you to create robust, high-performing apps. Whether you’re starting a new app or improving an existing one, we are creating tools and services that can help. Please give these capabilities a try and let us know what you think by leaving a comment or emailing us at bettertogetherteam@microsoft.com.
Microsoft Tech Community – Latest Blogs –Read More
Deep Dive: Secure Orchestration of Confidential Containers on Azure Kubernetes Service
Introduction
Building on our previous blog post about Confidential Containers on Azure Kubernetes Services (AKS) powered by Azure Linux, this blog post dives into the design and implementation of the stack’s security policy. The security policy feature is a critical building block for the trustworthy orchestration of confidential Kubernetes workloads on IaaS platforms. The feature protects the interface between the cloud provider’s stack and the user’s trusted computing base (TCB). The user’s confidential workloads run inside the TCB within virtual machines (VMs) which are encrypted by a hardware-based Trusted Execution Environment (TEE), such as AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). Trust in the security policy and its enforcement can be established via remote attestation. We will explore establishing this trust and how end users can generate and apply security policies using our new genpolicy tool.
Protecting the Trust Boundary Interface
One of the main components of the Kata Containers system architecture is the Kata Agent, which we will refer to as Agent. When using Kata Containers to implement Confidential Containers, the Agent is executed inside the hardware-based TEE and therefore is part of the TCB. As shown in the Figure 1, the Agent provides a set of ttRPC APIs allowing the system components outside of the TEE, i.e., the Kata Shim, to create and manage Kubernetes pods inside confidential VMs (CVMs) transparent to the Kubernetes stack. From a confidentiality standpoint, the Kata Shim to Agent communication represents a control channel crossing the TCB boundary, which is why the Agent must protect itself from potentially malicious Agent API calls.
To systematically secure this control channel, we designed and implemented a security policy feature for the Kata Containers project, known as the Kata “Agent Policy” feature. This feature allows the owner of a confidential pod deployment to specify a document articulating the security policy a priori to running the pod. This policy document dictates what API calls are allowed and disallowed for the pod.
The policy document can be added in the form of an encoded string as an annotation to Kubernetes pod manifests, allowing the policy document to naturally travel through kubelet and containerd to the Kata Shim, which we will refer to as Shim. The Shim then provides the policy document to the Agent during early CVM initialization. Since the policy document travels through components that are not part of the TCB prior to reaching the Agent, the policy is not inherently trustworthy at CVM initialization. We can establish trustworthiness through remote attestation which will be explained in an upcoming section.
Structure of the Security Policy Document
The security policy document is composed using the Rego policy language and describes all the Agent’s ttRPC API calls along with their parameters that are expected for creating and managing the confidential pod. This section takes a closer look at the three high-level sections of the policy document – the rules, default values and data sections.
Rules
The rules section is a static part of the policy document, independent of the individual pod deployment. Rules express the semantics for validating API calls, and in particular implement input parameter validation for parametrized calls. An example for a simple rule is the one for the unparametrized WriteStreamRequest call which explicitly enforces that the call can only be made if the policy document’s default value for the call is set to true:
WriteStreamRequest {
policy_data.request_defaults.WriteStreamRequest == true
}
Let’s now look at a rule for the parametrized CreateContainerRequest call which implements input parameter validation:
CreateContainerRequest {
i_oci := input.OCI
i_storages := input.storages
…
some p_container in policy_data.containers
p_pidns := p_container.sandbox_pidns
i_pidns := input.sandbox_pidns
p_pidns == i_pidns
p_oci := p_container.OCI
p_oci.Version == i_oci.Version
p_oci.Root.Readonly == i_oci.Root.Readonly
…
p_storages := p_container.storages
…
}
This rule validates all input parameters by comparing them with the expected parameters based on the document’s data section and rejects when a change to fields like the command line, storage mount, execution security context, or environment variables is detected. In the code snippet, the variables starting with “i_” are the input parameters whereas the variables starting with “p_” represent the expected values based on the policy document’s data section.
Default Values
Default values for API calls determine the behavior when no rule for a given call was positively evaluated:
default CreateContainerRequest := false
The default value of false means that any CreateContainer API call will be rejected unless a set of policy rules explicitly allows that call.
default GuestDetailsRequest := true
The default value of true means that calls from outside of the TEE to the GuestDetailsRequest API are always allowed to be executed. One would set this default value to true when the data returned by this API is not considered sensitive for confidentiality of the workloads.
Data
The data section contains expected values that are derived from a Kubernetes pod manifest and that are compared during policy rule evaluation with the actual values from the input parameters of a ttRPC API request. With this, the data section directly depends on the individual pod deployment with its containers. Based on the result of the comparison between the values, a rule can either allow or deny the call by returning true or false.
Coming back to the above rule for CreateContainerRequest, all the characteristics of a container are specified in a fine-granular way in the policy document’s data section: image integrity information, command line, storage volumes and mounts, the execution security context, environment variables, and other fields from the Open Container Initiative (OCI) container runtime configuration. An example for the command line section is the following:
policy_data := {
“containers”: [
{
“OCI”: {
…
“Args”: [
“/bin/sh”
],
…
},
…
},
…
Any diverging command line observed in the CreateContainerRequest for the given container will be rejected by policy. Another example is for the validation of the storages input field of the CreateContainerRequest:
policy_data := {
“containers”: [
{
“OCI”: {
…
},
“storages”: [
{
“driver”: “blk”,
“driver_options”: [],
“source”: “”,
“fstype”: “tar”,
“options”: [
“$(hash0)”
],
“mount_point”: “$(layer0)”,
“fs_group”: null
},
…
This example shows how the security policy constrains the way block devices can be mapped from the host into the CVM. In this example, a tar filesystem type block device is expected to be mapped to a certain mount point into the CVM.
Policy Enforcement in the Kata Agent
The Agent is responsible for enforcing the security policy by evaluating the policy for each Agent ttRPC API call. We implemented the enforcement of the security policy using the Open Policy Agent (OPA) – a graduated project of the Cloud Native Computing Foundation (CNCF). Before carrying out the actions corresponding to the API, the Agent queries OPA by using the OPA REST API to check if the policy rules and data allow or block the call. The Agent provides the policy document and all input data from the API request parameters as a JSON format representation to OPA. OPA uses the rules to check if the inputs are consistent with policy data. OPA tries to find at least one rule with the same name as the ttRPC API call to return true while considering the call’s potential input parameters.
For example, when the Agent receives a CreateContainerRequest call, any rules defined in the policy that are using the name CreateContainerRequest are evaluated. OPA evaluates these rules and tries to find at least one CreateContainerRequest rule that returns value true. If at least one CreateContainerRequest rule returns true, OPA returns a true result to the Agent, and the Agent creates the container as requested by the Shim. On the other hand, if the API inputs are not allowed by the document’s rules or if no rule exists, OPA returns the default value for that API to the Agent, or false when no default value is supplied. In the case false is returned, the Agent rejects the API call by returning a “blocked by policy” error message.
We achieved this behavior by adding a gate to the Agent’s RPC interface implementation for each call. We added the is_allowed() function call early in every call handler:
async fn exec_process(…) -> ttrpc::Result<Empty> {
…
is_allowed(&req).await?;
…
}
The function enforces above-described logic and can be found in the Agent policy implementation.
An important policy enforcement aspect of the CreateContainerRequest call is the Agent’s protection of the integrity of block devices, as described in the example for the storages input field of the CreateContainerRequest from the previous section and replicated below.
policy_data := {
“containers”: [
{
“OCI”: {
…
},
“storages”: [
{
“driver”: “blk”,
“driver_options”: [],
“source”: “”,
“fstype”: “tar”,
“options”: [
“$(hash0)”
],
“mount_point”: “$(layer0)”,
“fs_group”: null
},
…
As each container image layer is exposed as a read-only virtio block device to the CVM, the Agent protects the integrity of these block devices using the dm-verity technology of the CVM’s Linux kernel, enforcing the root value of the dm-verity hash tree through policy enforcement. The policy document’s data section contains the expected root values of the dm-verity hash tree for each container image layer, hash0 in the above example. These root values are verified at runtime by the Agent via calling OPA to compare the received input values with the expected values using policy rules semantics as defined by the policy document. With this, not only the security policy enforcement but also the integrity of the container image layers can be verified by remote attestation, as described next.
Security Policy and Remote Attestation
Before handling sensitive information, confidential workloads should perform remote attestation to prove to any relying party that exactly the desired workload with the user’s desired policy, using exactly the expected versions of the TEE, and of the CVM’s software stack has been orchestrated by the control plane.
Figure 2 depicts the confidential container creation flow starting with a user deploying a pod manifest to running the workload in the CVM. The pod manifest depicted in orange color reaches the Shim which in turn brings up the CVM with the help of the VMM and HV. The Shim uses the CreateVM call the VMM exposes through its API.
Before triggering this call, the Shim computes the SHA256 hash of the user-provided policy document that the VMM uses to set a field measured by the TEE. In the case of AMD SEV-SNP, the VMM sets the HOST_DATA field to the hash value which the AMD SEV-SNP TEE includes in the attestation evidence. This action creates a strong binding between the contents of the policy and the CVM. This TEE field cannot be modified later by the software executed inside or outside of the CVM. However, it is readable within the TEE after launch.
As the Shim launches the CVM and the CVM OS boots, the Agent starts up using an initial security policy that is included in the CVMs root file system. This initial security policy only allows the Shim to set a new policy document through the SetPolicyRequest ttRPC call once the Agent’s ttRPC interface becomes available. Upon receiving the policy from the Shim, the Agent verifies that the hash of the policy matches the value in the immutable TEE field. The Agent rejects the incoming policy if it detects a hash mismatch. If the hash matches, the Agent enforces the new policy and listens for ttRPC calls. After the Agent receives and validates the Shim’s CreateContainerRequest call, the Agent creates the workload container pertaining to the user’s pod manifest.
The remote attestation procedure can be implemented in different ways. One option is to implement in a container running inside the CVM that obtains the signed attestation evidence from the AMD SEV-SNP TEE. With the policy hash being part of one of the measured TEE fields above, the attestation service can verify the integrity of the security policy by comparing the value of this field with the expected hash of the pod policy that was preconfigured by the user.
Microsoft’s Azure Attestation (MAA) provides an end-to-end attestation solution for workloads in Azure. We have added support for Confidential Containers on AKS to MAA by utilizing the open-source confidential sidecar container as the attestation client. So, MAA just needs to be seeded with relevant policy measurements for confidential pods to enable remote attestation.
Policy Document Creation using the genpolicy Tool
To simplify creating the policy document for container workloads, we built the genpolicy tool to automate the generation of the security policy document with its policy data, rules, and default values derived from the users’ individual Kubernetes pod manifests. The genpolicy tool encodes the security policy document in base64 format and adds it to the Kubernetes pod manifest as an annotation. An example is a pod manifest for Confidential Containers on AKS where the given runtimeClassName field indicates that the pod is to be run as a confidential container:
apiVersion: v1
kind: Pod
metadata:
annotations:
io.katacontainers.config.agent.policy: cGFja2FnZSBhZ2VudF<…>
spec:
runtimeClassName: kata-cc-isolation
…
The annotation value can be decoded using “base64 -d”, revealing the set of default values, rules, and data, for example:
…
# default values for API calls
default CopyFileRequest := false
…
default ExecProcessRequest := false
…
# rules for API calls
CreateContainerRequest { … }
…
CreateSandboxRequest { … }
…
WriteStreamRequest { … }
…
# data, for instance listing the pod’s containers and fields
policy_data := {
“containers”: [
{
“OCI”: {
“Version”: “1.1.0-rc.1”,
…
}
To generate the policy, run the following command:
genpolicy -y <path/to/pod.yaml>
This will embed the policy into the pod yaml file. Then the pod manifest can be deployed onto a cluster supporting confidential containers as normal, for instance, using:
kubectl apply -f <path/to/pod.yaml>
If any policy violations are detected, the Agent will refuse to execute the relevant ttRPC call, resulting in the following failure when using kubectl describe pod:
Error: failed to create containerd task: failed to create shim task: “CreateContainerRequest is blocked by policy”
Users should review the auto-generated policy document and verify that the policy fits the desired confidentiality goals and modify the policy as needed. To change the behavior of the tool, the user can specify further parameters:
genpolicy -p <path/to/rules.rego> -j <path/to/genpolicy-settings.json> -y <path/to/pod.yaml>
Using these parameters, the policy’s default values and rules and data fields can be modified by supplying custom rules.rego and settings JSON files. More details and examples are provided in the upstream Kata Agent policy documentation.
To simplify genpolicy usage in Azure, the Azure CLI ‘confcom’ extension wraps the latest releases of the genpolicy tool to enable end users generating pod security policies via the Azure CLI, which is as simple as calling:
az confcom katapolicygen -y <path/to/pod.yaml>
An end-to-end example starting with cluster deployment and running a confidential container with attached security policy can be found in our confidential container deployment documentation.
Conclusion
We have walked through the security policy of our Confidential Containers on AKS offering – from the syntax of the policy file to the enforcement with OPA, to establishing trust with remote attestation, and how to automatically generate and embed the policy using our genpolicy tool. The Azure Linux team collaborated with the Confidential Containers and Kata Containers communities on the design and implementation of Confidential Containers, as part of Microsoft’s commitment to open source. We contributed the policy implementation upstream – the Agent code responsible for enforcing the security policy, the Shim and Agent code for setting the policy and reading its measured hash value with different VMMs and HVs for AMD SEV-SNP and Intel TDX, and the genpolicy tool to create the security policy document. Along with this, a how-to for the policy feature and a README for the genpolicy tool can be found. We will continue to contribute and expand the security policy implementation upstream with the Kata Containers and Confidential Containers communities, so join us there to build this feature with us.
Microsoft Tech Community – Latest Blogs –Read More
poctave() return value for acoustics analysis
Hi all,
I need some assistance understanding the "units" of the data that is returned when calling the MATLAB function [p,cf] = poctave();
I am analysing an audio signal that has been recorded with a microphone. The data is imported into the MATLAB workspace and converted to a calibrated pressure value with units of Pascals (Pa). So the units of the data that I pass to poctave() are Pascals (Pa). The following code snippet shows how I’m using poctave().
flims = [20 Fs/2]; % set the frequency limits of my analysis
bpo = 3; % Third-Octave analysis required
opts = {‘FrequencyLimits’,flims,’BandsPerOctave’,bpo}; % prepare these options for passing to poctave()
% apply the 3rd-Octave filter-bank to my data
[p, cf] = poctave(pressureData,Fs,opts{:});
(Where "pressureData" is my audio data to be filtered, and "Fs" is the sampling frequency of the data.)
My first question is:
1) What are the units of the octave spectrum data returned unto variable ‘p’?
I need to know this for my conversion of the data into a dB value using 10*log10(p/pref).
I understand that if I use poctave() as follows:
poctave(pressureData,Fs,opts{:})
then by default it assigns "pref" a value of 1 and the results are as in the following image:
Without units though, the result seems meaningless…
My second question is:
2) what is pref in the previous equation to ensure correct dB values that correlate with a sound pressure level? do I use:
pref = 0.00002; % 20 micro Pascals reference sound pressure level
or:
pref = 0.00002^2; % 20 micro Pascals (squared); i.e. is p returned from poctave() a pressure squared value or a power value??
I want to create a resulting 3rd-Octave spectrum whos dB values match those as though it was being displayed on a Sound Level Meter. I will then correlate these values with those on our Sound Level Meter to validate the data to be processed within MATLAB.
Thanks so much for any assistance you can offer!!Hi all,
I need some assistance understanding the "units" of the data that is returned when calling the MATLAB function [p,cf] = poctave();
I am analysing an audio signal that has been recorded with a microphone. The data is imported into the MATLAB workspace and converted to a calibrated pressure value with units of Pascals (Pa). So the units of the data that I pass to poctave() are Pascals (Pa). The following code snippet shows how I’m using poctave().
flims = [20 Fs/2]; % set the frequency limits of my analysis
bpo = 3; % Third-Octave analysis required
opts = {‘FrequencyLimits’,flims,’BandsPerOctave’,bpo}; % prepare these options for passing to poctave()
% apply the 3rd-Octave filter-bank to my data
[p, cf] = poctave(pressureData,Fs,opts{:});
(Where "pressureData" is my audio data to be filtered, and "Fs" is the sampling frequency of the data.)
My first question is:
1) What are the units of the octave spectrum data returned unto variable ‘p’?
I need to know this for my conversion of the data into a dB value using 10*log10(p/pref).
I understand that if I use poctave() as follows:
poctave(pressureData,Fs,opts{:})
then by default it assigns "pref" a value of 1 and the results are as in the following image:
Without units though, the result seems meaningless…
My second question is:
2) what is pref in the previous equation to ensure correct dB values that correlate with a sound pressure level? do I use:
pref = 0.00002; % 20 micro Pascals reference sound pressure level
or:
pref = 0.00002^2; % 20 micro Pascals (squared); i.e. is p returned from poctave() a pressure squared value or a power value??
I want to create a resulting 3rd-Octave spectrum whos dB values match those as though it was being displayed on a Sound Level Meter. I will then correlate these values with those on our Sound Level Meter to validate the data to be processed within MATLAB.
Thanks so much for any assistance you can offer!! Hi all,
I need some assistance understanding the "units" of the data that is returned when calling the MATLAB function [p,cf] = poctave();
I am analysing an audio signal that has been recorded with a microphone. The data is imported into the MATLAB workspace and converted to a calibrated pressure value with units of Pascals (Pa). So the units of the data that I pass to poctave() are Pascals (Pa). The following code snippet shows how I’m using poctave().
flims = [20 Fs/2]; % set the frequency limits of my analysis
bpo = 3; % Third-Octave analysis required
opts = {‘FrequencyLimits’,flims,’BandsPerOctave’,bpo}; % prepare these options for passing to poctave()
% apply the 3rd-Octave filter-bank to my data
[p, cf] = poctave(pressureData,Fs,opts{:});
(Where "pressureData" is my audio data to be filtered, and "Fs" is the sampling frequency of the data.)
My first question is:
1) What are the units of the octave spectrum data returned unto variable ‘p’?
I need to know this for my conversion of the data into a dB value using 10*log10(p/pref).
I understand that if I use poctave() as follows:
poctave(pressureData,Fs,opts{:})
then by default it assigns "pref" a value of 1 and the results are as in the following image:
Without units though, the result seems meaningless…
My second question is:
2) what is pref in the previous equation to ensure correct dB values that correlate with a sound pressure level? do I use:
pref = 0.00002; % 20 micro Pascals reference sound pressure level
or:
pref = 0.00002^2; % 20 micro Pascals (squared); i.e. is p returned from poctave() a pressure squared value or a power value??
I want to create a resulting 3rd-Octave spectrum whos dB values match those as though it was being displayed on a Sound Level Meter. I will then correlate these values with those on our Sound Level Meter to validate the data to be processed within MATLAB.
Thanks so much for any assistance you can offer!! poctave, audio signal processing, spectrum, acoustics MATLAB Answers — New Questions
Change weather in RoadRunner Scenario
Dear Mathworks support team,
how can i change the weather and day/night settings in the RoadRunner Scenario?
Thank you for assistance
Best regards
JavidDear Mathworks support team,
how can i change the weather and day/night settings in the RoadRunner Scenario?
Thank you for assistance
Best regards
Javid Dear Mathworks support team,
how can i change the weather and day/night settings in the RoadRunner Scenario?
Thank you for assistance
Best regards
Javid roadrunner, scnario, change weather MATLAB Answers — New Questions
How to acquire data and generate signals at the same time using ni-daq on session-based interface
Hi all,
I’ve tried search how can I use input and output simultaneously using ni-daq.
But I don’t have any background knowledge about device and daq toolbox, Only can do analog input and output separately.
I have used session-based interface and my ni-daq model is usb-6356.
I want to make my system,whenever ni-daq get external trigger signal, transmit signal and acquire signal simultaneously.
Is there any function acquire data and generate signals at the same time on session based interface?
And how can I make the system do analog input and analog output whenever daq get external trigger?Hi all,
I’ve tried search how can I use input and output simultaneously using ni-daq.
But I don’t have any background knowledge about device and daq toolbox, Only can do analog input and output separately.
I have used session-based interface and my ni-daq model is usb-6356.
I want to make my system,whenever ni-daq get external trigger signal, transmit signal and acquire signal simultaneously.
Is there any function acquire data and generate signals at the same time on session based interface?
And how can I make the system do analog input and analog output whenever daq get external trigger? Hi all,
I’ve tried search how can I use input and output simultaneously using ni-daq.
But I don’t have any background knowledge about device and daq toolbox, Only can do analog input and output separately.
I have used session-based interface and my ni-daq model is usb-6356.
I want to make my system,whenever ni-daq get external trigger signal, transmit signal and acquire signal simultaneously.
Is there any function acquire data and generate signals at the same time on session based interface?
And how can I make the system do analog input and analog output whenever daq get external trigger? data acquisition, signal, functions, analog input, analog output, session-based interface, ni-daq MATLAB Answers — New Questions
A Serious Bug in Windows Explorer
When you need an icon (thumbnail) that displays a picture or video file, it can’t be displayed and Windows Explorer keeps loading. When you right-click on such a file, Windows Explorer freezes.
When you need an icon (thumbnail) that displays a picture or video file, it can’t be displayed and Windows Explorer keeps loading. When you right-click on such a file, Windows Explorer freezes. Read More
Two separate Outlook instances on Android/iPhone without joining MDM?
I’m looking for a way to maintain separate instances of Outlook on my Android/iPhone device – one for work-related emails and another for personal emails. Our organization uses Microsoft Intune for managing work applications, and I would like to use the Outlook app for both work and personal accounts without mixing the data.
Is it possible to configure two distinct Outlook instances on a single device to keep work and personal emails separate? If so, could you provide guidance on how to set this up, especially in the context of using Mobile Application Management (MAM) policies to secure work data without enrolling the device in Mobile Device Management (MDM)?
I’m looking for a way to maintain separate instances of Outlook on my Android/iPhone device – one for work-related emails and another for personal emails. Our organization uses Microsoft Intune for managing work applications, and I would like to use the Outlook app for both work and personal accounts without mixing the data. Is it possible to configure two distinct Outlook instances on a single device to keep work and personal emails separate? If so, could you provide guidance on how to set this up, especially in the context of using Mobile Application Management (MAM) policies to secure work data without enrolling the device in Mobile Device Management (MDM)? Read More
Teams website tabs not displaying
Hello
Please i need your help on this issue.
Figure 1: New Teams website app link to compliance wire
Figure 2: New Teams website app link to compliance wire after submitting log-in credentials
in Classic Teams, when I log-in to Compliance wire, I am able to do so successfully.
Figure 3: Classic Teams Compliance Wire Log-in
The sites do not work in the new teams, but they work in the old teams.
Hello Please i need your help on this issue. Figure 1: New Teams website app link to compliance wire Figure 2: New Teams website app link to compliance wire after submitting log-in credentials in Classic Teams, when I log-in to Compliance wire, I am able to do so successfully.Figure 3: Classic Teams Compliance Wire Log-in The sites do not work in the new teams, but they work in the old teams. Read More