Merge branch 'release-data-studio' of https://github.com/MicrosoftDocs/sql-docs-pr into newads

Author: markingmyname

.openpublishing.redirection.json

@@ -17300,11 +17300,6 @@
       "redirect_url": "/sql/database-engine/deprecated-database-engine-features-in-sql-server-version-15",
       "redirect_document_id": true
     },
-    {
-      "source_path": "docs/toc/previous-versions-sql-server.md",
-      "redirect_url": "/sql/sql-server/sql-server-help-installation",
-      "redirect_document_id": false
-    },
     {
       "source_path": "docs/integration-services/lift-shift/ssis-azure-connect-with-windows-auth.md",
       "redirect_url": "https://docs.microsoft.com/azure/data-factory/ssis-azure-connect-with-windows-auth",

docs/2014/database-engine/configure-managed-backup-sql-server-management-studio.md

@@ -1,5 +1,6 @@
 ---
 title: "Configure Managed Backup (SQL Server Management Studio) | Microsoft Docs"
+description: Use the Managed Backup dialog box to configure SQL Server Managed Backup to Azure default setting. Learn about the options you need to consider.
 ms.custom: ""
 ms.date: "08/23/2017"
 ms.prod: "sql-server-2014"

docs/2014/database-engine/continue-with-restore.md

@@ -1,5 +1,6 @@
 ---
 title: "Continue with Restore | Microsoft Docs"
+description: In SQL Server, use the Continue with Restore dialog box to indicate whether you want to restore the next backup set.
 ms.custom: ""
 ms.date: "06/13/2017"
 ms.prod: "sql-server-2014"

docs/2014/database-engine/monitor-sql-server-managed-backup-to-windows-azure.md

@@ -1,5 +1,6 @@
 ---
 title: "Monitor SQL Server Managed Backup to Azure | Microsoft Docs"
+description: This article describes tools that you can use to determine the overall health of backups using SQL Server Managed Backup to Azure and identify errors.
 ms.custom: ""
 ms.date: "03/08/2017"
 ms.prod: "sql-server-2014"

docs/2014/database-engine/setting-up-sql-server-managed-backup-to-windows-azure-for-availability-groups.md

@@ -1,5 +1,6 @@
 ---
 title: "Setting up SQL Server Managed Backup to Azure for Availability Groups | Microsoft Docs"
+description: This tutorial shows you how to configure SQL Server Managed Backup to Microsoft Azure for databases participating in Always On Availability Groups.
 ms.custom: ""
 ms.date: "06/13/2017"
 ms.prod: "sql-server-2014"

docs/2014/database-engine/sql-server-managed-backup-to-windows-azure-interoperability-and-coexistence.md

@@ -1,5 +1,6 @@
 ---
 title: "SQL Server Managed Backup to Azure: Interoperability and Coexistence | Microsoft Docs"
+description: This article describes SQL Server Managed Backup to Microsoft Azure interoperability and coexistence with several features in SQL Server 2014.
 ms.custom: ""
 ms.date: "03/07/2017"
 ms.prod: "sql-server-2014"

docs/2014/database-engine/sql-server-managed-backup-to-windows-azure-retention-and-storage-settings.md

@@ -1,5 +1,6 @@
 ---
 title: "SQL Server Managed Backup to Azure - Retention and Storage Settings | Microsoft Docs"
+description: This topic describes how to configure SQL Server Managed Backup to Microsoft Azure for a database and to configure default settings for the instance.
 ms.custom: ""
 ms.date: "08/23/2017"
 ms.prod: "sql-server-2014"

docs/2014/database-engine/troubleshooting-sql-server-managed-backup-to-windows-azure.md

@@ -1,5 +1,6 @@
 ---
 title: "Troubleshooting SQL Server Managed  Backup to Azure | Microsoft Docs"
+description: This article describes the tasks and tools you can use to troubleshoot errors that may occur during SQL Server Managed Backup to Microsoft Azure operations.
 ms.custom: ""
 ms.date: "03/08/2017"
 ms.prod: "sql-server-2014"

docs/big-data-cluster/troubleshoot-ad-login-failed-untrusted-domain.md

@@ -0,0 +1,201 @@
+---
+title: AD mode login fails - untrusted domain
+titleSuffix: SQL Server Big Data Cluster
+description: Fix behavior - clients fail to Authenticate when endpoints DNS entries are configures as CNAME pointing to an alias name.
+author: MikeRayMSFT
+ms.author: mikeray
+ms.reviewer: mikeray
+ms.date: 05/01/2020
+ms.topic: how-to
+ms.prod: sql
+ms.technology: big-data-cluster
+---
+
+# Symptom: AD mode login fails - untrusted domain (Big Data Clusters)
+
+On a SQL Server Big Data Cluster (BDC) in Active Directory mode, a connection attempt may fail and the connection attempt returns the following error:
+
+`Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.`
+
+This can happens when you have configured DNS entries as CNAME pointing to an alias name of reverse proxy that distributes the traffic to Kubernetes nodes.
+
+## Root cause
+
+When the endpoints are configured with DNS entries with CNAME pointing to an alias name of reverse proxy that distributes the traffic to Kubernetes nodes:
+
+- Kerberos authentication process looks for a service principal name (SPN) that matches the entry for CNAME; not the true SPN registered by BDC in active directory
+- Authentication fails 
+
+## Confirm root cause
+
+After authentication fails, check the cache of Kerberos tickets. 
+
+To check the cache of tickets, use `klist` command. 
+
+Look for a ticket with an SPN matching the endpoint you tried to connect to.
+
+The expected ticket is not there.
+
+In this example, a master endpoint, `bdc-sql` DNS record is CNAME set to reverse proxy named `ServerReverseProxy`
+
+```PowerShell
+Resolve-DnsName bdc-sql
+```
+
+The following section shows the results from the previous command.
+
+```
+Name                           Type   TTL   Section    NameHost
+----                           ----   ---   -------    --------
+bdc-sql.mydomain.com           CNAME  3600  Answer     ReverseProxyServer.mydomain.com
+
+Name       : ReverseProxyServer.mydomain.com
+QueryType  : A
+TTL        : 3600
+Section    : Answer
+IP4Address : 193.168.5.10
+```
+
+>[!NOTE]
+>The following section references  [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html). `tshark` is a command line utility installed as part of [Wireshark](https://www.wireshark.org/docs/) network tracing utility).
+
+To see the SPN requested from active directory, use `tshark`. The following command limits network tracing capture to Kerberos protocol communication and shows only `krb-error (30)` messages. These messages should contain failed SPN request messages.
+
+```bash
+tshark -Y "kerberos && kerberos.msg_type == 30" -T fields -e kerberos.error_code -e kerberos.SNameString
+```
+
+From a different command shell, try to connect to the master pod:
+
+```bash
+klist purge
+
+sqlcmd -S bdc-sql.mydomain.com,31433 -E
+```
+
+See the following example output.
+
+```bash
+klist purge
+
+Current LogonId is 0:0xf6b58
+        Deleting all tickets:
+        Ticket(s) purged!
+
+sqlcmd -S bdc-sql.mydomain.com,31433 -E
+sqlcmd: Error: Microsoft ODBC Driver 17 for SQL Server : Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
+```
+
+Check the `tshark` output. 
+
+```bash
+Capturing on 'Ethernet 3'
+25      krbtgt,RLAZURE.COM
+7       MSSQLSvc,ReverseProxyServer.mydomain.com:31433
+2 packets captured
+```
+
+Notice the client requests `SPN MSSQLSvc,ReverseProxyServer.mydomain.com:31433` which doesn’t exist. The connection attempt eventually fails with error 7. Error 7 means `KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database`.
+
+In the correct configuration, the client requests the SPN registered by BDC. In the example, the correct SPN would have been `MSSQLSvc,bdc-sql.mydomain.com:31433`.
+
+>[!NOTE]
+>Error 25 means `KDC_ERR_PREAUTH_REQUIRED` - additional pre-authentication required. It can safely be ignored. `KDC_ERR_PREAUTH_REQUIRED` is returned on the initial Kerberos AD request. By default, the Windows Kerberos Client is not including pre-authentication information in this first request.
+
+To see the list of SPN registered by BDC for master endpoint, run `setspn -L mssql-master`. 
+
+See the following example output:
+
+```bash
+Registered ServicePrincipalNames for CN=mssql-master,OU=bdc,DC=mydomain,DC=com:
+        MSSQLSvc/bdc-sqlread.mydomain.com:31436
+        MSSQLSvc/-sqlread:31436
+        MSSQLSvc/bdc-sqlread.mydomain.com
+        MSSQLSvc/bdc-sqlread
+        MSSQLSvc/bdc-sql.mydomain.com:31433
+        MSSQLSvc/bdc-sql:31433
+        MSSQLSvc/bdc-sql.mydomain.com
+        MSSQLSvc/bdc-sql
+        MSSQLSvc/master-p-svc.mydomain.com:1533
+        MSSQLSvc/master-p-svc:1533
+        MSSQLSvc/master-p-svc.mydomain.com:1433
+        MSSQLSvc/master-p-svc:1433
+        MSSQLSvc/master-p-svc.mydomain.com
+        MSSQLSvc/master-p-svc
+        MSSQLSvc/master-svc.mydomain.com:1533
+        MSSQLSvc/master-svc:1533
+        MSSQLSvc/master-svc.mydomain.com:1433
+        MSSQLSvc/master-svc:1433
+        MSSQLSvc/master-svc.mydomain.com
+        MSSQLSvc/master-svc
+```
+
+In the results above the reverse proxy address should not be registered.
+
+## Resolve
+
+This section shows two ways to resolve the issue. After making the appropriate changes, run `ipconfig -flushdns` and `klist purge` in your client. Then attempt to connect again.
+
+### Option 1
+
+Remove the CNAME record for each BDC endpoint in DNS and replace with multiple `A` records that points to each Kubernetes node or each Kubernetes master if you have more than one master.
+
+>[!TIP]
+>The script described below uses PowerShell. See [Installing PowerShell on Linux](/powershell/scripting/install/installing-powershell-core-on-linux) for more information.
+
+You can use the following PowerShell Script to update DNS endpoints records. Run the script from any computer connected to the same domain:
+
+```powershell
+#Specify the DNS server, example contoso.local
+$Domain_DNS_name=mydomain.com'
+
+#DNS records for bdc endpoints
+$Controller_DNS_name = 'bdc-control'
+$Managment_proxy_DNS_name= 'bdc-proxy'
+$Master_Primary_DNS_name = 'bdc-sql'
+$Master_Secondary_DNS_name = 'bdc-sqlread'
+$Gateway_DNS_name = 'bdc-gateway'
+$AppProxy_DNS_name = 'bdc-appproxy'
+
+#Performing Endpoint DNS records Checks..
+
+#Build array of endpoints 
+$BdcEndpointsDns = New-Object System.Collections.ArrayList
+
+[void]$BdcEndpointsDns.Add($Controller_DNS_name)
+[void]$BdcEndpointsDns.Add($Managment_proxy_DNS_name)
+[void]$BdcEndpointsDns.Add($Master_Primary_DNS_name)
+[void]$BdcEndpointsDns.Add($Master_Secondary_DNS_name)
+[void]$BdcEndpointsDns.Add($Gateway_DNS_name)
+[void]$BdcEndpointsDns.Add($AppProxy_DNS_name)
+
+#Build arrary for results 
+$BdcEndpointsDns_Result = New-Object System.Collections.ArrayList
+
+foreach ($DnsName in $BdcEndpointsDns) {
+    try {
+        $endpoint_DNS_record = Resolve-DnsName $DnsName -Type A -Server $Domain_DNS_IP_address -ErrorAction Stop 
+        foreach ($ip in $endpoint_DNS_record.IPAddress) {
+            [void]$BdcEndpointsDns_Result.Add("OK - $DnsName is an A record with an IP $ip")
+        }
+    }
+    catch {
+        [void]$BdcEndpointsDns_Result.Add("MisConfiguration - $DnsName is not an A record or does not exists")
+    }  
+}
+
+#show the results 
+$BdcEndpointsDns_Result
+```
+
+### Option 2
+
+Alternatively, it's possible to work around the issue by modifying the CNAME to point to the IP address of the reverse proxy rather than the name of the reverse proxy.
+
+## Confirm Resolution
+
+After resoling the fix with one of the options above, confirm the fix by connecting to Big Data Cluster with active directory.
+
+## Next steps
+
+[Verify reverse DNS entry (PTR record) for domain controller](deploy-active-directory.md#verify-reverse-dns-entry-for-domain-controller).

docs/database-engine/availability-groups/windows/active-secondaries-readable-secondary-replicas-always-on-availability-groups.md

@@ -98,7 +98,7 @@ ms.author: mathoma
 
 -   The DBCC SHRINKFILE operation on files containing disk-based tables might fail on the primary replica if the file contains ghost records that are still needed on a secondary replica.  
 
--   Beginning in [!INCLUDE[ssSQL14](../../../includes/sssql14-md.md)], readable secondary replicas can remain online even when the primary replica is offline due to user action or a failure. However, read-only routing does not work in this situation because the availability group listener is offline as well. Clients must connect directly to the read-only secondary replicas for read-only workloads.  
+-   Beginning in [!INCLUDE[ssSQL14](../../../includes/sssql14-md.md)], readable secondary replicas can remain online even when the primary replica is offline due to user action or a failure, for example, synchronization was suspended due to a user command or a failure, or a replica is resolving status due to the WSFC being offline. However, read-only routing does not work in this situation because the availability group listener is offline as well. Clients must connect directly to the read-only secondary replicas for read-only workloads.  
 
 > [!NOTE]  
 >  If you query the [sys.dm_db_index_physical_stats](../../../relational-databases/system-dynamic-management-views/sys-dm-db-index-physical-stats-transact-sql.md) dynamic management view on a server instance that is hosting a readable secondary replica, you might encounter a REDO blocking issue. This is because this dynamic management view acquires an IS lock on the specified user table or view that can block requests by a REDO thread for an X lock on that user table or view.