Merge branch 'main' of https://github.com/MicrosoftDocs/sql-docs-pr into brokenlinks

Author: markingmyname

azure-sql/database/authentication-azure-ad-user-assigned-managed-identity.md

@@ -1,18 +1,18 @@
 ---
-title: User-assigned managed identity in Azure AD for Azure SQL
+title: Managed identity in Azure AD for Azure SQL
 titleSuffix: Azure SQL Database & Azure SQL Managed Instance
-description: Learn how to use user-assigned managed identities in Azure AD (Azure AD) for Azure SQL Database and SQL Managed Instance.
+description: Learn about system assigned and user assigned managed identities in Azure AD (Azure AD) for Azure SQL Database and SQL Managed Instance.
 author: GithubMirek
 ms.author: mireks
 ms.reviewer: vanto, wiassaf
-ms.date: 10/03/2022
+ms.date: 10/11/2022
 ms.service: sql-db-mi
 ms.subservice: security
 ms.topic: conceptual
 monikerRange: "= azuresql || = azuresql-db || = azuresql-mi"
 ---
 
-# User-assigned managed identity in Azure AD for Azure SQL
+# Managed identities in Azure AD for Azure SQL
 
 [!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb-sqlmi.md)]
 
@@ -66,7 +66,7 @@ The following sample PowerShell script grants the necessary permissions for a UM
 
 To run the script, you must sign in as a user with a Global Administrator or Privileged Role Administrator role.
 
-The script grants the User.Read.All, GroupMember.Read.All, and Application.Read.ALL permissions to a UMI or an SMI to access [Microsoft Graph](/graph/auth/auth-concepts#microsoft-graph-permissions).
+The script grants the `User.Read.All`, `GroupMember.Read.All`, and `Application.Read.ALL` permissions to a UMI or an SMI to access [Microsoft Graph](/graph/auth/auth-concepts#microsoft-graph-permissions).
 
 ```powershell
 # Script to assign permissions to the UMI "umiservertest"
@@ -179,11 +179,11 @@ The Azure CLI 2.26.0 (or later) is required to run these commands with a UMI.
 - To obtain the system-assigned and user-assigned MI's for managed instances, use the [az sql mi show](/cli/azure/sql/mi#az-sql-mi-show) command.
     - For example, to retrieve the UMI(s) for a managed instance, look for the `principalId` of each:
     ```azurecli
-    az sql mi show --resource-group "resourcegroupnamehere" --name "midocssample" --query identity.userAssignedIdentities
+    az sql mi show --resource-group "resourcegroupnamehere" --name "sql-mi-name-here" --query identity.userAssignedIdentities
     ``` 
     - To retrieve the SMI of a managed instance:
     ```azurecli
-    az sql mi show --resource-group "resourcegroupnamehere" --name "midocssample" --query identity.principalId
+    az sql mi show --resource-group "resourcegroupnamehere" --name "sql-mi-name-here" --query identity.principalId
     ``` 
 - To update the UMI's managed instance setting, use the [az sql mi update](/cli/azure/sql/mi#az-sql-mi-update) command.
 

azure-sql/database/automated-backups-overview.md

@@ -54,7 +54,7 @@ The Hyperscale architecture does not require full, differential, or log backups.
 
 ## Backup storage redundancy
 
-By default, Azure SQL Database stores data in geo-redundant [storage blobs](/azure/storage/common/storage-redundancy) that are replicated to a [paired region](/azure/availability-zones/cross-region-replication-azure). Geo-redundancy helps protect against outages that affect backup storage in the primary region. It also allows you to restore your databases in a different region in the event of a regional outage. 
+By default, Azure SQL Database stores backups in geo-redundant [storage blobs](/azure/storage/common/storage-redundancy) that are replicated to a [paired region](/azure/availability-zones/cross-region-replication-azure). Geo-redundancy helps protect against outages that affect backup storage in the primary region. It also allows you to restore your databases in a different region in the event of a regional outage. 
 
 The storage redundancy mechanism stores multiple copies of your data so that it's protected from planned and unplanned events. These events might include transient hardware failure, network or power outages, or massive natural disasters. 
 

azure-sql/database/features-comparison.md

@@ -17,11 +17,11 @@ monikerRange: "= azuresql || = azuresql-db || = azuresql-mi"
 # Use read-only replicas to offload read-only query workloads
 [!INCLUDE[appliesto-sqldb-sqlmi](../includes/appliesto-sqldb-sqlmi.md)]
 
-As part of [High Availability architecture](high-availability-sla.md#premium-and-business-critical-service-tier-locally-redundant-availability), each single database, elastic pool database, and managed instance in the Premium and Business Critical service tier is automatically provisioned with a primary read-write replica and several secondary read-only replicas. The secondary replicas are provisioned with the same compute size as the primary replica. The *read scale-out* feature allows you to offload read-only workloads using the compute capacity of one of the read-only replicas, instead of running them on the read-write replica. This way, some read-only workloads can be isolated from the read-write workloads, and will not affect their performance. The feature is intended for the applications that include logically separated read-only workloads, such as analytics. In the Premium and Business Critical service tiers, applications could gain performance benefits using this additional capacity at no extra cost.
+As part of [High Availability architecture](high-availability-sla.md#premium-and-business-critical-service-tier-locally-redundant-availability), each single database, elastic pool database, and managed instance in the Premium and Business Critical service tier is automatically provisioned with a primary read-write replica and one or more secondary read-only replicas.  Azure SQL Managed Instance supports one secondary read-only replica.  The secondary replicas are provisioned with the same compute size as the primary replica. The *read scale-out* feature allows you to offload read-only workloads using the compute capacity of one of the read-only replicas, instead of running them on the read-write replica. This way, some read-only workloads can be isolated from the read-write workloads, and will not affect their performance. The feature is intended for the applications that include logically separated read-only workloads, such as analytics. In the Premium and Business Critical service tiers, applications could gain performance benefits using this additional capacity at no extra cost.
 
 The *read scale-out* feature is also available in the Hyperscale service tier when at least one [secondary replica](service-tier-hyperscale-replicas.md) is added. Hyperscale secondary [named replicas](service-tier-hyperscale-replicas.md#named-replica) provide independent scaling, access isolation, workload isolation, support for a variety of read scale-out scenarios, and other benefits. Multiple secondary [HA replicas](service-tier-hyperscale-replicas.md#high-availability-replica) can be used for load-balancing read-only workloads that require more resources than available on one secondary HA replica. 
 
-The High Availability architecture of Basic, Standard, and General Purpose service tiers does not include any replicas. The *read scale-out* feature is not available in these service tiers. However, [geo-replicas](active-geo-replication-overview.md) can provide similar functionality in these service tiers.
+The High Availability architecture of Basic, Standard, and General Purpose service tiers does not include any replicas. The *read scale-out* feature is not available in these service tiers. However, when using Azure SQL Database, [geo-replicas](active-geo-replication-overview.md) can provide similar functionality in these service tiers.  When using Azure SQL Managed Instance and failover groups, the [failover group read-only listener](../managed-instance/auto-failover-group-sql-mi.md) can provide similar functionality respectively.
 
 The following diagram illustrates the feature for Premium and Business Critical databases and managed instances.
 
@@ -134,7 +134,7 @@ If a long-running query on a read-only replica directly or indirectly causes thi
 
 ## Enable and disable read scale-out for SQL Database
 
-For SQL Managed Instance, read-scale out is automatically enabled on the Business Critical service tier, and is not available in the General Purpose service tier. Disabling and reenabling read scale-out is not possible. 
+For SQL Managed Instance, read-scale out is automatically enabled on the Business Critical service tier, and is not available in the General Purpose service tier.  Disabling and reenabling read scale-out is not possible. 
 
 For SQL Database, read scale-out is enabled by default on Premium, Business Critical, and Hyperscale service tiers. Read scale-out cannot be enabled in Basic, Standard, or General Purpose service tiers. Read scale-out is automatically disabled on Hyperscale databases configured with zero secondary replicas.
 

azure-sql/database/read-scale-out.md

@@ -32,7 +32,7 @@ To use the link feature, you'll need a supported version of SQL Server. The foll
 
 In addition to the supported version, you'll need:
 
-- Network connectivity between your SQL Server and managed instance is required. If your SQL Server is running on-premises, use a VPN link or Express route. If your SQL Server is running on an Azure VM, either deploy your VM to the same subnet as your managed instance, or use global VNet peering to connect two separate subnets. 
+- Network connectivity between your SQL Server and managed instance is required. If your SQL Server is running on-premises, use a VPN link or Express route. If your SQL Server is running on an Azure VM, either deploy your VM to the same VNet as your managed instance, or use global VNet peering to connect two separate subnets. 
 - Azure SQL Managed Instance provisioned on any service tier.
 
 You'll also need the following tooling:

azure-sql/managed-instance/managed-instance-link-feature-overview.md

@@ -37,7 +37,7 @@ The following diagram shows the recommended security configurations:
 
 ![Security configurations for locking down inbound and outbound connectivity](./media/public-endpoint-overview/managed-instance-vnet.png)
 
-A managed instance has a public endpoint address that is dedicated to a customer. This endpoint shares the IP with the [management endpoint](management-endpoint-find-ip-address.md) but uses a different port. In the client-side outbound firewall and in the network security group rules, set this public endpoint IP address to limit outbound connectivity.
+A managed instance has a public endpoint address that is dedicated to a customer. This endpoint shares the IP address with the [management endpoint](management-endpoint-find-ip-address.md) but uses a different port. Similar to a local endpoint, the public endpoint may change after certain management operations. Always determine the public endpoint address by resolving the endpoint FQDN record, such as, for example, when configuring application-level firewall rules. 
 
 To ensure traffic to the managed instance is coming from trusted sources, we recommend connecting from sources with well-known IP addresses. Use a network security group to limit access to the managed instance public endpoint on port 3342.
 
@@ -47,4 +47,4 @@ If connections are started from Azure, we recommend that traffic come from a wel
 
 ## Next steps
 
-- Learn how to configure public endpoint for manage instances: [Configure public endpoint](public-endpoint-configure.md)
+- Learn how to configure public endpoint for manage instances: [Configure public endpoint](public-endpoint-configure.md)

azure-sql/managed-instance/public-endpoint-overview.md

@@ -35,10 +35,10 @@ This article provides a list of the rules used to assess the feasibility of migr
  | FileStream | Database | Issue | [Filestream and Filetable are not supported in Azure SQL Managed Instance.](#FileStream) | 
  | LinkedServerWithNonSQLProvider | Database | Issue | [Linked server with non-SQL Server Provider isn't supported in Azure SQL Managed Instance.](#LinkedServerWithNonSQLProvider) | 
  | MergeJob | Instance | Warning | [Merge job step isn't supported in Azure SQL Managed Instance.](#MergeJob) | 
- | MIDatabaseSize | Database | Issue | [Azure SQL Managed Instance does not support database size greater than 8 TB.](#MIDatabaseSize<) | 
+ | MIDatabaseSize | Database | Issue | [Azure SQL Managed Instance does not support database size greater than 16 TB.](#MIDatabaseSize) | 
  | MIHeterogeneousMSDTCTransactSQL | Database | Issue | [BEGIN DISTRIBUTED TRANSACTION with non-SQL Server remote server isn't supported in Azure SQL Managed Instance.](#MIHeterogeneousMSDTCTransactSQL) | 
  | MIHomogeneousMSDTCTransactSQL | Database | Issue | [BEGIN DISTRIBUTED TRANSACTION is supported across multiple servers for Azure SQL Managed Instance.](#MIHomogeneousMSDTCTransactSQL) | 
- | MIInstanceSize | Instance | Warning | [Maximum instance storage size in Azure SQL Managed Instance cannot be greater than 8 TB.](#MIInstanceSize<) | 
+ | MIInstanceSize | Instance | Warning | [Maximum instance storage size in Azure SQL Managed Instance cannot be greater than 8 TB.](#MIInstanceSize) | 
  | MultipleLogFiles | Database | Issue | [Azure SQL Managed Instance does not support databases with multiple log files.](#MultipleLogFiles<) | 
  | NextColumn | Database | Issue | [Tables and Columns named NEXT will lead to an error In Azure SQL Managed Instance.](#NextColumn) | 
  | NonANSILeftOuterJoinSyntax | Database | Warning | [Non-ANSI style left outer join is no longer supported and has been removed.](#NonANSILeftOuterJoinSyntax) | 
@@ -300,9 +300,9 @@ Review impacted objects section in Azure Migrate to see all jobs using Merge job
 More information: [SQL Server Agent differences in Azure SQL Managed Instance ](../../managed-instance/transact-sql-tsql-differences-sql-server.md#sql-server-agent)
 
 
-## MI database size<a id="MIDatabaseSize<"></a>
+## MI database size<a id="MIDatabaseSize"></a>
 
-**Title: Azure SQL Managed Instance does not support database size greater than 8 TB.**   
+**Title: Azure SQL Managed Instance does not support database size greater than 16 TB.**   
 **Category**: Issue   
 
 **Description**   
@@ -316,7 +316,7 @@ More information: [Hardware characteristics of Azure SQL Managed Instance ](../.
 
 
 
-## MI instance size<a id="MIInstanceSize<"></a>
+## MI instance size<a id="MIInstanceSize"></a>
 
 **Title: Maximum instance storage size in Azure SQL Managed Instance cannot be greater than 8 TB.**   
 **Category**: Warning   

azure-sql/migration-guides/managed-instance/sql-server-to-sql-managed-instance-assessment-rules.md

@@ -107,7 +107,7 @@
           href: database/authentication-azure-ad-only-authentication.md
         - name: Azure Policy for Azure AD-only authentication
           href: database/authentication-azure-ad-only-authentication-policy.md
-        - name: User-assigned managed identity
+        - name: Managed identity
           href: database/authentication-azure-ad-user-assigned-managed-identity.md
       - name: Transparent Data Encryption (TDE)
         items:

azure-sql/toc.yml

@@ -302,6 +302,27 @@ Consider the scenario when a two-node cluster is created and brought online:
 
 You can avoid this scenario by assigning an unused static IP address to the cluster network name in order to bring the cluster network name online and add the IP address to [Azure Load Balancer](availability-group-load-balancer-portal-configure.md).
 
+If the SQL Server database engine, Always On availability group listener, failover cluster instance health probe, database mirroring endpoint, cluster core IP resource, or any other SQL resource is configured to use a port between 49,152 and 65,536 (the [default dynamic port range for TCP/IP](/windows/client-management/troubleshoot-tcpip-port-exhaust#default-dynamic-port-range-for-tcpip)), add an exclusion for each port. Doing so will prevent other system processes from being dynamically assigned the same port. The following example creates an exclusion for port 59999: 
+
+`netsh int ipv4 add excludedportrange tcp startport=59999 numberofports=1 store=persistent`
+
+It is important to configure the port exclusion when the port is not in use, otherwise the command will fail with a message like “The process cannot access the file because it is being used by another process.”
+
+To confirm that the exclusions have been configured correctly, use the following command: `netsh int ipv4 show excludedportrange tcp`. 
+
+Setting this exclusion for the AG role IP probe port should prevent events such as **Event ID: 1069** with status 10048. This event can be seen in the Windows Failover cluster events with the following message:
+```
+Cluster resource '<IP name in AG role>' of type 'IP Address' in cluster role '<AG Name>' failed.
+```
+An Event ID: 1069 with status 10048 can be identified from cluster logs with events like: 
+```
+Resource IP Address 10.0.1.0 called SetResourceStatusEx: checkpoint 5. Old state OnlinePending, new state OnlinePending, AppSpErrorCode 0, Flags 0, nores=false
+IP Address <IP Address 10.0.1.0>: IpaOnlineThread: **Listening on probe port 59999** failed with status **10048**
+```
+Status [**10048**](/win32/desktop-src/WinSock/windows-sockets-error-codes-2) refers to: **This error occurs** if an application attempts to bind a socket to an **IP address/port that has already been used** for an existing socket.
+This can be caused by an internal process taking the same port defined as probe port. Remember that probe port is used to check the status of a backend pool instance from the Azure Load Balancer. 
+If the **health probe fails** to get a response from a backend instance, then **no new connections will be sent to that backend instance** until the health probe succeeds again.
+
 ## Known issues
 
 Review the resolutions for some commonly known issues and errors: 

azure-sql/virtual-machines/windows/hadr-cluster-best-practices.md

@@ -43,7 +43,7 @@ ms.topic: include
 |    3040    |    10    |    No    |    An error occurred while informing replication of the backup. The backup will continue, but the replication environment should be inspected.    |
 |    3041    |    16    |    Yes    |    BACKUP failed to complete the command %.*ls. Check the backup application log for detailed messages.    |
 |    3042    |    10    |    No    |    BACKUP WITH CONTINUE_AFTER_ERROR successfully generated a backup of the damaged database. Refer to the SQL Server error log for information about the errors that were encountered.    |
-|    3043    |    16    |    No    |    BACKUP '%ls' detected an error on page (%d:%d) in file '%ls'.    |
+|    [3043](../../relational-databases/errors-events/mssqlserver-3043-database-engine-error.md)    |    16    |    No    |    BACKUP '%ls' detected an error on page (%d:%d) in file '%ls'.    |
 |    3044    |    16    |    No    |    Invalid zero-length device name. Reissue the BACKUP statement with a valid device name.    |
 |    3045    |    16    |    No    |    BACKUP or RESTORE requires the NTFS file system for FILESTREAM and full-text support. The path "%.*ls" is not usable.    |
 |    3046    |    16    |    No    |    Inconsistent metadata has been encountered. The only possible backup operation is a tail-log backup using the WITH CONTINUE_AFTER_ERROR or NO_TRUNCATE option.    |
@@ -128,7 +128,7 @@ ms.topic: include
 |    3180    |    16    |    No    |    This backup cannot be restored using WITH STANDBY because a database upgrade is needed. Reissue the RESTORE without WITH STANDBY.    |
 |    [3181](../../relational-databases/errors-events/mssqlserver-3181-database-engine-error.md)    |    10    |    No    |    Attempting to restore this backup may encounter storage space problems. Subsequent messages will provide details.    |
 |    3182    |    16    |    No    |    The backup set cannot be restored because the database was damaged when the backup occurred. Salvage attempts may exploit WITH CONTINUE_AFTER_ERROR.    |
-|    3183    |    16    |    No    |    RESTORE detected an error on page (%d:%d) in database "%ls" as read from the backup set.    |
+|    [3183](../../relational-databases/errors-events/mssqlserver-3183-database-engine-error.md)    |    16    |    No    |    RESTORE detected an error on page (%d:%d) in database "%ls" as read from the backup set.    |
 |    3184    |    10    |    No    |    RESTORE WITH CONTINUE_AFTER_ERROR was successful but some damage was encountered. Inconsistencies in the database are possible.    |
 |    3185    |    16    |    No    |    RESTORE cannot apply this backup set because the database is suspect. Restore a backup set that repairs the damage.    |
 |    3186    |    16    |    No    |    The backup set has been damaged. RESTORE will not attempt to apply this backup set.    |