APIM Installation with Internal Mode fails during Service Activation - service

[Error with Service Activation][1]
THis isAPIM Installation with VNet and i have contributor access

Related

Azure Kubernetes Service (AKS) hybrid - Error Install

During AKS installation on stack hci fails without more details
Notification details
ErrorError
Set platform configurations
Source
Go to Azure Kubernetes Service.
Type
Error
Message
Applying platform configurations failed. Error: The provided configuration is not valid. Please review the report moc_validation_report.html, fix the configuration and retry.
Resolve issues and errors during an AKS hybrid installation
Verify your Vnet Config, if you use different VLANs for AKS and host Management. Enable full traffic between it. Make sure the cloudcidr is set from host network.

Error: Error: Failed to deploy web package to App Service. Error: tunneling socket could not be established, statusCode=503

We are getting below error on Azure devops pipeline via Self hosted agent release when Azure web app is on Private network. No Error seen when the web app on azure is on Public.
Error: Error: Failed to deploy web package to App Service. Error: tunneling socket could not be established, statusCode=503
Made Azure web app to private and error comes. Moved to public no error seen.
Seems that the self-hosted agent cannot connect to the Azure app service. It seems to be a network issue.
The agent needs a way to connect to the App service directly. To ensure the connectivity is ok, we need to make sure the self-hosted agent is not blocked by NSG rules or App Service networking Access Restrictions. Just whitelist the agent machine in your rules.
The task using Kudu REST API to deploy the application. We need to check the following App Service networking Access Restrictions to allow deployment from a specific agent:
Make sure the REST site “xxx.scm.azurewebsites.net” have Allow All, i.e. no restriction.
Also, the option “Same restrictions as ***.azurewebsites.net” should be unchecked.
If you are using Private Endpoints for Azure Web App, you must create two records in your Azure DNS private zone or your custom DNS server. Kindly check DNS for more details.
Besides, when the proxy is set up, Web API calls and SCM hosts are bypassed by the user. The same has to be configured in the Azure pipelines agent explicitly. To bypass specific hosts, follow the steps here and restart the agent.
1.Allow access to Public removed.
2.Created Pvt endpoints within same Vnet and Subnet of Target VM
3.Created new file .proxybypass in self hosted agent folder C:\Username\Agent
4.Added below entries in .proxybypass to allow and communicate bypassing corporate proxy
https://MyWebappname.azurewebsites.net
http://MyWebappname.azurewebsites.net
enter code here

Service Unavailable on Azure DevOps Local Server

First I installed Azure DevOps on windows server 2016 successfully then I could create Projects with Administrator user.After that I installed Active Directory. I don't know active directory is related with this problem or not.
Service Unavailable
HTTP Error 503. The service is unavailable.
My steps to restart server:
Restarted Application Pool.
Restarted Team Project Collection.
Restarted Server
Team Project Collection:

Can't connect from azure resource to Azure database for postgres server

I can't connect from azure resource (aks node) to Azure postgres using pgcli. I also tried directly from node and got the same error message:
FATAL: Client from Azure Virtual Networks is not allowed to access the server. Please make sure your Virtual Network is correctly configured.
Firewall rules in the resource are on:
Allow access to Azure services: ON
Running the same pgcli login command on my computer and on another azure resource seems to work fine.
Adding Firewall rules to all IPs return the same error.
Curl from the problematic server (host:5432) returns a reply, so it's not an outbound issue.
What does the error mean?
A VM where the connection originates from is deployed to a virtual network subnet where Microsoft.Sql service endpoint is turned on. Per documentation:
If Microsoft.Sql is enabled in a subnet, it indicates that you only want to use VNet rules to connect. Non-VNet firewall rules of resources in that subnet will not work.
For connection to succeed there must be a VNet rule added on PostgreSQL side. At the time the question was asked VNet Service Endpoints for Azure Database for PostgreSQL just got to public preview so I assume it might not have been available for the OP.
Solution
As of November 2020, Service Endpoints for Postgres is GA and instead of disabling the service endpoint one can add a missing VNet rule to the PostgreSQL server instance and reference the service endpoint-enabled subnet. It can be done via Portal or Azure CLI
Apparently, the vm is part of a vnet that a service endpoint tag Microsoft.sql was enabled.
I found this answer. To solve the problem I disabled the service endpoint and added the public IP to the Connection Security section.
I encountered the same problem.
All I did was to switch Allow access to Azure services to ON .

Two-factor Authentication for Service Fabric Explorer?

Anyone have insight on how to implement Two-Factor Authentication when using Service Fabric Explorer to access a Service Fabric cluster in Azure?
I currently have it secured with a client certificate but I haven't found ways to add another type of authentication to go with it.
per the official documentation here:
When a client connects to a Service Fabric cluster node, the client can be authenticated and secure communication established using certificate security or Azure Active Directory (AAD). This authentication ensures that only authorized users can access the cluster and deployed applications and perform management tasks. Certificate or AAD security must have been previously enabled on the cluster when the cluster was created. For more information on cluster security scenarios, see Cluster security. If you are connecting to a cluster secured with certificates, set up the client certificate on the computer that connects to the cluster.
It doesn't support MFA, I'd recommend checking out Service Fabric cluster security scenarios
You could also implement MFA on the AAD level and then using the AAD to authenticate to Service Fabric