+| |Customer-managed keytabΓÇï|System-managed keytab|

+|**Limitations**|We do not recommend sharing keytab files among services. Each service should have a specific keytab file. As the number of keytab files increases the level of effort and complexity increases. |Managed keytab generation and rotation. The service account will require sufficient permissions in Active Directory to manage the credentials. <br/> <br/> Distributed Availability Group is not supported.|

+--primary-dns-name < SQL MI primary endpoint DNS name >

+--primary-port-number < SQL MI primary endpoint port number >

+--secondary-dns-name < SQL MI secondary endpoint DNS name >

+--secondary-port-number < SQL MI secondary endpoint port number >

+--secondary-dns-name arcsqlmi-2.contoso.local

+--secondary-port-number 31434

+--ad-account-name < SQL MI AD user account >

+--primary-dns-name < SQL MI primary endpoint DNS name >

+--primary-port-number < SQL MI primary endpoint port number >

+--secondary-dns-name < SQL MI secondary endpoint DNS name >

+--secondary-port-number < SQL MI secondary endpoint port number >

+--secondary-dns-name arcsqlmi-2.contoso.local

+--secondary-port-number 31434

+--primary-dns-name < SQL MI primary endpoint DNS name >

+--primary-port-number < SQL MI primary endpoint port number >

+--secondary-dns-name < SQL MI secondary endpoint DNS name >

+--secondary-port-number < SQL MI secondary endpoint port number >

+--secondary-dns-name arcsqlmi-2.contoso.local

+--secondary-port-number 31434

+--primary-dns-name < SQL MI primary endpoint DNS name >

+--primary-port-number < SQL MI primary endpoint port number >

+--secondary-dns-name < SQL MI secondary endpoint DNS name >

+--secondary-port-number < SQL MI secondary endpoint port number >

+--secondary-dns-name arcsqlmi-2.contoso.local

+--secondary-port-number 31434

+* DNS A (forward) record for the primary (and optionally, secondary) endpoint of SQL

+* DNS A (forward) record for the primary (and optionally, secondary) endpoint of SQL

+1. Identify a DNS name for the SQL endpoints.

+ Choose unique DNS names for the SQL endpoints that clients will connect to from outside the Kubernetes cluster.

+ These DNS names should be in the Active Directory domain or its descendant domains.

+ The examples in these instructions use `sqlmi-primary.contoso.local` for the primary DNS name and `sqlmi-secondary.contoso.local` for the secondary DNS name.

+2. Identify the port numbers for the SQL endpoints.

+ You provide a port number for each of the SQL endpoints.

+ These port numbers must be in the acceptable range of port numbers for Kubernetes cluster.

+ The examples in these instructions use `31433` for the primary port number and `31434` for the secondary port number.

+4. Create DNS records for the SQL endpoints in the Active Directory DNS servers.

+ In one of the Active Directory DNS servers, create A records (forward lookup records) for the DNS names chosen in step 1. These DNS records should point to the IP address that the SQL endpoint will listen on for connections from outside the Kubernetes cluster.

+ You do not need to create PTR records (reverse lookup records) in association with the A records.

+ In order for SQL to be able to accept AD authentication against the SQL endpoints, we need to register two SPNs under the account generated in the previous step. SPNs must be registered for the primary endpoint and optionally for the secondary endpoint if AD authentication is desired on the secondary endpoint. The SPNs should be of the following format:

+ With the chosen example primary endpoint DNS name, port number and the account name in this document, the commands should look like the following:

+ ```console

+ setspn -S MSSQLSvc/sqlmi-primary.contoso.local sqlmi-account

+ setspn -S MSSQLSvc/sqlmi-primary.contoso.local:31433 sqlmi-account

+ ```

+ Additionally, if AD authentication is needed on the secondary endpoint, the following commands will add SPNs for the secondary endpoint using the chosen example DNS name and port number:

+ setspn -S MSSQLSvc/sqlmi-secondary.contoso.local sqlmi-account

+ setspn -S MSSQLSvc/sqlmi-secondary.contoso.local:31434 sqlmi-account

+ * `--account` expects the AD account under where the SPNs are registered, such as sqlmi-account

+ * `--port` expects the primary SQL endpoint port number, such as 31433

+ * `--dns-name` expects the DNS name for the primary SQL endpoint

+ * `--secondary-port` expects the secondary SQL endpoint port number, such as 31434 (optional)

+ * `--secondary-dns-name` expects the DNS name for the secondary SQL endpoint (optional)

+ - `spec.services.primary.dnsName`

+ - `spec.services.primary.port`

+ - `spec.services.readableSecondaries.dnsName`

+ You provide a DNS name for the secondary SQL endpoint.

+ - `spec.services.readableSecondaries.port`

+ You provide a port number for the secondary SQL endpoint.

+ - `spec.security.activeDirectory.encryptionTypes`

+ List of Kerberos encryption types to allow for the automatically generated AD account provided in `spec.security.activeDirectory.accountName`. Accepted values are RC4, AES128 and AES256. It defaults to allow all encryption types when there is no value provided. You can disable RC4 by providing only AES128 and AES256 as encryption types.

+ - `spec.services.readableSecondaries.dnsName`

+ You provide a DNS name for the secondary SQL endpoint.

+ - `spec.services.readableSecondaries.port`

+ You provide a port number for the secondary SQL endpoint.

+ dnsName: <Primary Endpoint DNS name>

+ port: <Primary Endpoint port number>

+ readableSecondaries:

+ type: LoadBalancer

+ dnsName: <Secondary Endpoint DNS name>

+ port: <Secondary Endpoint port number>

+ dnsName: <Primary Endpoint DNS name>

+ port: <Primary Endpoint port number>

+ readableSecondaries:

+ type: LoadBalancer

+ dnsName: <Secondary Endpoint DNS name>

+ port: <Secondary Endpoint port number>

+- Azure Arc-enabled SQL Server

+### Azure Arc-enabled SQL Server

+## October 11, 2022

+### Image tag

+`v1.12.0_2022-10-11`

+For complete release version information, see [Version log](version-log.md#october-11-2022).

+New for this release:

+- Arc data controller

+ - Updates to TelemetryRouter implementation to include inbound and outbound TelemetryCollector layers alongside Kafka as a persistent buffer

+ - AD connector will now be upgraded when data controller is upgraded

+- Arc-enabled SQL managed instance

+ - New reprovision replica task lets you rebuild a broken sql instance replica. For more information, see [Reprovision replica](reprovision-replica.md).

+ - Edit Active Directory settings from the Azure portal

+- `arcdata` Azure CLI extension

+ - Columns for release information added to the following commands: `az sql mi-arc list` this makes it easy to see what instance may need to be updated.

+ - Alternately you can run `az arcdata dc list-upgrades'

+ - New command to list AD Connectors `az arcdata ad-connector list --k8s-namespace <namespace> --use-k8s`

+ - Az CLI Polling for AD Connector create/update/delete: This feature changes the default behavior of `az arcdata ad-connector create/update/delete` to hang and wait until the operation finishes. To override this behavior, the user has to use the `--no-wait` flag when invoking the command.

+ Title: Reprovision replica

+description: This article explains how to rebuild a broken Azure Arc-enabled SQL Managed Instance replica. A replica may break due to storage corruption, for example.

+# Reprovision replica - Azure Arc-enabled SQL Managed Instance

+This article describes how to provision a new replica to replace an existing replica in Azure Arc-enabled SQL Managed Instance.

+When you reprovision a replica, you rebuild a new managed instance replica for an Azure Arc-enabled SQL Managed Instance deployment. Use this task to replace a replica that is failing to synchronize, for example, due to corruption of the data on the persistent volumes (PV) for that instance, or due to some recurring SQL issue.

+You can reprovision a replica [via `az` CLI](#via-az-cli) or [via `kubectl`](#via-kubectl). You can't reprovision a replica from the Azure portal.

+## Prerequisites

+You can only reprovision a replica on a multi-replica instance.

+## Via `az` CLI

+Azure CLI `az sql mi-arc` command group includes `reprovision-replica`. To reprovision a replica, update the following example. Replace `<instance_name-replica_number>` with the instance name and replica number of the replica you want to replace. Replace `<namespace>`.

+```az

+az sql mi-arc reprovision-replica -n <instance_name-replica_number> -k <namespace> --use-k8s

+```

+For example, to reprovision replica 2 of instance `mySqlInstance` in namespace `arc`, use:

+```az

+az sql mi-arc reprovision-replica -n mySqlInstance-2 -k arc --use-k8s

+```

+The command runs until completion, at which point the console returns the name of the Kubernetes task:

+```output

+sql-reprov-replica-mySqlInstance-2-1664217002.376132 is Ready

+```

+At this point, you can either examine the task or delete it.

+### Examine the task

+The following example returns information about the state of the Kubernetes task:

+```console

+kubectl describe SqlManagedInstanceReprovisionReplicaTask sql-reprov-replica-mySqlInstance-2-1664217002.376132 -n arc

+```

+> [!IMPORTANT]

+> After a replica is reprovisioned, you must delete the task before another reprovision can run on the same instance. For more information, see [Limitations](#limitations).

+### Delete the task

+The following example deletes the Kubernetes task:

+```console

+kubectl delete SqlManagedInstanceReprovisionReplicaTask sql-reprov-replica-mySqlInstance-2-1664217002.376132 -n arc

+```

+### Option parameter: `--no-wait`

+There's an optional `--no-wait` parameter for the command. If you send the request with `--no-wait`, the output includes the name of the task to be monitored. For example:

+```az

+az sql mi-arc reprovision-replica -n mySqlInstance-2 -k arc --use-k8s --no-wait

+Reprovisioning replica mySqlInstance-2 in namespace `arc`. Please use

+`kubectl get -n arc SqlManagedInstanceReprovisionReplicaTask sql-reprov-replica-mySqlInstance-2-1664217434.531035`

+to check its status or

+`kubectl get -n arc SqlManagedInstanceReprovisionReplicaTask`

+to view all reprovision tasks.

+```

+## Via kubectl

+To reprovision with `kubectl`, create a custom resource. To create a custom resource to reprovision, you can create a .yaml file with this structure:

+```yaml

+apiVersion: tasks.sql.arcdata.microsoft.com/v1beta1

+kind: SqlManagedInstanceReprovisionReplicaTask

+metadata:

+ name: <task name you make up>

+ namespace: <namespace>

+spec:

+ replicaName: instance_name-replica_number

+```

+To use the same example as above, `mySqlinstance` replica 2, the payload is:

+```yaml

+apiVersion: tasks.sql.arcdata.microsoft.com/v1beta1

+kind: SqlManagedInstanceReprovisionReplicaTask

+metadata:

+ name: my-reprovision-task-mySqlInstance-2

+ namespace: arc

+spec:

+ replicaName: mySqlInstance-2

+```

+### Monitor or delete the task

+Once the yaml is applied via kubectl apply, you can monitor or delete the task via kubectl:

+```console

+kubectl get -n arc SqlManagedInstanceReprovisionReplicaTask my-reprovision-task-mySqlInstance-2

+kubectl describe -n arc SqlManagedInstanceReprovisionReplicaTask my-reprovision-task-mySqlInstance-2

+kubectl delete -n arc SqlManagedInstanceReprovisionReplicaTask my-reprovision-task-mySqlInstance-2

+```

+> [!IMPORTANT]

+> After a replica is reprovisioned, you must delete the task before another reprovision can run on the same instance. For more information, see [Limitations](#limitations).

+## Limitations

+- The task rejects attempts to reprovision the current primary replica. If the current primary replica is corrupted and in need of reprovisioning, fail over to a different replica, and then request the reprovisioning.

+- Reprovisioning of multiple replicas in the same instance runs serially. The tasks queue and are held in `Creating` state until the currently active task finishes **and is deleted**. There's no auto-cleanup of a completed task, so this serialization will affect you even if you run the `az sql mi-arc reprovision-replica` command synchronously and wait for it to complete before requesting another reprovision. In all cases, you have to remove the task via `kubectl` before another reprovision on the same instance can run.

+More details about serialization of reprovision tasks: If you have multiple requests to reprovision a replica in one instance, you may see something like this in the output from a `kubectl get SqlManagedInstanceReprovisionReplicaTask`:

+```console

+kubectl get SqlManagedInstanceReprovisionReplicaTask -n arc

+NAME STATUS AGE

+sql-reprov-replica-c-sql-djlexlmty-1-1664217344.304601 Completed 13m

+sql-reprov-replica-c-sql-kkncursza-1-1664217002.376132 Completed 19m

+sql-reprov-replica-c-sql-kkncursza-1-1664217434.531035 Creating 12m

+```

+That last entry for replica c-sql-kkncursza-1, `sql-reprov-replica-c-sql-kkncursza-1-1664217434.531035`, will stay in status `Creating` until the completed one `sql-reprov-replica-c-sql-kkncursza-1-1664217002.376132` is removed.

+ Title: Upgrade Active Directory connector for Azure SQL Managed Instance direct or indirect mode connected to Azure Arc

+description: The article describes how to upgrade an active directory connector for direct or indirect mode connected to Azure Arc-enabled SQL Managed Instance

+# Upgrade Active Directory connector

+This article describes how to upgrade the Active Directory connector.

+## Prerequisites

+Before you can proceed with the tasks in this article, you need:

+- To connect and authenticate to a Kubernetes cluster

+- An existing Kubernetes context selected

+- Azure Arc data controller deployed, either in `direct` or `indirect` mode

+- Active Directory connector deployed

+### Install tools

+To upgrade the Active Directory connector (adc), you need to have the Kubernetes tools such as kubectl installed.

+The examples in this article use `kubectl`, but similar approaches could be used with other Kubernetes tools such as the Kubernetes dashboard, `oc`, or helm if you're familiar with those tools and Kubernetes yaml/json.

+[Install the kubectl tool](https://kubernetes.io/docs/tasks/tools/)

+## Limitations

+Auto upgrade of Active Directory connector is applicable from imageTag `v1.12.0_2022-10-11` and above and the Arc data controller must be at least `v1.11.0_2022-09-13` version.

+The active directory connector (adc) must be at the same version as the data controller before a data controller is upgraded.

+There is no batch upgrade process available at this time.

+## Upgrade Active Directory connector for previous versions

+For imageTag versions `v1.11.0_2022-09-13` or lower, the Active Directory connector must be upgraded manually as below:

+Use a kubectl command to view the existing spec in yaml.

+```console

+kubectl get adc <adc-name> --namespace <namespace> --output yaml

+```

+Run kubectl patch to update the desired version.

+```console

+kubectl patch adc <adc-name> --namespace <namespace> --type merge --patch '{"spec": {"update": {"desiredVersion": "v1.11.0_2022-09-13"}}}'

+```

+## Monitor

+You can monitor the progress of the upgrade with kubectl as follows:

+```console

+kubectl describe adc <adc-name> --namespace <namespace>

+```

+### Output

+The output for the command will show the resource information. Upgrade information will be in Status.

+During the upgrade, ```State``` will show ```Updating``` and ```Running Version``` will be the current version:

+```output

+Status:

+ Last Update Time: 2022-09-20T16:01:48.449512Z

+ Observed Generation: 1

+ Running Version: v1.10.0_2022-08-09

+ State: Updating

+```

+When the upgrade is complete, ```State``` will show ```Ready``` and ```Running Version``` will be the new version:

+```output

+Status:

+ Last Update Time: 2022-09-20T16:01:54.279612Z

+ Observed Generation: 2

+ Running Version: v1.11.0_2022-09-13

+ State: Ready

+```

+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.

+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.

+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.

+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.

+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.

+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.

+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.

+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.

+You can monitor the progress of the upgrade with kubectl as follows:

+## October 11, 2022

+|Component|Value|

+|--|--|

+|Container images tag |`v1.12.0_2022-10-11`|

+|CRD names and version|`datacontrollers.arcdata.microsoft.com`: v1beta1, v1 through v6<br/>`exporttasks.tasks.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`kafkas.arcdata.microsoft.com`: v1beta1, v1beta2<br/>`monitors.arcdata.microsoft.com`: v1beta1, v1, v2<br/>`sqlmanagedinstances.sql.arcdata.microsoft.com`: v1beta1, v1 through v7<br/>`postgresqls.arcdata.microsoft.com`: v1beta1, v1beta2, v1beta3<br/>`sqlmanagedinstancerestoretasks.tasks.sql.arcdata.microsoft.com`: v1beta1, v1<br/>`failovergroups.sql.arcdata.microsoft.com`: v1beta1, v1beta2, v1 through v2<br/>`activedirectoryconnectors.arcdata.microsoft.com`: v1beta1, v1beta2, v1<br/>`sqlmanagedinstancereprovisionreplicatask.tasks.sql.arcdata.microsoft.com`: v1beta1<br/>`otelcollectors.arcdata.microsoft.com`: v1beta1, v1beta2<br/>`telemetryrouters.arcdata.microsoft.com`: v1beta1, v1beta2<br/>|

+|Azure Resource Manager (ARM) API version|2022-03-01-preview (No change)|

+|`arcdata` Azure CLI extension version|1.4.7|

+|Arc enabled Kubernetes helm chart extension version|1.12.0|

+|Arc Data extension for Azure Data Studio<br/>`arc`<br/>`azcli`|*No Changes*<br/>1.5.4 </br>1.5.4 |

+* Learn about [Azure Arc-enabled SQL Server](/sql/sql-server/azure-arc/overview).