Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Custom Azurite Accounts/Unable to connect to custom azurite accounts: Server failed to authenticate the request. #4163

Closed
GeeWee opened this issue Mar 5, 2021 · 7 comments
Closed

Support Custom Azurite Accounts/Unable to connect to custom azurite accounts: Server failed to authenticate the request. #4163

GeeWee opened this issue Mar 5, 2021 · 7 comments
Assignees
@craxal
Labels
💡 feature request New feature or request ⚙️ emulator Related to local emulators
Milestone
1.20.0

Comments

@GeeWee
Copy link

GeeWee commented Mar 5, 2021
edited by craxal
Loading

Storage Explorer Version: 1.18
Build Number: 20210227.4
Platform/OS: Fedora 33
Architecture: x64
Regression From: Yes, but unsure which one. I think before the new connection dialog.

Bug Description

I am unable to add custom Azurite storage accounts anymore.
I have the following azurite (in docker) configuration

  #  Local Azure Storage Container
  azurite:
    image: "mcr.microsoft.com/azure-storage/azurite"
    container_name: "aip-azurite"
    restart: unless-stopped
    ports:
      - 10000:10000 # Storage
      - 10001:10001 # Queues
    volumes:
    - azurite:/data
    environment:
#      Have azurite pretend to be multiple storage accounts so we can use it for the entire local setup
#      The last storage account is the "default" one for the emulator so anything relying on the default account existing will still work.
#      Zm9v is "foo" base64encoded
      - "AZURITE_ACCOUNTS=stoperational001:Zm9v;stingest001:Zm9v;stcontext001:Zm9v;stcoord001:Zm9v;devstoreaccount1:Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="
    command: "azurite --blobHost 0.0.0.0 --queueHost 0.0.0.0 --loose -l /data"

(Note that none of these keys are secret, don't worry about that, they are only used locally)

Previously I would add these by connection string. Now I'll add them through Connect>Storage Account>SAS
and input e.g. the following signature

DefaultEndpointsProtocol=http;AccountName=stoperational001;AccountKey=Zm9v;BlobEndpoint=http://127.0.0.1:10000/stoperational001;QueueEndpoint=http://127.0.0.1:10001/stoperational001;

When I try to list blobs or anything, I get the following error:

Unable to retrieve child resources.

Details:
{
  "name": "RestError",
  "message": "Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z",
  "__zone_symbol__error": {
    "originalStack": "Error: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at AppInsightsAsyncCorrelatedErrorWrapper.ZoneAwareError (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:811:33)\n    at new AppInsightsAsyncCorrelatedErrorWrapper (/snap/storage-explorer/20/resources/app/node_modules/applicationinsights/out/AutoCollection/CorrelationContextManager.js:193:18)\n    at Function.ExceptionSerializer.deserialize (/snap/storage-explorer/20/resources/app/node_modules/se-exception-serializer/dist/ExceptionSerializer.js:49:28)\n    at NodeProcessProviderProxy._handleResponse (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:344:74)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:197:55)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)\n    at Object.__awaiter (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:111:16)\n    at NodeProcessProviderProxy._handleMessage (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:175:24)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:141:62)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)",
    "zoneAwareStack": "Error: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at AppInsightsAsyncCorrelatedErrorWrapper.ZoneAwareError (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:811:33)\n    at new AppInsightsAsyncCorrelatedErrorWrapper (/snap/storage-explorer/20/resources/app/node_modules/applicationinsights/out/AutoCollection/CorrelationContextManager.js:193:18)\n    at Function.ExceptionSerializer.deserialize (/snap/storage-explorer/20/resources/app/node_modules/se-exception-serializer/dist/ExceptionSerializer.js:49:28)\n    at NodeProcessProviderProxy._handleResponse (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:344:74)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:197:55)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)\n    at Object.__awaiter (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:111:16)\n    at NodeProcessProviderProxy._handleMessage (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:175:24)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:141:62)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)"
  },
  "stack": "RestError: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at new RestError (/snap/storage-explorer/20/resources/app/node_modules/@azure/core-http/dist/index.js:2359:28)\n    at handleErrorResponse (/snap/storage-explorer/20/resources/app/node_modules/@azure/core-http/dist/index.js:3242:17)\n    at /snap/storage-explorer/20/resources/app/node_modules/@azure/core-http/dist/index.js:3178:18\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)",
  "originalStack": "Error: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at AppInsightsAsyncCorrelatedErrorWrapper.ZoneAwareError (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:811:33)\n    at new AppInsightsAsyncCorrelatedErrorWrapper (/snap/storage-explorer/20/resources/app/node_modules/applicationinsights/out/AutoCollection/CorrelationContextManager.js:193:18)\n    at Function.ExceptionSerializer.deserialize (/snap/storage-explorer/20/resources/app/node_modules/se-exception-serializer/dist/ExceptionSerializer.js:49:28)\n    at NodeProcessProviderProxy._handleResponse (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:344:74)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:197:55)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)\n    at Object.__awaiter (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:111:16)\n    at NodeProcessProviderProxy._handleMessage (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:175:24)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:141:62)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)",
  "zoneAwareStack": "Error: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at AppInsightsAsyncCorrelatedErrorWrapper.ZoneAwareError (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:811:33)\n    at new AppInsightsAsyncCorrelatedErrorWrapper (/snap/storage-explorer/20/resources/app/node_modules/applicationinsights/out/AutoCollection/CorrelationContextManager.js:193:18)\n    at Function.ExceptionSerializer.deserialize (/snap/storage-explorer/20/resources/app/node_modules/se-exception-serializer/dist/ExceptionSerializer.js:49:28)\n    at NodeProcessProviderProxy._handleResponse (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:344:74)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:197:55)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)\n    at Object.__awaiter (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:111:16)\n    at NodeProcessProviderProxy._handleMessage (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:175:24)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:141:62)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)",
  "__zone_symbol__stack": "RestError: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at new RestError (/snap/storage-explorer/20/resources/app/node_modules/@azure/core-http/dist/index.js:2359:28)\n    at handleErrorResponse (/snap/storage-explorer/20/resources/app/node_modules/@azure/core-http/dist/index.js:3242:17)\n    at /snap/storage-explorer/20/resources/app/node_modules/@azure/core-http/dist/index.js:3178:18\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)",
  "__zone_symbol__name": "RestError",
  "__zone_symbol__message": "Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z",
  "__zone_symbol__originalStack": "Error: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at AppInsightsAsyncCorrelatedErrorWrapper.ZoneAwareError (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:811:33)\n    at new AppInsightsAsyncCorrelatedErrorWrapper (/snap/storage-explorer/20/resources/app/node_modules/applicationinsights/out/AutoCollection/CorrelationContextManager.js:193:18)\n    at Function.ExceptionSerializer.deserialize (/snap/storage-explorer/20/resources/app/node_modules/se-exception-serializer/dist/ExceptionSerializer.js:49:28)\n    at NodeProcessProviderProxy._handleResponse (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:344:74)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:197:55)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)\n    at Object.__awaiter (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:111:16)\n    at NodeProcessProviderProxy._handleMessage (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:175:24)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:141:62)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)",
  "__zone_symbol__zoneAwareStack": "Error: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:a4a8bd7b-3757-42e8-8876-61bf387185ec\nTime:2021-03-05T10:34:34.693Z\n    at AppInsightsAsyncCorrelatedErrorWrapper.ZoneAwareError (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:811:33)\n    at new AppInsightsAsyncCorrelatedErrorWrapper (/snap/storage-explorer/20/resources/app/node_modules/applicationinsights/out/AutoCollection/CorrelationContextManager.js:193:18)\n    at Function.ExceptionSerializer.deserialize (/snap/storage-explorer/20/resources/app/node_modules/se-exception-serializer/dist/ExceptionSerializer.js:49:28)\n    at NodeProcessProviderProxy._handleResponse (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:344:74)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:197:55)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)\n    at Object.__awaiter (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:111:16)\n    at NodeProcessProviderProxy._handleMessage (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:175:24)\n    at NodeProcessProviderProxy.<anonymous> (/snap/storage-explorer/20/resources/app/out/app/main/NodeProcessProviderProxy.js:141:62)\n    at step (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:141:27)\n    at Object.next (/snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:122:57)\n    at /snap/storage-explorer/20/resources/app/node_modules/tslib/tslib.js:115:75\n    at new ZoneAwarePromise (/snap/storage-explorer/20/resources/app/node_modules/zone.js/dist/zone-node.js:551:29)",
  "code": "AuthorizationFailure",
  "statusCode": 403,
  "request": {
    "streamResponseStatusCodes": {},
    "url": "http://127.0.0.1:10000/devstoreaccount1?include=metadata&comp=list",
    "method": "GET",
    "headers": {
      "_headersMap": {
        "x-ms-version": {
          "name": "x-ms-version",
          "value": "2020-04-08"
        },
        "user-agent": {
          "name": "user-agent",
          "value": "Microsoft Azure Storage Explorer, 1.18.0, linux azsdk-js-storageblob/12.4.1 (NODE-VERSION v12.13.0; Linux 5.10.19-200.fc33.x86_64)"
        },
        "x-ms-client-request-id": {
          "name": "x-ms-client-request-id",
          "value": "8897bedb-3184-47d9-a560-db9c2f0ec546"
        },
        "x-ms-date": {
          "name": "x-ms-date",
          "value": "Fri, 05 Mar 2021 10:34:34 GMT"
        },
        "authorization": {
          "name": "Authorization",
          "value": "SharedKey stoperational001:DQUjSjh6p1rKau2DRaiIt5j48QuUuZUEKNmO6YlW6NY="
        },
        "cookie": {
          "name": "Cookie",
          "value": ""
        }
      }
    },
    "withCredentials": false,
    "timeout": 0,
    "keepAlive": true,
    "decompressResponse": false,
    "requestId": "8897bedb-3184-47d9-a560-db9c2f0ec546",
    "operationSpec": [REDACTED FOR BREVITY]
  }
}

Note these following characteristics:

  • I can access the "default" account via either the connection string DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1; or through the built-in option for that
  • The emulator is running
  • My other resources other than storage emulator has no problems connecting to Azurite.
@craxal
Copy link
Contributor

craxal commented Mar 5, 2021
edited
Loading

@GeeWee Did you select the SAS option or the account name and key option? Your connection string doesn't have a SAS, so I would expect the panel to invalidate that input.

Can you examine the requests on the receiving end? Is Azurite in your Docker container getting the requests?

@craxal craxal self-assigned this Mar 6, 2021
@craxal craxal added this to the 1.19.0 milestone Mar 6, 2021
@GeeWee
Copy link
Author

GeeWee commented Mar 6, 2021

Good question, I actually tried out both.
The connection string I gave above I selected via SAS. This is also where I put in the "default" azurite connection string that worked.
I also attempted to simply use account name and key, but that didn't resulted in a different error as it didn't seem particularly happy to use localhost as an endpoint.

I inspected the azurite logs. The requests do happen. I also tried the verbose error logs to see if anything good came out of it, but unfortunately it didn't really reveal any information.

Perhaps the right call here is to still allow people to use connection strings?

@craxal
Copy link
Contributor

craxal commented Mar 8, 2021

Since you're connecting to an emulator, we can look further into allowing connections to emulators using connection strings. This would likely add a selection panel where you can choose between connection strings or port numbers.

@craxal
Copy link
Contributor

craxal commented Mar 8, 2021

Create #4177 to track connection string entry as well.

@JasonYeMSFT JasonYeMSFT added the ⚙️ emulator Related to local emulators label Apr 5, 2021
@JasonYeMSFT JasonYeMSFT modified the milestones: 1.19.0, 1.20.0 Apr 5, 2021
@JasonYeMSFT
Copy link
Contributor

We need to investigate if directly using connection string with a varied development account name works.

@lucas-natraj lucas-natraj mentioned this issue Apr 7, 2021
Closed
@JasonYeMSFT
Copy link
Contributor

We had a bug in the url construction code for such local endpoints with custom storage account names, so they don't work in 1.18.1. I made a fix for the url construction, which should allow connecting to Azurite with custom account names via connection strings. But this isn't obvious for emulator and we need to revisit our emulator connection experience.

@MRayermannMSFT MRayermannMSFT added the 💡 feature request New feature or request label Apr 19, 2021
@MRayermannMSFT MRayermannMSFT changed the title Unable to connect to custom azurite accounts: Server failed to authenticate the request. Support Custom Azurite Accounts/Unable to connect to custom azurite accounts: Server failed to authenticate the request. Apr 19, 2021
@MRayermannMSFT
Copy link
Member

We'll try to get to supporting this via the attach emulator experience, but for now, starting with Storage Explorer 1.19, you can attach a custom azurite account by constructing the connection string yourself.

@craxal craxal closed this as completed May 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@craxal craxal

Labels
💡 feature request New feature or request ⚙️ emulator Related to local emulators
Projects
None yet
Milestone
1.20.0
Development

No branches or pull requests
4 participants
@craxal @GeeWee @MRayermannMSFT @JasonYeMSFT