Customize Service Fabric cluster settings

This article describes the various fabric settings for your Service Fabric cluster that you can customize. For clusters hosted in Azure, you can customize settings through the Azure portal or by using an Azure Resource Manager template. For more information, see Upgrade the configuration of an Azure cluster. For standalone clusters, you customize settings by updating the ClusterConfig.json file and performing a configuration upgrade on your cluster. For more information, see Upgrade the configuration of a standalone cluster.

There are three different upgrade policies:

  • Dynamic – Changes to a dynamic configuration do not cause any process restarts of either Service Fabric processes or your service host processes.
  • Static – Changes to a static configuration will cause the Service Fabric node to restart in order to consume the change. Services on the nodes will be restarted.
  • NotAllowed – These settings cannot be modified. Changing these settings requires that the cluster be destroyed and a new cluster created.

The following is a list of Fabric settings that you can customize, organized by section.

ApplicationGateway/Http

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ApplicationCertificateValidationPolicy string, default is "None" Static This does not validate the server certificate; succeed the request. Refer to config ServiceCertificateThumbprints for the comma-separated list of thumbprints of the remote certs that the reverse proxy can trust. Refer to config ServiceCommonNameAndIssuer for the subject name and issuer thumbprint of the remote certs that the reverse proxy can trust. To learn more, see Reverse proxy secure connection.
BodyChunkSize Uint, default is 16384 Dynamic Gives the size of for the chunk in bytes used to read the body.
CrlCheckingFlag uint, default is 0x40000000 Dynamic Flags for application/service certificate chain validation; e.g. CRL checking 0x10000000 CERT_CHAIN_REVOCATION_CHECK_END_CERT 0x20000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x40000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x80000000 CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY Setting to 0 disables CRL checking Full list of supported values is documented by dwFlags of CertGetCertificateChain: http://msdn.microsoft.com/library/windows/desktop/aa376078(v=vs.85).aspx
DefaultHttpRequestTimeout Time in seconds. default is 120 Dynamic Specify timespan in seconds. Gives the default request timeout for the http requests being processed in the http app gateway.
ForwardClientCertificate bool, default is FALSE Dynamic When set to false, reverse proxy will not request for the client certificate.When set to true, reverse proxy will request for the client certificate during the SSL handshake and forward the base64 encoded PEM format string to the service in a header named X-Client-Certificate.The service can fail the request with appropriate status code after inspecting the certificate data. If this is true and client does not present a certificate, reverse proxy will forward an empty header and let the service handle the case. Reverse proxy will act as a transparent layer. To learn more, see Set up client certificate authentication.
GatewayAuthCredentialType string, default is "None" Static Indicates the type of security credentials to use at the http app gateway endpoint Valid values are "None/X509.
GatewayX509CertificateFindType string, default is "FindByThumbprint" Dynamic Indicates how to search for certificate in the store specified by GatewayX509CertificateStoreName Supported value: FindByThumbprint; FindBySubjectName.
GatewayX509CertificateFindValue string, default is "" Dynamic Search filter value used to locate the http app gateway certificate. This certificate is configured on the https endpoint and can also be used to verify the identity of the app if needed by the services. FindValue is looked up first; and if that does not exist; FindValueSecondary is looked up.
GatewayX509CertificateFindValueSecondary string, default is "" Dynamic Search filter value used to locate the http app gateway certificate. This certificate is configured on the https endpoint and can also be used to verify the identity of the app if needed by the services. FindValue is looked up first; and if that does not exist; FindValueSecondary is looked up.
GatewayX509CertificateStoreName string, default is "My" Dynamic Name of X.509 certificate store that contains certificate for http app gateway.
HttpRequestConnectTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(5) Dynamic Specify timespan in seconds. Gives the connect timeout for the http requests being sent from the http app gateway.
IgnoreCrlOfflineError bool, default is TRUE Dynamic Whether to ignore CRL offline error for application/service certificate verification.
IsEnabled Bool, default is false Static Enables/Disables the HttpApplicationGateway. HttpApplicationGateway is disabled by default and this config needs to be set to enable it.
NumberOfParallelOperations Uint, default is 5000 Static Number of reads to post to the http server queue. This controls the number of concurrent requests that can be satisfied by the HttpGateway.
RemoveServiceResponseHeaders string, default is "Date; Server" Static Semi colon/ comma-separated list of response headers that will be removed from the service response; before forwarding it to the client. If this is set to empty string; pass all the headers returned by the service as-is. i.e do not overwrite the Date and Server
ResolveServiceBackoffInterval Time in seconds, default is 5 Dynamic Specify timespan in seconds. Gives the default back-off interval before retrying a failed resolve service operation.
SecureOnlyMode bool, default is FALSE Dynamic SecureOnlyMode: true: Reverse Proxy will only forward to services that publish secure endpoints. false: Reverse Proxy can forward requests to secure/non-secure endpoints. To learn more, see Reverse proxy endpoint selection logic.
ServiceCertificateThumbprints string, default is "" Dynamic The comma-separated list of thumbprints of the remote certs that the reverse proxy can trust. To learn more, see Reverse proxy secure connection.

ApplicationGateway/Http/ServiceCommonNameAndIssuer

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup X509NameMap, default is None Dynamic Subject name and issuer thumbprint of the remote certs that the reverse proxy can trust. To learn more, see Reverse proxy secure connection.

BackupRestoreService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
MinReplicaSetSize int, default is 0 Static The MinReplicaSetSize for BackupRestoreService
PlacementConstraints string, default is "" Static The PlacementConstraints for BackupRestore service
SecretEncryptionCertThumbprint string, default is "" Dynamic Thumbprint of the Secret encryption X509 certificate
SecretEncryptionCertX509StoreName string, default is "My" Dynamic This indicates the certificate to use for encryption and decryption of creds Name of X.509 certificate store that is used for encrypting decrypting store credentials used by Backup Restore service
TargetReplicaSetSize int, default is 0 Static The TargetReplicaSetSize for BackupRestoreService

ClusterManager

Parameter Allowed Values Upgrade Policy Guidance or Short Description
EnableDefaultServicesUpgrade Bool, default is false Dynamic Enable upgrading default services during application upgrade. Default service descriptions would be overwritten after upgrade.
FabricUpgradeHealthCheckInterval Time in seconds, default is 60 Dynamic The frequency of health status check during a monitored Fabric upgrade
FabricUpgradeStatusPollInterval Time in seconds, default is 60 Dynamic The frequency of polling for Fabric upgrade status. This value determines the rate of update for any GetFabricUpgradeProgress call
ImageBuilderTimeoutBuffer Time in seconds, default is 3 Dynamic Specify timespan in seconds. The amount of time to allow for Image Builder specific timeout errors to return to the client. If this buffer is too small; then the client times out before the server and gets a generic timeout error.
InfrastructureTaskHealthCheckRetryTimeout Time in seconds, default is 60 Dynamic Specify timespan in seconds. The amount of time to spend retrying failed health checks while post-processing an infrastructure task. Observing a passed health check will reset this timer.
InfrastructureTaskHealthCheckStableDuration Time in seconds, default is 0 Dynamic Specify timespan in seconds. The amount of time to observe consecutive passed health checks before post-processing of an infrastructure task finishes successfully. Observing a failed health check will reset this timer.
InfrastructureTaskHealthCheckWaitDuration Time in seconds, default is 0 Dynamic Specify timespan in seconds. The amount of time to wait before starting health checks after post-processing an infrastructure task.
InfrastructureTaskProcessingInterval Time in seconds, default is 10 Dynamic Specify timespan in seconds. The processing interval used by the infrastructure task processing state machine.
MaxCommunicationTimeout Time in seconds, default is 600 Dynamic Specify timespan in seconds. The maximum timeout for internal communications between ClusterManager and other system services (i.e.; Naming Service; Failover Manager and etc.). This timeout should be smaller than global MaxOperationTimeout (as there might be multiple communications between system components for each client operation).
MaxDataMigrationTimeout Time in seconds, default is 600 Dynamic Specify timespan in seconds. The maximum timeout for data migration recovery operations after a Fabric upgrade has taken place.
MaxOperationRetryDelay Time in seconds, default is 5 Dynamic Specify timespan in seconds. The maximum delay for internal retries when failures are encountered.
MaxOperationTimeout Time in seconds, default is MaxValue Dynamic Specify timespan in seconds. The maximum global timeout for internally processing operations on ClusterManager.
MaxTimeoutRetryBuffer Time in seconds, default is 600 Dynamic Specify timespan in seconds. The maximum operation timeout when internally retrying due to timeouts is + . Additional timeout is added in increments of MinOperationTimeout.
MinOperationTimeout Time in seconds, default is 60 Dynamic Specify timespan in seconds. The minimum global timeout for internally processing operations on ClusterManager.
MinReplicaSetSize Int, default is 3 Not Allowed The MinReplicaSetSize for ClusterManager.
PlacementConstraints string, default is "" Not Allowed The PlacementConstraints for ClusterManager.
QuorumLossWaitDuration Time in seconds, default is MaxValue Not Allowed Specify timespan in seconds. The QuorumLossWaitDuration for ClusterManager.
ReplicaRestartWaitDuration Time in seconds, default is (60.0 * 30) Not Allowed Specify timespan in seconds. The ReplicaRestartWaitDuration for ClusterManager.
ReplicaSetCheckTimeoutRollbackOverride Time in seconds, default is 1200 Dynamic Specify timespan in seconds. If ReplicaSetCheckTimeout is set to the maximum value of DWORD; then it's overridden with the value of this config for the purposes of rollback. The value used for roll-forward is never overridden.
SkipRollbackUpdateDefaultService Bool, default is false Dynamic The CM will skip reverting updated default services during application upgrade rollback.
StandByReplicaKeepDuration Time in seconds, default is (3600.0 * 2) Not Allowed Specify timespan in seconds. The StandByReplicaKeepDuration for ClusterManager.
TargetReplicaSetSize Int, default is 7 Not Allowed The TargetReplicaSetSize for ClusterManager.
UpgradeHealthCheckInterval Time in seconds, default is 60 Dynamic The frequency of health status checks during a monitored application upgrades
UpgradeStatusPollInterval Time in seconds, default is 60 Dynamic The frequency of polling for application upgrade status. This value determines the rate of update for any GetApplicationUpgradeProgress call

Common

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PerfMonitorInterval Time in seconds, default is 1 Dynamic Specify timespan in seconds. Performance monitoring interval. Setting to 0 or negative value disables monitoring.

DefragmentationEmptyNodeDistributionPolicy

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup KeyIntegerValueMap, default is None Dynamic Specifies the policy defragmentation follows when emptying nodes. For a given metric 0 indicates that SF should try to defragment nodes evenly across UDs and FDs; 1 indicates only that the nodes must be defragmented

DefragmentationMetrics

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup KeyBoolValueMap, default is None Dynamic Determines the set of metrics that should be used for defragmentation and not for load balancing.

DefragmentationMetricsPercentOrNumberOfEmptyNodesTriggeringThreshold

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup KeyDoubleValueMap, default is None Dynamic Determines the number of free nodes which are needed to consider cluster defragmented by specifying either percent in range [0.0 - 1.0) or number of empty nodes as number >= 1.0

Diagnostics

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AppDiagnosticStoreAccessRequiresImpersonation Bool, default is true Dynamic Whether or not impersonation is required when accessing diagnostic stores on behalf of the application.
AppEtwTraceDeletionAgeInDays Int, default is 3 Dynamic Number of days after which we delete old ETL files containing application ETW traces.
ApplicationLogsFormatVersion Int, default is 0 Dynamic Version for application logs format. Supported values are 0 and 1. Version 1 includes more fields from the ETW event record than version 0.
ClusterId String Dynamic The unique id of the cluster. This is generated when the cluster is created.
ConsumerInstances String Dynamic The list of DCA consumer instances.
DiskFullSafetySpaceInMB Int, default is 1024 Dynamic Remaining disk space in MB to protect from use by DCA.
EnableCircularTraceSession Bool, default is false Static Flag indicates whether circular trace sessions should be used.
EnableTelemetry Bool, default is true Dynamic This is going to enable or disable telemetry.
MaxDiskQuotaInMB Int, default is 65536 Dynamic Disk quota in MB for Windows Fabric log files.
ProducerInstances String Dynamic The list of DCA producer instances.

DnsService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
EnablePartitionedQuery bool, default is FALSE Static The flag to enable support for DNS queries for partitioned services. The feature is turned off by default. For more information, see Service Fabric DNS Service.
InstanceCount int, default is -1 Static Default value is -1 which means that DnsService is running on every node. OneBox needs this to be set to 1 since DnsService uses well known port 53, so it cannot have multiple instances on the same machine.
IsEnabled bool, default is FALSE Static Enables/Disables DnsService. DnsService is disabled by default and this config needs to be set to enable it.
PartitionPrefix string, default is "--" Static Controls the partition prefix string value in DNS queries for partitioned services. The value :
  • Should be RFC-compliant as it will be part of a DNS query.
  • Should not contain a dot, '.', as dot interferes with DNS suffix behavior.
  • Should not be longer than 5 characters.
  • Cannot be an empty string.
  • If the PartitionPrefix setting is overridden, then PartitionSuffix must be overridden, and vice-versa.
For more information, see Service Fabric DNS Service..
PartitionSuffix string, default is "" Static Controls the partition suffix string value in DNS queries for partitioned services.The value :
  • Should be RFC-compliant as it will be part of a DNS query.
  • Should not contain a dot, '.', as dot interferes with DNS suffix behavior.
  • Should not be longer than 5 characters.
  • If the PartitionPrefix setting is overridden, then PartitionSuffix must be overridden, and vice-versa.
For more information, see Service Fabric DNS Service..

EventStore

Parameter Allowed Values Upgrade Policy Guidance or Short Description
MinReplicaSetSize int, default is 0 Static The MinReplicaSetSize for EventStore service
PlacementConstraints string, default is "" Static The PlacementConstraints for EventStore service
TargetReplicaSetSize int, default is 0 Static The TargetReplicaSetSize for EventStore service

FabricClient

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ConnectionInitializationTimeout Time in seconds, default is 2 Dynamic Specify timespan in seconds. Connection timeout interval for each time client tries to open a connection to the gateway.
HealthOperationTimeout Time in seconds, default is 120 Dynamic Specify timespan in seconds. The timeout for a report message sent to Health Manager.
HealthReportRetrySendInterval Time in seconds, default is 30 Dynamic Specify timespan in seconds. The interval at which reporting component re-sends accumulated health reports to Health Manager.
HealthReportSendInterval Time in seconds, default is 30 Dynamic Specify timespan in seconds. The interval at which reporting component sends accumulated health reports to Health Manager.
KeepAliveIntervalInSeconds Int, default is 20 Static The interval at which the FabricClient transport sends keep-alive messages to the gateway. For 0; keepAlive is disabled. Must be a positive value.
MaxFileSenderThreads Uint, default is 10 Static The max number of files that are transferred in parallel.
NodeAddresses string, default is "" Static A collection of addresses (connection strings) on different nodes that can be used to communicate with the Naming Service. Initially the Client connects selecting one of the addresses randomly. If more than one connection string is supplied and a connection fails because of a communication or timeout error; the Client switches to use the next address sequentially. See the Naming Service Address retry section for details on retries semantics.
PartitionLocationCacheLimit Int, default is 100000 Static Number of partitions cached for service resolution (set to 0 for no limit).
RetryBackoffInterval Time in seconds, default is 3 Dynamic Specify timespan in seconds. The back-off interval before retrying the operation.
ServiceChangePollInterval Time in seconds, default is 120 Dynamic Specify timespan in seconds. The interval between consecutive polls for service changes from the client to the gateway for registered service change notifications callbacks.

FabricHost

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ActivationMaxFailureCount Int, default is 10 Dynamic This is the maximum count for which system will retry failed activation before giving up.
ActivationMaxRetryInterval Time in seconds, default is 300 Dynamic Specify timespan in seconds. Max retry interval for Activation. On every continuous failure the retry interval is calculated as Min( ActivationMaxRetryInterval; Continuous Failure Count * ActivationRetryBackoffInterval).
ActivationRetryBackoffInterval Time in seconds, default is 5 Dynamic Specify timespan in seconds. Backoff interval on every activation failure;On every continuous activation failure the system will retry the activation for up to the MaxActivationFailureCount. The retry interval on every try is a product of continuous activation failure and the activation back-off interval.
EnableRestartManagement Bool, default is false Dynamic This is to enable server restart.
EnableServiceFabricAutomaticUpdates Bool, default is false Dynamic This is to enable fabric automatic update via Windows Update.
EnableServiceFabricBaseUpgrade Bool, default is false Dynamic This is to enable base update for server.
StartTimeout Time in seconds, default is 300 Dynamic Specify timespan in seconds. Time out for fabricactivationmanager startup.
StopTimeout Time in seconds, default is 300 Dynamic Specify timespan in seconds. The timeout for hosted service activation; deactivation and upgrade.

FabricNode

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ClientAuthX509FindType string, default is "FindByThumbprint" Dynamic Indicates how to search for certificate in the store specified by ClientAuthX509StoreName Supported value: FindByThumbprint; FindBySubjectName.
ClientAuthX509FindValue string, default is "" Dynamic Search filter value used to locate certificate for default admin role FabricClient.
ClientAuthX509FindValueSecondary string, default is "" Dynamic Search filter value used to locate certificate for default admin role FabricClient.
ClientAuthX509StoreName string, default is "My" Dynamic Name of the X.509 certificate store that contains certificate for default admin role FabricClient.
ClusterX509FindType string, default is "FindByThumbprint" Dynamic Indicates how to search for cluster certificate in the store specified by ClusterX509StoreName Supported values: "FindByThumbprint"; "FindBySubjectName" With "FindBySubjectName"; when there are multiple matches; the one with the furthest expiration is used.
ClusterX509FindValue string, default is "" Dynamic Search filter value used to locate cluster certificate.
ClusterX509FindValueSecondary string, default is "" Dynamic Search filter value used to locate cluster certificate.
ClusterX509StoreName string, default is "My" Dynamic Name of X.509 certificate store that contains cluster certificate for securing intra-cluster communication.
EndApplicationPortRange Int, default is 0 Static End (no inclusive) of the application ports managed by hosting subsystem. Required if EndpointFilteringEnabled is true in Hosting.
ServerAuthX509FindType string, default is "FindByThumbprint" Dynamic Indicates how to search for server certificate in the store specified by ServerAuthX509StoreName Supported value: FindByThumbprint; FindBySubjectName.
ServerAuthX509FindValue string, default is "" Dynamic Search filter value used to locate server certificate.
ServerAuthX509FindValueSecondary string, default is "" Dynamic Search filter value used to locate server certificate.
ServerAuthX509StoreName string, default is "My" Dynamic Name of X.509 certificate store that contains server certificate for entree service.
StartApplicationPortRange Int, default is 0 Static Start of the application ports managed by hosting subsystem. Required if EndpointFilteringEnabled is true in Hosting.
StateTraceInterval Time in seconds, default is 300 Static Specify timespan in seconds. The interval for tracing node status on each node and up nodes on FM/FMM.
UserRoleClientX509FindType string, default is "FindByThumbprint" Dynamic Indicates how to search for certificate in the store specified by UserRoleClientX509StoreName Supported value: FindByThumbprint; FindBySubjectName.
UserRoleClientX509FindValue string, default is "" Dynamic Search filter value used to locate certificate for default user role FabricClient.
UserRoleClientX509FindValueSecondary string, default is "" Dynamic Search filter value used to locate certificate for default user role FabricClient.
UserRoleClientX509StoreName string, default is "My" Dynamic Name of the X.509 certificate store that contains certificate for default user role FabricClient.

FailoverManager

Parameter Allowed Values Upgrade Policy Guidance or Short Description
BuildReplicaTimeLimit TimeSpan, default is Common::TimeSpan::FromSeconds(3600) Dynamic Specify timespan in seconds. The time limit for building a stateful replica; after which a warning health report will be initiated
ClusterPauseThreshold int, default is 1 Dynamic If the number of nodes in system go below this value then placement; load balancing; and failover is stopped.
CreateInstanceTimeLimit TimeSpan, default is Common::TimeSpan::FromSeconds(300) Dynamic Specify timespan in seconds. The time limit for creating a stateless instance; after which a warning health report will be initiated
ExpectedClusterSize int, default is 1 Dynamic When the cluster is initially started up; the FM will wait for this many nodes to report themselves up before it begins placing other services; including the system services like naming. Increasing this value increases the time it takes a cluster to start up; but prevents the early nodes from becoming overloaded and also the additional moves that will be necessary as more nodes come online. This value should generally be set to some small fraction of the initial cluster size.
ExpectedNodeDeactivationDuration TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30) Dynamic Specify timespan in seconds. This is the expected duration for a node to complete deactivation in.
ExpectedNodeFabricUpgradeDuration TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30) Dynamic Specify timespan in seconds. This is the expected duration for a node to be upgraded during Windows Fabric upgrade.
ExpectedReplicaUpgradeDuration TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30) Dynamic Specify timespan in seconds. This is the expected duration for all the replicas to be upgraded on a node during application upgrade.
IsSingletonReplicaMoveAllowedDuringUpgrade bool, default is TRUE Dynamic If set to true; replicas with a target replica set size of 1 will be permitted to move during upgrade.
MinReplicaSetSize int, default is 3 Not Allowed This is the minimum replica set size for the FM. If the number of active FM replicas drops below this value; the FM will reject changes to the cluster until at least the min number of replicas is recovered
PlacementConstraints string, default is "" Not Allowed Any placement constraints for the failover manager replicas
PlacementTimeLimit TimeSpan, default is Common::TimeSpan::FromSeconds(600) Dynamic Specify timespan in seconds. The time limit for reaching target replica count; after which a warning health report will be initiated
QuorumLossWaitDuration Time in seconds, default is MaxValue Dynamic Specify timespan in seconds. This is the max duration for which we allow a partition to be in a state of quorum loss. If the partition is still in quorum loss after this duration; the partition is recovered from quorum loss by considering the down replicas as lost. Note that this can potentially incur data loss.
ReconfigurationTimeLimit TimeSpan, default is Common::TimeSpan::FromSeconds(300) Dynamic Specify timespan in seconds. The time limit for reconfiguration; after which a warning health report will be initiated
ReplicaRestartWaitDuration TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30) Not Allowed Specify timespan in seconds. This is the ReplicaRestartWaitDuration for the FMService
StandByReplicaKeepDuration Timespan, default is Common::TimeSpan::FromSeconds(3600.0 * 24 * 7) Not Allowed Specify timespan in seconds. This is the StandByReplicaKeepDuration for the FMService
TargetReplicaSetSize int, default is 7 Not Allowed This is the target number of FM replicas that Windows Fabric will maintain. A higher number results in higher reliability of the FM data; with a small performance tradeoff.
UserMaxStandByReplicaCount Int, default is 1 Dynamic The default max number of StandBy replicas that the system keeps for user services.
UserReplicaRestartWaitDuration Time in seconds, default is 60.0 * 30 Dynamic Specify timespan in seconds. When a persisted replica goes down; Windows Fabric waits for this duration for the replica to come back up before creating new replacement replicas (which would require a copy of the state).
UserStandByReplicaKeepDuration Time in seconds, default is 3600.0 * 24 * 7 Dynamic Specify timespan in seconds. When a persisted replica come back from a down state; it may have already been replaced. This timer determines how long the FM will keep the standby replica before discarding it.

FaultAnalysisService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
CompletedActionKeepDurationInSeconds Int, default is 604800 Static This is approximately how long to keep actions that are in a terminal state. This also depends on StoredActionCleanupIntervalInSeconds; since the work to cleanup is only done on that interval. 604800 is 7 days.
DataLossCheckPollIntervalInSeconds int, default is 5 Static This is the time between the checks the system performs while waiting for data loss to happen. The number of times the data loss number will be checked per internal iteration is DataLossCheckWaitDurationInSeconds/this.
DataLossCheckWaitDurationInSeconds int, default is 25 Static The total amount of time; in seconds; that the system will wait for data loss to happen. This is internally used when the StartPartitionDataLossAsync() api is called.
MinReplicaSetSize Int, default is 0 Static The MinReplicaSetSize for FaultAnalysisService.
PlacementConstraints string, default is "" Static The PlacementConstraints for FaultAnalysisService.
QuorumLossWaitDuration Time in seconds, default is MaxValue Static Specify timespan in seconds. The QuorumLossWaitDuration for FaultAnalysisService.
ReplicaDropWaitDurationInSeconds int, default is 600 Static This parameter is used when the data loss api is called. It controls how long the system will wait for a replica to get dropped after remove replica is internally invoked on it.
ReplicaRestartWaitDuration Time in seconds, default is 60 minutes Static Specify timespan in seconds. The ReplicaRestartWaitDuration for FaultAnalysisService.
StandByReplicaKeepDuration Time in seconds, default is (60247) minutes Static Specify timespan in seconds. The StandByReplicaKeepDuration for FaultAnalysisService.
StoredActionCleanupIntervalInSeconds Int, default is 3600 Static This is how often the store will be cleaned up. Only actions in a terminal state; and that completed at least CompletedActionKeepDurationInSeconds ago will be removed.
StoredChaosEventCleanupIntervalInSeconds Int, default is 3600 Static This is how often the store will be audited for cleanup; if the number of events is more than 30000; the cleanup will kick in.
TargetReplicaSetSize Int, default is 0 Static NOT_PLATFORM_UNIX_START The TargetReplicaSetSize for FaultAnalysisService.

Federation

Parameter Allowed Values Upgrade Policy Guidance or Short Description
GlobalTicketLeaseDuration TimeSpan, default is Common::TimeSpan::FromSeconds(300) Static Specify timespan in seconds. Nodes in the cluster need to maintain a global lease with the voters. Voters submit their global leases to be propagated across the cluster for this duration. If the duration expires; then the lease is lost. Loss of quorum of leases causes a node to abandon the cluster; by failing to receive communication with a quorum of nodes in this period of time. This value needs to be adjusted based on the size of the cluster.
LeaseDuration Time in seconds, default is 30 Dynamic Duration that a lease lasts between a node and its neighbors.
LeaseDurationAcrossFaultDomain Time in seconds, default is 30 Dynamic Duration that a lease lasts between a node and its neighbors across fault domains.

FileStoreService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AcceptChunkUpload Bool, default is TRUE Dynamic Config to determine whether file store service accepts chunk based file upload or not during copy application package.
AnonymousAccessEnabled Bool, default is true Static Enable/Disable anonymous access to the FileStoreService shares.
CommonName1Ntlmx509CommonName string, default is "" Static The common name of the X509 certificate used to generate HMAC on the CommonName1NtlmPasswordSecret when using NTLM authentication
CommonName1Ntlmx509StoreLocation string, default is "LocalMachine" Static The store location of the X509 certificate used to generate HMAC on the CommonName1NtlmPasswordSecret when using NTLM authentication
CommonName1Ntlmx509StoreName string, default is "MY" Static The store name of the X509 certificate used to generate HMAC on the CommonName1NtlmPasswordSecret when using NTLM authentication
CommonName2Ntlmx509CommonName string, default is "" Static The common name of the X509 certificate used to generate HMAC on the CommonName2NtlmPasswordSecret when using NTLM authentication
CommonName2Ntlmx509StoreLocation string, default is "LocalMachine" Static The store location of the X509 certificate used to generate HMAC on the CommonName2NtlmPasswordSecret when using NTLM authentication
CommonName2Ntlmx509StoreName string, default is "MY" Static The store name of the X509 certificate used to generate HMAC on the CommonName2NtlmPasswordSecret when using NTLM authentication
CommonNameNtlmPasswordSecret SecureString, default is Common::SecureString("") Static The password secret which used as seed to generated same password when using NTLM authentication
GenerateV1CommonNameAccount bool, default is TRUE Static Specifies whether to generate an account with user name V1 generation algorithm. Starting with Service Fabric version 6.1; an account with v2 generation is always created. The V1 account is necessary for upgrades from/to versions that do not support V2 generation (prior to 6.1).
MaxCopyOperationThreads Uint, default is 0 Dynamic The maximum number of parallel files that secondary can copy from primary. '0' == number of cores.
MaxFileOperationThreads Uint, default is 100 Static The maximum number of parallel threads allowed to perform FileOperations (Copy/Move) in the primary. '0' == number of cores.
MaxRequestProcessingThreads Uint, default is 200 Static The maximum number of parallel threads allowed to process requests in the primary. '0' == number of cores.
MaxSecondaryFileCopyFailureThreshold Uint, default is 25 Dynamic The maximum number of file copy retries on the secondary before giving up.
MaxStoreOperations Uint, default is 4096 Static The maximum number of parallel store transaction operations allowed on primary. '0' == number of cores.
NamingOperationTimeout Time in seconds, default is 60 Dynamic Specify timespan in seconds. The timeout for performing naming operation.
PrimaryAccountNTLMPasswordSecret SecureString, default is empty Static The password secret which used as seed to generated same password when using NTLM authentication.
PrimaryAccountNTLMX509StoreLocation string, default is "LocalMachine" Static The store location of the X509 certificate used to generate HMAC on the PrimaryAccountNTLMPasswordSecret when using NTLM authentication.
PrimaryAccountNTLMX509StoreName string, default is "MY" Static The store name of the X509 certificate used to generate HMAC on the PrimaryAccountNTLMPasswordSecret when using NTLM authentication.
PrimaryAccountNTLMX509Thumbprint string, default is "" Static The thumbprint of the X509 certificate used to generate HMAC on the PrimaryAccountNTLMPasswordSecret when using NTLM authentication.
PrimaryAccountType string, default is "" Static The primary AccountType of the principal to ACL the FileStoreService shares.
PrimaryAccountUserName string, default is "" Static The primary account Username of the principal to ACL the FileStoreService shares.
PrimaryAccountUserPassword SecureString, default is empty Static The primary account password of the principal to ACL the FileStoreService shares.
QueryOperationTimeout Time in seconds, default is 60 Dynamic Specify timespan in seconds. The timeout for performing query operation.
SecondaryAccountNTLMPasswordSecret SecureString, default is empty Static The password secret which used as seed to generated same password when using NTLM authentication.
SecondaryAccountNTLMX509StoreLocation string, default is "LocalMachine" Static The store location of the X509 certificate used to generate HMAC on the SecondaryAccountNTLMPasswordSecret when using NTLM authentication.
SecondaryAccountNTLMX509StoreName string, default is "MY" Static The store name of the X509 certificate used to generate HMAC on the SecondaryAccountNTLMPasswordSecret when using NTLM authentication.
SecondaryAccountNTLMX509Thumbprint string, default is "" Static The thumbprint of the X509 certificate used to generate HMAC on the SecondaryAccountNTLMPasswordSecret when using NTLM authentication.
SecondaryAccountType string, default is "" Static The secondary AccountType of the principal to ACL the FileStoreService shares.
SecondaryAccountUserName string, default is "" Static The secondary account Username of the principal to ACL the FileStoreService shares.
SecondaryAccountUserPassword SecureString, default is empty Static The secondary account password of the principal to ACL the FileStoreService shares.

HealthManager

Parameter Allowed Values Upgrade Policy Guidance or Short Description
EnableApplicationTypeHealthEvaluation Bool, default is false Static Cluster health evaluation policy: enable per application type health evaluation.

HealthManager/ClusterHealthPolicy

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ConsiderWarningAsError Bool, default is false Static Cluster health evaluation policy: warnings are treated as errors.
MaxPercentUnhealthyApplications Int, default is 0 Static Cluster health evaluation policy: maximum percent of unhealthy applications allowed for the cluster to be healthy.
MaxPercentUnhealthyNodes Int, default is 0 Static Cluster health evaluation policy: maximum percent of unhealthy nodes allowed for the cluster to be healthy.

HealthManager/ClusterUpgradeHealthPolicy

Parameter Allowed Values Upgrade Policy Guidance or Short Description
MaxPercentDeltaUnhealthyNodes int, default is 10 Static Cluster upgrade health evaluation policy: maximum percent of delta unhealthy nodes allowed for the cluster to be healthy
MaxPercentUpgradeDomainDeltaUnhealthyNodes int, default is 15 Static Cluster upgrade health evaluation policy: maximum percent of delta of unhealthy nodes in an upgrade domain allowed for the cluster to be healthy

Hosting

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ActivationMaxFailureCount Whole number, default is 10 Dynamic Number of times system retries failed activation before giving up
ActivationMaxRetryInterval Time in seconds, default is 300 Dynamic On every continuous activation failure, the system retries the activation for up to ActivationMaxFailureCount. ActivationMaxRetryInterval specifies Wait time interval before retry after every activation failure
ActivationRetryBackoffInterval Time in Seconds, default is 5 Dynamic Backoff interval on every activation failure; On every continuous activation failure, the system retries the activation for up to the MaxActivationFailureCount. The retry interval on every try is a product of continuous activation failure and the activation back-off interval.
ActivationTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(180) Dynamic Specify timespan in seconds. The timeout for application activation; deactivation and upgrade.
ApplicationHostCloseTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(120) Dynamic Specify timespan in seconds. When Fabric exit is detected in a self activated processes; FabricRuntime closes all of the replicas in the user's host (applicationhost) process. This is the timeout for the close operation.
ApplicationUpgradeTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(360) Dynamic Specify timespan in seconds. The timeout for application upgrade. If the timeout is less than the "ActivationTimeout" deployer will fail.
ContainerServiceArguments string, default is "-H localhost:2375 -H npipe://" Static Service Fabric (SF) manages docker daemon (except on windows client machines like Win10). This configuration allows user to specify custom arguments that should be passed to docker daemon when starting it. When custom arguments are specified, Service Fabric do not pass any other argument to Docker engine except '--pidfile' argument. Hence users should not specify '--pidfile' argument as part of their customer arguments. Also, the custom arguments should ensure that docker daemon listens on default name pipe on Windows (or Unix domain socket on Linux) for Service Fabric to be able to communicate with it.
ContainerServiceLogFileMaxSizeInKb int, default is 32768 Static Maximum file size of log file generated by docker containers. Windows only.
ContainerImagesToSkip string, image names separated by vertical line character, default is "" Static Name of one or more container images that should not be deleted. Used with the PruneContainerImages parameter.
ContainerServiceLogFileNamePrefix string, default is "sfcontainerlogs" Static File name prefix for log files generated by docker containers. Windows only.
ContainerServiceLogFileRetentionCount int, default is 10 Static Number of log files generated by docker containers before log files are overwritten. Windows only.
CreateFabricRuntimeTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(120) Dynamic Specify timespan in seconds. The timeout value for the sync FabricCreateRuntime call
DefaultContainerRepositoryAccountName string, default is "" Static Default credentials used instead of credentials specified in ApplicationManifest.xml
DefaultContainerRepositoryPassword string, default is "" Static Default password credentials used instead of credentials specified in ApplicationManifest.xml
DeploymentMaxFailureCount int, default is 20 Dynamic Application deployment will be retried for DeploymentMaxFailureCount times before failing the deployment of that application on the node.
DeploymentMaxRetryInterval TimeSpan, default is Common::TimeSpan::FromSeconds(3600) Dynamic Specify timespan in seconds. Max retry interval for the deployment. On every continuous failure the retry interval is calculated as Min( DeploymentMaxRetryInterval; Continuous Failure Count * DeploymentRetryBackoffInterval)
DeploymentRetryBackoffInterval TimeSpan, default is Common::TimeSpan::FromSeconds(10) Dynamic Specify timespan in seconds. Back-off interval for the deployment failure. On every continuous deployment failure the system will retry the deployment for up to the MaxDeploymentFailureCount. The retry interval is a product of continuous deployment failure and the deployment backoff interval.
DisableDockerRequestRetry bool, default is FALSE Dynamic By default SF communicates with DD (docker dameon) with a timeout of 'DockerRequestTimeout' for each http request sent to it. If DD does not responds within this time period; SF resends the request if top level operation still has remining time. With hyperv container; DD sometimes take much more time to bring up the container or deactivate it. In such cases DD request times out from SF perspective and SF retries the operation. Sometimes this seems to adds more pressure on DD. This config allows to disable this retry and wait for DD to respond.
EnableActivateNoWindow bool, default is FALSE Dynamic The activated process is created in the background without any console.
EnableContainerServiceDebugMode bool, default is TRUE Static Enable/disable logging for docker containers. Windows only.
EnableDockerHealthCheckIntegration bool, default is TRUE Static Enables integration of docker HEALTHCHECK events with Service Fabric system health report
EnableProcessDebugging bool, default is FALSE Dynamic Enables launching application hosts under debugger
EndpointProviderEnabled bool, default is FALSE Static Enables management of Endpoint resources by Fabric. Requires specification of start and end application port range in FabricNode.
FabricContainerAppsEnabled bool, default is FALSE Static
FirewallPolicyEnabled bool, default is FALSE Static Enables opening firewall ports for Endpoint resources with explicit ports specified in ServiceManifest
GetCodePackageActivationContextTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(120) Dynamic Specify timespan in seconds. The timeout value for the CodePackageActivationContext calls. This is not applicable to ad-hoc services.
IPProviderEnabled bool, default is FALSE Static Enables management of IP addresses.
IsDefaultContainerRepositoryPasswordEncrypted bool, default is FALSE Static Whether the DefaultContainerRepositoryPassword is encrypted or not.
LinuxExternalExecutablePath string, default is "/usr/bin/" Static The primary directory of external executable commands on the node.
NTLMAuthenticationEnabled bool, default is FALSE Static Enables support for using NTLM by the code packages that are running as other users so that the processes across machines can communicate securely.
NTLMAuthenticationPasswordSecret SecureString, default is Common::SecureString("") Static Is an encrypted has that is used to generate the password for NTLM users. Has to be set if NTLMAuthenticationEnabled is true. Validated by the deployer.
NTLMSecurityUsersByX509CommonNamesRefreshInterval TimeSpan, default is Common::TimeSpan::FromMinutes(3) Dynamic Specify timespan in seconds. Environment-specific settings The periodic interval at which Hosting scans for new certificates to be used for FileStoreService NTLM configuration.
NTLMSecurityUsersByX509CommonNamesRefreshTimeout TimeSpan, default is Common::TimeSpan::FromMinutes(4) Dynamic Specify timespan in seconds. The timeout for configuring NTLM users using certificate common names. The NTLM users are needed for FileStoreService shares.
PruneContainerImages bool, default is FALSE Dynamic Remove unused application container images from nodes. When an ApplicationType is unregistered from the Service Fabric cluster, the container images that were used by this application will be removed on nodes where it was downloaded by Service Fabric. The pruning runs every hour, so it may take up to one hour (plus time to prune the image) for images to be removed from the cluster.
Service Fabric will never download or remove images not related to an application. Unrelated images that were downloaded manually or otherwise must be removed explicitly.
Images that should not be deleted can be specified in the ContainerImagesToSkip parameter.
RegisterCodePackageHostTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(120) Dynamic Specify timespan in seconds. The timeout value for the FabricRegisterCodePackageHost sync call. This is applicable for only multi code package application hosts like FWP
RequestTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(30) Dynamic Specify timespan in seconds. This represents the timeout for communication between the user's application host and Fabric process for various hosting related operations such as factory registration; runtime registration.
RunAsPolicyEnabled bool, default is FALSE Static Enables running code packages as local user other than the user under which fabric process is running. In order to enable this policy Fabric must be running as SYSTEM or as user who has SeAssignPrimaryTokenPrivilege.
ServiceFactoryRegistrationTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(120) Dynamic Specify timespan in seconds. The timeout value for the sync Register(Stateless/Stateful)ServiceFactory call
ServiceTypeDisableFailureThreshold Whole number, default is 1 Dynamic This is the threshold for the failure count after which FailoverManager (FM) is notified to disable the service type on that node and try a different node for placement.
ServiceTypeDisableGraceInterval TimeSpan, default is Common::TimeSpan::FromSeconds(30) Dynamic Specify timespan in seconds. Time interval after which the service type can be disabled
ServiceTypeRegistrationTimeout Time in Seconds, default is 300 Dynamic Maximum time allowed for the ServiceType to be registered with fabric
UseContainerServiceArguments bool, default is TRUE Static This config tells hosting to skip passing arguments (specified in config ContainerServiceArguments) to docker daemon.

HttpGateway

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ActiveListeners Uint, default is 50 Static Number of reads to post to the http server queue. This controls the number of concurrent requests that can be satisfied by the HttpGateway.
HttpGatewayHealthReportSendInterval Time in seconds, default is 30 Static Specify timespan in seconds. The interval at which the Http Gateway sends accumulated health reports to the Health Manager.
IsEnabled Bool, default is false Static Enables/Disables the HttpGateway. HttpGateway is disabled by default.
MaxEntityBodySize Uint, default is 4194304 Dynamic Gives the maximum size of the body that can be expected from an http request. Default value is 4MB. Httpgateway will fail a request if it has a body of size > this value. Minimum read chunk size is 4096 bytes. So this has to be >= 4096.

ImageStoreClient

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ClientCopyTimeout Time in seconds, default is 1800 Dynamic Specify timespan in seconds. Time out value for top-level copy request to Image Store Service.
ClientDefaultTimeout Time in seconds, default is 180 Dynamic Specify timespan in seconds. Time out value for all non-upload/non-download requests (e.g. exists; delete) to Image Store Service.
ClientDownloadTimeout Time in seconds, default is 1800 Dynamic Specify timespan in seconds. Time out value for top-level download request to Image Store Service.
ClientListTimeout Time in seconds, default is 600 Dynamic Specify timespan in seconds. Time out value for top-level list request to Image Store Service.
ClientUploadTimeout Time in seconds, default is 1800 Dynamic Specify timespan in seconds. Time out value for top-level upload request to Image Store Service.

ImageStoreService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
Enabled Bool, default is false Static The Enabled flag for ImageStoreService. Default: false
MinReplicaSetSize Int, default is 3 Static The MinReplicaSetSize for ImageStoreService.
PlacementConstraints string, default is "" Static The PlacementConstraints for ImageStoreService.
QuorumLossWaitDuration Time in seconds, default is MaxValue Static Specify timespan in seconds. The QuorumLossWaitDuration for ImageStoreService.
ReplicaRestartWaitDuration Time in seconds, default is 60.0 * 30 Static Specify timespan in seconds. The ReplicaRestartWaitDuration for ImageStoreService.
StandByReplicaKeepDuration Time in seconds, default is 3600.0 * 2 Static Specify timespan in seconds. The StandByReplicaKeepDuration for ImageStoreService.
TargetReplicaSetSize Int, default is 7 Static The TargetReplicaSetSize for ImageStoreService.

KtlLogger

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AutomaticMemoryConfiguration Int, default is 1 Dynamic Flag that indicates if the memory settings should be automatically and dynamically configured. If zero then the memory configuration settings are used directly and do not change based on system conditions. If one then the memory settings are configured automatically and may change based on system conditions.
MaximumDestagingWriteOutstandingInKB Int, default is 0 Dynamic The number of KB to allow the shared log to advance ahead of the dedicated log. Use 0 to indicate no limit.
SharedLogId string, default is "" Static Unique guid for shared log container. Use "" if using default path under fabric data root.
SharedLogPath string, default is "" Static Path and file name to location to place shared log container. Use "" for using default path under fabric data root.
SharedLogSizeInMB Int, default is 8192 Static The number of MB to allocate in the shared log container.
SharedLogThrottleLimitInPercentUsed int, default is 0 Static The percentage of usage of the shared log that will induce throttling. Value should be between 0 and 100. A value of 0 implies using the default percentage value. A value of 100 implies no throttling at all. A value between 1 and 99 specifies the percentage of log usage above which throttling will occur; for example if the shared log is 10GB and the value is 90 then throttleing will occur once 9GB is in use. Using the default value is recommended.
WriteBufferMemoryPoolMaximumInKB Int, default is 0 Dynamic The number of KB to allow the write buffer memory pool to grow up to. Use 0 to indicate no limit.
WriteBufferMemoryPoolMinimumInKB Int, default is 8388608 Dynamic The number of KB to initially allocate for the write buffer memory pool. Use 0 to indicate no limit Default should be consistent with SharedLogSizeInMB below.

Management

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AzureStorageMaxConnections Int, default is 5000 Dynamic The maximum number of concurrent connections to azure storage.
AzureStorageMaxWorkerThreads Int, default is 25 Dynamic The maximum number of worker threads in parallel.
AzureStorageOperationTimeout Time in seconds, default is 6000 Dynamic Specify timespan in seconds. Time out for xstore operation to complete.
CleanupApplicationPackageOnProvisionSuccess bool, default is FALSE Dynamic This configuration enables or disables the automatic cleanup of application package on successful provision.
DisableChecksumValidation Bool, default is false Static This configuration allows us to enable or disable checksum validation during application provisioning.
DisableServerSideCopy Bool, default is false Static This configuration enables or disables server-side copy of application package on the ImageStore during application provisioning.
ImageCachingEnabled Bool, default is true Static This configuration allows us to enable or disable caching.
ImageStoreConnectionString SecureString Static Connection string to the Root for ImageStore.
ImageStoreMinimumTransferBPS Int, default is 1024 Dynamic The minimum transfer rate between the cluster and ImageStore. This value is used to determine the timeout when accessing the external ImageStore. Change this value only if the latency between the cluster and ImageStore is high to allow more time for the cluster to download from the external ImageStore.

MetricActivityThresholds

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup KeyIntegerValueMap, default is None Dynamic Determines the set of MetricActivityThresholds for the metrics in the cluster. Balancing will work if maxNodeLoad is greater than MetricActivityThresholds. For defrag metrics it defines the amount of load equal to or below which Service Fabric will consider the node empty

MetricBalancingThresholds

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup KeyDoubleValueMap, default is None Dynamic Determines the set of MetricBalancingThresholds for the metrics in the cluster. Balancing will work if maxNodeLoad/minNodeLoad is greater than MetricBalancingThresholds. Defragmentation will work if maxNodeLoad/minNodeLoad in at least one FD or UD is smaller than MetricBalancingThresholds.

NamingService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
GatewayServiceDescriptionCacheLimit Int, default is 0 Static The maximum number of entries maintained in the LRU service description cache at the Naming Gateway (set to 0 for no limit).
MaxClientConnections Int, default is 1000 Dynamic The maximum allowed number of client connections per gateway.
MaxFileOperationTimeout Time in seconds, default is 30 Dynamic Specify timespan in seconds. The maximum timeout allowed for file store service operation. Requests specifying a larger timeout will be rejected.
MaxIndexedEmptyPartitions Int, default is 1000 Dynamic The maximum number of empty partitions that will remain indexed in the notification cache for synchronizing reconnecting clients. Any empty partitions above this number will be removed from the index in ascending lookup version order. Reconnecting clients can still synchronize and receive missed empty partition updates; but the synchronization protocol becomes more expensive.
MaxMessageSize Int, default is 4*1024*1024 Static The maximum message size for client node communication when using naming. DOS attack alleviation; default value is 4MB.
MaxNamingServiceHealthReports Int, default is 10 Dynamic The maximum number of slow operations that Naming store service reports unhealthy at one time. If 0; all slow operations are sent.
MaxOperationTimeout Time in seconds, default is 600 Dynamic Specify timespan in seconds. The maximum timeout allowed for client operations. Requests specifying a larger timeout will be rejected.
MaxOutstandingNotificationsPerClient Int, default is 1000 Dynamic The maximum number of outstanding notifications before a client registration is forcibly closed by the gateway.
MinReplicaSetSize Int, default is 3 Not Allowed The minimum number of Naming Service replicas required to write into to complete an update. If there are fewer replicas than this active in the system the Reliability System denies updates to the Naming Service Store until replicas are restored. This value should never be more than the TargetReplicaSetSize.
PartitionCount Int, default is 3 Not Allowed The number of partitions of the Naming Service store to be created. Each partition owns a single partition key that corresponds to its index; so partition keys [0; PartitionCount) exist. Increasing the number of Naming Service partitions increases the scale that the Naming Service can perform at by decreasing the average amount of data held by any backing replica set; at a cost of increased utilization of resources (since PartitionCount*ReplicaSetSize service replicas must be maintained).
PlacementConstraints string, default is "" Not Allowed Placement constraint for the Naming Service.
QuorumLossWaitDuration Time in seconds, default is MaxValue Not Allowed Specify timespan in seconds. When a Naming Service gets into quorum loss; this timer starts. When it expires the FM will consider the down replicas as lost; and attempt to recover quorum. Not that this may result in data loss.
RepairInterval Time in seconds, default is 5 Static Specify timespan in seconds. Interval in which the naming inconsistency repair between the authority owner and name owner will start.
ReplicaRestartWaitDuration Time in seconds, default is (60.0 * 30) Not Allowed Specify timespan in seconds. When a Naming Service replica goes down; this timer starts. When it expires the FM will begin to replace the replicas which are down (it does not yet consider them lost).
ServiceDescriptionCacheLimit Int, default is 0 Static The maximum number of entries maintained in the LRU service description cache at the Naming Store Service (set to 0 for no limit).
ServiceNotificationTimeout Time in seconds, default is 30 Dynamic Specify timespan in seconds. The timeout used when delivering service notifications to the client.
StandByReplicaKeepDuration Time in seconds, default is 3600.0 * 2 Not Allowed Specify timespan in seconds. When a Naming Service replica come back from a down state; it may have already been replaced. This timer determines how long the FM will keep the standby replica before discarding it.
TargetReplicaSetSize Int, default is 7 Not Allowed The number of replica sets for each partition of the Naming Service store. Increasing the number of replica sets increases the level of reliability for the information in the Naming Service Store; decreasing the change that the information will be lost as a result of node failures; at a cost of increased load on Windows Fabric and the amount of time it takes to perform updates to the naming data.

NodeBufferPercentage

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup KeyDoubleValueMap, default is None Dynamic Node capacity percentage per metric name; used as a buffer in order to keep some free place on a node for the failover case.

NodeCapacities

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup NodeCapacityCollectionMap Static A collection of node capacities for different metrics.

NodeDomainIds

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup NodeFaultDomainIdCollection Static Describes the fault domains a node belongs to. The fault domain is defined through a URI that describes the location of the node in the datacenter. Fault Domain URIs are of the format fd:/fd/ followed by a URI path segment.
UpgradeDomainId string, default is "" Static Describes the upgrade domain a node belongs to.

NodeProperties

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup NodePropertyCollectionMap Static A collection of string key-value pairs for node properties.

Paas

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ClusterId string, default is "" Not Allowed X509 certificate store used by fabric for configuration protection.

PerformanceCounterLocalStore

Parameter Allowed Values Upgrade Policy Guidance or Short Description
Counters String Dynamic Comma-separated list of performance counters to collect.
IsEnabled Bool, default is true Dynamic Flag indicates whether performance counter collection on local node is enabled.
MaxCounterBinaryFileSizeInMB Int, default is 1 Dynamic Maximum size (in MB) for each performance counter binary file.
NewCounterBinaryFileCreationIntervalInMinutes Int, default is 10 Dynamic Maximum interval (in seconds) after which a new performance counter binary file is created.
SamplingIntervalInSeconds Int, default is 60 Dynamic Sampling interval for performance counters being collected.

PlacementAndLoadBalancing

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AffinityConstraintPriority Int, default is 0 Dynamic Determines the priority of affinity constraint: 0: Hard; 1: Soft; negative: Ignore.
ApplicationCapacityConstraintPriority Int, default is 0 Dynamic Determines the priority of capacity constraint: 0: Hard; 1: Soft; negative: Ignore.
AutoDetectAvailableResources bool, default is TRUE Static This config will trigger auto detection of available resources on node (CPU and Memory) When this config is set to true - we will read real capacities and correct them if user specified bad node capacities or didn't define them at all If this config is set to false - we will trace a warning that user specified bad node capacities; but we will not correct them; meaning that user wants to have the capacities specified as > than the node really has or if capacities are undefined; it will assume unlimited capacity
BalancingDelayAfterNewNode Time in seconds, default is 120 Dynamic Specify timespan in seconds. Do not start balancing activities within this period after adding a new node.
BalancingDelayAfterNodeDown Time in seconds, default is 120 Dynamic Specify timespan in seconds. Do not start balancing activities within this period after a node down event.
CapacityConstraintPriority Int, default is 0 Dynamic Determines the priority of capacity constraint: 0: Hard; 1: Soft; negative: Ignore.
ConsecutiveDroppedMovementsHealthReportLimit Int, default is 20 Dynamic Defines the number of consecutive times that ResourceBalancer-issued Movements are dropped before diagnostics are conducted and health warnings are emitted. Negative: No Warnings Emitted under this condition.
ConstraintFixPartialDelayAfterNewNode Time in seconds, default is 120 Dynamic Specify timespan in seconds. DDo not Fix FaultDomain and UpgradeDomain constraint violations within this period after adding a new node.
ConstraintFixPartialDelayAfterNodeDown Time in seconds, default is 120 Dynamic Specify timespan in seconds. Do not Fix FaultDomain and UpgradeDomain constraint violations within this period after a node down event.
ConstraintViolationHealthReportLimit Int, default is 50 Dynamic Defines the number of times constraint violating replica has to be persistently unfixed before diagnostics are conducted and health reports are emitted.
DetailedConstraintViolationHealthReportLimit Int, default is 200 Dynamic Defines the number of times constraint violating replica has to be persistently unfixed before diagnostics are conducted and detailed health reports are emitted.
DetailedDiagnosticsInfoListLimit Int, default is 15 Dynamic Defines the number of diagnostic entries (with detailed information) per constraint to include before truncation in Diagnostics.
DetailedNodeListLimit Int, default is 15 Dynamic Defines the number of nodes per constraint to include before truncation in the Unplaced Replica reports.
DetailedPartitionListLimit Int, default is 15 Dynamic Defines the number of partitions per diagnostic entry for a constraint to include before truncation in Diagnostics.
DetailedVerboseHealthReportLimit Int, default is 200 Dynamic Defines the number of times an unplaced replica has to be persistently unplaced before detailed health reports are emitted.
FaultDomainConstraintPriority Int, default is 0 Dynamic Determines the priority of fault domain constraint: 0: Hard; 1: Soft; negative: Ignore.
GlobalMovementThrottleCountingInterval Time in seconds, default is 600 Static Specify timespan in seconds. Indicate the length of the past interval for which to track per domain replica movements (used along with GlobalMovementThrottleThreshold). Can be set to 0 to ignore global throttling altogether.
GlobalMovementThrottleThreshold Uint, default is 1000 Dynamic Maximum number of movements allowed in the Balancing Phase in the past interval indicated by GlobalMovementThrottleCountingInterval.
GlobalMovementThrottleThresholdForBalancing Uint, default is 0 Dynamic Maximum number of movements allowed in Balancing Phase in the past interval indicated by GlobalMovementThrottleCountingInterval. 0 indicates no limit.
GlobalMovementThrottleThresholdForPlacement Uint, default is 0 Dynamic Maximum number of movements allowed in Placement Phase in the past interval indicated by GlobalMovementThrottleCountingInterval.0 indicates no limit.
GlobalMovementThrottleThresholdPercentage double, default is 0 Dynamic Maximum number of total movements allowed in Balancing and Placement phases (expressed as percentage of total number of replicas in the cluster) in the past interval indicated by GlobalMovementThrottleCountingInterval. 0 indicates no limit. If both this and GlobalMovementThrottleThreshold are specified; then more conservative limit is used.
GlobalMovementThrottleThresholdPercentageForBalancing double, default is 0 Dynamic Maximum number of movements allowed in Balancing Phase (expressed as percentage of total number of replicas in PLB) in the past interval indicated by GlobalMovementThrottleCountingInterval. 0 indicates no limit. If both this and GlobalMovementThrottleThresholdForBalancing are specified; then more conservative limit is used.
InBuildThrottlingAssociatedMetric string, default is "" Static The associated metric name for this throttling.
InBuildThrottlingEnabled Bool, default is false Dynamic Determine whether the in-build throttling is enabled.
InBuildThrottlingGlobalMaxValue Int, default is 0 Dynamic The maximal number of in-build replicas allowed globally.
InterruptBalancingForAllFailoverUnitUpdates Bool, default is false Dynamic Determines if any type of failover unit update should interrupt fast or slow balancing run. With specified "false" balancing run will be interrupted if FailoverUnit: is created/deleted; has missing replicas; changed primary replica location or changed number of replicas. Balancing run will NOT be interrupted in other cases - if FailoverUnit: has extra replicas; changed any replica flag; changed only partition version or any other case.
MinConstraintCheckInterval Time in seconds, default is 1 Dynamic Specify timespan in seconds. Defines the minimum amount of time that must pass before two consecutive constraint check rounds.
MinLoadBalancingInterval Time in seconds, default is 5 Dynamic Specify timespan in seconds. Defines the minimum amount of time that must pass before two consecutive balancing rounds.
MinPlacementInterval Time in seconds, default is 1 Dynamic Specify timespan in seconds. Defines the minimum amount of time that must pass before two consecutive placement rounds.
MoveExistingReplicaForPlacement Bool, default is true Dynamic Setting which determines if to move existing replica during placement.
MovementPerPartitionThrottleCountingInterval Time in seconds, default is 600 Static Specify timespan in seconds. Indicate the length of the past interval for which to track replica movements for each partition (used along with MovementPerPartitionThrottleThreshold).
MovementPerPartitionThrottleThreshold Uint, default is 50 Dynamic No balancing-related movement will occur for a partition if the number of balancing related movements for replicas of that partition has reached or exceeded MovementPerFailoverUnitThrottleThreshold in the past interval indicated by MovementPerPartitionThrottleCountingInterval.
MoveParentToFixAffinityViolation Bool, default is false Dynamic Setting which determines if parent replicas can be moved to fix affinity constraints.
PartiallyPlaceServices Bool, default is true Dynamic Determines if all service replicas in cluster will be placed "all or nothing" given limited suitable nodes for them.
PlaceChildWithoutParent Bool, default is true Dynamic Setting which determines if child service replica can be placed if no parent replica is up.
PlacementConstraintPriority Int, default is 0 Dynamic Determines the priority of placement constraint: 0: Hard; 1: Soft; negative: Ignore.
PlacementConstraintValidationCacheSize Int, default is 10000 Dynamic Limits the size of the table used for quick validation and caching of Placement Constraint Expressions.
PlacementSearchTimeout Time in seconds, default is 0.5 Dynamic Specify timespan in seconds. When placing services; search for at most this long before returning a result.
PLBRefreshGap Time in seconds, default is 1 Dynamic Specify timespan in seconds. Defines the minimum amount of time that must pass before PLB refreshes state again.
PreferredLocationConstraintPriority Int, default is 2 Dynamic Determines the priority of preferred location constraint: 0: Hard; 1: Soft; 2: Optimization; negative: Ignore
PreventTransientOvercommit Bool, default is false Dynamic Determines should PLB immediately count on resources that will be freed up by the initiated moves. By default; PLB can initiate move out and move in on the same node which can create transient overcommit. Setting this parameter to true will prevent those kinds of overcommits and on-demand defrag (aka placementWithMove) will be disabled.
ScaleoutCountConstraintPriority Int, default is 0 Dynamic Determines the priority of scaleout count constraint: 0: Hard; 1: Soft; negative: Ignore.
SwapPrimaryThrottlingAssociatedMetric string, default is "" Static The associated metric name for this throttling.
SwapPrimaryThrottlingEnabled Bool, default is false Dynamic Determine whether the swap-primary throttling is enabled.
SwapPrimaryThrottlingGlobalMaxValue Int, default is 0 Dynamic The maximal number of swap-primary replicas allowed globally.
TraceCRMReasons Bool, default is true Dynamic Specifies whether to trace reasons for CRM issued movements to the operational events channel.
UpgradeDomainConstraintPriority Int, default is 1 Dynamic Determines the priority of upgrade domain constraint: 0: Hard; 1: Soft; negative: Ignore.
UseMoveCostReports Bool, default is false Dynamic Instructs the LB to ignore the cost element of the scoring function; resulting potentially large number of moves for better balanced placement.
UseSeparateSecondaryLoad Bool, default is true Dynamic Setting which determines if use different secondary load.
ValidatePlacementConstraint Bool, default is true Dynamic Specifies whether or not the PlacementConstraint expression for a service is validated when a service's ServiceDescription is updated.
VerboseHealthReportLimit Int, default is 20 Dynamic Defines the number of times a replica has to go unplaced before a health warning is reported for it (if verbose health reporting is enabled).

ReconfigurationAgent

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ApplicationUpgradeMaxReplicaCloseDuration Time in seconds, default is 900 Dynamic Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close during Application Upgrade.
FabricUpgradeMaxReplicaCloseDuration Time in seconds, default is 900 Dynamic Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close during fabric upgrade.
GracefulReplicaShutdownMaxDuration TimeSpan, default is Common::TimeSpan::FromSeconds(120) Dynamic Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close. If this value is set to 0, replicas will not be instructed to close.
NodeDeactivationMaxReplicaCloseDuration Time in seconds, default is 900 Dynamic Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close during node deactivation.
PeriodicApiSlowTraceInterval Time in seconds, default is 5 minutes Dynamic Specify timespan in seconds. PeriodicApiSlowTraceInterval defines the interval over which slow API calls will be retraced by the API monitor.
ReplicaChangeRoleFailureRestartThreshold int, default is 10 Dynamic Integer. Specify the number of API failures during primary promotion after which auto-mitigation action (replica restart) will be applied.
ReplicaChangeRoleFailureWarningReportThreshold int, default is 2147483647 Dynamic Integer. Specify the number of API failures during primary promotion after which warning health report will be raised.
ServiceApiHealthDuration Time in seconds, default is 30 minutes Dynamic Specify timespan in seconds. ServiceApiHealthDuration defines how long do we wait for a service API to run before we report it unhealthy.
ServiceReconfigurationApiHealthDuration Time in seconds, default is 30 Dynamic Specify timespan in seconds. ServiceReconfigurationApiHealthDuration defines how long do we wait for a service API to run before we report unhealthy. This applies to API calls that impact availability.

Replication

Parameter Allowed Values Upgrade Policy Guidance or Short Description
BatchAcknowledgementInterval TimeSpan, default is Common::TimeSpan::FromMilliseconds(15) Static Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before sending back an acknowledgement. Other operations received during this time period will have their acknowledgements sent back in a single message-> reducing network traffic but potentially reducing the throughput of the replicator.
MaxCopyQueueSize uint, default is 1024 Static This is the maximum value defines the initial size for the queue which maintains replication operations. Note that it must be a power of 2. If during runtime the queue grows to this size operation will be throttled between the primary and secondary replicators.
MaxPrimaryReplicationQueueMemorySize uint, default is 0 Static This is the maximum value of the primary replication queue in bytes.
MaxPrimaryReplicationQueueSize uint, default is 1024 Static This is the maximum number of operations that could exist in the primary replication queue. Note that it must be a power of 2.
MaxReplicationMessageSize uint, default is 52428800 Static Maximum message size of replication operations. Default is 50MB.
MaxSecondaryReplicationQueueMemorySize uint, default is 0 Static This is the maximum value of the secondary replication queue in bytes.
MaxSecondaryReplicationQueueSize uint, default is 2048 Static This is the maximum number of operations that could exist in the secondary replication queue. Note that it must be a power of 2.
QueueHealthMonitoringInterval TimeSpan, default is Common::TimeSpan::FromSeconds(30) Static Specify timespan in seconds. This value determines the time period used by the Replicator to monitor any warning/error health events in the replication operation queues. A value of '0' disables health monitoring
QueueHealthWarningAtUsagePercent uint, default is 80 Static This value determines the replication queue usage(in percentage) after which we report warning about high queue usage. We do so after a grace interval of QueueHealthMonitoringInterval. If the queue usage falls below this percentage in the grace interval
ReplicatorAddress string, default is "localhost:0" Static The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to establish connections with other replicas in order to send/receive operations.
ReplicatorListenAddress string, default is "localhost:0" Static The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to receive operations from other replicas.
ReplicatorPublishAddress string, default is "localhost:0" Static The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to send operations to other replicas.
RetryInterval TimeSpan, default is Common::TimeSpan::FromSeconds(5) Static Specify timespan in seconds. When an operation is lost or rejected this timer determines how often the replicator will retry sending the operation.

ResourceMonitorService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
IsEnabled bool, default is FALSE Static Controls if the service is enabled in the cluster or not.

RunAs

Parameter Allowed Values Upgrade Policy Guidance or Short Description
RunAsAccountName string, default is "" Dynamic Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType string, default is "" Dynamic Indicates the RunAs account type. This is needed for any RunAs section Valid values are "DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword string, default is "" Dynamic Indicates the RunAs account password. This is only needed for "DomainUser" account type.

RunAs_DCA

Parameter Allowed Values Upgrade Policy Guidance or Short Description
RunAsAccountName string, default is "" Dynamic Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType string, default is "" Dynamic Indicates the RunAs account type. This is needed for any RunAs section Valid values are "LocalUser/DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword string, default is "" Dynamic Indicates the RunAs account password. This is only needed for "DomainUser" account type.

RunAs_Fabric

Parameter Allowed Values Upgrade Policy Guidance or Short Description
RunAsAccountName string, default is "" Dynamic Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType string, default is "" Dynamic Indicates the RunAs account type. This is needed for any RunAs section Valid values are "LocalUser/DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword string, default is "" Dynamic Indicates the RunAs account password. This is only needed for "DomainUser" account type.

RunAs_HttpGateway

Parameter Allowed Values Upgrade Policy Guidance or Short Description
RunAsAccountName string, default is "" Dynamic Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType string, default is "" Dynamic Indicates the RunAs account type. This is needed for any RunAs section Valid values are "LocalUser/DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword string, default is "" Dynamic Indicates the RunAs account password. This is only needed for "DomainUser" account type.

Security

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AADCertEndpointFormat string, default is "" Static AAD Cert Endpoint Format, default Azure Commercial, specified for non-default environment such as Azure Government "https://login.microsoftonline.us/{0}/federationmetadata/2007-06/federationmetadata.xml"
AADClientApplication string, default is "" Static Native Client application name or ID representing Fabric Clients
AADClusterApplication string, default is "" Static Web API application name or ID representing the cluster
AADLoginEndpoint string, default is "" Static AAD Login Endpoint, default Azure Commercial, specified for non-default environment such as Azure Government "https://login.microsoftonline.us"
AADTenantId string, default is "" Static Tenant ID (GUID)
AdminClientCertThumbprints string, default is "" Dynamic Thumbprints of certificates used by clients in admin role. It is a comma-separated name list.
AADTokenEndpointFormat string, default is "" Static AAD Token Endpoint, default Azure Commercial, specified for non-default environment such as Azure Government "https://login.microsoftonline.us/{0}"
AdminClientClaims string, default is "" Dynamic All possible claims expected from admin clients; the same format as ClientClaims; this list internally gets added to ClientClaims; so no need to also add the same entries to ClientClaims.
AdminClientIdentities string, default is "" Dynamic Windows identities of fabric clients in admin role; used to authorize privileged fabric operations. It is a comma-separated list; each entry is a domain account name or group name. For convenience; the account that runs fabric.exe is automatically assigned admin role; so is group ServiceFabricAdministrators.
CertificateExpirySafetyMargin TimeSpan, default is Common::TimeSpan::FromMinutes(43200) Static Specify timespan in seconds. Safety margin for certificate expiration; certificate health report status changes from OK to Warning when expiration is closer than this. Default is 30 days.
CertificateHealthReportingInterval TimeSpan, default is Common::TimeSpan::FromSeconds(3600 * 8) Static Specify timespan in seconds. Specify interval for certificate health reporting; default to 8 hours; setting to 0 disables certificate health reporting
ClientCertThumbprints string, default is "" Dynamic Thumbprints of certificates used by clients to talk to the cluster; cluster uses this authorize incoming connection. It is a comma-separated name list.
ClientClaimAuthEnabled bool, default is FALSE Static Indicates if claim-based authentication is enabled on clients; setting this true implicitly sets ClientRoleEnabled.
ClientClaims string, default is "" Dynamic All possible claims expected from clients for connecting to gateway. This is a 'OR' list: ClaimsEntry || ClaimsEntry || ClaimsEntry ... each ClaimsEntry is a "AND" list: ClaimType=ClaimValue && ClaimType=ClaimValue && ClaimType=ClaimValue ...
ClientIdentities string, default is "" Dynamic Windows identities of FabricClient; naming gateway uses this to authorize incoming connections. It is a comma-separated list; each entry is a domain account name or group name. For convenience; the account that runs fabric.exe is automatically allowed; so are group ServiceFabricAllowedUsers and ServiceFabricAdministrators.
ClientRoleEnabled bool, default is FALSE Static Indicates if client role is enabled; when set to true; clients are assigned roles based on their identities. For V2; enabling this means client not in AdminClientCommonNames/AdminClientIdentities can only execute read-only operations.
ClusterCertThumbprints string, default is "" Dynamic Thumbprints of certificates allowed to join the cluster; a comma-separated name list.
ClusterCredentialType string, default is "None" Not Allowed Indicates the type of security credentials to use in order to secure the cluster. Valid values are "None/X509/Windows"
ClusterIdentities string, default is "" Dynamic Windows identities of cluster nodes; used for cluster membership authorization. It is a comma-separated list; each entry is a domain account name or group name
ClusterSpn string, default is "" Not Allowed Service principal name of the cluster; when fabric runs as a single domain user (gMSA/domain user account). It is the SPN of lease listeners and listeners in fabric.exe: federation listeners; internal replication listeners; runtime service listener and naming gateway listener. This should be left empty when fabric runs as machine accounts; in which case connecting side compute listener SPN from listener transport address.
CrlCheckingFlag uint, default is 0x40000000 Dynamic Default certificate chain validation flag; may be overridden by component-specific flag; e.g. Federation/X509CertChainFlags 0x10000000 CERT_CHAIN_REVOCATION_CHECK_END_CERT 0x20000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x40000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x80000000 CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY Setting to 0 disables CRL checking Full list of supported values is documented by dwFlags of CertGetCertificateChain: http://msdn.microsoft.com/library/windows/desktop/aa376078(v=vs.85).aspx
CrlDisablePeriod TimeSpan, default is Common::TimeSpan::FromMinutes(15) Dynamic Specify timespan in seconds. How long CRL checking is disabled for a given certificate after encountering offline error; if CRL offline error can be ignored.
CrlOfflineHealthReportTtl TimeSpan, default is Common::TimeSpan::FromMinutes(1440) Dynamic Specify timespan in seconds.
DisableFirewallRuleForDomainProfile bool, default is TRUE Static Indicates if firewall rule should not be enabled for domain profile
DisableFirewallRuleForPrivateProfile bool, default is TRUE Static Indicates if firewall rule should not be enabled for private profile
DisableFirewallRuleForPublicProfile bool, default is TRUE Static Indicates if firewall rule should not be enabled for public profile
FabricHostSpn string, default is "" Static Service principal name of FabricHost; when fabric runs as a single domain user (gMSA/domain user account) and FabricHost runs under machine account. It is the SPN of IPC listener for FabricHost; which by default should be left empty since FabricHost runs under machine account
IgnoreCrlOfflineError bool, default is FALSE Dynamic Whether to ignore CRL offline error when server-side verifies incoming client certificates
IgnoreSvrCrlOfflineError bool, default is TRUE Dynamic Whether to ignore CRL offline error when client side verifies incoming server certificates; default to true. Attacks with revoked server certificates require compromising DNS; harder than with revoked client certificates.
ServerAuthCredentialType string, default is "None" Static Indicates the type of security credentials to use in order to secure the communication between FabricClient and the Cluster. Valid values are "None/X509/Windows"
ServerCertThumbprints string, default is "" Dynamic Thumbprints of server certificates used by cluster to talk to clients; clients use this to authenticate the cluster. It is a comma-separated name list.
SettingsX509StoreName string, default is "MY" Dynamic X509 certificate store used by fabric for configuration protection
UseClusterCertForIpcServerTlsSecurity bool, default is FALSE Static Whether to use cluster certificate to secure IPC Server TLS transport unit
X509Folder string, default is /var/lib/waagent Static Folder where X509 certificates and private keys are located

Security/AdminClientX509Names

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup X509NameMap, default is None Dynamic This is a list of “Name” and “Value” pair. Each “Name” is of subject common name or DnsName of X509 certificates authorized for admin client operations. For a given “Name”, “Value” is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of admin client certificates must be in the list.

Security/ClientAccess

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ActivateNode string, default is "Admin" Dynamic Security configuration for activation a node.
CancelTestCommand string, default is "Admin" Dynamic Cancels a specific TestCommand - if it is in flight.
CodePackageControl string, default is "Admin" Dynamic Security configuration for restarting code packages.
CreateApplication string, default is "Admin" Dynamic Security configuration for application creation.
CreateComposeDeployment string, default is "Admin" Dynamic Creates a compose deployment described by compose files
CreateName string, default is "Admin" Dynamic Security configuration for Naming URI creation.
CreateService string, default is "Admin" Dynamic Security configuration for service creation.
CreateServiceFromTemplate string, default is "Admin" Dynamic Security configuration for service creation from template.
CreateVolume string, default is "Admin" Dynamic Creates a volume
DeactivateNode string, default is "Admin" Dynamic Security configuration for deactivating a node.
DeactivateNodesBatch string, default is "Admin" Dynamic Security configuration for deactivating multiple nodes.
Delete string, default is "Admin" Dynamic Security configurations for image store client delete operation.
DeleteApplication string, default is "Admin" Dynamic Security configuration for application deletion.
DeleteComposeDeployment string, default is "Admin" Dynamic Deletes the compose deployment
DeleteName string, default is "Admin" Dynamic Security configuration for Naming URI deletion.
DeleteService string, default is "Admin" Dynamic Security configuration for service deletion.
DeleteVolume string, default is "Admin" Dynamic Deletes a volume.
EnumerateProperties string, default is "Admin||User" Dynamic Security configuration for Naming property enumeration.
EnumerateSubnames string, default is "Admin||User" Dynamic Security configuration for Naming URI enumeration.
FileContent string, default is "Admin" Dynamic Security configuration for image store client file transfer (external to cluster).
FileDownload string, default is "Admin" Dynamic Security configuration for image store client file download initiation (external to cluster).
FinishInfrastructureTask string, default is "Admin" Dynamic Security configuration for finishing infrastructure tasks.
GetChaosReport string, default is "Admin||User" Dynamic Fetches the status of Chaos within a given time range.
GetClusterConfiguration string, default is "Admin||User" Dynamic Induces GetClusterConfiguration on a partition.
GetClusterConfigurationUpgradeStatus string, default is "Admin||User" Dynamic Induces GetClusterConfigurationUpgradeStatus on a partition.
GetFabricUpgradeStatus string, default is "Admin||User" Dynamic Security configuration for polling cluster upgrade status.
GetNodeDeactivationStatus string, default is "Admin" Dynamic Security configuration for checking deactivation status.
GetNodeTransitionProgress string, default is "Admin||User" Dynamic Security configuration for getting progress on a node transition command.
GetPartitionDataLossProgress string, default is "Admin||User" Dynamic Fetches the progress for an invoke data loss api call.
GetPartitionQuorumLossProgress string, default is "Admin||User" Dynamic Fetches the progress for an invoke quorum loss api call.
GetPartitionRestartProgress string, default is "Admin||User" Dynamic Fetches the progress for a restart partition api call.
GetServiceDescription string, default is "Admin||User" Dynamic Security configuration for long-poll service notifications and reading service descriptions.
GetStagingLocation string, default is "Admin" Dynamic Security configuration for image store client staging location retrieval.
GetStoreLocation string, default is "Admin" Dynamic Security configuration for image store client store location retrieval.
GetUpgradeOrchestrationServiceState string, default is "Admin" Dynamic Induces GetUpgradeOrchestrationServiceState on a partition
GetUpgradesPendingApproval string, default is "Admin" Dynamic Induces GetUpgradesPendingApproval on a partition.
GetUpgradeStatus string, default is "Admin||User" Dynamic Security configuration for polling application upgrade status.
InternalList string, default is "Admin" Dynamic Security configuration for image store client file list operation (internal).
InvokeContainerApi string,default is "Admin" Dynamic Invoke container API
InvokeInfrastructureCommand string, default is "Admin" Dynamic Security configuration for infrastructure task management commands.
InvokeInfrastructureQuery string, default is "Admin||User" Dynamic Security configuration for querying infrastructure tasks.
List string, default is "Admin||User" Dynamic Security configuration for image store client file list operation.
MoveNextFabricUpgradeDomain string, default is "Admin" Dynamic Security configuration for resuming cluster upgrades with an explicity Upgrade Domain.
MoveNextUpgradeDomain string, default is "Admin" Dynamic Security configuration for resuming application upgrades with an explicit Upgrade Domain.
MoveReplicaControl string, default is "Admin" Dynamic Move replica.
NameExists string, default is "Admin||User" Dynamic Security configuration for Naming URI existence checks.
NodeControl string, default is "Admin" Dynamic Security configuration for starting; stopping; and restarting nodes.
NodeStateRemoved string, default is "Admin" Dynamic Security configuration for reporting node state removed.
Ping string, default is "Admin||User" Dynamic Security configuration for client pings.
PredeployPackageToNode string, default is "Admin" Dynamic Predeployment api.
PrefixResolveService string, default is "Admin||User" Dynamic Security configuration for complaint-based service prefix resolution.
PropertyReadBatch string, default is "Admin||User" Dynamic Security configuration for Naming property read operations.
PropertyWriteBatch string, default is "Admin" Dynamic Security configurations for Naming property write operations.
ProvisionApplicationType string, default is "Admin" Dynamic Security configuration for application type provisioning.
ProvisionFabric string, default is "Admin" Dynamic Security configuration for MSI and/or Cluster Manifest provisioning.
Query string, default is "Admin||User" Dynamic Security configuration for queries.
RecoverPartition string, default is "Admin" Dynamic Security configuration for recovering a partition.
RecoverPartitions string, default is "Admin" Dynamic Security configuration for recovering partitions.
RecoverServicePartitions string, default is "Admin" Dynamic Security configuration for recovering service partitions.
RecoverSystemPartitions string, default is "Admin" Dynamic Security configuration for recovering system service partitions.
RemoveNodeDeactivations string, default is "Admin" Dynamic Security configuration for reverting deactivation on multiple nodes.
ReportFabricUpgradeHealth string, default is "Admin" Dynamic Security configuration for resuming cluster upgrades with the current upgrade progress.
ReportFault string, default is "Admin" Dynamic Security configuration for reporting fault.
ReportHealth string, default is "Admin" Dynamic Security configuration for reporting health.
ReportUpgradeHealth string, default is "Admin" Dynamic Security configuration for resuming application upgrades with the current upgrade progress.
ResetPartitionLoad string, default is "Admin||User" Dynamic Security configuration for reset load for a failoverUnit.
ResolveNameOwner string, default is "Admin||User" Dynamic Security configuration for resolving Naming URI owner.
ResolvePartition string, default is "Admin||User" Dynamic Security configuration for resolving system services.
ResolveService string, default is "Admin||User" Dynamic Security configuration for complaint-based service resolution.
ResolveSystemService string, default is "Admin||User" Dynamic Security configuration for resolving system services
RollbackApplicationUpgrade string, default is "Admin" Dynamic Security configuration for rolling back application upgrades.
RollbackFabricUpgrade string, default is "Admin" Dynamic Security configuration for rolling back cluster upgrades.
ServiceNotifications string, default is "Admin||User" Dynamic Security configuration for event-based service notifications.
SetUpgradeOrchestrationServiceState string, default is "Admin" Dynamic Induces SetUpgradeOrchestrationServiceState on a partition
StartApprovedUpgrades string, default is "Admin" Dynamic Induces StartApprovedUpgrades on a partition.
StartChaos string, default is "Admin" Dynamic Starts Chaos - if it is not already started.
StartClusterConfigurationUpgrade string, default is "Admin" Dynamic Induces StartClusterConfigurationUpgrade on a partition.
StartInfrastructureTask string, default is "Admin" Dynamic Security configuration for starting infrastructure tasks.
StartNodeTransition string, default is "Admin" Dynamic Security configuration for starting a node transition.
StartPartitionDataLoss string, default is "Admin" Dynamic Induces data loss on a partition.
StartPartitionQuorumLoss string, default is "Admin" Dynamic Induces quorum loss on a partition.
StartPartitionRestart string, default is "Admin" Dynamic Simultaneously restarts some or all the replicas of a partition.
StopChaos string, default is "Admin" Dynamic Stops Chaos - if it has been started.
ToggleVerboseServicePlacementHealthReporting string, default is "Admin||User" Dynamic Security configuration for Toggling Verbose ServicePlacement HealthReporting.
UnprovisionApplicationType string, default is "Admin" Dynamic Security configuration for application type unprovisioning.
UnprovisionFabric string, default is "Admin" Dynamic Security configuration for MSI and/or Cluster Manifest unprovisioning.
UnreliableTransportControl string, default is "Admin" Dynamic Unreliable Transport for adding and removing behaviors.
UpdateService string, default is "Admin" Dynamic Security configuration for service updates.
UpgradeApplication string, default is "Admin" Dynamic Security configuration for starting or interrupting application upgrades.
UpgradeComposeDeployment string, default is "Admin" Dynamic Upgrades the compose deployment
UpgradeFabric string, default is "Admin" Dynamic Security configuration for starting cluster upgrades.
Upload string, default is "Admin" Dynamic Security configuration for image store client upload operation.

Security/ClientCertificateIssuerStores

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup IssuerStoreKeyValueMap, default is None Dynamic X509 issuer certificate stores for client certificates; Name = clientIssuerCN; Value = comma separated list of stores

Security/ClientX509Names

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup X509NameMap, default is None Dynamic This is a list of “Name” and “Value” pair. Each “Name” is of subject common name or DnsName of X509 certificates authorized for client operations. For a given “Name”, “Value” is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of client certificates must be in the list.

Security/ClusterCertificateIssuerStores

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup IssuerStoreKeyValueMap, default is None Dynamic X509 issuer certificate stores for cluster certificates; Name = clusterIssuerCN; Value = comma separated list of stores

Security/ClusterX509Names

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup X509NameMap, default is None Dynamic This is a list of “Name” and “Value” pair. Each “Name” is of subject common name or DnsName of X509 certificates authorized for cluster operations. For a given “Name”,“Value” is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of cluster certificates must be in the list.

Security/ServerCertificateIssuerStores

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup IssuerStoreKeyValueMap, default is None Dynamic X509 issuer certificate stores for server certificates; Name = serverIssuerCN; Value = comma separated list of stores

Security/ServerX509Names

Parameter Allowed Values Upgrade Policy Guidance or Short Description
PropertyGroup X509NameMap, default is None Dynamic This is a list of “Name” and “Value” pair. Each “Name” is of subject common name or DnsName of X509 certificates authorized for server operations. For a given “Name”, “Value” is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of server certificates must be in the list.

Setup

Parameter Allowed Values Upgrade Policy Guidance or Short Description
ContainerNetworkName string, default is "" Static The network name to use when setting up a container network.
ContainerNetworkSetup bool, default is FALSE Static Whether to set up a container network.
FabricDataRoot String Not Allowed Service Fabric data root directory. Default for Azure is d:\svcfab
FabricLogRoot String Not Allowed Service fabric log root directory. This is where SF logs and traces are placed.
NodesToBeRemoved string, default is "" Dynamic The nodes which should be removed as part of configuration upgrade. (Only for Standalone Deployments)
ServiceRunAsAccountName String Not Allowed The account name under which to run fabric host service.
SkipContainerNetworkResetOnReboot bool, default is FALSE NotAllowed Whether to skip resetting container network on reboot.
SkipFirewallConfiguration Bool, default is false Not Allowed Specifies if firewall settings need to be set by the system or not. This applies only if you are using windows firewall. If you are using third party firewalls, then you must open the ports for the system and applications to use

TokenValidationService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
Providers string, default is "DSTS" Static Comma separated list of token validation providers to enable (valid providers are: DSTS; AAD). Currently only a single provider can be enabled at any time.

Trace/Etw

Parameter Allowed Values Upgrade Policy Guidance or Short Description
Level Int, default is 4 Dynamic Trace etw level can take values 1, 2, 3, 4. To be supported you must keep the trace level at 4

TransactionalReplicator

Parameter Allowed Values Upgrade Policy Guidance or Short Description
BatchAcknowledgementInterval Time in seconds, default is 0.015 Static Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before sending back an acknowledgement. Other operations received during this time period will have their acknowledgements sent back in a single message-> reducing network traffic but potentially reducing the throughput of the replicator.
MaxCopyQueueSize Uint, default is 16384 Static This is the maximum value defines the initial size for the queue which maintains replication operations. Note that it must be a power of 2. If during runtime the queue grows to this size operation will be throttled between the primary and secondary replicators.
MaxPrimaryReplicationQueueMemorySize Uint, default is 0 Static This is the maximum value of the primary replication queue in bytes.
MaxPrimaryReplicationQueueSize Uint, default is 8192 Static This is the maximum number of operations that could exist in the primary replication queue. Note that it must be a power of 2.
MaxReplicationMessageSize Uint, default is 52428800 Static Maximum message size of replication operations. Default is 50MB.
MaxSecondaryReplicationQueueMemorySize Uint, default is 0 Static This is the maximum value of the secondary replication queue in bytes.
MaxSecondaryReplicationQueueSize Uint, default is 16384 Static This is the maximum number of operations that could exist in the secondary replication queue. Note that it must be a power of 2.
ReplicatorAddress string, default is "localhost:0" Static The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to establish connections with other replicas in order to send/receive operations.

Transport

Parameter Allowed Values Upgrade policy Guidance or Short Description
ConnectionOpenTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(60) Static Specify timespan in seconds. Time out for connection setup on both incoming and accepting side (including security negotiation in secure mode)
FrameHeaderErrorCheckingEnabled bool, default is TRUE Static Default setting for error checking on frame header in non-secure mode; component setting overrides this.
MessageErrorCheckingEnabled bool,default is FALSE Static Default setting for error checking on message header and body in non-secure mode; component setting overrides this.
ResolveOption string, default is "unspecified" Static Determines how FQDN is resolved. Valid values are "unspecified/ipv4/ipv6".
SendTimeout TimeSpan, default is Common::TimeSpan::FromSeconds(300) Dynamic Specify timespan in seconds. Send timeout for detecting stuck connection. TCP failure reports are not reliable in some environment. This may need to be adjusted according to available network bandwidth and size of outbound data (*MaxMessageSize/*SendQueueSizeLimit).

UpgradeOrchestrationService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
AutoupgradeEnabled Bool, default is true Static Automatic polling and upgrade action based on a goal-state file.
MinReplicaSetSize Int, default is 0 Static The MinReplicaSetSize for UpgradeOrchestrationService.
PlacementConstraints string, default is "" Static The PlacementConstraints for UpgradeOrchestrationService.
QuorumLossWaitDuration Time in seconds, default is MaxValue Static Specify timespan in seconds. The QuorumLossWaitDuration for UpgradeOrchestrationService.
ReplicaRestartWaitDuration Time in seconds, default is 60 minutes Static Specify timespan in seconds. The ReplicaRestartWaitDuration for UpgradeOrchestrationService.
StandByReplicaKeepDuration Time in seconds, default is 60247 minutes Static Specify timespan in seconds. The StandByReplicaKeepDuration for UpgradeOrchestrationService.
TargetReplicaSetSize Int, default is 0 Static The TargetReplicaSetSize for UpgradeOrchestrationService.
UpgradeApprovalRequired Bool, default is false Static Setting to make code upgrade require administrator approval before proceeding.

UpgradeService

Parameter Allowed Values Upgrade Policy Guidance or Short Description
BaseUrl string, default is "" Static BaseUrl for UpgradeService.
ClusterId string, default is "" Static ClusterId for UpgradeService.
CoordinatorType string, default is "WUTest" Not Allowed The CoordinatorType for UpgradeService.
MinReplicaSetSize Int, default is 2 Not Allowed The MinReplicaSetSize for UpgradeService.
OnlyBaseUpgrade Bool, default is false Dynamic OnlyBaseUpgrade for UpgradeService.
PlacementConstraints string, default is "" Not Allowed The PlacementConstraints for Upgrade service.
TargetReplicaSetSize Int, default is 3 Not Allowed The TargetReplicaSetSize for UpgradeService.
TestCabFolder string, default is "" Static TestCabFolder for UpgradeService.
X509FindType string, default is "" Dynamic X509FindType for UpgradeService.
X509FindValue string, default is "" Dynamic X509FindValue for UpgradeService.
X509SecondaryFindValue string, default is "" Dynamic X509SecondaryFindValue for UpgradeService.
X509StoreLocation string, default is "" Dynamic X509StoreLocation for UpgradeService.
X509StoreName string, default is "My" Dynamic X509StoreName for UpgradeService.

Next steps

For more information, see Upgrade the configuration of an Azure cluster and Upgrade the configuration of a standalone cluster.