Customize Service Fabric cluster settings

This article describes the various fabric settings for your Service Fabric cluster that you can customize. For clusters hosted in Azure, you can customize settings through the Azure portal or by using an Azure Resource Manager template. For more information, see Upgrade the configuration of an Azure cluster. For standalone clusters, you customize settings by updating the ClusterConfig.json file and performing a configuration upgrade on your cluster. For more information, see Upgrade the configuration of a standalone cluster.

There are three different upgrade policies:

• Dynamic – Changes to a dynamic configuration don't cause any process restarts of either Service Fabric processes or your service host processes.
• Static – Changes to a static configuration cause the Service Fabric node to restart in order to consume the change. Services on the nodes is restarted.
• NotAllowed – These settings cannot be modified. Changing these settings requires that the cluster be destroyed and a new cluster created.

The following is a list of Fabric settings that you can customize, organized by section.

ApplicationGateway/Http

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ApplicationCertificateValidationPolicy	string, default is "None"	Static	This doesn't validate the server certificate; succeed the request. Refer to config ServiceCertificateThumbprints for the comma-separated list of thumbprints of the remote certs that the reverse proxy can trust. Refer to config ServiceCommonNameAndIssuer for the subject name and issuer thumbprint of the remote certs that the reverse proxy can trust. To learn more, see Reverse proxy secure connection.
BodyChunkSize	Uint, default is 16384	Dynamic	Gives the size of for the chunk in bytes used to read the body.
CrlCheckingFlag	uint, default is 0x40000000	Dynamic	Flags for application/service certificate chain validation; for example, CRL checking 0x10000000 CERT_CHAIN_REVOCATION_CHECK_END_CERT 0x20000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x40000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x80000000 CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY Setting to 0 disables CRL checking Full list of supported values is documented by dwFlags of CertGetCertificateChain: https://msdn.microsoft.com/library/windows/desktop/aa376078(v=vs.85).aspx
DefaultHttpRequestTimeout	Time in seconds. default is 120	Dynamic	Specify timespan in seconds. Gives the default request timeout for the http requests being processed in the http app gateway.
ForwardClientCertificate	bool, default is FALSE	Dynamic	When set to false, reverse proxy won't request for the client certificate. When set to true, reverse proxy requests for the client certificate during the TLS handshake and forward the base64 encoded PEM format string to the service in a header named X-Client-Certificate. The service can fail the request with appropriate status code after inspecting the certificate data. If this is true and client doesn't present a certificate, reverse proxy forwards an empty header and let the service handle the case. Reverse proxy acts as a transparent layer. To learn more, see Set up client certificate authentication.
GatewayAuthCredentialType	string, default is "None"	Static	Indicates the type of security credentials to use at the http app gateway endpoint Valid values are None/X509.
GatewayX509CertificateFindType	string, default is "FindByThumbprint"	Dynamic	Indicates how to search for certificate in the store specified by GatewayX509CertificateStoreName Supported value: FindByThumbprint; FindBySubjectName.
GatewayX509CertificateFindValue	string, default is ""	Dynamic	Search filter value used to locate the http app gateway certificate. This certificate is configured on the https endpoint and can also be used to verify the identity of the app if needed by the services. FindValue is looked up first; and if that doesn't exist; FindValueSecondary is looked up.
GatewayX509CertificateFindValueSecondary	string, default is ""	Dynamic	Search filter value used to locate the http app gateway certificate. This certificate is configured on the https endpoint and can also be used to verify the identity of the app if needed by the services. FindValue is looked up first; and if that doesn't exist; FindValueSecondary is looked up.
GatewayX509CertificateStoreName	string, default is "My"	Dynamic	Name of X.509 certificate store that contains certificate for http app gateway.
HttpRequestConnectTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(5)	Dynamic	Specify timespan in seconds. Gives the connect timeout for the http requests being sent from the http app gateway.
IgnoreCrlOfflineError	bool, default is TRUE	Dynamic	Whether to ignore CRL offline error for application/service certificate verification.
IsEnabled	Bool, default is false	Static	Enables/Disables the HttpApplicationGateway. HttpApplicationGateway is disabled by default and this config needs to be set to enable it.
NumberOfParallelOperations	Uint, default is 5000	Static	Number of reads to post to the http server queue. This controls the number of concurrent requests that can be satisfied by the HttpGateway.
RemoveServiceResponseHeaders	string, default is "Date; Server"	Static	Semi colon/ comma-separated list of response headers that is removed from the service response; before forwarding it to the client. If this is set to empty string; pass all the headers returned by the service as-is. i.e, don't overwrite the Date and Server
ResolveServiceBackoffInterval	Time in seconds, default is 5	Dynamic	Specify timespan in seconds. Gives the default back-off interval before retrying a failed resolve service operation.
SecureOnlyMode	bool, default is FALSE	Dynamic	SecureOnlyMode: true: Reverse Proxy will only forward to services that publish secure endpoints. false: Reverse Proxy can forward requests to secure/non-secure endpoints. To learn more, see Reverse proxy endpoint selection logic.
ServiceCertificateThumbprints	string, default is ""	Dynamic	The comma-separated list of thumbprints of the remote certs that the reverse proxy can trust. To learn more, see Reverse proxy secure connection.

ApplicationGateway/Http/ServiceCommonNameAndIssuer

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	X509NameMap, default is None	Dynamic	Subject name and issuer thumbprint of the remote certs that the reverse proxy can trust. To learn more, see Reverse proxy secure connection.

BackupRestoreService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
MinReplicaSetSize	int, default is 0	Static	The MinReplicaSetSize for BackupRestoreService
PlacementConstraints	string, default is ""	Static	The PlacementConstraints for BackupRestore service
SecretEncryptionCertThumbprint	string, default is ""	Dynamic	Thumbprint of the Secret encryption X509 certificate
SecretEncryptionCertX509StoreName	string, recommended value is "My" (no default)	Dynamic	This indicates the certificate to use for encryption and decryption of creds Name of X.509 certificate store that is used for encrypting decrypting store credentials used by Backup Restore service
TargetReplicaSetSize	int, default is 0	Static	The TargetReplicaSetSize for BackupRestoreService

CentralSecretService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
DeployedState	wstring, default is L"Disabled"	Static	2-stage removal of CSS.
EnableSecretMonitoring	bool, default is FALSE	Static	Must be enabled to use Managed KeyVaultReferences. Default may become true in the future. For more information, see KeyVaultReference support for Azure-deployed Service Fabric Applications
SecretMonitoringInterval	TimeSpan, default is Common::TimeSpan::FromMinutes(15)	Static	The rate at which Service Fabric polls Key Vault for changes when using Managed KeyVaultReferences. This rate is a best effort, and changes in Key Vault may be reflected in the cluster earlier or later than the interval. For more information, see KeyVaultReference support for Azure-deployed Service Fabric Applications
UpdateEncryptionCertificateTimeout	TimeSpan, default is Common::TimeSpan::MaxValue	Static	Specify timespan in seconds. The default has changed to TimeSpan::MaxValue; but overrides are still respected. May be deprecated in the future.

CentralSecretService/Replication

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces network traffic.

ClusterManager

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AllowCustomUpgradeSortPolicies	Bool, default is false	Dynamic	Whether or not custom upgrade sort policies are allowed. This is used to perform 2-phase upgrade enabling this feature. Service Fabric 6.5 adds support for specifying sort policy for upgrade domains during cluster- or application upgrades. Supported policies are Numeric, Lexicographical, ReverseNumeric, and ReverseLexicographical. The default is Numeric. To be able to use this feature, the cluster manifest setting ClusterManager/ AllowCustomUpgradeSortPolicies must be set to True as a second config upgrade step after the SF 6.5 code has completed upgrade. It is important that this is done on two phases, otherwise the code upgrade may get confused about the upgrade order during the first upgrade.
EnableDefaultServicesUpgrade	Bool, default is false	Dynamic	Enable upgrading default services during application upgrade. Default service descriptions would be overwritten after upgrade.
FabricUpgradeHealthCheckInterval	Time in seconds, default is 60	Dynamic	The frequency of health status check during a monitored Fabric upgrade
FabricUpgradeStatusPollInterval	Time in seconds, default is 60	Dynamic	The frequency of polling for Fabric upgrade status. This value determines the rate of update for any GetFabricUpgradeProgress call
ImageBuilderTimeoutBuffer	Time in seconds, default is 3	Dynamic	Specify timespan in seconds. The amount of time to allow for Image Builder specific timeout errors to return to the client. If this buffer is too small; then the client times out before the server and gets a generic timeout error.
InfrastructureTaskHealthCheckRetryTimeout	Time in seconds, default is 60	Dynamic	Specify timespan in seconds. The amount of time to spend retrying failed health checks while post-processing an infrastructure task. Observing a passed health check resets this timer.
InfrastructureTaskHealthCheckStableDuration	Time in seconds, default is 0	Dynamic	Specify timespan in seconds. The amount of time to observe consecutive passed health checks before post-processing of an infrastructure task finishes successfully. Observing a failed health check resets this timer.
InfrastructureTaskHealthCheckWaitDuration	Time in seconds, default is 0	Dynamic	Specify timespan in seconds. The amount of time to wait before starting health checks after post-processing an infrastructure task.
InfrastructureTaskProcessingInterval	Time in seconds, default is 10	Dynamic	Specify timespan in seconds. The processing interval used by the infrastructure task processing state machine.
MaxCommunicationTimeout	Time in seconds, default is 600	Dynamic	Specify timespan in seconds. The maximum timeout for internal communications between ClusterManager and other system services (that is; Naming Service; Failover Manager and etc.). This timeout should be smaller than global MaxOperationTimeout (as there might be multiple communications between system components for each client operation).
MaxDataMigrationTimeout	Time in seconds, default is 600	Dynamic	Specify timespan in seconds. The maximum timeout for data migration recovery operations after a Fabric upgrade has taken place.
MaxOperationRetryDelay	Time in seconds, default is 5	Dynamic	Specify timespan in seconds. The maximum delay for internal retries when failures are encountered.
MaxOperationTimeout	Time in seconds, default is MaxValue	Dynamic	Specify timespan in seconds. The maximum global timeout for internally processing operations on ClusterManager.
MaxTimeoutRetryBuffer	Time in seconds, default is 600	Dynamic	Specify timespan in seconds. The maximum operation timeout when internally retrying due to timeouts is <Original Time out> + <MaxTimeoutRetryBuffer>. More timeout is added in increments of MinOperationTimeout.
MinOperationTimeout	Time in seconds, default is 60	Dynamic	Specify timespan in seconds. The minimum global timeout for internally processing operations on ClusterManager.
MinReplicaSetSize	Int, default is 3	Not Allowed	The MinReplicaSetSize for ClusterManager.
PlacementConstraints	string, default is ""	Not Allowed	The PlacementConstraints for ClusterManager.
QuorumLossWaitDuration	Time in seconds, default is MaxValue	Not Allowed	Specify timespan in seconds. The QuorumLossWaitDuration for ClusterManager.
ReplicaRestartWaitDuration	Time in seconds, default is (60.0 * 30)	Not Allowed	Specify timespan in seconds. The ReplicaRestartWaitDuration for ClusterManager.
ReplicaSetCheckTimeoutRollbackOverride	Time in seconds, default is 1200	Dynamic	Specify timespan in seconds. If ReplicaSetCheckTimeout is set to the maximum value of DWORD; then it's overridden with the value of this config for the purposes of rollback. The value used for roll-forward is never overridden.
SkipRollbackUpdateDefaultService	Bool, default is false	Dynamic	The CM skips reverting updated default services during application upgrade rollback.
StandByReplicaKeepDuration	Time in seconds, default is (3600.0 * 2)	Not Allowed	Specify timespan in seconds. The StandByReplicaKeepDuration for ClusterManager.
TargetReplicaSetSize	Int, default is 7	Not Allowed	The TargetReplicaSetSize for ClusterManager.
UpgradeHealthCheckInterval	Time in seconds, default is 60	Dynamic	The frequency of health status checks during a monitored application upgrades
UpgradeStatusPollInterval	Time in seconds, default is 60	Dynamic	The frequency of polling for application upgrade status. This value determines the rate of update for any GetApplicationUpgradeProgress call
CompleteClientRequest	Bool, default is false	Dynamic	Complete client request when accepted by CM.

ClusterManager/Replication

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces network traffic.

Common

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AllowCreateUpdateMultiInstancePerNodeServices	Bool, default is false	Dynamic	Allows creation of multiple stateless instances of a service per node. This feature is currently in preview.
EnableAuxiliaryReplicas	Bool, default is false	Dynamic	Enable creation or update of auxiliary replicas on services. If true; upgrades from SF version 8.1+ to lower targetVersion is blocked.
PerfMonitorInterval	Time in seconds, default is 1	Dynamic	Specify timespan in seconds. Performance monitoring interval. Setting to 0 or negative value disables monitoring.

DefragmentationEmptyNodeDistributionPolicy

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyIntegerValueMap, default is None	Dynamic	Specifies the policy defragmentation follows when emptying nodes. For a given metric 0 indicates that SF should try to defragment nodes evenly across UDs and FDs; 1 indicates only that the nodes must be defragmented

DefragmentationMetrics

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyBoolValueMap, default is None	Dynamic	Determines the set of metrics that should be used for defragmentation and not for load balancing.

DefragmentationMetricsPercentOrNumberOfEmptyNodesTriggeringThreshold

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyDoubleValueMap, default is None	Dynamic	Determines the number of free nodes, which are needed to consider cluster defragmented by specifying either percent in range [0.0 - 1.0] or number of empty nodes as number >= 1.0

Diagnostics

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AdminOnlyHttpAudit	Bool, default is true	Dynamic	Exclude HTTP requests, which doesn't impact the state of the cluster from auditing. Currently; only requests of "GET" type are excluded; but this is subject to change.
AppDiagnosticStoreAccessRequiresImpersonation	Bool, default is true	Dynamic	Whether or not impersonation is required when accessing diagnostic stores on behalf of the application.
AppEtwTraceDeletionAgeInDays	Int, default is 3	Dynamic	Number of days after which we delete old ETL files containing application ETW traces.
ApplicationLogsFormatVersion	Int, default is 0	Dynamic	Version for application logs format. Supported values are 0 and 1. Version 1 includes more fields from the ETW event record than version 0.
AuditHttpRequests	Bool, default is false	Dynamic	Turn HTTP auditing on or off. The purpose of auditing is to see the activities that have been performed against the cluster; including who initiated the request. This is a best attempt logging; and trace loss may occur. HTTP requests with "User" authentication is not recorded.
CaptureHttpTelemetry	Bool, default is true	Dynamic	Turn HTTP telemetry on or off. The purpose of telemetry is for Service Fabric to be able to capture telemetry data to help plan future work and identify problem areas. Telemetry doesn't record any personal data or the request body. Telemetry captures all HTTP requests unless otherwise configured.
ClusterId	String	Dynamic	The unique ID of the cluster. This is generated when the cluster is created.
ConsumerInstances	String	Dynamic	The list of DCA consumer instances.
DiskFullSafetySpaceInMB	Int, default is 1024	Dynamic	Remaining disk space in MB to protect from use by DCA.
EnableCircularTraceSession	Bool, default is false	Static	Flag indicates whether circular trace sessions should be used.
EnablePlatformEventsFileSink	Bool, default is false	Static	Enable/Disable platform events being written to disk
EnableTelemetry	Bool, default is true	Dynamic	This is going to enable or disable telemetry.
FailuresOnlyHttpTelemetry	Bool, default is false	Dynamic	If HTTP telemetry capture is enabled; capture only failed requests. This is to help cut down on the number of events generated for telemetry.
HttpTelemetryCapturePercentage	int, default is 50	Dynamic	If HTTP telemetry capture is enabled; capture only a random percentage of requests. This is to help cut down on the number of events generated for telemetry.
MaxDiskQuotaInMB	Int, default is 65536	Dynamic	Disk quota in MB for Windows and Linux Fabric log files.
ProducerInstances	String	Dynamic	The list of DCA producer instances.

DnsService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
EnablePartitionedQuery	bool, default is FALSE	Static	The flag to enable support for DNS queries for partitioned services. The feature is turned off by default. For more information, see Service Fabric DNS Service.
ForwarderPoolSize	Int, default is 20	Static	The number of forwarders in the forwarding pool.
ForwarderPoolStartPort	Int, default is 16700	Static	The start address for the forwarding pool that is used for recursive queries.
InstanceCount	int, default is -1	Static	Default value is -1, which means that DnsService is running on every node. OneBox needs this to be set to 1 since DnsService uses well known port 53, so it cannot have multiple instances on the same machine.
IsEnabled	bool, default is FALSE	Static	Enables/Disables DnsService. DnsService is disabled by default and this config needs to be set to enable it.
PartitionPrefix	string, default is "--"	Static	Controls the partition prefix string value in DNS queries for partitioned services. The value: Should be RFC-compliant as it is part of a DNS query. Shouldn't contain a dot, '.', as dot interferes with DNS suffix behavior. Shouldn't be longer than five characters. Cannot be an empty string. If the PartitionPrefix setting is overridden, then PartitionSuffix must be overridden, and vice-versa. For more information, see Service Fabric DNS Service..
PartitionSuffix	string, default is ""	Static	Controls the partition suffix string value in DNS queries for partitioned services. The value: Should be RFC-compliant as it is part of a DNS query. Shouldn't contain a dot, '.', as dot interferes with DNS suffix behavior. Shouldn't be longer than five characters. If the PartitionPrefix setting is overridden, then PartitionSuffix must be overridden, and vice-versa. For more information, see Service Fabric DNS Service..
RecursiveQueryParallelMaxAttempts	Int, default is 0	Static	The number of times parallel queries are attempted. Parallel queries are executed after the max attempts for serial queries have been exhausted.
RecursiveQueryParallelTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(5)	Static	The timeout value in seconds for each attempted parallel query.
RecursiveQuerySerialMaxAttempts	Int, default is 2	Static	The number of serial queries that are attempted, at most. If this number is higher than the number of forwarding DNS servers, querying stops once all the servers have been attempted exactly once.
RecursiveQuerySerialTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(5)	Static	The timeout value in seconds for each attempted serial query.
TransientErrorMaxRetryCount	Int, default is 3	Static	Controls the number of times SF DNS retries when a transient error occurs while calling SF APIs (for example, when retrieving names and endpoints).
TransientErrorRetryIntervalInMillis	Int, default is 0	Static	Sets the delay in milliseconds between retries for when SF DNS calls SF APIs.

EventStoreService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
MinReplicaSetSize	int, default is 0	Static	The MinReplicaSetSize for EventStore service
PlacementConstraints	string, default is ""	Static	The PlacementConstraints for EventStore service
TargetReplicaSetSize	int, default is 0	Static	The TargetReplicaSetSize for EventStore service

FabricClient

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ConnectionInitializationTimeout	Time in seconds, default is 2	Dynamic	Specify timespan in seconds. Connection timeout interval for each time client tries to open a connection to the gateway.
HealthOperationTimeout	Time in seconds, default is 120	Dynamic	Specify timespan in seconds. The timeout for a report message sent to Health Manager.
HealthReportRetrySendInterval	Time in seconds, default is 30, minimum is 1	Dynamic	Specify timespan in seconds. The interval at which the reporting component resends accumulated health reports to Health Manager.
HealthReportSendInterval	Time in seconds, default is 30	Dynamic	Specify timespan in seconds. The interval at which the reporting component sends accumulated health reports to Health Manager.
KeepAliveIntervalInSeconds	Int, default is 20	Static	The interval at which the FabricClient transport sends keep-alive messages to the gateway. For 0; keepAlive is disabled. Must be a positive value.
MaxFileSenderThreads	Uint, default is 10	Static	The max number of files that are transferred in parallel.
NodeAddresses	string, default is ""	Static	A collection of addresses (connection strings) on different nodes that can be used to communicate with the Naming Service. Initially the Client connects selecting one of the addresses randomly. If more than one connection string is supplied and a connection fails because of a communication or timeout error; the Client switches to use the next address sequentially. See the Naming Service Address retry section for details on retries semantics.
PartitionLocationCacheLimit	Int, default is 100000	Static	Number of partitions cached for service resolution (set to 0 for no limit).
RetryBackoffInterval	Time in seconds, default is 3	Dynamic	Specify timespan in seconds. The back-off interval before retrying the operation.
ServiceChangePollInterval	Time in seconds, default is 120	Dynamic	Specify timespan in seconds. The interval between consecutive polls for service changes from the client to the gateway for registered service change notifications callbacks.

FabricHost

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ActivationMaxFailureCount	Int, default is 10	Dynamic	This is the maximum count for which system retries failed activation before giving up.
ActivationMaxRetryInterval	Time in seconds, default is 300	Dynamic	Specify timespan in seconds. Max retry interval for Activation. On every continuous failure the retry interval is calculated as Min( ActivationMaxRetryInterval; Continuous Failure Count * ActivationRetryBackoffInterval).
ActivationRetryBackoffInterval	Time in seconds, default is 5	Dynamic	Specify timespan in seconds. Backoff interval on every activation failure; On every continuous activation failure, the system retries the activation for up to the MaxActivationFailureCount. The retry interval on every try is a product of continuous activation failure and the activation back-off interval.
EnableRestartManagement	Bool, default is false	Dynamic	This is to enable server restart.
EnableServiceFabricAutomaticUpdates	Bool, default is false	Dynamic	This is to enable fabric automatic update via Windows Update.
EnableServiceFabricBaseUpgrade	Bool, default is false	Dynamic	This is to enable base update for server.
FailureReportingExpeditedReportingIntervalEnabled	Bool, default is true	Static	Enables faster uploading rates in DCA when FabricHost is in Failure Reporting mode.
FailureReportingTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(60)	Static	Specify timespan in seconds. Timeout for DCA failure reporting in the case FabricHost encounters an early stage startup failure.
RunDCAOnStartupFailure	Bool, default is true	Static	Determines whether to launch DCA to upload logs when facing startup issues in FabricHost.
StartTimeout	Time in seconds, default is 300	Dynamic	Specify timespan in seconds. Time out for fabricactivationmanager startup.
StopTimeout	Time in seconds, default is 300	Dynamic	Specify timespan in seconds. The timeout for hosted service activation; deactivation and upgrade.

FabricNode

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ClientAuthX509FindType	string, default is "FindByThumbprint"	Dynamic	Indicates how to search for certificate in the store specified by ClientAuthX509StoreName Supported value: FindByThumbprint; FindBySubjectName.
ClientAuthX509FindValue	string, default is ""	Dynamic	Search filter value used to locate certificate for default admin role FabricClient.
ClientAuthX509FindValueSecondary	string, default is ""	Dynamic	Search filter value used to locate certificate for default admin role FabricClient.
ClientAuthX509StoreName	string, default is "My"	Dynamic	Name of the X.509 certificate store that contains certificate for default admin role FabricClient.
ClusterX509FindType	string, default is "FindByThumbprint"	Dynamic	Indicates how to search for cluster certificate in the store specified by ClusterX509StoreName Supported values: "FindByThumbprint"; "FindBySubjectName" With "FindBySubjectName"; when there are multiple matches; the one with the furthest expiration is used.
ClusterX509FindValue	string, default is ""	Dynamic	Search filter value used to locate cluster certificate.
ClusterX509FindValueSecondary	string, default is ""	Dynamic	Search filter value used to locate cluster certificate.
ClusterX509StoreName	string, default is "My"	Dynamic	Name of X.509 certificate store that contains cluster certificate for securing intra-cluster communication.
EndApplicationPortRange	Int, default is 0	Static	End (no inclusive) of the application ports managed by hosting subsystem. Required if EndpointFilteringEnabled is true in Hosting.
ServerAuthX509FindType	string, default is "FindByThumbprint"	Dynamic	Indicates how to search for server certificate in the store specified by ServerAuthX509StoreName Supported value: FindByThumbprint; FindBySubjectName.
ServerAuthX509FindValue	string, default is ""	Dynamic	Search filter value used to locate server certificate.
ServerAuthX509FindValueSecondary	string, default is ""	Dynamic	Search filter value used to locate server certificate.
ServerAuthX509StoreName	string, default is "My"	Dynamic	Name of X.509 certificate store that contains server certificate for entree service.
StartApplicationPortRange	Int, default is 0	Static	Start of the application ports managed by hosting subsystem. Required if EndpointFilteringEnabled is true in Hosting.
StateTraceInterval	Time in seconds, default is 300	Static	Specify timespan in seconds. The interval for tracing node status on each node and up nodes on FM/FMM.
UserRoleClientX509FindType	string, default is "FindByThumbprint"	Dynamic	Indicates how to search for certificate in the store specified by UserRoleClientX509StoreName Supported value: FindByThumbprint; FindBySubjectName.
UserRoleClientX509FindValue	string, default is ""	Dynamic	Search filter value used to locate certificate for default user role FabricClient.
UserRoleClientX509FindValueSecondary	string, default is ""	Dynamic	Search filter value used to locate certificate for default user role FabricClient.
UserRoleClientX509StoreName	string, default is "My"	Dynamic	Name of the X.509 certificate store that contains certificate for default user role FabricClient.

Failover/Replication

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces network traffic.

FailoverManager

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AllowDisableEnableService	Bool, default is FALSE	Dynamic	Flag to indicate if it's allowed to execute Disable/Enable feature
AllowNodeStateRemovedForSeedNode	Bool, default is FALSE	Dynamic	Flag to indicate if it's allowed to remove node state for a seed node
BuildReplicaTimeLimit	TimeSpan, default is Common::TimeSpan::FromSeconds(3600)	Dynamic	Specify timespan in seconds. The time limit for building a stateful replica; after which a warning health report will be initiated
ClusterPauseThreshold	int, default is 1	Dynamic	If the number of nodes in system go below this value, then placement; load balancing; and failover is stopped.
CreateInstanceTimeLimit	TimeSpan, default is Common::TimeSpan::FromSeconds(300)	Dynamic	Specify timespan in seconds. The time limit for creating a stateless instance; after which a warning health report will be initiated
ExpectedClusterSize	int, default is 1	Dynamic	When the cluster is initially started up; the FM will wait for this many nodes to report themselves up before it begins placing other services; including the system services like naming. Increasing this value increases the time it takes a cluster to start up; but prevents the early nodes from becoming overloaded and also the other moves that are necessary as more nodes come online. This value should generally be set to some small fraction of the initial cluster size.
ExpectedNodeDeactivationDuration	TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30)	Dynamic	Specify timespan in seconds. This is the expected duration for a node to complete deactivation in.
ExpectedNodeFabricUpgradeDuration	TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30)	Dynamic	Specify timespan in seconds. This is the expected duration for a node to be upgraded during Windows Fabric upgrade.
ExpectedReplicaUpgradeDuration	TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30)	Dynamic	Specify timespan in seconds. This is the expected duration for all the replicas to be upgraded on a node during application upgrade.
IgnoreReplicaRestartWaitDurationWhenBelowMinReplicaSetSize	bool, default is FALSE	Dynamic	If IgnoreReplicaRestartWaitDurationWhenBelowMinReplicaSetSize is set to: - false: Windows Fabric waits for fixed time specified in ReplicaRestartWaitDuration for a replica to come back up. - true: Windows Fabric waits for fixed time specified in ReplicaRestartWaitDuration for a replica to come back up if partition is above or at Min Replica Set Size. If partition is below Min Replica Set Size new replica will be created right away.
IsSingletonReplicaMoveAllowedDuringUpgrade	bool, default is TRUE	Dynamic	If set to true; replicas with a target replica set size of 1 will be permitted to move during upgrade.
MaxInstanceCloseDelayDurationInSeconds	uint, default is 1800	Dynamic	Maximum value of InstanceCloseDelay that can be configured to be used for FabricUpgrade/ApplicationUpgrade/NodeDeactivations
MinReplicaSetSize	int, default is 3	Not Allowed	This is the minimum replica set size for the FM. If the number of active FM replicas drops below this value; the FM will reject changes to the cluster until at least the min number of replicas is recovered
PlacementConstraints	string, default is ""	Not Allowed	Any placement constraints for the failover manager replicas
PlacementTimeLimit	TimeSpan, default is Common::TimeSpan::FromSeconds(600)	Dynamic	Specify timespan in seconds. The time limit for reaching target replica count; after which a warning health report will be initiated
QuorumLossWaitDuration	Time in seconds, default is MaxValue	Dynamic	Specify timespan in seconds. This is the max duration for which we allow a partition to be in a state of quorum loss. If the partition is still in quorum loss after this duration; the partition is recovered from quorum loss by considering the down replicas as lost. This can potentially incur data loss.
ReconfigurationTimeLimit	TimeSpan, default is Common::TimeSpan::FromSeconds(300)	Dynamic	Specify timespan in seconds. The time limit for reconfiguration; after which a warning health report will be initiated
ReplicaRestartWaitDuration	TimeSpan, default is Common::TimeSpan::FromSeconds(60.0 * 30)	Not Allowed	Specify timespan in seconds. This is the ReplicaRestartWaitDuration for the FMService
SeedNodeQuorumAdditionalBufferNodes	int, default is 0	Dynamic	Buffer of seed nodes that is needed to be up (together with quorum of seed nodes) FM should allow a maximum of (totalNumSeedNodes - (seedNodeQuorum + SeedNodeQuorumAdditionalBufferNodes)) seed nodes to go down.
StandByReplicaKeepDuration	Timespan, default is Common::TimeSpan::FromSeconds(3600.0 * 24 * 7)	Not Allowed	Specify timespan in seconds. This is the StandByReplicaKeepDuration for the FMService
TargetReplicaSetSize	int, default is 7	Not Allowed	This is the target number of FM replicas that Windows Fabric maintains. A higher number results in higher reliability of the FM data; with a small performance tradeoff.
UserMaxStandByReplicaCount	Int, default is 1	Dynamic	The default max number of StandBy replicas that the system keeps for user services.
UserReplicaRestartWaitDuration	Time in seconds, default is 60.0 * 30	Dynamic	Specify timespan in seconds. When a persisted replica goes down; Windows Fabric waits for this duration for the replica to come back up before creating new replacement replicas (which would require a copy of the state).
UserStandByReplicaKeepDuration	Time in seconds, default is 3600.0 * 24 * 7	Dynamic	Specify timespan in seconds. When a persisted replica come back from a down state; it may have already been replaced. This timer determines how long the FM will keep the standby replica before discarding it.

FaultAnalysisService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
CompletedActionKeepDurationInSeconds	Int, default is 604800	Static	This is approximately how long to keep actions that are in a terminal state. This also depends on StoredActionCleanupIntervalInSeconds; since the work to clean up is only done on that interval. 604800 is seven days.
DataLossCheckPollIntervalInSeconds	int, default is 5	Static	This is the time between the checks the system performs while waiting for data loss to happen. The number of times the data loss number will be checked per internal iteration is DataLossCheckWaitDurationInSeconds/this.
DataLossCheckWaitDurationInSeconds	int, default is 25	Static	The total amount of time; in seconds; that the system waits for data loss to happen. This is internally used when the StartPartitionDataLossAsync() api is called.
MinReplicaSetSize	Int, default is 0	Static	The MinReplicaSetSize for FaultAnalysisService.
PlacementConstraints	string, default is ""	Static	The PlacementConstraints for FaultAnalysisService.
QuorumLossWaitDuration	Time in seconds, default is MaxValue	Static	Specify timespan in seconds. The QuorumLossWaitDuration for FaultAnalysisService.
ReplicaDropWaitDurationInSeconds	int, default is 600	Static	This parameter is used when the data loss api is called. It controls how long the system will wait for a replica to get dropped after remove replica is internally invoked on it.
ReplicaRestartWaitDuration	Time in seconds, default is 60 minutes	Static	Specify timespan in seconds. The ReplicaRestartWaitDuration for FaultAnalysisService.
StandByReplicaKeepDuration	Time in seconds, default is (60247) minutes	Static	Specify timespan in seconds. The StandByReplicaKeepDuration for FaultAnalysisService.
StoredActionCleanupIntervalInSeconds	Int, default is 3600	Static	This is how often the store is cleaned up. Only actions in a terminal state; and that completed at least CompletedActionKeepDurationInSeconds ago will be removed.
StoredChaosEventCleanupIntervalInSeconds	Int, default is 3600	Static	This is how often the store is audited for cleanup; if the number of events is more than 30000; the cleanup kicks in.
TargetReplicaSetSize	Int, default is 0	Static	NOT_PLATFORM_UNIX_START The TargetReplicaSetSize for FaultAnalysisService.

Federation

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
LeaseDuration	Time in seconds, default is 30	Dynamic	Duration that a lease lasts between a node and its neighbors.
LeaseDurationAcrossFaultDomain	Time in seconds, default is 30	Dynamic	Duration that a lease lasts between a node and its neighbors across fault domains.

FileStoreService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AcceptChunkUpload	Bool, default is TRUE	Dynamic	Config to determine whether file store service accepts chunk based file upload or not during copy application package.
AnonymousAccessEnabled	Bool, default is true	Static	Enable/Disable anonymous access to the FileStoreService shares.
CommonName1Ntlmx509CommonName	string, default is ""	Static	The common name of the X509 certificate used to generate HMAC on the CommonName1NtlmPasswordSecret when using NTLM authentication
CommonName1Ntlmx509StoreLocation	string, default is "LocalMachine"	Static	The store location of the X509 certificate used to generate HMAC on the CommonName1NtlmPasswordSecret when using NTLM authentication
CommonName1Ntlmx509StoreName	string, default is "MY"	Static	The store name of the X509 certificate used to generate HMAC on the CommonName1NtlmPasswordSecret when using NTLM authentication
CommonName2Ntlmx509CommonName	string, default is ""	Static	The common name of the X509 certificate used to generate HMAC on the CommonName2NtlmPasswordSecret when using NTLM authentication
CommonName2Ntlmx509StoreLocation	string, default is "LocalMachine"	Static	The store location of the X509 certificate used to generate HMAC on the CommonName2NtlmPasswordSecret when using NTLM authentication
CommonName2Ntlmx509StoreName	string, default is "MY"	Static	The store name of the X509 certificate used to generate HMAC on the CommonName2NtlmPasswordSecret when using NTLM authentication
CommonNameNtlmPasswordSecret	SecureString, default is Common::SecureString("")	Static	The password secret, which used as seed to generated same password when using NTLM authentication
DiskSpaceHealthReportingIntervalWhenCloseToOutOfDiskSpace	TimeSpan, default is Common::TimeSpan::FromMinutes(5)	Dynamic	Specify timespan in seconds. The time interval between checking of disk space for reporting health event when disk is close to out of space.
DiskSpaceHealthReportingIntervalWhenEnoughDiskSpace	TimeSpan, default is Common::TimeSpan::FromMinutes(15)	Dynamic	Specify timespan in seconds. The time interval between checking of disk space for reporting health event when there is enough space on disk.
EnableImageStoreHealthReporting	bool, default is TRUE	Static	Config to determine whether file store service should report its health.
FreeDiskSpaceNotificationSizeInKB	int64, default is 25*1024	Dynamic	The size of free disk space below which health warning may occur. Minimum values of this config and FreeDiskSpaceNotificationThresholdPercentage config are used to determine sending of the health warning.
FreeDiskSpaceNotificationThresholdPercentage	double, default is 0.02	Dynamic	The percentage of free disk space below which health warning may occur. Minimum value of this config and FreeDiskSpaceNotificationInMB config are used to determine sending of health warning.
GenerateV1CommonNameAccount	bool, default is TRUE	Static	Specifies whether to generate an account with user name V1 generation algorithm. Starting with Service Fabric version 6.1; an account with v2 generation is always created. The V1 account is necessary for upgrades from/to versions that don't support V2 generation (prior to 6.1).
MaxCopyOperationThreads	Uint, default is 0	Dynamic	The maximum number of parallel files that secondary can copy from primary. '0' == number of cores.
MaxFileOperationThreads	Uint, default is 100	Static	The maximum number of parallel threads allowed to perform FileOperations (Copy/Move) in the primary. '0' == number of cores.
MaxRequestProcessingThreads	Uint, default is 200	Static	The maximum number of parallel threads allowed to process requests in the primary. '0' == number of cores.
MaxSecondaryFileCopyFailureThreshold	Uint, default is 25	Dynamic	The maximum number of file copy retries on the secondary before giving up.
MaxStoreOperations	Uint, default is 4096	Static	The maximum number of parallel store transaction operations allowed on primary. '0' == number of cores.
NamingOperationTimeout	Time in seconds, default is 60	Dynamic	Specify timespan in seconds. The timeout for performing naming operation.
PrimaryAccountNTLMPasswordSecret	SecureString, default is empty	Static	The password secret, which used as seed to generated same password when using NTLM authentication.
PrimaryAccountNTLMX509StoreLocation	string, default is "LocalMachine"	Static	The store location of the X509 certificate used to generate HMAC on the PrimaryAccountNTLMPasswordSecret when using NTLM authentication.
PrimaryAccountNTLMX509StoreName	string, default is "MY"	Static	The store name of the X509 certificate used to generate HMAC on the PrimaryAccountNTLMPasswordSecret when using NTLM authentication.
PrimaryAccountNTLMX509Thumbprint	string, default is ""	Static	The thumbprint of the X509 certificate used to generate HMAC on the PrimaryAccountNTLMPasswordSecret when using NTLM authentication.
PrimaryAccountType	string, default is ""	Static	The primary AccountType of the principal to ACL the FileStoreService shares.
PrimaryAccountUserName	string, default is ""	Static	The primary account Username of the principal to ACL the FileStoreService shares.
PrimaryAccountUserPassword	SecureString, default is empty	Static	The primary account password of the principal to ACL the FileStoreService shares.
QueryOperationTimeout	Time in seconds, default is 60	Dynamic	Specify timespan in seconds. The timeout for performing query operation.
SecondaryAccountNTLMPasswordSecret	SecureString, default is empty	Static	The password secret, which used as seed to generated same password when using NTLM authentication.
SecondaryAccountNTLMX509StoreLocation	string, default is "LocalMachine"	Static	The store location of the X509 certificate used to generate HMAC on the SecondaryAccountNTLMPasswordSecret when using NTLM authentication.
SecondaryAccountNTLMX509StoreName	string, default is "MY"	Static	The store name of the X509 certificate used to generate HMAC on the SecondaryAccountNTLMPasswordSecret when using NTLM authentication.
SecondaryAccountNTLMX509Thumbprint	string, default is ""	Static	The thumbprint of the X509 certificate used to generate HMAC on the SecondaryAccountNTLMPasswordSecret when using NTLM authentication.
SecondaryAccountType	string, default is ""	Static	The secondary AccountType of the principal to ACL the FileStoreService shares.
SecondaryAccountUserName	string, default is ""	Static	The secondary account Username of the principal to ACL the FileStoreService shares.
SecondaryAccountUserPassword	SecureString, default is empty	Static	The secondary account password of the principal to ACL the FileStoreService shares.
SecondaryFileCopyRetryDelayMilliseconds	uint, default is 500	Dynamic	The file copy retry delay (in milliseconds).
UseChunkContentInTransportMessage	bool, default is TRUE	Dynamic	The flag for using the new version of the upload protocol introduced in v6.4. This protocol version uses service fabric transport to upload files to image store, which provides better performance than SMB protocol used in previous versions.

FileStoreService/Replication

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces reduce network traffic.

HealthManager

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
EnableApplicationTypeHealthEvaluation	Bool, default is false	Static	Cluster health evaluation policy: enable per application type health evaluation.
EnableNodeTypeHealthEvaluation	Bool, default is false	Static	Cluster health evaluation policy: enable per node type health evaluation.
MaxSuggestedNumberOfEntityHealthReports	Int, default is 100	Dynamic	The maximum number of health reports that an entity can have before raising concerns about the watchdog's health reporting logic. Each health entity is supposed to have a relatively small number of health reports. If the report count goes above this number; there may be issues with the watchdog's implementation. An entity with too many reports is flagged through a Warning health report when the entity is evaluated.

HealthManager/ClusterHealthPolicy

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ConsiderWarningAsError	Bool, default is false	Static	Cluster health evaluation policy: warnings are treated as errors.
MaxPercentUnhealthyApplications	Int, default is 0	Static	Cluster health evaluation policy: maximum percent of unhealthy applications allowed for the cluster to be healthy.
MaxPercentUnhealthyNodes	Int, default is 0	Static	Cluster health evaluation policy: maximum percent of unhealthy nodes allowed for the cluster to be healthy.

HealthManager/ClusterUpgradeHealthPolicy

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
MaxPercentDeltaUnhealthyNodes	int, default is 10	Static	Cluster upgrade health evaluation policy: maximum percent of delta unhealthy nodes allowed for the cluster to be healthy
MaxPercentUpgradeDomainDeltaUnhealthyNodes	int, default is 15	Static	Cluster upgrade health evaluation policy: maximum percent of delta of unhealthy nodes in an upgrade domain allowed for the cluster to be healthy

Hosting

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ActivationMaxFailureCount	Whole number, default is 10	Dynamic	Number of times system retries failed activation before giving up
ActivationMaxRetryInterval	Time in seconds, default is 300	Dynamic	On every continuous activation failure, the system retries the activation for up to ActivationMaxFailureCount. ActivationMaxRetryInterval specifies Wait time interval before retry after every activation failure
ActivationRetryBackoffInterval	Time in Seconds, default is 5	Dynamic	Backoff interval on every activation failure; On every continuous activation failure, the system retries the activation for up to the MaxActivationFailureCount. The retry interval on every try is a product of continuous activation failure and the activation back-off interval.
ActivationTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(180)	Dynamic	Specify timespan in seconds. The timeout for application activation; deactivation and upgrade.
ApplicationHostCloseTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(120)	Dynamic	Specify timespan in seconds. When Fabric exit is detected in a self activated processes; FabricRuntime closes all of the replicas in the user's host (applicationhost) process. This is the timeout for the close operation.
CnsNetworkPluginCnmUrlPort	wstring, default is L"48080"	Static	Azure cnm api url port
CnsNetworkPluginCnsUrlPort	wstring, default is L"10090"	Static	Azure cns url port
ContainerServiceArguments	string, default is "-H localhost:2375 -H npipe://"	Static	Service Fabric (SF) manages docker daemon (except on windows client machines like Windows 10). This configuration allows user to specify custom arguments that should be passed to docker daemon when starting it. When custom arguments are specified, Service Fabric doesn't pass any other argument to Docker engine except '--pidfile' argument. Hence users shouldn't specify '--pidfile' argument as part of their customer arguments. Also, the custom arguments should ensure that docker daemon listens on default name pipe on Windows (or Unix domain socket on Linux) for Service Fabric to be able to communicate with it.
ContainerServiceLogFileMaxSizeInKb	int, default is 32768	Static	Maximum file size of log file generated by docker containers. Windows only.
ContainerImageDownloadTimeout	int, number of seconds, default is 1200 (20 mins)	Dynamic	Number of seconds before download of image times out.
ContainerImagesToSkip	string, image names separated by vertical line character, default is ""	Static	Name of one or more container images that shouldn't be deleted. Used with the PruneContainerImages parameter.
ContainerServiceLogFileNamePrefix	string, default is "sfcontainerlogs"	Static	File name prefix for log files generated by docker containers. Windows only.
ContainerServiceLogFileRetentionCount	int, default is 10	Static	Number of log files generated by docker containers before log files are overwritten. Windows only.
CreateFabricRuntimeTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(120)	Dynamic	Specify timespan in seconds. The timeout value for the sync FabricCreateRuntime call
DefaultContainerRepositoryAccountName	string, default is ""	Static	Default credentials used instead of credentials specified in ApplicationManifest.xml
DefaultContainerRepositoryPassword	string, default is ""	Static	Default password credentials used instead of credentials specified in ApplicationManifest.xml
DefaultContainerRepositoryPasswordType	string, default is ""	Static	When not empty string, the value can be "Encrypted" or "SecretsStoreRef".
DefaultDnsSearchSuffixEmpty	bool, default is FALSE	Static	By default the service name is appended to the SF DNS name for container services. This feature stops this behavior so that nothing is appended to the SF DNS name by default in the resolution pathway.
DeploymentMaxFailureCount	int, default is 20	Dynamic	Application deployment is retried for DeploymentMaxFailureCount times before failing the deployment of that application on the node.
DeploymentMaxRetryInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(3600)	Dynamic	Specify timespan in seconds. Max retry interval for the deployment. On every continuous failure the retry interval is calculated as Min( DeploymentMaxRetryInterval; Continuous Failure Count * DeploymentRetryBackoffInterval)
DeploymentRetryBackoffInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(10)	Dynamic	Specify timespan in seconds. Back-off interval for the deployment failure. On every continuous deployment failure, the system retries the deployment for up to the MaxDeploymentFailureCount. The retry interval is a product of continuous deployment failure and the deployment backoff interval.
DisableContainers	bool, default is FALSE	Static	Config for disabling containers - used instead of DisableContainerServiceStartOnContainerActivatorOpen, which is deprecated config
DisableDockerRequestRetry	bool, default is FALSE	Dynamic	By default SF communicates with DD (docker daemon) with a timeout of 'DockerRequestTimeout' for each http request sent to it. If DD doesn't responds within this time period; SF resends the request if top level operation still has remaining time. With Hyper-V container; DD sometimes takes more time to bring up the container or deactivate it. In such cases DD request times out from SF perspective and SF retries the operation. Sometimes this seems to add more pressure on DD. This config allows you to disable this retry and wait for DD to respond.
DisableLivenessProbes	wstring, default is L""	Static	Config to disable Liveness probes in cluster. You can specify any nonempty value for SF to disable probes.
DisableReadinessProbes	wstring, default is L""	Static	Config to disable Readiness probes in cluster. You can specify any nonempty value for SF to disable probes.
DnsServerListTwoIps	Bool, default is FALSE	Static	This flag adds the local dns server twice to help alleviate intermittent resolve issues.
DockerTerminateOnLastHandleClosed	bool, default is TRUE	Static	By default if FabricHost is managing the 'dockerd' (based on: SkipDockerProcessManagement == false) this setting configures what happens when either FabricHost or dockerd crash. When set to true if either process crashes all running containers will be forcibly terminated by the HCS. If set to false the containers will continue to keep running. Note: Previous to 8.0 this behavior was unintentionally the equivalent of false. The default setting of true here is what we expect to happen by default moving forward for our cleanup logic to be effective on restart of these processes.
DoNotInjectLocalDnsServer	bool, default is FALSE	Static	Prevents the runtime to injecting the local IP as DNS server for containers.
EnableActivateNoWindow	bool, default is FALSE	Dynamic	The activated process is created in the background without any console.
EnableContainerServiceDebugMode	bool, default is TRUE	Static	Enable/disable logging for docker containers. Windows only.
EnableDockerHealthCheckIntegration	bool, default is TRUE	Static	Enables integration of docker HEALTHCHECK events with Service Fabric system health report
EnableProcessDebugging	bool, default is FALSE	Dynamic	Enables launching application hosts under debugger
EndpointProviderEnabled	bool, default is FALSE	Static	Enables management of Endpoint resources by Fabric. Requires specification of start and end application port range in FabricNode.
FabricContainerAppsEnabled	bool, default is FALSE	Static
FirewallPolicyEnabled	bool, default is FALSE	Static	Enables opening firewall ports for Endpoint resources with explicit ports specified in ServiceManifest
GetCodePackageActivationContextTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(120)	Dynamic	Specify timespan in seconds. The timeout value for the CodePackageActivationContext calls. This is not applicable to ad hoc services.
GovernOnlyMainMemoryForProcesses	bool, default is FALSE	Static	Default behavior of Resource Governance is to put limit specified in MemoryInMB on amount of total memory (RAM + swap) that process uses. If the limit is exceeded; the process receives OutOfMemory exception. If this parameter is set to true; limit will be applied only to the amount of RAM memory that a process uses. If this limit is exceeded; and if this setting is true; then OS will swap the main memory to disk.
IPProviderEnabled	bool, default is FALSE	Static	Enables management of IP addresses.
IsDefaultContainerRepositoryPasswordEncrypted	bool, default is FALSE	Static	Whether the DefaultContainerRepositoryPassword is encrypted or not.
LinuxExternalExecutablePath	string, default is "/usr/bin/"	Static	The primary directory of external executable commands on the node.
NTLMAuthenticationEnabled	bool, default is FALSE	Static	Enables support for using NTLM by the code packages that are running as other users so that the processes across machines can communicate securely.
NTLMAuthenticationPasswordSecret	SecureString, default is Common::SecureString("")	Static	Is an encryption that is used to generate the password for NTLM users. Has to be set if NTLMAuthenticationEnabled is true. Validated by the deployer.
NTLMSecurityUsersByX509CommonNamesRefreshInterval	TimeSpan, default is Common::TimeSpan::FromMinutes(3)	Dynamic	Specify timespan in seconds. Environment-specific settings The periodic interval at which Hosting scans for new certificates to be used for FileStoreService NTLM configuration.
NTLMSecurityUsersByX509CommonNamesRefreshTimeout	TimeSpan, default is Common::TimeSpan::FromMinutes(4)	Dynamic	Specify timespan in seconds. The timeout for configuring NTLM users using certificate common names. The NTLM users are needed for FileStoreService shares.
PruneContainerImages	bool, default is FALSE	Dynamic	Remove unused application container images from nodes. When an ApplicationType is unregistered from the Service Fabric cluster, the container images that were used by this application will be removed on nodes where it was downloaded by Service Fabric. The pruning runs every hour, so it may take up to one hour (plus time to prune the image) for images to be removed from the cluster. Service Fabric will never download or remove images not related to an application. Unrelated images that were downloaded manually or otherwise must be removed explicitly. Images that shouldn't be deleted can be specified in the ContainerImagesToSkip parameter.
RegisterCodePackageHostTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(120)	Dynamic	Specify timespan in seconds. The timeout value for the FabricRegisterCodePackageHost sync call. This is applicable for only multi code package application hosts like FWP
RequestTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(30)	Dynamic	Specify timespan in seconds. This represents the timeout for communication between the user's application host and Fabric process for various hosting related operations such as factory registration; runtime registration.
RunAsPolicyEnabled	bool, default is FALSE	Static	Enables running code packages as local user other than the user under which fabric process is running. In order to enable this policy Fabric must be running as SYSTEM or as user who has SeAssignPrimaryTokenPrivilege.
ServiceFactoryRegistrationTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(120)	Dynamic	Specify timespan in seconds. The timeout value for the sync Register(Stateless/Stateful)ServiceFactory call
ServiceTypeDisableFailureThreshold	Whole number, default is 1	Dynamic	This is the threshold for the failure count after which FailoverManager (FM) is notified to disable the service type on that node and try a different node for placement.
ServiceTypeDisableGraceInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(30)	Dynamic	Specify timespan in seconds. Time interval after which the service type can be disabled
ServiceTypeRegistrationTimeout	Time in Seconds, default is 300	Dynamic	Maximum time allowed for the ServiceType to be registered with fabric
UseContainerServiceArguments	bool, default is TRUE	Static	This config tells hosting to skip passing arguments (specified in config ContainerServiceArguments) to docker daemon.

HttpGateway

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ActiveListeners	Uint, default is 50	Static	Number of reads to post to the http server queue. This controls the number of concurrent requests that can be satisfied by the HttpGateway.
HttpGatewayHealthReportSendInterval	Time in seconds, default is 30	Static	Specify timespan in seconds. The interval at which the Http Gateway sends accumulated health reports to the Health Manager.
HttpStrictTransportSecurityHeader	string, default is ""	Dynamic	Specify the HTTP Strict Transport Security header value to be included in every response sent by the HttpGateway. When set to empty string; this header will not be included in the gateway response.
IsEnabled	Bool, default is false	Static	Enables/Disables the HttpGateway. HttpGateway is disabled by default.
MaxEntityBodySize	Uint, default is 4194304	Dynamic	Gives the maximum size of the body that can be expected from an http request. Default value is 4 MB. Httpgateway will fail a request if it has a body of size > this value. Minimum read chunk size is 4,096 bytes. So this has to be >= 4096.

ImageStoreService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
Enabled	Bool, default is false	Static	The Enabled flag for ImageStoreService. Default: false
MinReplicaSetSize	Int, default is 3	Static	The MinReplicaSetSize for ImageStoreService.
PlacementConstraints	string, default is ""	Static	The PlacementConstraints for ImageStoreService.
QuorumLossWaitDuration	Time in seconds, default is MaxValue	Static	Specify timespan in seconds. The QuorumLossWaitDuration for ImageStoreService.
ReplicaRestartWaitDuration	Time in seconds, default is 60.0 * 30	Static	Specify timespan in seconds. The ReplicaRestartWaitDuration for ImageStoreService.
StandByReplicaKeepDuration	Time in seconds, default is 3600.0 * 2	Static	Specify timespan in seconds. The StandByReplicaKeepDuration for ImageStoreService.
TargetReplicaSetSize	Int, default is 7	Static	The TargetReplicaSetSize for ImageStoreService.

KtlLogger

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AutomaticMemoryConfiguration	Int, default is 1	Dynamic	Flag that indicates if the memory settings should be automatically and dynamically configured. If zero then the memory configuration settings are used directly and don't change based on system conditions. If one then the memory settings are configured automatically and may change based on system conditions.
MaximumDestagingWriteOutstandingInKB	Int, default is 0	Dynamic	The number of KB to allow the shared log to advance ahead of the dedicated log. Use 0 to indicate no limit.
SharedLogId	string, default is ""	Static	Unique guid for shared log container. Use "" if using default path under fabric data root.
SharedLogPath	string, default is ""	Static	Path and file name to location to place shared log container. Use "" for using default path under fabric data root.
SharedLogSizeInMB	Int, default is 8192	Static	The number of MB to allocate in the shared log container.
SharedLogThrottleLimitInPercentUsed	int, default is 0	Static	The percentage of usage of the shared log that will induce throttling. Value should be between 0 and 100. A value of 0 implies using the default percentage value. A value of 100 implies no throttling at all. A value between 1 and 99 specifies the percentage of log usage above which throttling will occur; for example, if the shared log is 10 GB and the value is 90 then throttling will occur once 9 GB is in use. Using the default value is recommended.
WriteBufferMemoryPoolMaximumInKB	Int, default is 0	Dynamic	The number of KB to allow the write buffer memory pool to grow up to. Use 0 to indicate no limit.
WriteBufferMemoryPoolMinimumInKB	Int, default is 8388608	Dynamic	The number of KB to initially allocate for the write buffer memory pool. Use 0 to indicate no limit Default should be consistent with SharedLogSizeInMB below.

ManagedIdentityTokenService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
IsEnabled	bool, default is FALSE	Static	Flag controlling the presence and status of the Managed Identity Token Service in the cluster; this is a prerequisite for using the managed identity functionality of Service Fabric applications.
RunInStandaloneMode	bool, default is FALSE	Static	The RunInStandaloneMode for ManagedIdentityTokenService.
StandalonePrincipalId	wstring, default is ""	Static	The StandalonePrincipalId for ManagedIdentityTokenService.
StandaloneSendX509	bool, default is FALSE	Static	The StandaloneSendX509 for ManagedIdentityTokenService.
StandaloneTenantId	wstring, default is ""	Static	The StandaloneTenantId for ManagedIdentityTokenService.
StandaloneX509CredentialFindType	wstring, default is ""	Static	The StandaloneX509CredentialFindType for ManagedIdentityTokenService.
StandaloneX509CredentialFindValue	wstring, default is ""	Static	The StandaloneX509CredentialFindValue for ManagedIdentityTokenService

Management

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AutomaticUnprovisionInterval	TimeSpan, default is Common::TimeSpan::FromMinutes(5)	Dynamic	Specify timespan in seconds. The cleanup interval for allowed for unregister application type during automatic application type cleanup.
AzureStorageMaxConnections	Int, default is 5000	Dynamic	The maximum number of concurrent connections to Azure storage.
AzureStorageMaxWorkerThreads	Int, default is 25	Dynamic	The maximum number of worker threads in parallel.
AzureStorageOperationTimeout	Time in seconds, default is 6000	Dynamic	Specify timespan in seconds. Time out for xstore operation to complete.
CleanupApplicationPackageOnProvisionSuccess	bool, default is true	Dynamic	Enables or disables the automatic cleanup of application package on successful provision.
CleanupUnusedApplicationTypes	Bool, default is FALSE	Dynamic	This configuration if enabled, allows you to automatically unregister unused application type versions skipping the latest three unused versions, thereby trimming the disk space occupied by image store. The automatic cleanup is triggered at the end of successful provision for that specific app type and also runs periodically once a day for all the application types. Number of unused versions to skip is configurable using parameter "MaxUnusedAppTypeVersionsToKeep". Best practice is to use true.
DisableChecksumValidation	Bool, default is false	Static	This configuration allows us to enable or disable checksum validation during application provisioning.
DisableServerSideCopy	Bool, default is false	Static	This configuration enables or disables server-side copy of application package on the ImageStore during application provisioning.
ImageCachingEnabled	Bool, default is true	Static	This configuration allows us to enable or disable caching.
ImageStoreConnectionString	SecureString	Static	Connection string to the Root for ImageStore.
ImageStoreMinimumTransferBPS	Int, default is 1024	Dynamic	The minimum transfer rate between the cluster and ImageStore. This value is used to determine the timeout when accessing the external ImageStore. Change this value only if the latency between the cluster and ImageStore is high to allow more time for the cluster to download from the external ImageStore.
MaxUnusedAppTypeVersionsToKeep	Int, default is 3	Dynamic	This configuration defines the number of unused application type versions to be skipped for cleanup. This parameter is applicable only if parameter CleanupUnusedApplicationTypes is enabled. General best practice is to use the default (3). Values less than one are not valid.

MetricActivityThresholds

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyIntegerValueMap, default is None	Dynamic	Determines the set of MetricActivityThresholds for the metrics in the cluster. Balancing works if maxNodeLoad is greater than MetricActivityThresholds. For defrag metrics it defines the amount of load equal to or below which Service Fabric will consider the node empty

MetricActivityThresholdsPerNodeType

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyStringValueMap, default is None	Static	Configuration that specifies metric activity thresholds per node type.

MetricBalancingThresholds

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyDoubleValueMap, default is None	Dynamic	Determines the set of MetricBalancingThresholds for the metrics in the cluster. Balancing works if maxNodeLoad/minNodeLoad is greater than MetricBalancingThresholds. Defragmentation works if maxNodeLoad/minNodeLoad in at least one FD or UD is smaller than MetricBalancingThresholds.

MetricBalancingThresholdsPerNodeType

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyStringValueMap, default is None	Static	Configuration that specifies metric balancing thresholds per node type.

MetricLoadStickinessForSwap

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyDoubleValueMap, default is None	Dynamic	Determines the part of the load that sticks with replica when swapped. It takes value between 0 (load doesn't stick with replica) and 1 (load sticks with replica - default)

Naming/Replication

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces network traffic.

NamingService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
GatewayServiceDescriptionCacheLimit	Int, default is 0	Static	The maximum number of entries maintained in the LRU service description cache at the Naming Gateway (set to 0 for no limit).
MaxClientConnections	Int, default is 1000	Dynamic	The maximum allowed number of client connections per gateway.
MaxFileOperationTimeout	Time in seconds, default is 30	Dynamic	Specify timespan in seconds. The maximum timeout allowed for file store service operation. Requests specifying a larger timeout is rejected.
MaxIndexedEmptyPartitions	Int, default is 1000	Dynamic	The maximum number of empty partitions that will remain indexed in the notification cache for synchronizing reconnecting clients. Any empty partitions above this number will be removed from the index in ascending lookup version order. Reconnecting clients can still synchronize and receive missed empty partition updates; but the synchronization protocol becomes more expensive.
MaxMessageSize	Int, default is 4*1024*1024	Static	The maximum message size for client node communication when using naming. DOS attack alleviation; default value is 4 MB.
MaxNamingServiceHealthReports	Int, default is 10	Dynamic	The maximum number of slow operations that Naming store service reports unhealthy at one time. If 0; all slow operations are sent.
MaxOperationTimeout	Time in seconds, default is 600	Dynamic	Specify timespan in seconds. The maximum timeout allowed for client operations. Requests specifying a larger timeout is rejected.
MaxOutstandingNotificationsPerClient	Int, default is 1000	Dynamic	The maximum number of outstanding notifications before a client registration is forcibly closed by the gateway.
MinReplicaSetSize	Int, default is 3	Not Allowed	The minimum number of Naming Service replicas required to write into to complete an update. If there are fewer replicas than this active in the system the Reliability System denies updates to the Naming Service Store until replicas are restored. This value should never be more than the TargetReplicaSetSize.
PartitionCount	Int, default is 3	Not Allowed	The number of partitions of the Naming Service store to be created. Each partition owns a single partition key that corresponds to its index; so partition keys [0; PartitionCount] exist. Increasing the number of Naming Service partitions increases the scale that the Naming Service can perform at by decreasing the average amount of data held by any backing replica set; at a cost of increased utilization of resources (since PartitionCount*ReplicaSetSize service replicas must be maintained).
PlacementConstraints	string, default is ""	Not Allowed	Placement constraint for the Naming Service.
QuorumLossWaitDuration	Time in seconds, default is MaxValue	Not Allowed	Specify timespan in seconds. When a Naming Service gets into quorum loss; this timer starts. When it expires the FM will consider the down replicas as lost; and attempt to recover quorum. Not that this may result in data loss.
RepairInterval	Time in seconds, default is 5	Static	Specify timespan in seconds. Interval in which the naming inconsistency repair between the authority owner and name owner will start.
ReplicaRestartWaitDuration	Time in seconds, default is (60.0 * 30)	Not Allowed	Specify timespan in seconds. When a Naming Service replica goes down; this timer starts. When it expires the FM will begin to replace the replicas, which are down (it does not yet consider them lost).
ServiceDescriptionCacheLimit	Int, default is 0	Static	The maximum number of entries maintained in the LRU service description cache at the Naming Store Service (set to 0 for no limit).
ServiceNotificationTimeout	Time in seconds, default is 30	Dynamic	Specify timespan in seconds. The timeout used when delivering service notifications to the client.
StandByReplicaKeepDuration	Time in seconds, default is 3600.0 * 2	Not Allowed	Specify timespan in seconds. When a Naming Service replica come back from a down state; it may have already been replaced. This timer determines how long the FM will keep the standby replica before discarding it.
TargetReplicaSetSize	Int, default is 7	Not Allowed	The number of replica sets for each partition of the Naming Service store. Increasing the number of replica sets increases the level of reliability for the information in the Naming Service Store; decreasing the change that the information will be lost as a result of node failures; at a cost of increased load on Windows Fabric and the amount of time it takes to perform updates to the naming data.

NodeBufferPercentage

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyDoubleValueMap, default is None	Dynamic	Node capacity percentage per metric name; used as a buffer in order to keep some free place on a node for the failover case.

NodeCapacities

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	NodeCapacityCollectionMap	Static	A collection of node capacities for different metrics.

NodeDomainIds

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	NodeFaultDomainIdCollection	Static	Describes the fault domains a node belongs to. The fault domain is defined through a URI that describes the location of the node in the datacenter. Fault Domain URIs are of the format fd:/fd/ followed by a URI path segment.
UpgradeDomainId	string, default is ""	Static	Describes the upgrade domain a node belongs to.

NodeProperties

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	NodePropertyCollectionMap	Static	A collection of string key-value pairs for node properties.

Paas

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ClusterId	string, default is ""	Not Allowed	X509 certificate store used by fabric for configuration protection.

PerformanceCounterLocalStore

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
Counters	String	Dynamic	Comma-separated list of performance counters to collect.
IsEnabled	Bool, default is true	Dynamic	Flag indicates whether performance counter collection on local node is enabled.
MaxCounterBinaryFileSizeInMB	Int, default is 1	Dynamic	Maximum size (in MB) for each performance counter binary file.
NewCounterBinaryFileCreationIntervalInMinutes	Int, default is 10	Dynamic	Maximum interval (in seconds) after which a new performance counter binary file is created.
SamplingIntervalInSeconds	Int, default is 60	Dynamic	Sampling interval for performance counters being collected.

MinLoadBalancingIntervalsPerNodeType

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	KeyStringValueMap, default is None	Static	Configuration that specifies min load balancing intervals per node type.

PlacementAndLoadBalancing

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AffinityConstraintPriority	Int, default is 0	Dynamic	Determines the priority of affinity constraint: 0: Hard; 1: Soft; negative: Ignore.
ApplicationCapacityConstraintPriority	Int, default is 0	Dynamic	Determines the priority of capacity constraint: 0: Hard; 1: Soft; negative: Ignore.
AutoDetectAvailableResources	bool, default is TRUE	Static	This config triggers auto detection of available resources on node (CPU and Memory) When this config is set to true - we read real capacities and correct them if user specified bad node capacities or didn't define them at all If this config is set to false - we trace a warning that user specified bad node capacities; but we will not correct them; meaning that user wants to have the capacities specified as > than the node really has or if capacities are undefined; it will assume unlimited capacity
AuxiliaryInBuildThrottlingWeight	double, default is 1	Static	Auxiliary replica's weight against the current InBuildThrottling max limit.
BalancingDelayAfterNewNode	Time in seconds, default is 120	Dynamic	Specify timespan in seconds. Don't start balancing activities within this period after adding a new node.
BalancingDelayAfterNodeDown	Time in seconds, default is 120	Dynamic	Specify timespan in seconds. Don't start balancing activities within this period after a node down event.
BlockNodeInUpgradeConstraintPriority	Int, default is -1	Dynamic	Determines the priority of capacity constraint: 0: Hard; 1: Soft; negative: Ignore
CapacityConstraintPriority	Int, default is 0	Dynamic	Determines the priority of capacity constraint: 0: Hard; 1: Soft; negative: Ignore.
ConsecutiveDroppedMovementsHealthReportLimit	Int, default is 20	Dynamic	Defines the number of consecutive times that ResourceBalancer-issued Movements are dropped before diagnostics are conducted and health warnings are emitted. Negative: No Warnings Emitted under this condition.
ConstraintFixPartialDelayAfterNewNode	Time in seconds, default is 120	Dynamic	Specify timespan in seconds. Don't Fix FaultDomain and UpgradeDomain constraint violations within this period after adding a new node.
ConstraintFixPartialDelayAfterNodeDown	Time in seconds, default is 120	Dynamic	Specify timespan in seconds. Don't Fix FaultDomain and UpgradeDomain constraint violations within this period after a node down event.
ConstraintViolationHealthReportLimit	Int, default is 50	Dynamic	Defines the number of times constraint violating replica has to be persistently unfixed before diagnostics are conducted and health reports are emitted.
DecisionOperationalTracingEnabled	bool, default is FALSE	Dynamic	Config that enables CRM Decision operational structural trace in the event store.
DetailedConstraintViolationHealthReportLimit	Int, default is 200	Dynamic	Defines the number of times constraint violating replica has to be persistently unfixed before diagnostics are conducted and detailed health reports are emitted.
DetailedDiagnosticsInfoListLimit	Int, default is 15	Dynamic	Defines the number of diagnostic entries (with detailed information) per constraint to include before truncation in Diagnostics.
DetailedNodeListLimit	Int, default is 15	Dynamic	Defines the number of nodes per constraint to include before truncation in the Unplaced Replica reports.
DetailedPartitionListLimit	Int, default is 15	Dynamic	Defines the number of partitions per diagnostic entry for a constraint to include before truncation in Diagnostics.
DetailedVerboseHealthReportLimit	Int, default is 200	Dynamic	Defines the number of times an unplaced replica has to be persistently unplaced before detailed health reports are emitted.
EnforceUserServiceMetricCapacities	bool, default is FALSE	Static	Enables fabric services protection. All user services are under one job object/cgroup and limited to specified amount of resources. This needs to be static (requires restart of FabricHost) as creation/removal of user job object and setting limits in done during open of Fabric Host.
EnableServiceSensitivity	bool, default is False	Dynamic	Feature switch to enable/disable the replica sensitivity feature.
FaultDomainConstraintPriority	Int, default is 0	Dynamic	Determines the priority of fault domain constraint: 0: Hard; 1: Soft; negative: Ignore.
GlobalMovementThrottleCountingInterval	Time in seconds, default is 600	Static	Specify timespan in seconds. Indicate the length of the past interval for which to track per domain replica movements (used along with GlobalMovementThrottleThreshold). Can be set to 0 to ignore global throttling altogether.
GlobalMovementThrottleThreshold	Uint, default is 1000	Dynamic	Maximum number of movements allowed in the Balancing Phase in the past interval indicated by GlobalMovementThrottleCountingInterval.
GlobalMovementThrottleThresholdForBalancing	Uint, default is 0	Dynamic	Maximum number of movements allowed in Balancing Phase in the past interval indicated by GlobalMovementThrottleCountingInterval. 0 indicates no limit.
GlobalMovementThrottleThresholdForPlacement	Uint, default is 0	Dynamic	Maximum number of movements allowed in Placement Phase in the past interval indicated by GlobalMovementThrottleCountingInterval.0 indicates no limit.
GlobalMovementThrottleThresholdPercentage	double, default is 0	Dynamic	Maximum number of total movements allowed in Balancing and Placement phases (expressed as percentage of total number of replicas in the cluster) in the past interval indicated by GlobalMovementThrottleCountingInterval. 0 indicates no limit. If both this and GlobalMovementThrottleThreshold are specified; then more conservative limit is used.
GlobalMovementThrottleThresholdPercentageForBalancing	double, default is 0	Dynamic	Maximum number of movements allowed in Balancing Phase (expressed as percentage of total number of replicas in PLB) in the past interval indicated by GlobalMovementThrottleCountingInterval. 0 indicates no limit. If both this and GlobalMovementThrottleThresholdForBalancing are specified; then more conservative limit is used.
InBuildThrottlingAssociatedMetric	string, default is ""	Static	The associated metric name for this throttling.
InBuildThrottlingEnabled	Bool, default is false	Dynamic	Determine whether the in-build throttling is enabled.
InBuildThrottlingGlobalMaxValue	Int, default is 0	Dynamic	The maximal number of in-build replicas allowed globally.
InterruptBalancingForAllFailoverUnitUpdates	Bool, default is false	Dynamic	Determines if any type of failover unit update should interrupt fast or slow balancing run. With specified "false" balancing run will be interrupted if FailoverUnit: is created/deleted; has missing replicas; changed primary replica location or changed number of replicas. Balancing run will NOT be interrupted in other cases - if FailoverUnit: has extra replicas; changed any replica flag; changed only partition version or any other case.
MinConstraintCheckInterval	Time in seconds, default is 1	Dynamic	Specify timespan in seconds. Defines the minimum amount of time that must pass before two consecutive constraint check rounds.
MinLoadBalancingInterval	Time in seconds, default is 5	Dynamic	Specify timespan in seconds. Defines the minimum amount of time that must pass before two consecutive balancing rounds.
MinPlacementInterval	Time in seconds, default is 1	Dynamic	Specify timespan in seconds. Defines the minimum amount of time that must pass before two consecutive placement rounds.
MoveExistingReplicaForPlacement	Bool, default is true	Dynamic	Setting, which determines if to move existing replica during placement.
MovementPerPartitionThrottleCountingInterval	Time in seconds, default is 600	Static	Specify timespan in seconds. Indicate the length of the past interval for which to track replica movements for each partition (used along with MovementPerPartitionThrottleThreshold).
MovementPerPartitionThrottleThreshold	Uint, default is 50	Dynamic	No balancing-related movement will occur for a partition if the number of balancing related movements for replicas of that partition has reached or exceeded MovementPerFailoverUnitThrottleThreshold in the past interval indicated by MovementPerPartitionThrottleCountingInterval.
MoveParentToFixAffinityViolation	Bool, default is false	Dynamic	Setting, which determines if parent replicas can be moved to fix affinity constraints.
NodeTaggingEnabled	Bool, default is false	Dynamic	If true; NodeTagging feature will be enabled.
NodeTaggingConstraintPriority	Int, default is 0	Dynamic	Configurable priority of node tagging.
PartiallyPlaceServices	Bool, default is true	Dynamic	Determines if all service replicas in cluster will be placed "all or nothing" given limited suitable nodes for them.
PlaceChildWithoutParent	Bool, default is true	Dynamic	Setting, which determines if child service replica can be placed if no parent replica is up.
PlacementConstraintPriority	Int, default is 0	Dynamic	Determines the priority of placement constraint: 0: Hard; 1: Soft; negative: Ignore.
PlacementConstraintValidationCacheSize	Int, default is 10000	Dynamic	Limits the size of the table used for quick validation and caching of Placement Constraint Expressions.
PlacementSearchTimeout	Time in seconds, default is 0.5	Dynamic	Specify timespan in seconds. When placing services; search for at most this long before returning a result.
PLBRefreshGap	Time in seconds, default is 1	Dynamic	Specify timespan in seconds. Defines the minimum amount of time that must pass before PLB refreshes state again.
PreferredLocationConstraintPriority	Int, default is 2	Dynamic	Determines the priority of preferred location constraint: 0: Hard; 1: Soft; 2: Optimization; negative: Ignore
PreferredPrimaryDomainsConstraintPriority	Int, default is 1	Dynamic	Determines the priority of preferred primary domain constraint: 0: Hard; 1: Soft; negative: Ignore
PreferUpgradedUDs	bool, default is FALSE	Dynamic	Turns on and off logic, which prefers moving to already upgraded UDs. Starting with SF 7.0, the default value for this parameter is changed from TRUE to FALSE.
PreventTransientOvercommit	Bool, default is false	Dynamic	Determines should PLB immediately count on resources that will be freed up by the initiated moves. By default; PLB can initiate move out and move in on the same node which can create transient overcommit. Setting this parameter to true will prevent those kinds of overcommits and on-demand defrag (also known as placementWithMove) will be disabled.
RelaxUnlimitedPartitionBasedAutoScaling	Bool, default is false	Dynamic	Allow partition based autoscaling for -1 upper scaling limit exceeds number of available nodes. If config is enabled; maximum partition count is calculated as ratio of available load and default partition load. If RelaxUnlimitedPartitionBasedAutoScaling is enabled; maximum partition count won't be less than number of available nodes.
RelaxUnlimitedInstanceBasedAutoScaling	Bool, default is false	Dynamic	Allow instance based autoscaling for -1 upper scaling limit exceeds number of available nodes. If config is enabled; maximum partition count is calculated as ratio of available load and default instance load. If RelaxUnlimitedInstanceBasedAutoScaling is enabled; maximum instance count won't be less than number of available nodes. If service doesn't allow multi-instance on the same node; enabling RelaxUnlimitedInstanceBasedAutoScaling config doesn't have impact on that service. If AllowCreateUpdateMultiInstancePerNodeServices config is disabled; enabling RelaxUnlimitedInstanceBasedAutoScaling config doesn't have impact.
ScaleoutCountConstraintPriority	Int, default is 0	Dynamic	Determines the priority of scaleout count constraint: 0: Hard; 1: Soft; negative: Ignore.
SeparateBalancingStrategyPerNodeType	Bool, default is false	Dynamic	Balancing configuration per node type Enable or disable balancing per node type feature.
SubclusteringEnabled	Bool, default is FALSE	Dynamic	Acknowledge subclustering when calculating standard deviation for balancing
SubclusteringReportingPolicy	Int, default is 1	Dynamic	Defines how and if the subclustering health reports are sent: 0: Don't report; 1: Warning; 2: OK
SwapPrimaryThrottlingAssociatedMetric	string, default is ""	Static	The associated metric name for this throttling.
SwapPrimaryThrottlingEnabled	Bool, default is false	Dynamic	Determine whether the swap-primary throttling is enabled.
SwapPrimaryThrottlingGlobalMaxValue	Int, default is 0	Dynamic	The maximal number of swap-primary replicas allowed globally.
TraceCRMReasons	Bool, default is true	Dynamic	Specifies whether to trace reasons for CRM issued movements to the operational events channel.
UpgradeDomainConstraintPriority	Int, default is 1	Dynamic	Determines the priority of upgrade domain constraint: 0: Hard; 1: Soft; negative: Ignore.
UseMoveCostReports	Bool, default is false	Dynamic	Instructs the LB to ignore the cost element of the scoring function; resulting potentially large number of moves for better balanced placement.
UseSeparateAuxiliaryLoad	Bool, default is true	Dynamic	Setting, which determines if PLB should use different load for auxiliary on each node. If UseSeparateAuxiliaryLoad is turned off: - Reported load for auxiliary on one node will result in overwriting load for each auxiliary (on all other nodes) If UseSeparateAuxiliaryLoad is turned on: - Reported load for auxiliary on one node will take effect only on that auxiliary (no effect on auxiliaries on other nodes) - If replica crash happens - new replica is created with average load of all the rest auxiliaries - If PLB moves existing replica - load goes with it.
UseSeparateAuxiliaryMoveCost	Bool, default is false	Dynamic	Setting, which determines if PLB should use different move cost for auxiliary on each node. If UseSeparateAuxiliaryMoveCost is turned off: - Reported move cost for auxiliary on one node will result in overwriting move cost for each auxiliary (on all other nodes) If UseSeparateAuxiliaryMoveCost is turned on: - Reported move cost for auxiliary on one node will take effect only on that auxiliary (no effect on auxiliaries on other nodes) - If replica crash happens - new replica is created with default move cost specified on service level - If PLB moves existing replica - move cost goes with it.
UseSeparateSecondaryLoad	Bool, default is true	Dynamic	Setting, which determines if separate load should be used for secondary replicas.
UseSeparateSecondaryMoveCost	Bool, default is true	Dynamic	Setting, which determines if PLB should use different move cost for secondary on each node. If UseSeparateSecondaryMoveCost is turned off: - Reported move cost for secondary on one node will result in overwriting move cost for each secondary (on all other nodes) If UseSeparateSecondaryMoveCost is turned on: - Reported move cost for secondary on one node will take effect only on that secondary (no effect on secondaries on other nodes) - If replica crash happens - new replica is created with default move cost specified on service level - If PLB moves existing replica - move cost goes with it.
ValidatePlacementConstraint	Bool, default is true	Dynamic	Specifies whether or not the PlacementConstraint expression for a service is validated when a service's ServiceDescription is updated.
ValidatePrimaryPlacementConstraintOnPromote	Bool, default is TRUE	Dynamic	Specifies whether or not the PlacementConstraint expression for a service is evaluated for primary preference on failover.
VerboseHealthReportLimit	Int, default is 20	Dynamic	Defines the number of times a replica has to go unplaced before a health warning is reported for it (if verbose health reporting is enabled).
NodeLoadsOperationalTracingEnabled	Bool, default is true	Dynamic	Config that enables Node Load operational structural trace in the event store.
NodeLoadsOperationalTracingInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(20)	Dynamic	Specify timespan in seconds. The interval with which to trace node loads to event store for each service domain.

ReconfigurationAgent

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ApplicationUpgradeMaxReplicaCloseDuration	Time in seconds, default is 900	Dynamic	Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close during Application Upgrade.
FabricUpgradeMaxReplicaCloseDuration	Time in seconds, default is 900	Dynamic	Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close during fabric upgrade.
GracefulReplicaShutdownMaxDuration	TimeSpan, default is Common::TimeSpan::FromSeconds(120)	Dynamic	Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close. If this value is set to 0, replicas will not be instructed to close.
NodeDeactivationMaxReplicaCloseDuration	Time in seconds, default is 900	Dynamic	Specify timespan in seconds. The duration for which the system will wait before terminating service hosts that have replicas that are stuck in close during node deactivation.
PeriodicApiSlowTraceInterval	Time in seconds, default is 5 minutes	Dynamic	Specify timespan in seconds. PeriodicApiSlowTraceInterval defines the interval over which slow API calls will be retraced by the API monitor.
ReplicaChangeRoleFailureRestartThreshold	int, default is 10	Dynamic	Integer. Specify the number of API failures during primary promotion after which automitigation action (replica restart) will be applied.
ReplicaChangeRoleFailureWarningReportThreshold	int, default is 2147483647	Dynamic	Integer. Specify the number of API failures during primary promotion after which warning health report will be raised.
ServiceApiHealthDuration	Time in seconds, default is 30 minutes	Dynamic	Specify timespan in seconds. ServiceApiHealthDuration defines how long do we wait for a service API to run before we report it unhealthy.
ServiceReconfigurationApiHealthDuration	Time in seconds, default is 30	Dynamic	Specify timespan in seconds. ServiceReconfigurationApiHealthDuration defines how long do we wait for a service API to run before we report unhealthy. This applies to API calls that impact availability.

RepairManager/Replication

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces network traffic.

Replication

Warning Note : Changing Replication/TranscationalReplicator settings at cluster level changes settings for all stateful services include system services. This is generally not recommended. See this document Configure Azure Service Fabric Reliable Services - Azure Service Fabric | Microsoft Docs to configure services at app level.

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
BatchAcknowledgementInterval	TimeSpan, default is Common::TimeSpan::FromMilliseconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before sending back an acknowledgment. Other operations received during this time period will have their acknowledgments sent back in a single message-> reducing network traffic but potentially reducing the throughput of the replicator.
MaxCopyQueueSize	uint, default is 1024	Static	This is the maximum value defines the initial size for the queue which maintains replication operations. Note that it must be a power of 2. If during runtime the queue grows to this size operation will be throttled between the primary and secondary replicators.
MaxPrimaryReplicationQueueMemorySize	uint, default is 0	Static	This is the maximum value of the primary replication queue in bytes.
MaxPrimaryReplicationQueueSize	uint, default is 8192	Static	This is the maximum number of operations that could exist in the primary replication queue. Note that it must be a power of 2.
MaxReplicationMessageSize	uint, default is 52428800	Static	Maximum message size of replication operations. Default is 50 MB.
MaxSecondaryReplicationQueueMemorySize	uint, default is 0	Static	This is the maximum value of the secondary replication queue in bytes.
MaxSecondaryReplicationQueueSize	uint, default is 16384	Static	This is the maximum number of operations that could exist in the secondary replication queue. Note that it must be a power of 2.
QueueHealthMonitoringInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(30)	Static	Specify timespan in seconds. This value determines the time period used by the Replicator to monitor any warning/error health events in the replication operation queues. A value of '0' disables health monitoring
QueueHealthWarningAtUsagePercent	uint, default is 80	Static	This value determines the replication queue usage(in percentage) after which we report warning about high queue usage. We do so after a grace interval of QueueHealthMonitoringInterval. If the queue usage falls below this percentage in the grace interval
ReplicatorAddress	string, default is "localhost:0"	Static	The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to establish connections with other replicas in order to send/receive operations.
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ReplicationBatchSize	uint, default is 1	Static	Specifies the number of operations to be sent between primary and secondary replicas. If zero the primary sends one record per operation to the secondary. Otherwise the primary replica aggregates log records until the config value is reached. This reduces network traffic.
ReplicatorListenAddress	string, default is "localhost:0"	Static	The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to receive operations from other replicas.
ReplicatorPublishAddress	string, default is "localhost:0"	Static	The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to send operations to other replicas.
RetryInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(5)	Static	Specify timespan in seconds. When an operation is lost or rejected this timer determines how often the replicator retries sending the operation.

ResourceMonitorService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
IsEnabled	bool, default is FALSE	Static	Controls if the service is enabled in the cluster or not.

RunAs

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
RunAsAccountName	string, default is ""	Dynamic	Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType	string, default is ""	Dynamic	Indicates the RunAs account type. This is needed for any RunAs section Valid values are "DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword	string, default is ""	Dynamic	Indicates the RunAs account password. This is only needed for "DomainUser" account type.

RunAs_DCA

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
RunAsAccountName	string, default is ""	Dynamic	Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType	string, default is ""	Dynamic	Indicates the RunAs account type. This is needed for any RunAs section Valid values are "LocalUser/DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword	string, default is ""	Dynamic	Indicates the RunAs account password. This is only needed for "DomainUser" account type.

RunAs_Fabric

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
RunAsAccountName	string, default is ""	Dynamic	Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType	string, default is ""	Dynamic	Indicates the RunAs account type. This is needed for any RunAs section Valid values are "LocalUser/DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword	string, default is ""	Dynamic	Indicates the RunAs account password. This is only needed for "DomainUser" account type.

RunAs_HttpGateway

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
RunAsAccountName	string, default is ""	Dynamic	Indicates the RunAs account name. This is only needed for "DomainUser" or "ManagedServiceAccount" account type. Valid values are "domain\user" or "user@domain".
RunAsAccountType	string, default is ""	Dynamic	Indicates the RunAs account type. This is needed for any RunAs section Valid values are "LocalUser/DomainUser/NetworkService/ManagedServiceAccount/LocalSystem".
RunAsPassword	string, default is ""	Dynamic	Indicates the RunAs account password. This is only needed for "DomainUser" account type.

Security

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AADCertEndpointFormat	string, default is ""	Static	Microsoft Entra Cert Endpoint Format, default Azure Commercial, specified for non-default environment such as Azure Government "https://login.microsoftonline.us/{0}/federationmetadata/2007-06/federationmetadata.xml"
AADClientApplication	string, default is ""	Static	Native Client application name or ID representing Fabric Clients
AADClusterApplication	string, default is ""	Static	Web API application name or ID representing the cluster
AADLoginEndpoint	string, default is ""	Static	Microsoft Entra Login Endpoint, default Azure Commercial, specified for non-default environment such as Azure Government "https://login.microsoftonline.us"
AADTenantId	string, default is ""	Static	Tenant ID (GUID)
AcceptExpiredPinnedClusterCertificate	bool, default is FALSE	Dynamic	Flag indicating whether to accept expired cluster certificates declared by thumbprint Applies only to cluster certificates; so as to keep the cluster alive.
AdminClientCertThumbprints	string, default is ""	Dynamic	Thumbprints of certificates used by clients in admin role. It's a comma-separated name list.
AADTokenEndpointFormat	string, default is ""	Static	Microsoft Entra Token Endpoint, default Azure Commercial, specified for non-default environment such as Azure Government "https://login.microsoftonline.us/{0}"
AdminClientClaims	string, default is ""	Dynamic	All possible claims expected from admin clients; the same format as ClientClaims; this list internally gets added to ClientClaims; so no need to also add the same entries to ClientClaims.
AdminClientIdentities	string, default is ""	Dynamic	Windows identities of fabric clients in admin role; used to authorize privileged fabric operations. It's a comma-separated list; each entry is a domain account name or group name. For convenience; the account that runs fabric.exe is automatically assigned admin role; so is group ServiceFabricAdministrators.
AppRunAsAccountGroupX509Folder	string, default is /home/sfuser/sfusercerts	Static	Folder where AppRunAsAccountGroup X509 certificates and private keys are located
CertificateExpirySafetyMargin	TimeSpan, default is Common::TimeSpan::FromMinutes(43200)	Static	Specify timespan in seconds. Safety margin for certificate expiration; certificate health report status changes from OK to Warning when expiration is closer than this. Default is 30 days.
CertificateHealthReportingInterval	TimeSpan, default is Common::TimeSpan::FromSeconds(3600 * 8)	Static	Specify timespan in seconds. Specify interval for certificate health reporting; default to 8 hours; setting to 0 disables certificate health reporting
ClientCertThumbprints	string, default is ""	Dynamic	Thumbprints of certificates used by clients to talk to the cluster; cluster uses this to authorize incoming connection. It's a comma-separated name list.
ClientClaimAuthEnabled	bool, default is FALSE	Static	Indicates if claim-based authentication is enabled on clients; setting this true implicitly sets ClientRoleEnabled.
ClientClaims	string, default is ""	Dynamic	All possible claims expected from clients for connecting to gateway. This is a 'OR' list: ClaimsEntry || ClaimsEntry || ClaimsEntry ... each ClaimsEntry is an "AND" list: ClaimType=ClaimValue && ClaimType=ClaimValue && ClaimType=ClaimValue ...
ClientIdentities	string, default is ""	Dynamic	Windows identities of FabricClient; naming gateway uses this to authorize incoming connections. It's a comma-separated list; each entry is a domain account name or group name. For convenience; the account that runs fabric.exe is automatically allowed; so are group ServiceFabricAllowedUsers and ServiceFabricAdministrators.
ClientRoleEnabled	bool, default is FALSE	Static	Indicates if client role is enabled; when set to true; clients are assigned roles based on their identities. For V2; enabling this means client not in AdminClientCommonNames/AdminClientIdentities can only execute read-only operations.
ClusterCertThumbprints	string, default is ""	Dynamic	Thumbprints of certificates allowed to join the cluster; a comma-separated name list.
ClusterCredentialType	string, default is "None"	Not Allowed	Indicates the type of security credentials to use in order to secure the cluster. Valid values are "None/X509/Windows"
ClusterIdentities	string, default is ""	Dynamic	Windows identities of cluster nodes; used for cluster membership authorization. It's a comma-separated list; each entry is a domain account name or group name
ClusterSpn	string, default is ""	Not Allowed	Service principal name of the cluster; when fabric runs as a single domain user (gMSA/domain user account). It's the SPN of lease listeners and listeners in fabric.exe: federation listeners; internal replication listeners; runtime service listener and naming gateway listener. This should be left empty when fabric runs as machine accounts; in which case connecting side compute listener SPN from listener transport address.
CrlCheckingFlag	uint, default is 0x40000000	Dynamic	Default certificate chain validation flag; may be overridden by component-specific flag; e.g. Federation/X509CertChainFlags 0x10000000 CERT_CHAIN_REVOCATION_CHECK_END_CERT 0x20000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN 0x40000000 CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x80000000 CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY Setting to 0 disables CRL checking Full list of supported values is documented by dwFlags of CertGetCertificateChain: https://msdn.microsoft.com/library/windows/desktop/aa376078(v=vs.85).aspx
CrlDisablePeriod	TimeSpan, default is Common::TimeSpan::FromMinutes(15)	Dynamic	Specify timespan in seconds. How long CRL checking is disabled for a given certificate after encountering offline error; if CRL offline error can be ignored.
CrlOfflineHealthReportTtl	TimeSpan, default is Common::TimeSpan::FromMinutes(1440)	Dynamic	Specify timespan in seconds.
DisableFirewallRuleForDomainProfile	bool, default is TRUE	Static	Indicates if firewall rule shouldn't be enabled for domain profile
DisableFirewallRuleForPrivateProfile	bool, default is TRUE	Static	Indicates if firewall rule shouldn't be enabled for private profile
DisableFirewallRuleForPublicProfile	bool, default is TRUE	Static	Indicates if firewall rule shouldn't be enabled for public profile
EnforceLinuxMinTlsVersion	bool, default is FALSE	Static	If set to true; only TLS version 1.2+ is supported. If false; support earlier TLS versions. Applies to Linux only
EnforcePrevalidationOnSecurityChanges	bool, default is FALSE	Dynamic	Flag controlling the behavior of cluster upgrade upon detecting changes of its security settings. If set to 'true', the cluster upgrade will attempt to ensure that at least one of the certificates matching any of the presentation rules can pass a corresponding validation rule. The pre-validation is executed before the new settings are applied to any node, but runs only on the node hosting the primary replica of the Cluster Manager service at the time of initiating the upgrade. The default is currently set to 'false'; starting with release 7.1, the setting will be set to 'true' for new Azure Service Fabric clusters.
EnforceStrictRoleMapping	bool, default is FALSE	Dynamic	The permissions mapping in the SF runtime for the ElevatedAdmin role includes all current operations and any newly introduced functionality remains accessible to ElevatedAmin; i.e. the EA role gets a "*" permission in the code - that is; a blank authorization to invoke all SF APIs. The intent is that a 'deny' rule (Security/ClientAccess MyOperation="None") won't apply to the ElevatedAdmin role by default. However; if EnforceStrictRoleMapping is set to true; existing code or cluster manifest overrides which specify "operation": "Admin" (in Security/ClientAccess section) will make "operation" in effect inaccessible to the ElevatedAdmin role.
FabricHostSpn	string, default is ""	Static	Service principal name of FabricHost; when fabric runs as a single domain user (gMSA/domain user account) and FabricHost runs under machine account. It's the SPN of IPC listener for FabricHost; which by default should be left empty since FabricHost runs under machine account
IgnoreCrlOfflineError	bool, default is FALSE	Dynamic	Whether to ignore CRL offline error when server-side verifies incoming client certificates
IgnoreSvrCrlOfflineError	bool, default is TRUE	Dynamic	Whether to ignore CRL offline error when client side verifies incoming server certificates; default to true. Attacks with revoked server certificates require compromising DNS; harder than with revoked client certificates.
ServerAuthCredentialType	string, default is "None"	Static	Indicates the type of security credentials to use in order to secure the communication between FabricClient and the Cluster. Valid values are "None/X509/Windows"
ServerCertThumbprints	string, default is ""	Dynamic	Thumbprints of server certificates used by cluster to talk to clients; clients use this to authenticate the cluster. It's a comma-separated name list.
SettingsX509StoreName	string, default is "MY"	Dynamic	X509 certificate store used by fabric for configuration protection
UseClusterCertForIpcServerTlsSecurity	bool, default is FALSE	Static	Whether to use cluster certificate to secure IPC Server TLS transport unit
X509Folder	string, default is /var/lib/waagent	Static	Folder where X509 certificates and private keys are located
TLS1_2_CipherList	string	Static	If set to a nonempty string; overrides the supported cipher list for TLS1.2 and below. See the 'openssl-ciphers' documentation for retrieving the supported cipher list and the list format Example of strong cipher list for TLS1.2: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-CBC-SHA384:ECDHE-ECDSA-AES128-CBC-SHA256:ECDHE-RSA-AES256-CBC-SHA384:ECDHE-RSA-AES128-CBC-SHA256" Applies to Linux only.

Security/AdminClientX509Names

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	X509NameMap, default is None	Dynamic	This is a list of "Name" and "Value" pair. Each "Name" is of subject common name or DnsName of X509 certificates authorized for admin client operations. For a given "Name", "Value" is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of admin client certificates must be in the list.

Security/ElevatedAdminClientX509Names

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	X509NameMap, default is None	Dynamic	Certificate common names of fabric clients in elevated admin role; used to authorize privileged fabric operations. It is a comma separated list.

Security/ClientAccess

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
ActivateNode	string, default is "Admin"	Dynamic	Security configuration for activation a node.
AddRemoveConfigurationParameterOverrides	wstring, default is L"Admin"	Dynamic	Add/remove configuration parameter overrides
CancelTestCommand	string, default is "Admin"	Dynamic	Cancels a specific TestCommand - if it's in flight.
CodePackageControl	string, default is "Admin"	Dynamic	Security configuration for restarting code packages.
CreateApplication	string, default is "Admin"	Dynamic	Security configuration for application creation.
CreateComposeDeployment	string, default is "Admin"	Dynamic	Creates a compose deployment described by compose files
CreateGatewayResource	string, default is "Admin"	Dynamic	Create a gateway resource
CreateName	string, default is "Admin"	Dynamic	Security configuration for Naming URI creation.
CreateNetwork	string, default is "Admin"	Dynamic	Creates a container network
CreateService	string, default is "Admin"	Dynamic	Security configuration for service creation.
CreateServiceFromTemplate	string, default is "Admin"	Dynamic	Security configuration for service creation from template.
CreateVolume	string, default is "Admin"	Dynamic	Creates a volume
DeactivateNode	string, default is "Admin"	Dynamic	Security configuration for deactivating a node.
DeactivateNodesBatch	string, default is "Admin"	Dynamic	Security configuration for deactivating multiple nodes.
Delete	string, default is "Admin"	Dynamic	Security configurations for image store client delete operation.
DeleteApplication	string, default is "Admin"	Dynamic	Security configuration for application deletion.
DeleteComposeDeployment	string, default is "Admin"	Dynamic	Deletes the compose deployment
DeleteGatewayResource	string, default is "Admin"	Dynamic	Deletes a gateway resource
DeleteName	string, default is "Admin"	Dynamic	Security configuration for Naming URI deletion.
DeleteNetwork	string, default is "Admin"	Dynamic	Deletes a container network
DeleteService	string, default is "Admin"	Dynamic	Security configuration for service deletion.
DeleteVolume	string, default is "Admin"	Dynamic	Deletes a volume.
DisableService	wstring, default is L"Admin"	Dynamic	Security configuration for disabling a service.
EnumerateProperties	string, default is "Admin||User"	Dynamic	Security configuration for Naming property enumeration.
EnumerateSubnames	string, default is "Admin||User"	Dynamic	Security configuration for Naming URI enumeration.
EnableService	wstring, default is L"Admin"	Dynamic	Security configuration for enabling a service.
FileContent	string, default is "Admin"	Dynamic	Security configuration for image store client file transfer (external to cluster).
FileDownload	string, default is "Admin"	Dynamic	Security configuration for image store client file download initiation (external to cluster).
FinishInfrastructureTask	string, default is "Admin"	Dynamic	Security configuration for finishing infrastructure tasks.
GetChaosReport	string, default is "Admin||User"	Dynamic	Fetches the status of Chaos within a given time range.
GetClusterConfiguration	string, default is "Admin||User"	Dynamic	Induces GetClusterConfiguration on a partition.
GetClusterConfigurationUpgradeStatus	string, default is "Admin||User"	Dynamic	Induces GetClusterConfigurationUpgradeStatus on a partition.
GetFabricUpgradeStatus	string, default is "Admin||User"	Dynamic	Security configuration for polling cluster upgrade status.
GetFolderSize	string, default is "Admin"	Dynamic	Security configuration for FileStoreService's getting folder size
GetNodeDeactivationStatus	string, default is "Admin"	Dynamic	Security configuration for checking deactivation status.
GetNodeTransitionProgress	string, default is "Admin||User"	Dynamic	Security configuration for getting progress on a node transition command.
GetPartitionDataLossProgress	string, default is "Admin||User"	Dynamic	Fetches the progress for an invoke data loss api call.
GetPartitionQuorumLossProgress	string, default is "Admin||User"	Dynamic	Fetches the progress for an invoke quorum loss api call.
GetPartitionRestartProgress	string, default is "Admin||User"	Dynamic	Fetches the progress for a restart partition api call.
GetSecrets	string, default is "Admin"	Dynamic	Get secret values
GetServiceDescription	string, default is "Admin||User"	Dynamic	Security configuration for long-poll service notifications and reading service descriptions.
GetStagingLocation	string, default is "Admin"	Dynamic	Security configuration for image store client staging location retrieval.
GetStoreLocation	string, default is "Admin"	Dynamic	Security configuration for image store client store location retrieval.
GetUpgradeOrchestrationServiceState	string, default is "Admin"	Dynamic	Induces GetUpgradeOrchestrationServiceState on a partition
GetUpgradesPendingApproval	string, default is "Admin"	Dynamic	Induces GetUpgradesPendingApproval on a partition.
GetUpgradeStatus	string, default is "Admin||User"	Dynamic	Security configuration for polling application upgrade status.
InternalList	string, default is "Admin"	Dynamic	Security configuration for image store client file list operation (internal).
InvokeContainerApi	string, default is "Admin"	Dynamic	Invoke container API
InvokeInfrastructureCommand	string, default is "Admin"	Dynamic	Security configuration for infrastructure task management commands.
InvokeInfrastructureQuery	string, default is "Admin||User"	Dynamic	Security configuration for querying infrastructure tasks.
List	string, default is "Admin||User"	Dynamic	Security configuration for image store client file list operation.
MoveNextFabricUpgradeDomain	string, default is "Admin"	Dynamic	Security configuration for resuming cluster upgrades with an explicit Upgrade Domain.
MoveNextUpgradeDomain	string, default is "Admin"	Dynamic	Security configuration for resuming application upgrades with an explicit Upgrade Domain.
MoveReplicaControl	string, default is "Admin"	Dynamic	Move replica.
NameExists	string, default is "Admin||User"	Dynamic	Security configuration for Naming URI existence checks.
NodeControl	string, default is "Admin"	Dynamic	Security configuration for starting; stopping; and restarting nodes.
NodeStateRemoved	string, default is "Admin"	Dynamic	Security configuration for reporting node state removed.
Ping	string, default is "Admin||User"	Dynamic	Security configuration for client pings.
PredeployPackageToNode	string, default is "Admin"	Dynamic	Predeployment api.
PrefixResolveService	string, default is "Admin||User"	Dynamic	Security configuration for complaint-based service prefix resolution.
PropertyReadBatch	string, default is "Admin||User"	Dynamic	Security configuration for Naming property read operations.
PropertyWriteBatch	string, default is "Admin"	Dynamic	Security configurations for Naming property write operations.
ProvisionApplicationType	string, default is "Admin"	Dynamic	Security configuration for application type provisioning.
ProvisionFabric	string, default is "Admin"	Dynamic	Security configuration for MSI and/or Cluster Manifest provisioning.
Query	string, default is "Admin||User"	Dynamic	Security configuration for queries.
RecoverPartition	string, default is "Admin"	Dynamic	Security configuration for recovering a partition.
RecoverPartitions	string, default is "Admin"	Dynamic	Security configuration for recovering partitions.
RecoverServicePartitions	string, default is "Admin"	Dynamic	Security configuration for recovering service partitions.
RecoverSystemPartitions	string, default is "Admin"	Dynamic	Security configuration for recovering system service partitions.
RegisterAuthorizedConnection	wstring, default is L"Admin"	Dynamic	Register authorized connection.
RemoveNodeDeactivations	string, default is "Admin"	Dynamic	Security configuration for reverting deactivation on multiple nodes.
ReportCompletion	wstring, default is L"Admin"	Dynamic	Security configuration for reporting completion.
ReportFabricUpgradeHealth	string, default is "Admin"	Dynamic	Security configuration for resuming cluster upgrades with the current upgrade progress.
ReportFault	string, default is "Admin"	Dynamic	Security configuration for reporting fault.
ReportHealth	string, default is "Admin"	Dynamic	Security configuration for reporting health.
ReportUpgradeHealth	string, default is "Admin"	Dynamic	Security configuration for resuming application upgrades with the current upgrade progress.
ResetPartitionLoad	string, default is "Admin||User"	Dynamic	Security configuration for reset load for a failoverUnit.
ResolveNameOwner	string, default is "Admin||User"	Dynamic	Security configuration for resolving Naming URI owner.
ResolvePartition	string, default is "Admin||User"	Dynamic	Security configuration for resolving system services.
ResolveService	string, default is "Admin||User"	Dynamic	Security configuration for complaint-based service resolution.
ResolveSystemService	string, default is "Admin||User"	Dynamic	Security configuration for resolving system services
RollbackApplicationUpgrade	string, default is "Admin"	Dynamic	Security configuration for rolling back application upgrades.
RollbackFabricUpgrade	string, default is "Admin"	Dynamic	Security configuration for rolling back cluster upgrades.
ServiceNotifications	string, default is "Admin||User"	Dynamic	Security configuration for event-based service notifications.
SetUpgradeOrchestrationServiceState	string, default is "Admin"	Dynamic	Induces SetUpgradeOrchestrationServiceState on a partition
StartApprovedUpgrades	string, default is "Admin"	Dynamic	Induces StartApprovedUpgrades on a partition.
StartChaos	string, default is "Admin"	Dynamic	Starts Chaos - if it's not already started.
StartClusterConfigurationUpgrade	string, default is "Admin"	Dynamic	Induces StartClusterConfigurationUpgrade on a partition.
StartInfrastructureTask	string, default is "Admin"	Dynamic	Security configuration for starting infrastructure tasks.
StartNodeTransition	string, default is "Admin"	Dynamic	Security configuration for starting a node transition.
StartPartitionDataLoss	string, default is "Admin"	Dynamic	Induces data loss on a partition.
StartPartitionQuorumLoss	string, default is "Admin"	Dynamic	Induces quorum loss on a partition.
StartPartitionRestart	string, default is "Admin"	Dynamic	Simultaneously restarts some or all the replicas of a partition.
StopChaos	string, default is "Admin"	Dynamic	Stops Chaos - if it has been started.
ToggleVerboseServicePlacementHealthReporting	string, default is "Admin||User"	Dynamic	Security configuration for Toggling Verbose ServicePlacement HealthReporting.
UnprovisionApplicationType	string, default is "Admin"	Dynamic	Security configuration for application type unprovisioning.
UnprovisionFabric	string, default is "Admin"	Dynamic	Security configuration for MSI and/or Cluster Manifest unprovisioning.
UnreliableLeaseBehavior	wstring, default is L"Admin"	Dynamic	Adding/Removing unreliable Lease behavior
UnreliableTransportControl	string, default is "Admin"	Dynamic	Unreliable Transport for adding and removing behaviors.
UpdateService	string, default is "Admin"	Dynamic	Security configuration for service updates.
UpgradeApplication	string, default is "Admin"	Dynamic	Security configuration for starting or interrupting application upgrades.
UpgradeComposeDeployment	string, default is "Admin"	Dynamic	Upgrades the compose deployment
UpgradeFabric	string, default is "Admin"	Dynamic	Security configuration for starting cluster upgrades.
Upload	string, default is "Admin"	Dynamic	Security configuration for image store client upload operation.

Security/ClientCertificateIssuerStores

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	IssuerStoreKeyValueMap, default is None	Dynamic	X509 issuer certificate stores for client certificates; Name = clientIssuerCN; Value = comma separated list of stores

Security/ClientX509Names

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	X509NameMap, default is None	Dynamic	This is a list of "Name" and "Value" pair. Each "Name" is of subject common name or DnsName of X509 certificates authorized for client operations. For a given "Name", "Value" is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of client certificates must be in the list.

Security/ClusterCertificateIssuerStores

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	IssuerStoreKeyValueMap, default is None	Dynamic	X509 issuer certificate stores for cluster certificates; Name = clusterIssuerCN; Value = comma separated list of stores

Security/ClusterX509Names

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	X509NameMap, default is None	Dynamic	This is a list of "Name" and "Value" pair. Each "Name" is of subject common name or DnsName of X509 certificates authorized for cluster operations. For a given "Name","Value" is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of cluster certificates must be in the list.

Security/ServerCertificateIssuerStores

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	IssuerStoreKeyValueMap, default is None	Dynamic	X509 issuer certificate stores for server certificates; Name = serverIssuerCN; Value = comma separated list of stores

Security/ServerX509Names

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	X509NameMap, default is None	Dynamic	This is a list of "Name" and "Value" pair. Each "Name" is of subject common name or DnsName of X509 certificates authorized for server operations. For a given "Name", "Value" is a comma separate list of certificate thumbprints for issuer pinning, if not empty, the direct issuer of server certificates must be in the list.

Setup

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
BlockAccessToWireServer	bool, default is FALSE	Static	Blocks access to ports of the WireServer endpoint from Docker containers deployed as Service Fabric applications. This parameter is supported for Service Fabric clusters deployed on Azure Virtual Machines, Windows and Linux, and defaults to 'false' (access is permitted).
ContainerNetworkName	string, default is ""	Static	The network name to use when setting up a container network.
ContainerNetworkSetup	bool, default is FALSE (Linux) and default is TRUE (Windows)	Static	Whether to set up a container network.
FabricDataRoot	String	Not Allowed	Service Fabric data root directory. Default for Azure is d:\svcfab (Only for Standalone Deployments)
FabricLogRoot	String	Not Allowed	Service fabric log root directory. This is where SF logs and traces are placed. (Only for Standalone Deployments)
NodesToBeRemoved	string, default is ""	Dynamic	The nodes which should be removed as part of configuration upgrade. (Only for Standalone Deployments)
ServiceRunAsAccountName	String	Not Allowed	The account name under which to run fabric host service.
SkipContainerNetworkResetOnReboot	bool, default is FALSE	NotAllowed	Whether to skip resetting container network on reboot.
SkipFirewallConfiguration	Bool, default is false	Dynamic	Specifies if firewall settings need to be set by the system or not. This applies only if you're using Windows Defender Firewall. If you're using third-party firewalls, then you must open the ports for the system and applications to use

TokenValidationService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
Providers	string, default is "DSTS"	Static	Comma separated list of token validation providers to enable (valid providers are: DSTS; Microsoft Entra ID). Currently only a single provider can be enabled at any time.

Trace/Etw

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
Level	Int, default is 4	Dynamic	Trace etw level can take values 1, 2, 3, 4. To be supported you must keep the trace level at 4

TransactionalReplicator

Warning Note : Changing Replication/TranscationalReplicator settings at cluster level changes settings for all stateful services include system services. This is generally not recommended. See this document Configure Azure Service Fabric Reliable Services - Azure Service Fabric | Microsoft Docs to configure services at app level.

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
BatchAcknowledgementInterval	Time in seconds, default is 0.015	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before sending back an acknowledgment. Other operations received during this time period will have their acknowledgments sent back in a single message-> reducing network traffic but potentially reducing the throughput of the replicator.
MaxCopyQueueSize	Uint, default is 16384	Static	This is the maximum value defines the initial size for the queue which maintains replication operations. Note that it must be a power of 2. If during runtime the queue grows to this size operation will be throttled between the primary and secondary replicators.
MaxPrimaryReplicationQueueMemorySize	Uint, default is 0	Static	This is the maximum value of the primary replication queue in bytes.
MaxPrimaryReplicationQueueSize	Uint, default is 8192	Static	This is the maximum number of operations that could exist in the primary replication queue. Note that it must be a power of 2.
MaxReplicationMessageSize	Uint, default is 52428800	Static	Maximum message size of replication operations. Default is 50MB.
MaxSecondaryReplicationQueueMemorySize	Uint, default is 0	Static	This is the maximum value of the secondary replication queue in bytes.
MaxSecondaryReplicationQueueSize	Uint, default is 16384	Static	This is the maximum number of operations that could exist in the secondary replication queue. Note that it must be a power of 2.
ReplicatorAddress	string, default is "localhost:0"	Static	The endpoint in form of a string -'IP:Port' which is used by the Windows Fabric Replicator to establish connections with other replicas in order to send/receive operations.
ReplicationBatchSendInterval	TimeSpan, default is Common::TimeSpan::FromMilliseconds(15)	Static	Specify timespan in seconds. Determines the amount of time that the replicator waits after receiving an operation before force sending a batch.
ShouldAbortCopyForTruncation	bool, default is FALSE	Static	Allow pending log truncation to go through during copy. With this enabled the copy stage of builds can be canceled if the log is full and they are block truncation.

Transport

Parameter	Allowed Values	Upgrade policy	Guidance or Short Description
ConnectionOpenTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(60)	Static	Specify timespan in seconds. Time out for connection setup on both incoming and accepting side (including security negotiation in secure mode)
FrameHeaderErrorCheckingEnabled	bool, default is TRUE	Static	Default setting for error checking on frame header in non-secure mode; component setting overrides this.
MessageErrorCheckingEnabled	bool, default is TRUE	Static	Default setting for error checking on message header and body in non-secure mode; component setting overrides this.
ResolveOption	string, default is "unspecified"	Static	Determines how FQDN is resolved. Valid values are "unspecified/ipv4/ipv6".
SendTimeout	TimeSpan, default is Common::TimeSpan::FromSeconds(300)	Dynamic	Specify timespan in seconds. Send timeout for detecting stuck connection. TCP failure reports are not reliable in some environment. This may need to be adjusted according to available network bandwidth and size of outbound data (*MaxMessageSize/*SendQueueSizeLimit).

UpgradeOrchestrationService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
AutoupgradeEnabled	Bool, default is true	Static	Automatic polling and upgrade action based on a goal-state file.
AutoupgradeInstallEnabled	Bool, default is FALSE	Static	Automatic polling, provisioning and install of code upgrade action based on a goal-state file.
GoalStateExpirationReminderInDays	int, default is 30	Static	Sets the number of remaining days after which goal state reminder should be shown.
MinReplicaSetSize	Int, default is 0	Static	The MinReplicaSetSize for UpgradeOrchestrationService.
PlacementConstraints	string, default is ""	Static	The PlacementConstraints for UpgradeOrchestrationService.
QuorumLossWaitDuration	Time in seconds, default is MaxValue	Static	Specify timespan in seconds. The QuorumLossWaitDuration for UpgradeOrchestrationService.
ReplicaRestartWaitDuration	Time in seconds, default is 60 minutes	Static	Specify timespan in seconds. The ReplicaRestartWaitDuration for UpgradeOrchestrationService.
StandByReplicaKeepDuration	Time in seconds, default is 60247 minutes	Static	Specify timespan in seconds. The StandByReplicaKeepDuration for UpgradeOrchestrationService.
TargetReplicaSetSize	Int, default is 0	Static	The TargetReplicaSetSize for UpgradeOrchestrationService.
UpgradeApprovalRequired	Bool, default is false	Static	Setting to make code upgrade require administrator approval before proceeding.

UpgradeService

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
BaseUrl	string, default is ""	Static	BaseUrl for UpgradeService.
ClusterId	string, default is ""	Static	ClusterId for UpgradeService.
CoordinatorType	string, default is "WUTest"	Not Allowed	The CoordinatorType for UpgradeService.
MinReplicaSetSize	Int, default is 2	Not Allowed	The MinReplicaSetSize for UpgradeService.
OnlyBaseUpgrade	Bool, default is false	Dynamic	OnlyBaseUpgrade for UpgradeService.
PlacementConstraints	string, default is ""	Not Allowed	The PlacementConstraints for Upgrade service.
PollIntervalInSeconds	Timespan, default is Common::TimeSpan::FromSeconds(60)	Dynamic	Specify timespan in seconds. The interval between UpgradeService poll for ARM management operations.
TargetReplicaSetSize	Int, default is 3	Not Allowed	The TargetReplicaSetSize for UpgradeService.
TestCabFolder	string, default is ""	Static	TestCabFolder for UpgradeService.
X509FindType	string, default is ""	Dynamic	X509FindType for UpgradeService.
X509FindValue	string, default is ""	Dynamic	X509FindValue for UpgradeService.
X509SecondaryFindValue	string, default is ""	Dynamic	X509SecondaryFindValue for UpgradeService.
X509StoreLocation	string, default is ""	Dynamic	X509StoreLocation for UpgradeService.
X509StoreName	string, default is "My"	Dynamic	X509StoreName for UpgradeService.

UserServiceMetricCapacities

Parameter	Allowed Values	Upgrade Policy	Guidance or Short Description
PropertyGroup	UserServiceMetricCapacitiesMap, default is None	Static	A collection of user services resource governance limits Needs to be static as it affects Auto-Detection logic

Next steps

For more information, see Upgrade the configuration of an Azure cluster and Upgrade the configuration of a standalone cluster.