Merge pull request #7917 from AmandaAZ/Branch-PostEdit

Roll back four original docs that are deleted in PR#7827

Author: AmandaAZ

support/azure/.openpublishing.redirection.azure.json

@@ -6274,26 +6274,6 @@
         "source_path": "azure-kubernetes/connectivity/stale-watch-azure-ad-pod-identity-nmi-status-500.md",
         "redirect_url": "/troubleshoot/azure/azure-kubernetes/welcome-azure-kubernetes",
         "redirect_document_id": false
-      },
-      {
-        "source_path": "azure-kubernetes/create-upgrade-delete/error-code-cnidownloadtimeoutvmextensionerror.md",
-        "redirect_url": "/troubleshoot/azure/azure-kubernetes/error-codes/vmextensionerror-cnidownloadtimeout",
-        "redirect_document_id": true
-      },
-      {
-        "source_path": "azure-kubernetes/create-upgrade-delete/error-code-k8sapiserverconnfailvmextensionerror.md",
-        "redirect_url": "/troubleshoot/azure/azure-kubernetes/error-codes/vmextensionerror-k8sapiserverconnfail",
-        "redirect_document_id": true
-      },
-      {
-        "source_path": "azure-kubernetes/create-upgrade-delete/error-code-k8sapiserverdnslookupfailvmextensionerror.md",
-        "redirect_url": "/troubleshoot/azure/azure-kubernetes/error-codes/vmextensionerror-k8sapiserverdnslookupfail",
-        "redirect_document_id": true
-      },
-      {
-        "source_path": "azure-kubernetes/create-upgrade-delete/error-code-outboundconnfailvmextensionerror.md",
-        "redirect_url": "/troubleshoot/azure/azure-kubernetes/error-codes/vmextensionerror-outboundconnfail",
-        "redirect_document_id": true
       }
   ]
 }

support/azure/azure-kubernetes/availability-performance/node-not-ready-expired-certificates.md

@@ -55,9 +55,9 @@ Check the expiration dates of certificates by invoking the [openssl-x509](https:
 
 You might receive certain error codes after you invoke these commands. For information about error codes 50, 51, and 52, see the following links, as necessary:
 
-- [Troubleshoot the VMExtensionError_OutboundConnFail error code (50)](../error-codes/vmextensionerror-outboundconnfail.md)
-- [Troubleshoot the VMExtensionError_K8SAPIServerConnFail error code (51)](../error-codes/vmextensionerror-k8sapiserverconnfail.md)
-- [Troubleshoot the VMExtensionError_K8SAPIServerDNSLookupFail error code (52)](../error-codes/vmextensionerror-k8sapiserverdnslookupfail.md)
+- [Troubleshoot the OutboundConnFailVMExtensionError error code (50)](../create-upgrade-delete/error-code-outboundconnfailvmextensionerror.md)
+- [Troubleshoot the K8SAPIServerConnFailVMExtensionError error code (51)](../create-upgrade-delete/error-code-k8sapiserverconnfailvmextensionerror.md)
+- [Troubleshoot the K8SAPIServerDNSLookupFailVMExtensionError error code (52)](../create-upgrade-delete/error-code-k8sapiserverdnslookupfailvmextensionerror.md)
 
 If you receive error code 99, this indicates that the [apt-get update](https://linux.die.net/man/8/apt-get) command is being blocked from accessing one or more of the following domains:
 

support/azure/azure-kubernetes/create-upgrade-delete/error-code-cnidownloadtimeoutvmextensionerror.md

@@ -0,0 +1,61 @@
+---
+title: Troubleshoot Container Network Interface download failures
+description: Learn how to resolve Container Network Interface download failures when you try to create and deploy an Azure Kubernetes Service (AKS) cluster.
+ms.date: 11/18/2024
+editor: v-jsitser
+ms.reviewer: axelg, chiragpa, mariochaves, v-weizhu, v-leedennis
+ms.service: azure-kubernetes-service
+#Customer intent: As an Azure Kubernetes user, I want to troubleshoot the container network interface download failures so that I can successfully create and deploy an Azure Kubernetes Service (AKS) cluster.
+ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool)
+---
+# Troubleshoot Container Network Interface download failures
+
+This article discusses how to identify and resolve the `CniDownloadTimeoutVMExtensionError` error code (also known as error code `ERR_CNI_DOWNLOAD_TIMEOUT`, error number 41) or the `WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE` error code (error number 35) that occurs when you try to create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.
+
+## Prerequisites
+
+- The [Curl](https://curl.se/download.html) command-line tool
+
+## Symptoms
+
+When you try to create a Linux-based AKS cluster, you receive the following error message:
+
+```output
+Message: We are unable to serve this request due to an internal error
+SubCode: CniDownloadTimeoutVMExtensionError;
+Message="VM has reported a failure when processing extension 'vmssCSE'.
+Error message: "Enable failed: failed to execute command: command terminated with exit status=41\n[stdout]\n{
+"ExitCode": "41",
+```
+
+When you try to create a Windows-based AKS cluster, you receive the following error message:
+
+```output
+Message="VM has reported a failure when processing extension 'vmssCSE' (publisher 'Microsoft.Compute' and type 'CustomScriptExtension').
+Error message: 'Command execution finished, but failed because it returned a non-zero exit code of: '1'. The command had an error output of: 'ExitCode: |35|,
+Output: |WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE|, Error: |Failed in downloading \r\nhttps://acs-mirror.azureedge.net/azure-cni/v1.4.56/binaries/azure-vnet-cni-overlay-windows-amd64-v1.4.56.zip.
+Error: \r\nUnable to connect to the r|\r\nAt line:1 ...'
+For more information, check the instance view by executing Get-AzVmssVm or Get-AzVm (https://aka.ms/GetAzVm). These commands can be executed using CloudShell (https://aka.ms/CloudShell)'. More information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot.
+```
+
+## Cause
+
+Your cluster nodes can't connect to the endpoint that's used to download the Container Network Interface (CNI) libraries. In most cases, this issue occurs because a network virtual appliance is blocking Secure Sockets Layer (SSL) communication or an SSL certificate.
+
+## Solution
+
+Run a Curl command to verify that your nodes can download the binaries:
+
+```bash
+curl https://acs-mirror.azureedge.net/cni/azure-vnet-cni-linux-amd64-v1.0.25.tgz
+
+curl --fail --ssl https://acs-mirror.azureedge.net/cni/azure-vnet-cni-linux-amd64-v1.0.25.tgz  --output /opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.0.25.tgz
+```
+
+If you can't download these files, make sure that traffic is allowed to the downloading endpoint. For more information, see [Azure Global required FQDN/application rules](/azure/aks/outbound-rules-control-egress#azure-global-required-fqdn--application-rules).
+
+## References
+
+- [General troubleshooting of AKS cluster creation issues](troubleshoot-aks-cluster-creation-issues.md)
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/azure/azure-kubernetes/create-upgrade-delete/error-code-k8sapiserverconnfailvmextensionerror.md

@@ -0,0 +1,53 @@
+---
+title: Troubleshoot the K8SAPIServerConnFailVMExtensionError error code (51)
+description: Learn how to troubleshoot the K8SAPIServerConnFailVMExtensionError error (51) when you try to start or create and deploy an Azure Kubernetes Service (AKS) cluster.
+ms.date: 01/24/2024
+ms.reviewer: rissing, chiragpa, erbookbi, v-leedennis, jovieir
+ms.service: azure-kubernetes-service
+#Customer intent: As an Azure Kubernetes user, I want to troubleshoot the K8SAPIServerConnFailVMExtensionError error code (or error code ERR_K8S_API_SERVER_CONN_FAIL, error number 51) so that I can successfully start or create and deploy an Azure Kubernetes Service (AKS) cluster.
+ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool)
+---
+# Troubleshoot the K8SAPIServerConnFailVMExtensionError error code (51)
+
+This article discusses how to identify and resolve the `K8SAPIServerConnFailVMExtensionError` error (also known as error code ERR_K8S_API_SERVER_CONN_FAIL, error number 51) that occurs when you try to start or create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.
+
+## Prerequisites
+
+- The [Netcat](https://linuxcommandlibrary.com/man/netcat) (nc) command-line tool
+
+## Symptoms
+
+When you try to start or create an AKS cluster, you receive the following error message:
+
+> Unable to establish connection from agents to Kubernetes API server, please see <https://aka.ms/aks-required-ports-and-addresses> for more information.
+>
+> Details: Code="VMExtensionProvisioningError"
+>
+> Message="VM has reported a failure when processing extension 'vmssCSE'.
+>
+> Error message: "**Enable failed: failed to execute command: command terminated with exit status=51**\n[stdout]\n{
+>
+> "ExitCode": "51",
+>
+> "Output": "Thu Oct 14 18:07:37 UTC 2021,aks-nodepool1-18315663-vmss000000\\nConnection to
+## Cause
+
+Your cluster nodes can't connect to your cluster API server pod.
+
+## Solution
+
+Run a Netcat command to verify that your nodes can resolve the cluster's fully qualified domain name (FQDN):
+
+```shell
+nc -vz <cluster-fqdn> 443
+```
+
+If you're using egress filtering through a firewall, make sure that traffic is allowed to your cluster FQDN.
+
+In rare cases, the firewall's outbound IP address can be blocked if you've authorized IP addresses that are enabled on your cluster. In this scenario, you must add the outbound IP address of your firewall to the list of authorized IP ranges for the cluster. For more information, see [Secure access to the API server using authorized IP address ranges in AKS](/azure/aks/api-server-authorized-ip-ranges).
+
+## More information
+
+- [General troubleshooting of AKS cluster creation issues](troubleshoot-aks-cluster-creation-issues.md)
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]

support/azure/azure-kubernetes/create-upgrade-delete/error-code-k8sapiserverdnslookupfailvmextensionerror.md

@@ -0,0 +1,69 @@
+---
+title: Troubleshoot the K8SAPIServerDNSLookupFailVMExtensionError error code (52)
+description: Learn how to troubleshoot the K8SAPIServerDNSLookupFailVMExtensionError error (52) when you try to start or create and deploy an Azure Kubernetes Service (AKS) cluster.
+ms.date: 01/24/2024
+ms.reviewer: rissing, chiragpa, erbookbi, v-leedennis, jovieir
+ms.service: azure-kubernetes-service
+#Customer intent: As an Azure Kubernetes user, I want to troubleshoot the K8SAPIServerDNSLookupFailVMExtensionError error code (or error code ERR_K8S_API_SERVER_DNS_LOOKUP_FAIL, error number 52) so that I can successfully start or create and deploy an Azure Kubernetes Service (AKS) cluster.
+ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool)
+---
+# Troubleshoot the K8SAPIServerDNSLookupFailVMExtensionError error code (52)
+
+This article discusses how to identify and resolve the `K8SAPIServerDNSLookupFailVMExtensionError` error (also known as error code ERR_K8S_API_SERVER_DNS_LOOKUP_FAIL, error number 52) that occurs when you try to start or create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.
+
+## Prerequisites
+
+- The [nslookup](/windows-server/administration/windows-commands/nslookup) DNS lookup tool for Windows nodes or the [dig](https://linuxize.com/post/how-to-use-dig-command-to-query-dns-in-linux/) tool for Linux nodes.
+
+- [Azure CLI](/cli/azure/install-azure-cli), version 2.0.59 or a later version. If Azure CLI is already installed, you can find the version number by running `az --version`.
+
+## Symptoms
+
+When you try to start or create an AKS cluster, you receive the following error message:
+
+> Agents are unable to resolve Kubernetes API server name. It's likely custom DNS server is not correctly configured, please see <https://aka.ms/aks/private-cluster#hub-and-spoke-with-custom-dns> for more information.
+>
+> Details: Code="VMExtensionProvisioningError"
+>
+> Message="VM has reported a failure when processing extension 'vmssCSE'.
+>
+> Error message: "**Enable failed: failed to execute command: command terminated with exit status=52**\n[stdout]\n{
+>
+> "ExitCode": "52",
+>
+> "Output": "Fri Oct 15 10:06:00 UTC 2021,aks- nodepool1-36696444-vmss000000\\nConnection to mcr.microsoft.com 443 port [tcp/https]
+## Cause
+
+The cluster nodes can't resolve the cluster's fully qualified domain name (FQDN) in Azure DNS. Run the following DNS lookup command on the failed cluster node to find DNS resolutions that are valid.
+
+| Node OS | Command                   |
+| ------- | ------------------------- |
+| Linux   | `dig <cluster-fqdn>`      |
+| Windows | `nslookup <cluster-fqdn>` |
+
+## Solution
+
+On your DNS servers and firewall, make sure that nothing blocks the resolution to your cluster's FQDN. Your custom DNS server might be incorrectly configured if something is blocking even after you run the `nslookup` or `dig` command and apply any necessary fixes. For help to configure your custom DNS server, review the following articles:
+
+- [Create a private AKS cluster](/azure/aks/private-clusters)
+- [Private Azure Kubernetes service with custom DNS server](https://github.com/Azure/terraform/tree/00d15e09c54f25fb6387330c36aa4366122c5aaa/quickstart/301-aks-private-cluster)
+- [What is IP address 168.63.129.16?](/azure/virtual-network/what-is-ip-address-168-63-129-16)
+
+When you use a private cluster that has a custom DNS, a DNS zone is created. The DNS zone must be linked to the virtual network. This occurs after the cluster is created. Creating a private cluster that has a custom DNS fails during creation. However, you can restore the creation process to a "success" state by reconciling the cluster. To do this, run the [az resource update](/cli/azure/resource#az-resource-update) command in Azure CLI, as follows:
+
+```azurecli-interactive
+az resource update --resource-group <resource-group-name> \
+    --name <cluster-name> \
+    --namespace Microsoft.ContainerService \
+    --resource-type ManagedClusters
+```
+
+Also verify that your DNS server is configured correctly for your private cluster, as described earlier.
+
+> [!NOTE]
+> Conditional Forwarding doesn't support subdomains.
+## More information
+
+- [General troubleshooting of AKS cluster creation issues](troubleshoot-aks-cluster-creation-issues.md)
+
+[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]