Merge pull request #16699 from sethmanheim/hubki1-06

prmerger-automator[bot] · web-flow · commit 13ed3932debb · 2025-01-07T17:30:47.000Z
Update download URL and add to Hub known issues
diff --git a/azure-stack/operator/azure-stack-integrate-endpoints.md b/azure-stack/operator/azure-stack-integrate-endpoints.md
@@ -3,7 +3,7 @@ title: Publish Azure Stack Hub services in your datacenter
 description: Learn how to publish Azure Stack Hub services in your datacenter.
 author: sethmanheim
 ms.topic: article
-ms.date: 01/10/2022
+ms.date: 01/06/2025
 ms.author: sethm
 ms.reviewer: wamota
 ms.lastreviewed: 09/30/2021
@@ -62,21 +62,20 @@ With the addition of the [Extension Host](azure-stack-extension-host-prepare.md)
 |  |ftp.appservice.*&lt;region>.&lt;fqdn>*|TCP, UDP|21, 1021, 10001-10100 (FTP)<br>990 (FTPS)|
 |VPN Gateways|     |  IP Protocol 50 & UDP| Encapsulation Security Payload (ESP) IPSec & UDP 500 and 4500
 
-
 ## Ports and URLs (outbound)
 
 Azure Stack Hub supports only transparent proxy servers. In a deployment with a transparent proxy uplink to a traditional proxy server, you must allow the ports and URLs in the following table for outbound communication. For more information on configuring transparent proxy servers, see [Transparent proxy for Azure Stack Hub](azure-stack-transparent-proxy.md).
 
 SSL traffic interception is [not supported](azure-stack-firewall.md#ssl-interception) and can lead to service failures when accessing endpoints. The maximum supported timeout to communicate with endpoints required for identity is 60s.
 
-> [!Note]
+> [!NOTE]
 > Azure Stack Hub doesn't support using ExpressRoute to reach the Azure services listed in the following table because ExpressRoute may not be able to route traffic to all of the endpoints.
 
 |Purpose|Destination URL|Protocol / Ports|Source Network|Requirement|
 |---------|---------|---------|---------|---------|
 |**Identity**<br>Allows Azure Stack Hub to connect to Microsoft Entra ID for User & Service authentication.|**Azure**<br>`login.windows.net`<br>`login.microsoftonline.com`<br>`graph.windows.net`<br>`https://secure.aadcdn.microsoftonline-p.com`<br>`www.office.com`<br>ManagementServiceUri = `https://management.core.windows.net`<br>ARMUri = `https://management.azure.com`<br>`https://*.msftauth.net`<br>`https://*.msauth.net`<br>`https://*.msocdn.com`<br>**Azure Government**<br>`https://login.microsoftonline.us/`<br>`https://graph.windows.net/`<br>**Azure China 21Vianet**<br>`https://login.chinacloudapi.cn/`<br>`https://graph.chinacloudapi.cn/`<br>**Azure Germany**<br>`https://login.microsoftonline.de/`<br>`https://graph.cloudapi.de/`|HTTP 80,<br>HTTPS 443|Public VIP - /27<br>Public infrastructure Network|Mandatory for a connected deployment.|
-|**Marketplace syndication**<br>Allows you to download items to Azure Stack Hub from the Marketplace and make them available to all users using the Azure Stack Hub environment.|**Azure**<br>`https://management.azure.com`<br>`https://*.blob.core.windows.net`<br>`https://*.azureedge.net`<br>**Azure Government**<br>`https://management.usgovcloudapi.net/`<br>`https://*.blob.core.usgovcloudapi.net/`<br>**Azure China 21Vianet**<br>`https://management.chinacloudapi.cn/`<br>`http://*.blob.core.chinacloudapi.cn`|HTTPS 443|Public VIP - /27|Not required. Use the [disconnected scenario instructions](azure-stack-download-azure-marketplace-item.md) to upload images to Azure Stack Hub.|
-|**Patch & Update**<br>When connected to update endpoints, Azure Stack Hub software updates and hotfixes are displayed as available for download.|`https://*.azureedge.net`<br>`https://aka.ms/azurestackautomaticupdate`|HTTPS 443|Public VIP - /27|Not required. Use the [disconnected deployment connection instructions](azure-stack-update-prepare-package.md) to manually download and prepare the update.|
+|**Marketplace syndication**<br>Allows you to download items to Azure Stack Hub from the Marketplace and make them available to all users using the Azure Stack Hub environment.|**Azure**<br>`https://management.azure.com`<br>`https://*.blob.core.windows.net`<br>`https://*.azureedge.net`<br>`https://azurestackhub.download.prss.microsoft.com`<br>**Azure Government**<br>`https://management.usgovcloudapi.net/`<br>`https://*.blob.core.usgovcloudapi.net/`<br>**Azure China 21Vianet**<br>`https://management.chinacloudapi.cn/`<br>`http://*.blob.core.chinacloudapi.cn`|HTTPS 443|Public VIP - /27|Not required. Use the [disconnected scenario instructions](azure-stack-download-azure-marketplace-item.md) to upload images to Azure Stack Hub.|
+|**Patch & Update**<br>When connected to update endpoints, Azure Stack Hub software updates and hotfixes are displayed as available for download.|`https://*.azureedge.net`<br>`https://azurestackhub.download.prss.microsoft.com`<br>`https://aka.ms/azurestackautomaticupdate`|HTTPS 443|Public VIP - /27|Not required. Use the [disconnected deployment connection instructions](azure-stack-update-prepare-package.md) to manually download and prepare the update.|
 |**Registration**<br>Allows you to register Azure Stack Hub with Azure to download Azure Marketplace items and set up commerce data reporting back to Microsoft. |**Azure**<br>`https://management.azure.com`<br>**Azure Government**<br>`https://management.usgovcloudapi.net/`<br>**Azure China 21Vianet**<br>`https://management.chinacloudapi.cn`|HTTPS 443|Public VIP - /27|Not required. You can use the disconnected scenario for [offline registration](azure-stack-registration.md).|
 |**Usage**<br>Allows Azure Stack Hub operators to configure their Azure Stack Hub instance to report usage data to Azure.|**Azure**<br>`https://*.trafficmanager.net`<br>`https://*.cloudapp.azure.com`<br>**Azure Government**<br>`https://*.usgovtrafficmanager.net`<br>`https://*.cloudapp.usgovcloudapi.net`<br>**Azure China 21Vianet**<br>`https://*.trafficmanager.cn`<br>`https://*.cloudapp.chinacloudapi.cn`|HTTPS 443|Public VIP - /27|Required for Azure Stack Hub consumption based licensing model.|
 |**Windows Defender**<br>Allows the update resource provider to download antimalware definitions and engine updates multiple times per day.|`*.wdcp.microsoft.com`<br>`*.wdcpalt.microsoft.com`<br>`*.wd.microsoft.com`<br>`*.update.microsoft.com`<br>`*.download.microsoft.com`<br><br>`https://secure.aadcdn.microsoftonline-p.com`<br>|HTTPS 80, 443|Public VIP - /27<br>Public infrastructure Network|Not required. You can use the [disconnected scenario to update antivirus signature files](azure-stack-security-av.md#disconnected-scenario).|
diff --git a/azure-stack/operator/known-issues.md b/azure-stack/operator/known-issues.md
@@ -237,6 +237,17 @@ To access known issues for a different version, use the version selector dropdow
 
 ::: moniker-end
 
+::: moniker range="azs-2406 || azs-2408 || azs-2311"
+## Update
+
+### Update URL is changing
+
+- Applicable: This issue applies to all supported versions of Azure Stack Hub.
+- Cause: The update URL for Azure Stack Hub is changing from `https://azurestackhub.azureedge.net/PR/download` to `https://azurestackhub.download.prss.microsoft.com`.
+- Remediation: To enable the update process, you must update your client firewall rules to allow HTTPS traffic from the Azure Stack Hub base URL `https://azurestackhub.download.prss.microsoft.com`.
+- Occurrence: Common.
+::: moniker-end
+
 <!------------------------------------------------------------>
 <!------------------- UNSUPPORTED VERSIONS ------------------->
 <!------------------------------------------------------------>
