Fix merge conflict

Author: sethmanheim

AKS-Arc/TOC.yml

@@ -161,12 +161,14 @@
       href: aks-troubleshoot.md
     - name: AKS on Azure Local support policy
       href: aks-on-azure-local-support-policy.md
+    - name: Get support
+      href: help-support.md
+    - name: Use diagnostic checker
+      href: aks-arc-diagnostic-checker.md
     - name: Control plane configuration validation errors
       href: control-plane-validation-errors.md
     - name: K8sVersionValidation error
       href: cluster-k8s-version.md
-    - name: Use diagnostic checker
-      href: aks-arc-diagnostic-checker.md
     - name: KubeAPIServer unreachable error
       href: kube-api-server-unreachable.md
     - name: Can't create/scale AKS cluster due to image issues
@@ -195,6 +197,8 @@
       href: entra-prompts.md
     - name: BGP with FRR not working
       href: connectivity-troubleshoot.md
+    - name: Cluster status stuck during upgrade
+      href: cluster-upgrade-status.md
   - name: Reference
     items:
     - name: Azure CLI
@@ -607,8 +611,6 @@
       href: known-issues.yml
     - name: Support policies
       href: support-policies.md
-    - name: Get support
-      href: help-support.md
     - name: File bugs
       href: https://aka.ms/AKS-hybrid-issues
     - name: Release notes

AKS-Arc/aks-arc-diagnostic-checker.md

@@ -4,7 +4,7 @@ description: Learn how to diagnose common causes for failures in AKS Arc.
 ms.topic: troubleshooting
 author: sethmanheim
 ms.author: sethm
-ms.date: 01/30/2025
+ms.date: 06/27/2025
 ms.reviewer: abha
 
 #Customer intent: As an AKS user, I want to use the diagnostic checker to run diagnostic checks on my AKS cluster to find out common causes for AKS cluster create failure. 
@@ -13,14 +13,14 @@ ms.reviewer: abha
 
 # Use the diagnostic checker to diagnose and fix environment issues for AKS cluster creation failure (preview)
 
-It can be difficult to identify environment-related issues, such as networking configurations, that can result in an AKS cluster creation failure. The diagnostic checker is a PowerShell-based tool that can help you identify AKS cluster creation failures due to potential issues in the environment.
+It can be difficult to identify environment-related issues, such as networking configuration, that can result in an AKS cluster creation failure. The diagnostic checker is a PowerShell tool that can help you identify AKS cluster creation failures due to potential issues in the environment.
 
 > [!NOTE]
-> You can only use the diagnostic checker tool if an AKS cluster was created, but is in a failed state. You can't use the tool if you don't see an AKS cluster on the Azure portal. If the AKS cluster creation fails before an Azure Resource Manager resource is created, [file a support request](aks-troubleshoot.md#open-a-support-request).
+> You can only use the diagnostic checker tool if an AKS cluster was created, but is in a failed state. You can't use the tool if you don't see an AKS cluster on the Azure portal. If the AKS cluster creation fails before an Azure Resource Manager resource is created, [file a support request](help-support.md).
 
 ## Before you begin
 
-Before you begin, make sure you have the following prerequisites. If you don't meet the requirements for running the diagnostic checker tool, [file a support request](aks-troubleshoot.md#open-a-support-request):
+Before you begin, make sure you have the following prerequisites. If you don't meet the requirements for running the diagnostic checker tool, [file a support request](help-support.md):
 
 - Direct access to the Azure Local cluster where you created the AKS cluster. This access can be through remote desktop (RDP), or you can also sign in to one of the Azure Local physical nodes.
 - Review the [networking concepts for creating an AKS cluster](aks-hci-network-system-requirements.md) and the [AKS cluster architecture](cluster-architecture.md).
@@ -43,17 +43,17 @@ VMName                                                 IPAddresses
 <cluster-name>-XXXXXX-control-plane-XXXXXX {172.16.0.10, 172.16.0.4, fe80::ec:d3ff:fea0:1}
 ```
 
-If you don't see a control plane VM as shown in the previous output, [file a support request](aks-troubleshoot.md#open-a-support-request).
+If you don't see a control plane VM as shown in the previous output, [file a support request](help-support.md).
 
 If you see a control plane VM, and it has:
 
-- 0 IPv4 addresses: file a [support request](aks-troubleshoot.md#open-a-support-request).
+- 0 IPv4 addresses: file a [support request](help-support.md).
 - 1 IP address: use the IPv4 address as the input for `vmIP` parameter.
 - 2 IP addresses: use any one of the IPv4 address as an input for `vmIP` parameter in the diagnostic checker.
 
 ## Run the diagnostic checker script
 
-Copy the following PowerShell script `run_diagnostic.ps1` into any one node of your Azure Local cluster:
+Copy the following PowerShell script named `run_diagnostic.ps1` into any one node of your Azure Local cluster:
 
 ```powershell
 <#
@@ -288,4 +288,4 @@ The following table provides a summary of each test performed by the script, inc
 
 ## Next steps
 
-If the problem persists, collect [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](aks-troubleshoot.md#open-a-support-request).
+If the problem persists, collect [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](help-support.md).

AKS-Arc/aks-troubleshoot.md

@@ -3,7 +3,7 @@ title: Troubleshoot common issues in AKS enabled by Azure Arc
 description: Learn about common issues and workarounds in AKS enabled by Arc.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 06/18/2025
+ms.date: 06/27/2025
 ms.author: sethm 
 ms.lastreviewed: 04/01/2025
 ms.reviewer: abha
@@ -16,7 +16,7 @@ This section describes how to find solutions for issues you encounter when using
 
 ## Open a support request
 
-To open a support request, see the [Get support](/azure/aks/hybrid/help-support) article for information about how to use the Azure portal to get support or open a support request for AKS Arc.
+To open a support request, see the [Get support](help-support.md) article for information about how to use the Azure portal to get support or open a support request for AKS Arc.
 
 ## Known issues
 
@@ -28,6 +28,7 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 | AKS steady state       | [AKS Arc telemetry pod consumes too much memory and CPU](telemetry-pod-resources.md) | Active |
 | AKS steady state       | [Disk space exhaustion on control plane VMs due to accumulation of kube-apiserver audit logs](kube-apiserver-log-overflow.md) | Active |
 | AKS cluster delete     | [Deleted AKS Arc cluster still visible on Azure portal](deleted-cluster-visible.md) | Active |
+| AKS cluster upgrade    | [AKS Arc cluster stuck in "Upgrading" state](cluster-upgrade-status.md) | Fixed in 2505 release |
 | AKS cluster delete     | [Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources](delete-cluster-pdb.md) | Fixed in 2503 release |
 | Azure portal           | [Can't see VM SKUs on Azure portal](check-vm-sku.md) | Fixed in 2411 release |
 | MetalLB Arc extension  | [Connectivity issues with MetalLB](load-balancer-issues.md) | Fixed in 2411 release |
@@ -42,9 +43,10 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 | Create validation      | [KubeAPIServer unreachable error](kube-api-server-unreachable.md) |
 | Network configuration issues | [Use diagnostic checker](aks-arc-diagnostic-checker.md) |
 | Kubernetes steady state   | [Resolve issues due to out-of-band deletion of storage volumes](delete-storage-volume.md) |
+| Kubernetes steady state   | [Repeated Entra authentication prompts when running kubectl with Kubernetes RBAC](entra-prompts.md) | 
 | Release validation     | [Azure Advisor upgrade recommendation message](azure-advisor-upgrade.md) |
 | Network validation | [Network validation error due to .local domain](network-validation-error-local.md) |
-| BGP with FRR not working | [Troubleshoot BGP with FRR in AKS Arc environments](connectivity-troubleshoot.md) |
+| Network validation | [Troubleshoot BGP with FRR in AKS Arc environments](connectivity-troubleshoot.md) |
 
 ## Next steps
 

AKS-Arc/cluster-upgrade-status.md

@@ -0,0 +1,147 @@
+---
+title: Troubleshoot issue in which the cluster is stuck in Upgrading state
+description: Learn how to troubleshoot and mitigate the issue when an AKS enabled by Arc cluster is stuck in 'Upgrading' state.
+ms.topic: troubleshooting
+author: rcheeran
+ms.author: rcheeran
+ms.date: 06/27/2025
+ms.reviewer: abha
+
+---
+
+# Troubleshoot AKS Arc cluster stuck in "Upgrading" state
+
+This article describes how to fix an issue in which your Azure Kubernetes Service enabled by Arc (AKS Arc) cluster is stuck in the **Upgrading** state. This issue typically occurs after you update Azure Local to version 2503 or 2504, and you then try to upgrade the Kubernetes version on your cluster.
+
+## Symptoms
+
+When you try to upgrade an AKS Arc cluster, you notice that the `currentState` property of the cluster remains in the **Upgrading** state.
+
+```azurecli
+az aksarc upgrade --name "cluster-name" --resource-group "rg-name"
+```
+
+```output
+===> Kubernetes might be unavailable during cluster upgrades.
+ Are you sure you want to perform this operation? (y/N): y
+The cluster is on version 1.28.9 and is not in a failed state. 
+
+===> This will upgrade the control plane AND all nodepools to version 1.30.4. Continue? (y/N): y
+Upgrading the AKSArc cluster. This operation might take a while...
+{
+  "extendedLocation": {
+    "name": "/subscriptions/resourceGroups/Bellevue/providers/Microsoft.ExtendedLocation/customLocations/bel-CL",
+    "type": "CustomLocation"
+  },
+  "id": "/subscriptions/fbaf508b-cb61-4383-9cda-a42bfa0c7bc9/resourceGroups/Bellevue/providers/Microsoft.Kubernetes/ConnectedClusters/Bel-cluster/providers/Microsoft.HybridContainerService/ProvisionedClusterInstances/default",
+"name": "default",
+"properties": {
+"kubernetesVersion": "1.30.4",
+"provisioningState": "Succeeded",
+"currentState": "Upgrading",
+"errorMessage": null,
+"operationStatus": null
+"agentPoolProfiles": [
+      {
+        ...
+```
+
+## Cause
+
+- The issue is caused by a recent change introduced in Azure Local version 2503. Under certain conditions, if there are transient or intermittent failures during the Kubernetes upgrade process, they're not correctly detected or recovered from. This can cause the cluster state to remain in the **Upgrading** state.
+- You see this issue if the AKS Arc custom location extension `hybridaksextension` version is 2.1.211 or 2.1.223. You can run the following command to check the extension version on your cluster:
+
+  ```azurecli
+  az login --use-device-code --tenant <Azure tenant ID> 
+  az account set -s <subscription ID> 
+  $res=get-archcimgmt
+  az k8s-extension show -g $res.HybridaksExtension.resourceGroup -c $res.ResourceBridge.name --cluster-type appliances --name hybridaksextension
+  ```
+
+  ```output
+  {
+    "aksAssignedIdentity": null,
+    "autoUpgradeMinorVersion": false,
+    "configurationProtectedSettings": {},
+    "currentVersion": "2.1.211",
+    "customLocationSettings": null,
+    "errorInfo": null,
+    "extensionType": "microsoft.hybridaksoperator",
+    ...
+  }
+  ```
+
+## Mitigation
+
+This issue was fixed in AKS on [Azure Local, version 2505](/azure/azure-local/whats-new?view=azloc-2505&preserve-view=true#features-and-improvements-in-2505). Upgrade your Azure Local deployment to the 2505 build. After you update, [verify that the Kubernetes version was upgraded](#verification) and the `currentState` property of the cluster shows as **Succeeded**.
+
+### Workaround for Azure Local versions 2503 or 2504
+
+This issue only affects clusters in Azure Local version 2503 or 2504, and on AKS Arc extension versions 2.1.211 or 2.1.223. The mitigation described here is applicable only when you are unable to upgrade to 2505.
+
+You can resolve the issue by running the AKS Arc `update` command. The `update` command restarts the upgrade flow. You can run the `aksarc update` command with placeholder parameters, which do not impact the state of the cluster. So in this case, you can run the `update` command to enable NFS or SMB drivers if those features aren't already enabled. First, check if any of the storage drivers are already enabled:
+
+```azurecli
+az login --use-device-code --tenant <Azure tenant ID> 
+az account set -s <subscription ID> 
+az aksarc show -g <resource_group_name> -n <cluster_name>
+```
+
+Check the storage profile section:
+
+```json
+"storageProfile": {  
+     "nfsCsiDriver": {  
+       "enabled": false
+     },  
+     "smbCsiDriver": {  
+
+       "enabled": true  
+     }  
+   }
+```
+
+If one of the drivers is disabled, you can enable it using one of the following commands:
+
+```azurecli
+az aksarc update --enable-smb-driver -g <resource_group_name> -n <cluster_name>
+az aksarc update --enable-nfs-driver -g <resource_group_name> -n <cluster_name>
+```
+
+Running the `aksarc update` command should resolve the issue and the `currentState` property of the cluster should now show as **Succeeded**. Once the status is updated, if you don't want to keep the drivers enabled, you can reverse this action by running one of the following commands:
+
+```azurecli
+az aksarc update --disable-smb-driver -g <resource_group_name> -n <cluster_name>
+az aksarc update --disable-nfs-driver -g <resource_group_name> -n <cluster_name>
+```
+
+If both drivers are already enabled on your cluster, you can disable the one that's not in use. If you require both drivers to remain enabled, contact Microsoft Support for further assistance.
+
+## Verification
+
+To confirm the K8s version upgrade is complete, run the following command and check that the `currentState` property in the JSON output is set to **Succeeded**.
+
+```azurecli
+az aksarc show -g <resource_group> -n <cluster_name>
+```
+
+```output
+...
+...
+"provisioningState": "Succeeded",
+"status": {
+    "currentState": "Succeeded",
+    "errorMessage": null,
+    "operationStatus": null
+    "controlPlaneStatus": { ...
+...
+```
+
+## Contact Microsoft Support
+
+If the problem persists, collect the [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](aks-troubleshoot.md#open-a-support-request).
+
+## Next steps
+
+- [Use the diagnostic checker tool to identify common environment issues](aks-arc-diagnostic-checker.md)
+- [Review AKS on Azure Local architecture](cluster-architecture.md)

AKS-Arc/entra-prompts.md

@@ -26,7 +26,7 @@ This issue is caused by [a GitHub bug](https://github.com/Azure/kubelogin/issues
 
 To mitigate this issue, you can use one of the following two methods:
 
-- Downgrade **kubelogin** to version 1.9.0. This stable version does not have the bug that causes repeated authentication prompts. You can [download this version from the GitHub repository](https://github.com/int128/kubelogin/releases/tag/v1.9.0). Select the appropriate asset for your OS or architecture, extract it, and replace your existing **kubelogin** binary.
+- Downgrade **kubelogin** to version 0.1.9. This stable version does not have the bug that causes repeated authentication prompts. You can [download this version from the GitHub repository](https://github.com/Azure/kubelogin/releases/tag/v0.1.9). Select the appropriate asset for your OS or architecture, extract it, and replace your existing **kubelogin** binary.
 - Alternatively, if you have administrator permissions, you can use the `--admin` flag with the `az aksarc get-credentials` command. This method bypasses **kubelogin** authentication by retrieving admin credentials directly:
 
   ```azurecli