You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: AKS-Arc/network-validation-error-local.md
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,33 +12,31 @@ ms.lastreviewed: 04/30/2025
12
12
13
13
# Troubleshoot network validation error due to .local domain
14
14
15
-
This article describes how to resolve the **Not able to connect to http://cloudagent.contoso.local:50000** error. This error occurs when you try to create and deploy an AKS on Azure Local cluster.
15
+
This article describes how to resolve the `Not able to connect to http://cloudagent.contoso.local:50000` error. This error occurs when you try to create and deploy an AKS on Azure Local cluster.
16
16
17
17
## Symptoms
18
18
19
-
You can deploy `.local` domains on Azure Local but might sometimes encounter failures during AKS scenarios, such as create, scale, update, upgrade and delete. You might see the following error message:
19
+
You can deploy `.local` domains on Azure Local but might sometimes encounter failures during AKS scenarios, such as create, scale, update, upgrade, and delete. You might see the following error message:
20
20
21
-
```output
22
-
Not able to connect to http://cloudagent.contoso.local:50000. Error returned: action failed after 5 attempts: Get "http://cloudagent.contoso.local:50000": dial tcp: lookup http://cloudagent.contoso.local: Temporary failure in name resolution
23
-
```
21
+
`Not able to connect to http://cloudagent.contoso.local:50000. Error returned: action failed after 5 attempts: Get "http://cloudagent.contoso.local:50000": dial tcp: lookup http://cloudagent.contoso.local: Temporary failure in name resolution`
24
22
25
23
## Possible causes
26
24
27
25
There are two possible causes for this error:
28
26
29
-
1. Because `.local` is an officially reserved special-use domain name, host names with this top-level label are only resolvable via the multicast DNS name resolution protocol. Other mechanisms such as unicast DNS can also be used to resolve this concurrently.
27
+
1. Because `.local` is an officially reserved special-use domain name, host names with this top-level label are only resolvable via the multicast DNS name resolution protocol. Other mechanisms such as unicast DNS can also be used to resolve this name.
30
28
31
29
When a URL ending with `.local` for the failover cluster is used, the fully qualified domain name (FQDN) ending with `.local` is also used for the MOC cloud agent. The Azure Local 2503 release consists of various network validation tests. One of the tests tries to connect to the MOC cloud FQDN from the AKS Arc control plane VM. This specific test fails when the MOC cloud agent FQDN uses the `.local` domain name. This is because the **Go HTTP** client relies on standard DNS resolution, so it doesn't automatically resolve the `.local` address via mDNS.
32
30
33
31
1. When the on-premises directory is synchronized with Microsoft 365, you must have a verified domain in Microsoft Entra ID. Only the user principal names (UPNs) that are associated with the on-premises Active Directory Domain Services (AD DS) domain are synchronized. However, any UPN that contains a non-routable domain, such as `.local` (for example, `[email protected]`), is synchronized to an `.onmicrosoft.com` domain (for example, `[email protected]`). For more information, see [Prepare a nonroutable domain for directory synchronization](/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization).
34
32
35
33
## Mitigation
36
34
37
-
If you are on 2503 or a later release, don't use `.local` in the domain name.
35
+
If you are on Azure Local 2503 or a later release, don't use `.local` in the domain name.
38
36
39
-
As per the possible cause 2, if you currently use a `.local` domain for your user accounts in AD DS, we recommend that you change them to use a verified domain; for example, `[email protected]`, to properly synchronize with your Microsoft 365 domain.
37
+
Per the [possible cause #2](#possible-causes), if you currently use a `.local` domain for your user accounts in AD DS, we recommend that you change them to use a verified domain; for example, `[email protected]`, to properly synchronize with your Microsoft 365 domain.
40
38
41
-
As a temporary mitigation, the checks for the `.local` domain are disabled in the 2504 release. For more information, see [What's new in Azure Local, version 2504](/azure/azure-local/whats-new?view=azloc-2504).
39
+
As a temporary mitigation, the checks for the `.local` domain are disabled in the Azure Local 2504 release. For more information, see [What's new in Azure Local, version 2504](/azure/azure-local/whats-new?view=azloc-2504).
0 commit comments