MicrosoftDocs
diff --git a/‎AKS-Arc/TOC.yml
Lines changed: 2 additions & 0 deletions b/‎AKS-Arc/TOC.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎AKS-Arc/aks-vmware-overview.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/aks-vmware-overview.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/disable-windows-nodepool.md
Lines changed: 1 addition & 1 deletion b/‎AKS-Arc/disable-windows-nodepool.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎AKS-Arc/kubernetes-monitor-audit-events.md
Lines changed: 2 additions & 2 deletions b/‎AKS-Arc/kubernetes-monitor-audit-events.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎AKS-Arc/network-validation-errors.md
Lines changed: 102 additions & 0 deletions b/‎AKS-Arc/network-validation-errors.md
Lines changed: 102 additions & 0 deletions
diff --git a/‎azure-local/TOC.yml
Lines changed: 7 additions & 9 deletions b/‎azure-local/TOC.yml
Lines changed: 7 additions & 9 deletions
@@ -181,6 +181,8 @@
       href: check-vm-sku.md
     - name: Connectivity issues with MetalLB
       href: load-balancer-issues.md
+    - name: Troubleshoot general network validation errors
+      href: network-validation-errors.md
     - name: Network validation error due to .local domain
       href: network-validation-error-local.md
   - name: Reference
 
@@ -2,7 +2,7 @@
 title: AKS enabled by Azure Arc on VMware overview (preview)
 description: Learn about AKS enabled by Azure Arc deployment options on VMware.
 ms.topic: overview
-ms.date: 03/22/2024
+ms.date: 05/08/2025
 author: sethmanheim
 ms.author: sethm 
 ms.reviewer: leslielin
 
@@ -90,7 +90,7 @@ az k8s-extension update --resource-group $resourceGroup --cluster-name $clusterN
 If for some reason you're not able to use Azure CloudShell or a machine with connectivity to Azure in order to disable Windows nodepool, you can disable Windows nodepool after connecting to any one of the Azure Local physical nodes with Remote Desktop. You must first sign in to Azure.
 
 ```powershell
-az login --use-device-code --tenant-id <Azure tenant ID>
+az login --use-device-code --tenant <Azure tenant ID>
  
 az account set -s <subscription ID>
  
 
@@ -3,7 +3,7 @@ title: Monitor Kubernetes audit events in AKS enabled by Azure Arc
 description: Learn how to create a diagnostic setting to access Kubernetes audit logs.
 author: sethmanheim
 ms.topic: how-to
-ms.date: 12/18/2024
+ms.date: 05/08/2024
 ms.author: sethm 
 ms.lastreviewed: 02/26/2024
 ms.reviewer: guanghu
@@ -14,7 +14,7 @@ ms.reviewer: guanghu
 
 [!INCLUDE [hci-applies-to-23h2](includes/hci-applies-to-23h2.md)], AKS enabled by Azure Arc on VMware (preview)
 
-You can access Kubernetes audit logs in Kubernetes control plane logs. Control plane logs for AKS clusters are implemented as [resource logs](/azure/azure-monitor/essentials/resource-logs) in Azure Monitor. Resource logs aren't collected and stored until you create a diagnostic setting to route them to one or more locations. You typically send them to a Log Analytics workspace, which is where most of the data for Container Insights is stored.
+You can access Kubernetes audit logs in Kubernetes control plane logs. Control plane logs for AKS clusters are implemented as [resource logs](/azure/azure-monitor/essentials/resource-logs) in Azure Monitor. Resource logs aren't collected and stored until you create a diagnostic setting to route them to one or more locations. You typically send them to a Log Analytics workspace, which is where most of the data for Container Insights is stored.
 
 ## Create a diagnostic setting
 
 
@@ -0,0 +1,102 @@
+---
+title: Troubleshoot network validation errors
+description: Learn how to troubleshoot general network validation errors in AKS Arc.
+author: sethmanheim
+ms.author: sethm
+ms.topic: troubleshooting
+ms.date: 05/07/2025
+ms.reviewer: pradwivedi
+ms.lastreviewed: 05/06/2025
+
+---
+
+# Troubleshoot network validation errors
+
+This article describes how to identify and resolve various network validation errors you might encounter during cluster creation. The article emphasizes the importance of pre-checks for early issue detection. These errors are detected by pre-checks designed to highlight issues early, allowing for easier resolution before the cluster is created.
+
+The article summarizes error codes, their potential causes, and actionable mitigation steps to help you resolve issues effectively.
+
+## CloudAgentConnectivityError
+
+Error: Network validation failed during cluster creation.
+
+### Description
+
+Detailed message: `Not able to connect to http://cloudagent.contoso.local:50000. Error returned: action failed after 5 attempts: Get "http://cloudagent.contoso.local:50000": dial tcp: lookup http://cloudagent.contoso.local: Temporary failure in name resolution`
+
+The MOC cloud agent is created using one of the IP addresses from the [Management IP pool](/azure/azure-local/plan/cloud-deployment-network-considerations#management-ip-pool) on port 5500 and the control plane node VM is given IP addresses from the Arc VM logical network. This error occurs when the MOC cloud agent is not reachable from the control plane VM, or when the DNS servers specified in the Arc VM logical network are unable to resolve the MOC cloud agent FQDN.
+
+### Causes of failure
+
+Logical network IP addresses can't connect to management IP pool addresses, due to:
+
+- Incorrect DNS server resolution.
+- Firewall rules between the Arc VM logical network and the cloud agent endpoint.
+- The logical network is in a different VLAN than the management IP pool and there's no cross-VLAN connectivity.
+
+### Mitigation
+
+To resolve this error, you can take the following steps:
+
+- Make sure that the DNS servers specified in the Arc VM logical network can resolve the MOC cloud agent FQDN.
+- Make sure that the logical network IP addresses can connect to all the management IP pool addresses on the required ports. For a detailed list of ports that need to be opened, see [AKS network port and cross-VLAN requirements](aks-hci-network-system-requirements.md#network-port-and-cross-vlan-requirements).
+
+## InternetConnectivityError
+
+Error: Network validation failed during cluster creation.
+
+### Description
+
+Detailed message: `Not able to connect to https://mcr.microsoft.com. Error returned: action failed after 5 attempts: Get "https://mcr.microsoft.com": dial tcp: lookup mcr.microsoft.com on <>: read udp <>: i/o timeout`.
+
+This error indicates that the required URLs are not reachable from the AKS cluster control plane node VM.
+
+### Causes of failure
+
+- Control plane node VM has no outbound internet access.
+- Required URLs aren't allowed through the firewall.
+
+### Mitigation
+
+To resolve this error, ensure that the logical network IP addresses have outbound internet access. If there's a firewall, ensure that the [AKS required URLs](aks-hci-network-system-requirements.md#firewall-url-exceptions) are accessible from the Arc VM logical network.
+
+## VMNotReachableError
+
+Error: Network validation failed during cluster creation.
+
+### Description
+
+Detailed message: `VM IP : <> is not reachable from management cluster`.
+
+This error indicates that the AKS cluster control plane VM is not reachable from the Arc Resource Bridge (ARB).
+
+### Causes of failure
+
+The Arc VM logical network is not reachable from management IP pool addresses.
+
+### Mitigation
+
+To resolve this error, you can take the following steps:
+
+- Make sure that the management IP pool addresses can reach the logical network IP addresses.
+- For a detailed list of ports that need to be opened, see [AKS network port and cross-VLAN requirements](aks-hci-network-system-requirements.md#network-port-and-cross-vlan-requirements).
+
+## DNSResolutionError
+
+This error occurs when DNS servers specified in the Arc VM logical network can't resolve the MOC cloud FQDN or the required URLs.
+
+### Causes of failure
+
+DNS servers specified in a logical network can't resolve the MOC cloud FQDN or the required URLs.
+
+### Mitigation
+
+To resolve this error, check the DNS servers specified in the logical network so that they can resolve the MOC cloud FQDN or the required URLs.
+
+## Contact Microsoft Support
+
+If problems persist, [collect AKS cluster logs](get-on-demand-logs.md) before you [create a support request](aks-troubleshoot.md#open-a-support-request).
+
+## Next steps
+
+[Troubleshoot issues in AKS enabled by Azure Arc](aks-troubleshoot.md)
@@ -35,15 +35,15 @@ items:
   - name: Virtual deployment
     href: deploy/deployment-virtual.md
   - name: Azure Local jumpstart
-    href: https://arcjumpstart.com/azure_jumpstart_hcibox/getting_started
+    href: https://jumpstart.azure.com/azure_jumpstart_localbox
 
 - name: Plan
   items:
   - name: Review requirements
     items:
     - name: System requirements
       href: concepts/system-requirements-23h2.md
-    - name: System requirements for Small Form Factor
+    - name: System requirements for low capacity class
       href: concepts/system-requirements-small-23h2.md
     - name: Physical network requirements
       href: concepts/physical-network-requirements.md
@@ -102,7 +102,7 @@ items:
     - name: About security features
       href: concepts/security-features.md
     - name: Download Azure Local security book
-      href: https://github.com/Azure-Samples/AzureLocal/blob/main/SecurityBook/Azure%20Local%20Security%20Book_01172025.pdf
+      href: https://github.com/Azure-Samples/AzureLocal/blob/main/SecurityBook/Azure%20Local%20Security%20Book_04302025.pdf
   - name: Assess environment readiness
     href: manage/use-environment-checker.md
   - name: Configure advanced Active Directory settings
@@ -527,9 +527,9 @@ items:
   - name: Migrate using SCVMM
     items:
     - name: For Hyper-V VMs
-      href: /system-center/vmm/manage-azure-stack-hci?toc=/azure/azure-local/toc.json&bc=/azure/azure-local/breadcrumb/toc.json#migrate-vms-from-windows-server-to-azure-local-instance
+      href: /system-center/vmm/manage-azure-stack-hci#migrate-vms-from-windows-server-to-azure-local-instance
     - name: For VMware VMs
-      href: /system-center/vmm/vm-convert-vmware?toc=/azure/azure-local/toc.json&bc=/azure/azure-local/breadcrumb/toc.json
+      href: /system-center/vmm/vm-convert-vmware
   - name: Migrate manually (v22H2 only)
     items:
     - name: To same hardware
@@ -567,7 +567,6 @@ items:
       href: concepts/route-reflector-overview.md
     - name: SDN Multisite overview
       href: concepts/sdn-multisite-overview.md
-
 - name: Version 22H2
   items:
   - name: Release information for version 22H2
@@ -711,9 +710,9 @@ items:
   - name: Migrate using SCVMM
     items:
     - name: For Hyper-V VMs
-      href: /system-center/vmm/deploy-manage-azure-stack-hci?toc=/azure/azure-local/toc.json&bc=/azure/azure-local/breadcrumb/toc.json#step-8-migrate-vms-from-windows-server-to-azure-local-instance
+      href: /system-center/vmm/deploy-manage-azure-stack-hci#step-8-migrate-vms-from-windows-server-to-azure-local-instance
     - name: For VMware VMs
-      href: /system-center/vmm/deploy-manage-azure-stack-hci?toc=/azure/azure-local/toc.json&bc=/azure/azure-local/breadcrumb/toc.json#step-9-migrate-vmware-workloads-to-azure-local-instance-using-scvmm
+      href: /system-center/vmm/deploy-manage-azure-stack-hci#step-9-migrate-vmware-workloads-to-azure-local-instance-using-scvmm
   - name: Concepts
     items:
     - name: Storage and systems
@@ -742,7 +741,6 @@ items:
         href: concepts/utility-applications.md
       - name: Data collection
         href: concepts/data-collection.md
-
 - name: Reference
   items:
   - name: For Azure Local VM management