Merge branch 'release-local-2506' of https://github.com/MicrosoftDocs/azure-stack-docs-pr into rb-2506-upd

Author: ronmiab

AKS-Arc/TOC.yml

@@ -193,6 +193,8 @@
       href: entra-prompts.md
     - name: BGP with FRR not working
       href: connectivity-troubleshoot.md
+    - name: Cluster status stuck during upgrade
+      href: cluster-upgrade-status.md
   - name: Reference
     items:
     - name: Azure CLI

AKS-Arc/aks-troubleshoot.md

@@ -3,7 +3,7 @@ title: Troubleshoot common issues in AKS enabled by Azure Arc
 description: Learn about common issues and workarounds in AKS enabled by Arc.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 06/18/2025
+ms.date: 06/27/2025
 ms.author: sethm 
 ms.lastreviewed: 04/01/2025
 ms.reviewer: abha
@@ -16,7 +16,7 @@ This section describes how to find solutions for issues you encounter when using
 
 ## Open a support request
 
-To open a support request, see the [Get support](/azure/aks/hybrid/help-support) article for information about how to use the Azure portal to get support or open a support request for AKS Arc.
+To open a support request, see the [Get support](help-support.md) article for information about how to use the Azure portal to get support or open a support request for AKS Arc.
 
 ## Known issues
 
@@ -28,6 +28,7 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 | AKS steady state       | [AKS Arc telemetry pod consumes too much memory and CPU](telemetry-pod-resources.md) | Active |
 | AKS steady state       | [Disk space exhaustion on control plane VMs due to accumulation of kube-apiserver audit logs](kube-apiserver-log-overflow.md) | Active |
 | AKS cluster delete     | [Deleted AKS Arc cluster still visible on Azure portal](deleted-cluster-visible.md) | Active |
+| AKS cluster upgrade    | [AKS Arc cluster stuck in "Upgrading" state](cluster-upgrade-status.md) | Fixed in 2505 release |
 | AKS cluster delete     | [Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources](delete-cluster-pdb.md) | Fixed in 2503 release |
 | Azure portal           | [Can't see VM SKUs on Azure portal](check-vm-sku.md) | Fixed in 2411 release |
 | MetalLB Arc extension  | [Connectivity issues with MetalLB](load-balancer-issues.md) | Fixed in 2411 release |
@@ -42,9 +43,10 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 | Create validation      | [KubeAPIServer unreachable error](kube-api-server-unreachable.md) |
 | Network configuration issues | [Use diagnostic checker](aks-arc-diagnostic-checker.md) |
 | Kubernetes steady state   | [Resolve issues due to out-of-band deletion of storage volumes](delete-storage-volume.md) |
+| Kubernetes steady state   | [Repeated Entra authentication prompts when running kubectl with Kubernetes RBAC](entra-prompts.md) | 
 | Release validation     | [Azure Advisor upgrade recommendation message](azure-advisor-upgrade.md) |
 | Network validation | [Network validation error due to .local domain](network-validation-error-local.md) |
-| BGP with FRR not working | [Troubleshoot BGP with FRR in AKS Arc environments](connectivity-troubleshoot.md) |
+| Network validation | [Troubleshoot BGP with FRR in AKS Arc environments](connectivity-troubleshoot.md) |
 
 ## Next steps
 

AKS-Arc/cluster-upgrade-status.md

@@ -0,0 +1,147 @@
+---
+title: Troubleshoot issue in which the cluster is stuck in Upgrading state
+description: Learn how to troubleshoot and mitigate the issue when an AKS enabled by Arc cluster is stuck in 'Upgrading' state.
+ms.topic: troubleshooting
+author: rcheeran
+ms.author: rcheeran
+ms.date: 06/27/2025
+ms.reviewer: abha
+
+---
+
+# Troubleshoot AKS Arc cluster stuck in "Upgrading" state
+
+This article describes how to fix an issue in which your Azure Kubernetes Service enabled by Arc (AKS Arc) cluster is stuck in the **Upgrading** state. This issue typically occurs after you update Azure Local to version 2503 or 2504, and you then try to upgrade the Kubernetes version on your cluster.
+
+## Symptoms
+
+When you try to upgrade an AKS Arc cluster, you notice that the `currentState` property of the cluster remains in the **Upgrading** state.
+
+```azurecli
+az aksarc upgrade --name "cluster-name" --resource-group "rg-name"
+```
+
+```output
+===> Kubernetes might be unavailable during cluster upgrades.
+ Are you sure you want to perform this operation? (y/N): y
+The cluster is on version 1.28.9 and is not in a failed state. 
+
+===> This will upgrade the control plane AND all nodepools to version 1.30.4. Continue? (y/N): y
+Upgrading the AKSArc cluster. This operation might take a while...
+{
+  "extendedLocation": {
+    "name": "/subscriptions/resourceGroups/Bellevue/providers/Microsoft.ExtendedLocation/customLocations/bel-CL",
+    "type": "CustomLocation"
+  },
+  "id": "/subscriptions/fbaf508b-cb61-4383-9cda-a42bfa0c7bc9/resourceGroups/Bellevue/providers/Microsoft.Kubernetes/ConnectedClusters/Bel-cluster/providers/Microsoft.HybridContainerService/ProvisionedClusterInstances/default",
+"name": "default",
+"properties": {
+"kubernetesVersion": "1.30.4",
+"provisioningState": "Succeeded",
+"currentState": "Upgrading",
+"errorMessage": null,
+"operationStatus": null
+"agentPoolProfiles": [
+      {
+        ...
+```
+
+## Cause
+
+- The issue is caused by a recent change introduced in Azure Local version 2503. Under certain conditions, if there are transient or intermittent failures during the Kubernetes upgrade process, they're not correctly detected or recovered from. This can cause the cluster state to remain in the **Upgrading** state.
+- You see this issue if the AKS Arc custom location extension `hybridaksextension` version is 2.1.211 or 2.1.223. You can run the following command to check the extension version on your cluster:
+
+  ```azurecli
+  az login --use-device-code --tenant <Azure tenant ID> 
+  az account set -s <subscription ID> 
+  $res=get-archcimgmt
+  az k8s-extension show -g $res.HybridaksExtension.resourceGroup -c $res.ResourceBridge.name --cluster-type appliances --name hybridaksextension
+  ```
+
+  ```output
+  {
+    "aksAssignedIdentity": null,
+    "autoUpgradeMinorVersion": false,
+    "configurationProtectedSettings": {},
+    "currentVersion": "2.1.211",
+    "customLocationSettings": null,
+    "errorInfo": null,
+    "extensionType": "microsoft.hybridaksoperator",
+    ...
+  }
+  ```
+
+## Mitigation
+
+This issue was fixed in AKS on [Azure Local, version 2505](/azure/azure-local/whats-new?view=azloc-2505&preserve-view=true#features-and-improvements-in-2505). Upgrade your Azure Local deployment to the 2505 build. After you update, [verify that the Kubernetes version was upgraded](#verification) and the `currentState` property of the cluster shows as **Succeeded**.
+
+### Workaround for Azure Local versions 2503 or 2504
+
+This issue only affects clusters in Azure Local version 2503 or 2504, and on AKS Arc extension versions 2.1.211 or 2.1.223. The mitigation described here is applicable only when you are unable to upgrade to 2505.
+
+You can resolve the issue by running the AKS Arc `update` command. The `update` command restarts the upgrade flow. You can run the `aksarc update` command with placeholder parameters, which do not impact the state of the cluster. So in this case, you can run the `update` command to enable NFS or SMB drivers if those features aren't already enabled. First, check if any of the storage drivers are already enabled:
+
+```azurecli
+az login --use-device-code --tenant <Azure tenant ID> 
+az account set -s <subscription ID> 
+az aksarc show -g <resource_group_name> -n <cluster_name>
+```
+
+Check the storage profile section:
+
+```json
+"storageProfile": {  
+     "nfsCsiDriver": {  
+       "enabled": false
+     },  
+     "smbCsiDriver": {  
+
+       "enabled": true  
+     }  
+   }
+```
+
+If one of the drivers is disabled, you can enable it using one of the following commands:
+
+```azurecli
+az aksarc update --enable-smb-driver -g <resource_group_name> -n <cluster_name>
+az aksarc update --enable-nfs-driver -g <resource_group_name> -n <cluster_name>
+```
+
+Running the `aksarc update` command should resolve the issue and the `currentState` property of the cluster should now show as **Succeeded**. Once the status is updated, if you don't want to keep the drivers enabled, you can reverse this action by running one of the following commands:
+
+```azurecli
+az aksarc update --disable-smb-driver -g <resource_group_name> -n <cluster_name>
+az aksarc update --disable-nfs-driver -g <resource_group_name> -n <cluster_name>
+```
+
+If both drivers are already enabled on your cluster, you can disable the one that's not in use. If you require both drivers to remain enabled, contact Microsoft Support for further assistance.
+
+## Verification
+
+To confirm the K8s version upgrade is complete, run the following command and check that the `currentState` property in the JSON output is set to **Succeeded**.
+
+```azurecli
+az aksarc show -g <resource_group> -n <cluster_name>
+```
+
+```output
+...
+...
+"provisioningState": "Succeeded",
+"status": {
+    "currentState": "Succeeded",
+    "errorMessage": null,
+    "operationStatus": null
+    "controlPlaneStatus": { ...
+...
+```
+
+## Contact Microsoft Support
+
+If the problem persists, collect the [AKS cluster logs](get-on-demand-logs.md) before you [create a support request](aks-troubleshoot.md#open-a-support-request).
+
+## Next steps
+
+- [Use the diagnostic checker tool to identify common environment issues](aks-arc-diagnostic-checker.md)
+- [Review AKS on Azure Local architecture](cluster-architecture.md)

AKS-Arc/entra-prompts.md

@@ -26,7 +26,7 @@ This issue is caused by [a GitHub bug](https://github.com/Azure/kubelogin/issues
 
 To mitigate this issue, you can use one of the following two methods:
 
-- Downgrade **kubelogin** to version 1.9.0. This stable version does not have the bug that causes repeated authentication prompts. You can [download this version from the GitHub repository](https://github.com/int128/kubelogin/releases/tag/v1.9.0). Select the appropriate asset for your OS or architecture, extract it, and replace your existing **kubelogin** binary.
+- Downgrade **kubelogin** to version 0.1.9. This stable version does not have the bug that causes repeated authentication prompts. You can [download this version from the GitHub repository](https://github.com/Azure/kubelogin/releases/tag/v0.1.9). Select the appropriate asset for your OS or architecture, extract it, and replace your existing **kubelogin** binary.
 - Alternatively, if you have administrator permissions, you can use the `--admin` flag with the `az aksarc get-credentials` command. This method bypasses **kubelogin** authentication by retrieving admin credentials directly:
 
   ```azurecli

azure-local/faq.yml

@@ -44,7 +44,7 @@ sections:
           
       - question: Are there bandwidth or latency requirements between Azure Local and the cloud?
         answer: |
-          No. Limited-bandwidth connections like rural T1 lines or satellite/cellular connections are adequate for Azure Local to sync. The minimum required connectivity is several kilobytes per day. More services might require extra bandwidth, especially to replicate or back up whole VMs, download large software updates, or upload verbose logs for analysis and monitoring in the cloud.
+          Yes. Limited-bandwidth connections like rural T1 lines or satellite/cellular connections are adequate for Azure Local to sync. The minimum required connectivity is 10 Mb per day. More services might require extra bandwidth, especially to replicate or back up whole VMs, download large software updates, or upload verbose logs for analysis and monitoring in the cloud.
 
       - question: Does Azure Local require continuous connectivity to the cloud?
         answer: |

azure-local/manage/add-server.md

@@ -4,7 +4,7 @@ description: Learn how to manage capacity on your Azure Local, version 23H2 syst
 ms.topic: how-to
 author: alkohli
 ms.author: alkohli
-ms.date: 05/28/2025
+ms.date: 06/26/2025
 ---
 
 # Add a node on Azure Local
@@ -110,25 +110,13 @@ On the new node that you plan to add, follow these steps.
 
 3. Assign the following permissions to the newly added nodes:
 
-    - Azure Local Device Management Role
+    - Azure Stack HCI Device Management Role
     - Key Vault Secrets User
     For more information, see [Assign permissions to the node](../deploy/deployment-arc-register-server-permissions.md).
 
 On a node that already exists on your system, follow these steps:
 
-1. Sign in with the domain user credentials (AzureStackLCMUser or another user with equivalent permissions) that you provided during the deployment of the system. 
-
-1. (Optional) Before you add the node, make sure to get an updated authentication token. Run the following command:
-
-    ```powershell
-    Update-AuthenticationToken 
-    ```
-
-1. If you are running a version prior to 2405.3, you must run the following command on the new node to clean up conflicting files:
-
-    ```powershell
-    Get-ChildItem -Path "$env:SystemDrive\NugetStore" -Exclude Microsoft.AzureStack.Solution.LCMControllerWinService*,Microsoft.AzureStack.Role.Deployment.Service* | Remove-Item -Recurse -Force
-    ```
+1. Sign in with the domain user credentials (AzureStackLCMUser or another user with equivalent permissions) that you provided during the deployment of the system.
 
 1. Run the following command to add the new incoming node using a local administrator credential for the new node:
 

azure-local/manage/repair-server.md

@@ -4,7 +4,7 @@ description: Learn how to repair a node on your Azure Local, version 23H2 system
 ms.topic: how-to
 author: alkohli
 ms.author: alkohli
-ms.date: 05/08/2025
+ms.date: 06/26/2025
 ---
 
 # Repair a node on Azure Local
@@ -134,19 +134,12 @@ Follow these steps on the node you're trying to repair.
 
 1. Assign the following permissions to the repaired node:
 
-    - Azure Local Device Management Role
+    - Azure Stack HCI Device Management Role
     - Key Vault Secrets User
     For more information, see [Assign permissions to the node](../deploy/deployment-arc-register-server-permissions.md).
 
 Follow these steps on another node that is a member of the same Azure Local instance.
 
-
-1. If you are running a version prior to 2405.3, you must run the following command to clean up conflicting files:
-
-    ```powershell
-    Get-ChildItem -Path "$env:SystemDrive\NugetStore" -Exclude Microsoft.AzureStack.Solution.LCMControllerWinService*,Microsoft.AzureStack.Role.Deployment.Service* | Remove-Item -Recurse -Force
-    ```
-
 1. Sign into the node that is already a member of the system, with the domain user credentials that you provided during the deployment of the system. Run the following command to repair the incoming node:
 
     ```powershell

azure-local/migrate/migrate-vmware-requirements.md

@@ -3,7 +3,7 @@ title: Review requirements for VMware VM migration to Azure Local using Azure Mi
 description: Learn the system requirements for VMware migration to Azure Local using Azure Migrate (preview).
 author: alkohli
 ms.topic: how-to
-ms.date: 05/16/2025
+ms.date: 06/19/2025
 ms.author: alkohli
 ms.custom: references_regions
 ---
@@ -67,8 +67,6 @@ For any subscriptions hosting resources used in migration, such as Azure Migrate
 
 - Ensure that vCenter Server permission requirements are met. For more information, see [VMware vSphere requirements (agentless)](/azure/migrate/migrate-support-matrix-vmware-migration#agentless-migration).
 
-- In this release, you can only migrate VMs that have disks attached to the VMFS Datastores. If the VM disks aren't attached to the VMFS Datastore, the disks can’t be migrated.
-
 - Before you begin, for all VMware VMs, bring all the disks online and persist the drive letter. For more information, see how to [configure a SAN policy](/azure/migrate/prepare-for-migration#configure-san-policy) to bring the disks online.
 
 - The VMware source environment must be able to initiate a network connection with the target Azure Local instance, either by being on the same on-premises network or by using a VPN.

azure-stack/includes/app-service-hub-update-banner.md

@@ -3,7 +3,7 @@ author: apwestgarth
 ms.author: anwestg
 ms.service: azure-stack
 ms.topic: include
-ms.date: 01/31/2025
+ms.date: 06/25/2025
 ms.reviewer: sethm
 ms.lastreviewed: 10/28/2020
 ---
@@ -13,4 +13,4 @@ ms.lastreviewed: 10/28/2020
 >
 > | Supported minimum Azure Stack Hub version | App Service RP version |
 > |-----|---|
-> | 2311 and later | 24R1 [Installer](https://aka.ms/appsvcupdate24R1installer) ([release notes](../operator/app-service-release-notes-2024R1.md)) |
+> | 2311 and later | 25R1 [Installer](https://aka.ms/appsvcupdate25R1installer) 25R1 [Offline Package](https://aka.ms/appsvcupdate25R1offline) ([release notes](../operator/app-service-release-notes-2025R1.md)) |

azure-stack/operator/TOC.yml

@@ -386,16 +386,10 @@
           href: app-service-migrate-sql-server.md
       - name: Release notes
         items:
+        - name: 25R1 release notes [June 2025]
+          href: app-service-release-notes-2025R1.md
         - name: 24R1 release notes [December 2024]
           href: app-service-release-notes-2024R1.md
-        - name: 2302 release notes [February 2023]
-          href: app-service-release-notes-2302.md
-        - name: 2022 H1 release notes [October 2022]
-          href: app-service-release-notes-2022-h1.md
-        - name: 2021 Q3 release notes [December 2021]
-          href: app-service-release-notes-2021-Q3.md
-        - name: 2021 Q1 release notes [June 2021]
-          href: app-service-release-notes-2021-Q1.md
     - name: Azure Container Registry
       items:
       - name: Overview