Sync release-aks-ee-feb with main

Sync release-aks-ee-feb with main

Author: sethmanheim

.openpublishing.publish.config.json

@@ -6,6 +6,7 @@
       "build_output_subfolder": "adaptive-cloud",
       "locale": "en-us",
       "monikers": [],
+      "moniker_ranges": [],
       "open_to_public_contributors": false,
       "type_mapping": {
         "Conceptual": "Content"
@@ -29,14 +30,12 @@
       "template_folder": "_themes"
     },
     {
-      "docset_name": "AzureLocal",
-      "build_source_folder": "azure-local",
-      "build_output_subfolder": "AzureLocal",
+      "docset_name": "azure-managed-lustre",
+      "build_source_folder": "azure-managed-lustre",
+      "build_output_subfolder": "azure-managed-lustre",
       "locale": "en-us",
       "monikers": [],
-      "moniker_ranges": [
-        ">=azloc-2408"
-      ],
+      "moniker_ranges": [],
       "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"
@@ -45,12 +44,14 @@
       "template_folder": "_themes"
     },
     {
-      "docset_name": "azure-managed-lustre",
-      "build_source_folder": "azure-managed-lustre",
-      "build_output_subfolder": "azure-managed-lustre",
+      "docset_name": "AzureLocal",
+      "build_source_folder": "azure-local",
+      "build_output_subfolder": "AzureLocal",
       "locale": "en-us",
       "monikers": [],
-      "moniker_ranges": [],
+      "moniker_ranges": [
+        ">=azloc-2408"
+      ],
       "open_to_public_contributors": true,
       "type_mapping": {
         "Conceptual": "Content"

azure-local/concepts/compare-vm-management-capabilities.md

@@ -87,7 +87,7 @@ The following table compares the management capabilities for Arc VMs, Arc-enable
 | - Extended Security Updates | ✅ <br>[3](#3) | ✅ <br>[3](#3) | ❌ |
 | **Windows management** |
 | - Windows Admin Center |❌|✅  <br>[1](#1) and [2](#2) |❌|
-| - Best Practices Assessment |✅|✅  <br>[1](#1) and [2](#2) |❌|
+| - Best Practices Assessment |❌|✅  <br>[1](#1) and [2](#2) |❌|
 | **Monitoring** |
 | - Azure Monitor |✅|✅|❌|
 | - Insights|✅|✅|❌|
@@ -114,4 +114,4 @@ The following table compares the management capabilities for Arc VMs, Arc-enable
 
 ## Next steps
 
-- Review [Azure Arc VM management prerequisites](../manage/azure-arc-vm-management-prerequisites.md).
+- Review [Azure Arc VM management prerequisites](../manage/azure-arc-vm-management-prerequisites.md).

azure-local/concepts/system-requirements-23h2.md

@@ -6,7 +6,7 @@ ms.author: alkohli
 ms.topic: how-to
 ms.service: azure-local
 ms.custom: references_regions
-ms.date: 02/14/2025
+ms.date: 02/21/2025
 ---
 
 # System requirements for Azure Local
@@ -47,8 +47,8 @@ Before you begin, make sure that the physical machine and storage hardware used
 
 |Component|Minimum|
 |--|--|
-|Number of machines| 1 to 16 machines are supported. <br> Each machine must be the same model, manufacturer, have the same network adapters, and have the same number and type of storage drives.|
-|CPU|A 64-bit Intel Nehalem grade or AMD EPYC or later compatible processor with second-level address translation (SLAT).|
+|Number of machines| 1 to 16 machines are supported. <br> Each machine must be the same model, manufacturer, have the same processor types, have the same network adapters, and have the same number and type of storage drives.|
+|CPU|A 64-bit Intel Nehalem grade or AMD EPYC or later compatible processor with second-level address translation (SLAT). <br> All the Azure Local machines used to form an Azure Local instance must have the same processor types. |
 |Memory|A minimum of 32-GB RAM per machine with Error-Correcting Code (ECC). <br> If you can't meet the memory and the ECC requirements, opt for a [Virtual deployment](../deploy/deployment-virtual.md).|
 |Host network adapters|At least two network adapters listed in the Windows Server Catalog. Or dedicated network adapters per intent, which does require two separate adapters for storage intent. For more information, see [Windows Server Catalog](https://www.windowsservercatalog.com/).|
 |BIOS|Intel VT or AMD-V must be turned on.|

azure-local/docfx.json

@@ -85,14 +85,14 @@
     },
     "fileMetadata": {
       "monikerRange": {
-      "./*.md": ">=azloc-2408 || =azloc-previous",
-      "./*.yml": ">=azloc-2408 || =azloc-previous"
+      "./*.md": ">=azloc-24081 || =azloc-previous",
+      "./*.yml": ">=azloc-24081 || =azloc-previous"
       }
     },
     "template": [],
     "groups": {
       "version-azlocal": {
-        "moniker_range": ">=azloc-2408 || =azloc-previous",
+        "moniker_range": ">=azloc-24081 || =azloc-previous",
         "dest": "azure-local"
       }
     }

azure-local/known-issues.md

@@ -158,6 +158,64 @@ To change the deployment service principal, follow these steps:
    Set-AzureStackRPSpCredential -SubscriptionID $SubscriptionId -TenantID $TenantId -AppId $AppId -NewPassword $NewPassword 
    ```
 
+## Rotate internal secrets
+
+This section describes how you can rotate internal secrets. Internal secrets include certificates, passwords, secure strings, and keys used by the Azure Local infrastructure. Internal secret rotation is only required if you suspect one has been compromised, or you've received an expiration alert.
+
+The exact steps for secret rotation are different depending on the software version your Azure Local instance is running.
+
+### Azure Local instance running 2411.2 and later
+
+1. Sign in to one of the Azure Local nodes using deployment user credentials.
+1. Start secret rotation. Run the following PowerShell command:
+
+    ```PowerShell
+    Start-SecretRotation
+    ```
+
+### Azure Local instance running 2411.1 to 2411.0
+
+1. Sign in to one of the Azure Local nodes using deployment user credentials.
+1. Update the CA Certificate password in ECE store. Run the following PowerShell command:
+
+    ```PowerShell
+    $SecureSecretText = ConvertTo-SecureString -String "<Replace with a strong password>" -AsPlainText -Force
+    $CACertCred = New-Object -Type PSCredential -ArgumentList "CACertUser,$SecureSecretText"
+    Set-ECEServiceSecret -ContainerName CACertificateCred -Credential $CACertCred
+    ```
+
+1. Start secret rotation. Run the following PowerShell command:
+
+    ```PowerShell
+    Start-SecretRotation
+    ```
+
+### Azure Local instance running 2408.2 to 2405.3
+
+1. Sign in to one of the Azure Local nodes using deployment user credentials.
+1. Update the CA Certificate password in ECE store. Run the following PowerShell command:
+
+    ```PowerShell
+    $SecureSecretText = ConvertTo-SecureString -String "<Replace with a strong password>" -AsPlainText -Force
+    $CACertCred = New-Object -Type PSCredential -ArgumentList "CACertificateCred,$SecureSecretText"
+    Set-ECEServiceSecret -ContainerName CACertificateCred -Credential $CACertCred
+    ```
+
+1. Delete FCA cert from all the cluster nodes and restart FCA service. Run the following command on each node of your Azure Local instance:
+
+    ```PowerShell
+    $cert = Get-ChildItem -Recurse cert:\LocalMachine\My | Where-Object { $_.Subject -like "CN=FileCopyAgentKeyIdentifier*" } 
+    $cert | Remove-Item 
+    restart-service "AzureStack File Copy Agent*"
+    ```
+
+1. Start secret rotation. Run the following PowerShell command:
+
+    ```PowerShell
+    Start-SecretRotation
+    ```
+
+
 ## Next steps
 
 [Complete the prerequisites and checklist and install Azure Local](../deploy/deployment-prerequisites.md).

azure-local/manage/manage-secrets-rotation.md

@@ -5,7 +5,7 @@ author: alkohli
 ms.author: alkohli
 ms.topic: conceptual
 ms.service: azure-local
-ms.date: 02/10/2025
+ms.date: 02/19/2025
 ---
 
 # Azure Local release information
@@ -62,6 +62,7 @@ The following table summarizes the release information for Azure Local across al
 
 |Version| OS Build |Security update| What's new | Known issues |
 |------|-------|---------------|------------|--------------|
+| 10.2411.3.2 <br><br> Availability date: 2025-02-20 | 25398.1425 | [February OS security update](security-update/security-update.md?view=azloc-24113&preserve-view=true) | [Features and improvements](./whats-new.md?view=azloc-24113&preserve-view=true#features-and-improvements-in-24113) | [Known issues](./known-issues.md?view=azloc-24113&preserve-view=true) |
 | 10.2411.2.12 <br><br> Availability date: 2025-02-10 | 25398.1369 | [January OS security update](security-update/security-update.md?view=azloc-24112&preserve-view=true) | [Features and improvements](./whats-new.md?view=azloc-24112&preserve-view=true#features-and-improvements-in-24112) | [Known issues](./known-issues.md?view=azloc-24112&preserve-view=true) |
 | 10.2411.1.10 <br><br> Availability date: 2024-12-17 | 25398.1308 | [December OS security update](security-update/security-update.md?view=azloc-24111&preserve-view=true) | [Features and improvements](./whats-new.md?view=azloc-24111&preserve-view=true#features-and-improvements-in-24111) | [Known issues](./known-issues.md?view=azloc-24111&preserve-view=true) |
 | 10.2411.0.24 <br><br> Availability date: 2024-11-26 | 25398.1251 | [November OS security update](security-update/security-update.md?view=azloc-2411&preserve-view=true) | [Features and improvements](./whats-new.md?view=azloc-2411&preserve-view=true#features-and-improvements-in-2411) | [Known issues](./known-issues.md?view=azloc-2411&preserve-view=true) |

azure-local/media/release-information-23h2/release-trains-supported-update-paths.png

@@ -3,7 +3,7 @@ title:  Security updates for Azure Local, version 23H2
 description: Security updates for Azure Local, version 23H2.
 author: alkohli
 ms.topic: conceptual
-ms.date: 01/28/2025
+ms.date: 02/19/2025
 ms.author: alkohli
 ms.reviewer: alkohli
 ---
@@ -12,6 +12,74 @@ ms.reviewer: alkohli
 
 This article lists the various security updates that are available in Azure Local.
 
+::: moniker range="=azloc-24113"
+
+## February OS security update (KB5051980) for Azure Local
+
+This article describes the OS security update for Azure Local that was released on February 11, 2025 and applies to OS build 25398.1425.
+
+## Improvements 
+
+This security update includes quality improvements. Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change.
+
+- **[Cluster stability]** Fixed: Many machines within the same system suddenly shut down. The network is less available, and latency rises.  
+
+- **[Task Manager]** Fixed: The CPU index number might be wrong when you set process affinity. This occurs on servers that have two or more non-uniform memory access (NUMA) nodes.  
+
+- **[GB18030-2022]** This update adds support for this amendment.  
+
+- **[Memory leak]** Fixed: Leaks occur when predictive input ideas show.  
+
+- **[Windows Kernel Vulnerable Driver Blocklist file (DriverSiPolicy.p7b)]** This update adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.  
+
+- **[Virtual machine (VM) storage pool]** Fixed: Some operations that rely on a storage pool stop working. This occurs because the virtual machine (VM)can't reclaim disk space to do task such as load balancing.
+
+- **[USB cameras]** Fixed: Your device does not recognize the camera is on. This issue occurs after you install the January 2025 security update.
+
+- **Digital/Analog converter (DAC)** Fixed: You might experience issues with USB audio devices. This is more likely when you use a DAC audio driver based on [USB 1.0](/windows-hardware/drivers/audio/usb-audio-class-system-driver--usbaudio-sys-). USB audio devices might stop working, which stops playback.
+
+For more information about security vulnerabilities, see the [Security Update Guide](https://portal.msrc.microsoft.com/security-guidance) and the [February 2025 Security Updates](https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb).
+
+## Known issues
+
+The following is a known issue with this update.
+
+**Symptom**
+
+Following the installation of the October 2024 security update, some customers report that the OpenSSH (Open Secure Shell) service fails to start, preventing SSH connections. The service fails with no detailed logging, and manual intervention is required to run the sshd.exe process.
+
+This issue is affecting enterprise, IOT, and education customers, with a limited number of devices impacted. Microsoft is investigating whether consumer customers using Home or Pro editions of Windows are also affected.
+
+**Workaround**
+
+You can temporarily resolve this issue by updating permissions (ACLs) on the affected directories. Follow these steps:
+
+1. Open PowerShell as an administrator.
+
+1. Update the permissions for *C:\ProgramData\ssh* and *C:\ProgramData\ssh\logs* to allow full control for **System** and the **Administrators** group, while allowing read access for **Authenticated Users**. You can restrict read access to specific users or groups by modifying the permissions string if needed.
+
+1. Use the following commands to update the permissions:
+
+    ```azurecli
+    $directoryPath = "C:\ProgramData\ssh" $acl = Get-Acl -Path $directoryPath $sddlString = "O:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;AU)" $securityDescriptor = New-Object System.Security.AccessControl.RawSecurityDescriptor $sddlString $acl.SetSecurityDescriptorSddlForm($securityDescriptor.GetSddlForm("All")) Set-Acl -Path $directoryPath -AclObject $acl
+    ```
+
+1. Repeat the above steps for *C:\ProgramData\ssh\logs*.
+
+Microsoft is actively investigating the issue and will provide a resolution in an upcoming Windows update. Further communications will be provided when a resolution or addition is available.
+
+## To install
+
+Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](/windows/deployment/update/servicing-stack-updates) and [Servicing Stack Updates (SSU): Frequently Asked Questions](https://support.microsoft.com/topic/servicing-stack-updates-ssu-frequently-asked-questions-06b62771-1cb0-368c-09cf-87c4efc4f2fe).
+
+To install the LCU on your Azure Local instance, see [Update Azure Stack Local instances](../update/about-updates-23h2.md).
+
+## File list
+
+For a list of the files that are provided in this update, download the file information for [Cumulative update KB 5051980](https://go.microsoft.com/fwlink/?linkid=2303533).
+
+::: moniker-end
+
 ::: moniker range="=azloc-24112"
 
 ## January OS security update (KB5049984) for Azure Local
@@ -201,7 +269,7 @@ For a list of the files that are provided in this update, download the file info
 
 ::: moniker-end
 
-::: moniker range="azloc-2408"
+::: moniker range="azloc-previous"
 
 ## August 2024 OS security update (KB 5041573) for Azure Local
 

azure-local/release-information-23h2.md

@@ -5,17 +5,29 @@ ms.topic: overview
 author: alkohli
 ms.author: alkohli
 ms.service: azure-local
-ms.date: 01/28/2025
+ms.date: 02/19/2025
 ---
 
 # What's new in Azure Local?
 
-[!INCLUDE [applies-to](./includes/hci-applies-to-23h2.md)]
 
 [!INCLUDE [azure-local-banner-23h2](./includes/azure-local-banner-23h2.md)]
 
 This article lists the various features and improvements that are available in Azure Local. The latest version of Azure Local solution focuses on cloud-based deployment and updates, cloud-based monitoring, new and simplified experience for Arc VM management, security, and more.
 
+::: moniker range="=azloc-24113"
+
+## Features and improvements in 2411.3
+
+This is a baseline release with the following features and improvements:
+
+- **Quality updates** - This build contains the latest quality updates and is based off the Operating system version 25398.1425.
+- **Updated .NET version** - This build has an updated .NET version 8.0.13.
+
+For more information on improvements in this release, see the [Fixed issues in 2411.3](./known-issues.md?view=azloc-24113&preserve-view=true#fixed-issues).
+
+::: moniker-end
+
 ::: moniker range="=azloc-24112"
 
 ## Features and improvements in 2411.2
@@ -135,7 +147,7 @@ This is a baseline release with the following features and improvements:
 
 ::: moniker-end
 
-::: moniker range="=azloc-2408"
+::: moniker range="=azloc-previous"
 
 ## Features and improvements in 2408