Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article identifies critical known issues and their workarounds in Azure Local.
These release notes are continuously updated, and as critical issues requiring a workaround are discovered, they're added. Before you deploy your Azure Local instance, carefully review the information contained here.
Important
For information about supported update paths for this release, see Release information.
For more information about new features in this release, see What's new for Azure Local.
Known issues for version 2602
For the 2602 release of Azure Local, Microsoft released the following update:
| Solution version | OS build |
|---|---|
| 12.2602.1002.501 | 26100.32370 |
Important
The new deployments of this software use the 12.2602.1002.501 build. Release notes for this version include the issues fixed in this release, known issues in this release, and known issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Deployment | Fixed issue in the Azure portal where the Azure Local deployment wizard wasn't loading. | |
| Deployment | Fixed issue in Azure portal to block proceeding through Azure Local deployment wizard when inputs aren't specified. | |
| Deployment | Added validation to instance and machine names in Azure Local deployment wizard in Azure portal. | |
| Update | Fixed issue with SBE update failing due to invalid argument. | |
| Azure Local VMs | Fixed issue where VM start or stop operation was blocked with an error after attaching or detaching GPU to the VM. |
Known issues
There's no known issue in this release. Any previously known issues have been fixed in subsequent releases.
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Security | If the Windows Defender attack surface reduction rule Block Process Creations originating from PSExec & WMI commands is configured to Block, the Azure Local Solution Update will fail to run. | For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Add server, Repair server | Add node and repair node operations fail when running on 11.2510.1002.87 or 12.2510.1002.88, as these images were recalled and don't exist. | Upgrade your environment to 11.2510.1002.93 or 12.2510.1002.94. If you need to run add node or repair node operations during the update from 1.2510.1002.87/12.2510.1002.88 to 11.2510.1002.93/12.2510.1002.94, open a support case to overwrite the image validation. |
| Azure Local VMs | VM start, stop, or delete operations may fail due to the wssdagent node agent crashing. | To check if wssdagent has crashed, run the following command: $ServerList = (Get-Clusternode).name foreach ($Server in $ServerList) { Write-Output "Cluster Node: $Server..." Invoke-Command -ComputerName $Server -ScriptBlock { get-service wssdagent } } If the wssdagent status shows "Stopped", run the following command to restart the agent from that node: start-service wssdagent This should get the node agent running again and unblock the VMs. If any VMs are deleted while the node agent is down, open a support case to get the issue resolved. |
| Update | Fetching the secret rotation action plan status fails. | The secret rotation completes successfully, so the failure message can be ignored. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2601
For the 2601 release of Azure Local, Microsoft released the following update:
| Solution version | OS build |
|---|---|
| 12.2601.1002.503 | 26100.32230 |
Important
The new deployments of this software use the 12.2601.1002.503 build. Release notes for this version include the issues fixed in this release, known issues in this release, and known issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Update | Update may fail when the cloud management group is running on a different node than the owner node with the error: Type 'RegisterCloudManagementUpdatesExtension' of Role 'CloudManagementConfig' raised an exception: Exception occurred in Get-ClusterExtension' |
|
| Update | Secret rotation changes WinRM certificate thumbprint for users who aren't using a Microsoft issued certificate. | |
| Azure Local VMs | When creating or deleting large numbers of network interfaces, the infrastructure can face out of memory issues causing failures. | Improved validation logic to handle large numbers of operations on network interfaces. |
| Azure Local VMs | Added operation to set the cluster functional level for upgrade to 24H2. | |
| Deployment | Deployment using Local Identity doesn't support manual secret rotation. | |
| Deployment | Enable SMB protocol for all cluster nodes during deployment. | |
| Deployment | Added step to make sure auto-mount is enabled. | |
| Deployment | Added check for null values before resuming failed deployment. | |
| Deployment | Improved validation to prevent upgrading an already deployed instance. | |
| Deployment | Updated validation for cluster resource name. | |
| Deployment | Improved readability of physical disk test output. | |
| Deployment | Improved validation performed by DNS resolution test. | |
| Deployment | Added retry to help cluster resource come online when rerunning deployment. | |
| Deployment | Implemented maximum length check for cluster name. | |
| Deployment | Removed unused step to add DSC certificate from deployment. | |
| Deployment | Updated logic to fetch the cluster IP. | |
| Deployment | Fixed issue with stuck deployment after domain join step. | |
| Deployment | Added a wait step to ensure cluster DNS names are successfully resolved. | |
| Deployment | When using 3 or more intents in the system, PowerShell Invoke-Command call crashes with the error: Type 'SetAzureStackHostsPreConfiguration' of Role 'HostNetwork' raised an exception: Cannot get intent status of Storage. Exception: No intent statuses found for intent Storage. |
|
| Update | Added fix for failed updates due to SBE helper module. | |
| Update | Fixed issue with downloading SBE during update. | |
| Update | Added cleanup for CAU reports during SBE update. | |
| Update | Reduced duration of SBE steps for deployment and update. | |
| Update | Improved health check results for SBE test. | |
| Update | Fixed issue where SBE files may be blocked after performing robocopy to each machine. | |
| Update | Fixed issue with solution update failing due to incorrectly detecting presence of SBE. | |
| Update | SBE update fails with the error: Cannot validate argument on parameter 'DeployADLess'. The argument "[DEPLOYADLESS]" does not belong to the set "true,false," specified by the ValidateSet attribute. |
|
| Update | Update fails due to CLI extension connectedmachine exception causing deployment disruption. |
|
| Update | Solution Builder Extension (SBE) download fails with the error: CloudEngine.Actions.InterfaceInvocationFailedException: Type 'SBEPartnerDownloadConnectorCheckHealth' of Role 'SBE' raised an exception:[SBEPartnerDownloadConnectorCheckHealth] SBE download connector failure getting version '0.0.0000.0000' files. The download connector health check failed. Exception Message : The term 'Assert-SBEResponseSchema' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. |
|
| Upgrade | Improved logic to find storage cluster group. | |
| Upgrade | When upgrading from 2510 to 2511, 2512, or 2601, AKS Arc cluster creation fails. |
Known issues
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Update | Fetching the secret rotation action plan status fails. | The secret rotation completes successfully, so the failure message can be ignored. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Security | If the Windows Defender attack surface reduction rule Block Process Creations originating from PSExec & WMI commands is configured to Block, the Azure Local Solution Update will fail to run. | For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Add server, Repair server | Add node and repair node operations fail when running on 11.2510.1002.87 or 12.2510.1002.88, as these images were recalled and don't exist. | Upgrade your environment to 11.2510.1002.93 or 12.2510.1002.94. If you need to run add node or repair node operations during the update from 1.2510.1002.87/12.2510.1002.88 to 11.2510.1002.93/12.2510.1002.94, open a support case to overwrite the image validation. |
| Azure Local VMs | VM start, stop, or delete operations may fail due to the wssdagent node agent crashing. | To check if wssdagent has crashed, run the following command: $ServerList = (Get-Clusternode).name foreach ($Server in $ServerList) { Write-Output "Cluster Node: $Server..." Invoke-Command -ComputerName $Server -ScriptBlock { get-service wssdagent } } If the wssdagent status shows "Stopped", run the following command to restart the agent from that node: start-service wssdagent This should get the node agent running again and unblock the VMs. If any VMs are deleted while the node agent is down, open a support case to get the issue resolved. |
| Azure Local VMs | VM start or stop operation is blocked with an error after attaching or detaching GPU to the VM. | Update the size of the VM (add/remove vCPU, memory) before attempting a start or stop operation. Once the size is updated, proceed with VM start or stop. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
Known issues for version 2512
For the 2512 release of Azure Local, Microsoft released the following update:
| Solution version | OS build |
|---|---|
| 12.2512.1002.16 | 26100.7462 |
Important
The new deployments of this software use the 12.2512.1002.16 build. Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Azure Local VMs | Azure Local VM create flow allows adding a data disk with a name that already exists in the same resource group, leading to provisioning errors. | Validation to ensure the data disk name is unique within the resource group before creating the Azure Local VM. |
Known issues
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Deployment | Deployment using Local Identity doesn't support manual secret rotation. | There's no known workaround in this release. |
| Deployment | When upgrading from 2510 to 2511, 2512, or 2601, cluster creation fails due to CSI provisioning. | For detailed steps on how to resolve this issue, see AKS Arc cluster creation fails on Azure Local 2511, 2512, or 2601 after upgrade from 2510. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Security | If the Windows Defender attack surface reduction rule Block Process Creations originating from PSExec & WMI commands is configured to Block, the Azure Local Solution Update will fail to run. | For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Add server, Repair server | Add node and repair node operations fail when running on 11.2510.1002.87 or 12.2510.1002.88, as these images were recalled and don't exist. | Upgrade your environment to 11.2510.1002.93 or 12.2510.1002.531. If you need to run add node or repair node operations during the update from 1.2510.1002.87/12.2510.1002.88 to 11.2510.1002.93/12.2510.1002.531, open a support case to overwrite the image validation. |
| Azure Local VMs | VM start, stop, or delete operations may fail due to the wssdagent node agent crashing. | To check if wssdagent has crashed, run the following command: $ServerList = (Get-Clusternode).name foreach ($Server in $ServerList) { Write-Output "Cluster Node: $Server..." Invoke-Command -ComputerName $Server -ScriptBlock { get-service wssdagent } } If the wssdagent status shows "Stopped", run the following command to restart the agent from that node: start-service wssdagent This should get the node agent running again and unblock the VMs. If any VMs are deleted while the node agent is down, open a support case to get the issue resolved. |
| Update | Update may fail when the cloud management group is running on a different node than the owner node with the error: Type 'RegisterCloudManagementUpdatesExtension' of Role 'CloudManagementConfig' raised an exception: Exception occurred in Get-ClusterExtension' |
Move the management group to the owner node manually and proceed with the update: # Get the owner node of the group matching '*orch*' $orchOwner = (Get-ClusterGroup -Name '*orch*').OwnerNode.Name# Move the "Cloud Management" group to that nodeMove-ClusterGroup -Name 'Cloud Management' -Node $orchOwner |
| Azure Local VMs | VM start or stop operation is blocked with an error after attaching or detaching GPU to the VM. | Update the size of the VM (add/remove vCPU, memory) before attempting a start or stop operation. Once the size is updated, proceed with VM start or stop. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2511
For the 2511 release of Azure Local, Microsoft released two security updates, each aligned with a specific OS build. The following table provides the specific versions and their OS builds:
| Solution version | OS build |
|---|---|
| 12.2511.1002.502 | 26100.7171 |
Important
The new deployments of this software use the 12.2511.1002.502 build. Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Deployment | Updated logic to reduce dependence on DNS servers during cluster DNS name resolution. | |
| Deployment | Fixed issue where deployment is stuck post domain join by resuming the deployment. | |
| Deployment | Add a wait step to ensure the cluster DNS names are resolved. | |
| Deployment | Remove add DSC certificate step since it's not required. | |
| Azure Local VMs | Added operation to set the cluster functional level for upgrade to 24H2. | |
| Update | When installing cumulative updates using Azure Update Manager, only the latest update for version 2507 is installed. If earlier update options (for versions 2505, 2506) are selected, they are not installed. | |
| Update | Update health check results not shown when it's been longer than 3 hours after health check completed | |
| Update | When updating the Azure Local instance via the Azure Update Manager, the update progress and results may not be visible in the Azure portal. | |
| Deployment | Deployment, add node, and repair node operations may fail with the error: Type 'EncryptClusterSharedVolumes' of Role 'AzureStackBitlocker' raised an exception: The job running on xxx failed due to: System.Management.Automation.RemoteException: -> Failed enabling bitlocker for C:\ClusterStorage\UserStorage_13 (F:) |
Known issues
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Update | Update may fail when the cloud management group is running on a different node than the owner node with the error: Type 'RegisterCloudManagementUpdatesExtension' of Role 'CloudManagementConfig' raised an exception: Exception occurred in Get-ClusterExtension' |
Move the management group to the owner node manually and proceed with the update: # Get the owner node of the group matching '*orch*' $orchOwner = (Get-ClusterGroup -Name '*orch*').OwnerNode.Name# Move the "Cloud Management" group to that nodeMove-ClusterGroup -Name 'Cloud Management' -Node $orchOwner |
| Deployment | When upgrading from 2510 to 2511, 2512, or 2601, cluster creation fails due to CSI provisioning. | For detailed steps on how to resolve this issue, see AKS Arc cluster creation fails on Azure Local 2511, 2512, or 2601 after upgrade from 2510. |
| Azure Local VMs | VM start or stop operation is blocked with an error after attaching or detaching GPU to the VM. | Update the size of the VM (add/remove vCPU, memory) before attempting a start or stop operation. Once the size is updated, proceed with VM start or stop. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Security | If the Windows Defender attack surface reduction rule Block Process Creations originating from PSExec & WMI commands is configured to Block, the Azure Local Solution Update will fail to run. | For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Add server, Repair server | Add node and repair node operations fail when running on 11.2510.1002.87 or 12.2510.1002.88, as these images were recalled and don't exist. | Upgrade your environment to 11.2510.1002.93 or 12.2510.1002.531. If you need to run add node or repair node operations during the update from 1.2510.1002.87/12.2510.1002.88 to 11.2510.1002.93/12.2510.1002.531, open a support case to overwrite the image validation. |
| Azure Local VMs | VM start, stop, or delete operations may fail due to the wssdagent node agent crashing. | To check if wssdagent has crashed, run the following command: $ServerList = (Get-Clusternode).name foreach ($Server in $ServerList) { Write-Output "Cluster Node: $Server..." Invoke-Command -ComputerName $Server -ScriptBlock { get-service wssdagent } } If the wssdagent status shows "Stopped", run the following command to restart the agent from that node: start-service wssdagent This should get the node agent running again and unblock the VMs. If any VMs are deleted while the node agent is down, open a support case to get the issue resolved. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2510
For the 2510 release of Azure Local, Microsoft released two security updates, each aligned with a specific OS build. The following table provides the specific versions and their OS builds:
| Solution version | OS build |
|---|---|
| 11.2510.1002.93 | 25398.1913 |
| 12.2510.1002.531 | 26100.6899 |
Important
The new deployments of this software use the 12.2510.1002.531 build. You can also update an existing deployment from 2509 by using 11.2510.1002.93.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Deployment | Improved calculation of maximum volume size for express storage provisioning. | |
| Deployment | Adjusted allocation unit size for thin provisioned volumes. | |
| Deployment | Fixed issue with importing modules for storage. | |
| Deployment | Enabled Rack Level Nested Mirror for rack aware clusters. | |
| Deployment | Fixed issue with restarting performance history volume. | |
| Deployment | Added mitigation for Cluster DNS resolution issues. | |
| Upgrade | Refined the version check to get the correct latest updates. | |
| Upgrade | Improved check for local administrator. | |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as noncompliant in Azure policy. | |
| Azure Local VMs | Azure Local VMs have empty DVD drives attached after deployment. | Newly created Azure Local VMs will no longer include empty DVD drives after deployment. |
| Azure Local VMs | In some cases, Azure Local VMs fail to create with error: Failed to cleanup seed iso disk from the file system for vm. |
This build addresses additional corner cases that were not resolved in the previous fix (2503). |
| Azure Local VMs | In rare cases, the operator would enter a crash loop, preventing Azure Local VM management. | |
| Azure Local VMs | In some cases, deleting logical networks could fail when network interfaces created with those logical networks existed in other resource groups or locations. | Updated deletion logic to ensure safe deletion of logical network. |
| Update | Update fails with VSR registry not found error. | |
| Deployment, update | Deployment and updates crash with a blue screen and error code 0x00000139. | |
| Update | Updates failing for deployments between 2504 and 2511. | |
| Update | After upgrade, the subsequent update preparation fails. | |
| Deployment | Deployment fails with error: The following error with errorcode 0x80090308 occurred while using Negotiate authentication: The parameter is incorrect. |
|
| Deployment | Deployment fails with error: The parameter is incorrect. |
|
| Update | OS upgrade doesn't perform Update-ClusterFunctionalLevel and Update-StoragePool after the OS upgrade completes. |
|
| Deployment | Log collection doesn't start when it starts it the first time, and then shows 404 errors subsequent times. | There's no known workaround for this issue in this release. |
Known issues
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Add server, Repair server | Add node and repair node operations fail when running on 11.2510.1002.87 or 12.2510.1002.88, as these images were recalled and don't exist. | Upgrade your environment to 11.2510.1002.93 or 12.2510.1002.531. If you need to run add node or repair node operations during the update from 1.2510.1002.87/12.2510.1002.88 to 11.2510.1002.93/12.2510.1002.531, open a support case to overwrite the image validation. |
| Azure Local VMs | VM start, stop, or delete operations may fail due to the wssdagent node agent crashing. | To check if wssdagent has crashed, run the following command: $ServerList = (Get-Clusternode).name foreach ($Server in $ServerList) { Write-Output "Cluster Node: $Server..." Invoke-Command -ComputerName $Server -ScriptBlock { get-service wssdagent } } If the wssdagent status shows "Stopped", run the following command to restart the agent from that node: start-service wssdagent This should get the node agent running again and unblock the VMs. If any VMs are deleted while the node agent is down, open a support case to get the issue resolved. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Update | When updating the Azure Local instance via the Azure Update Manager, the update progress and results may not be visible in the Azure portal. | To work around this issue, on each node, add the following registry key (no value needed):New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\HciCloudManagementSvc\Parameters" -forceThen on one of the nodes, restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management"This won't fully remediate the issue as the progress details may still not be displayed for a duration of the update process. To get the latest update details, you can Retrieve the update progress with PowerShell. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Update | When installing cumulative updates using Azure Update Manager, only the latest update for version 2507 is installed. If earlier update options (for versions 2505, 2506) are selected, they are not installed. | There's no workaround in this release. |
| Update | Update health check results not shown when it's been longer than 3 hours after health check completed | Rerun the update health checks to restart the 3 hour expiration clock. |
| Deployment | Deployment, add node, and repair node operations may fail with the error: Type 'EncryptClusterSharedVolumes' of Role 'AzureStackBitlocker' raised an exception: The job running on xxx failed due to: System.Management.Automation.RemoteException: -> Failed enabling bitlocker for C:\ClusterStorage\UserStorage_13 (F:) |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Security | If the Windows Defender attack surface reduction rule Block Process Creations originating from PSExec & WMI commands is configured to Block, the Azure Local Solution Update will fail to run. | For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2509
For the 2509 release of Azure Local, Microsoft released two security updates, each aligned with a specific OS build. The following table provides the specific versions and their OS builds:
| Solution version | OS build |
|---|---|
| 11.2509.1001.21 | 25398.1849 |
| 12.2509.1001.22 | 26100.6584 |
Important
The new deployments of this software use the 12.2509.1001.22 build. You can also update an existing deployment from 2508 by using 11.2509.1001.21.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Azure Local VMs, Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | VMs are now activated properly. |
| Azure Local VMs | Recreating an image with the same name could fail due to remnants of a previous failed deployment, occasionally resulting on the creating of a zero-byte image. | Automatic proper cleanup of failed image artifacts, allowing subsequent image creation attempts to succeed. |
| Deployment | Disk types aren't being determined correctly resulting in false negative results on storage pool size determination. | Improved validation for resolving disk type when determining storage pool size. |
| Deployment | True max volume size should be calculated and not defaulted to 64 TB. | Improved calculation for maximum volume size. |
| Deployment | Adjusted minimum allocation unit size for thin provisioned volumes. | |
| Azure Local VMs | Increased default disk size from 100 GB to 200 GB. | |
| Azure Local VMs | AKS Arc created cluster isn't working in locked environment with proxy enabled. | |
| Azure portal | Improved the associate NSG dropdown menu in the Azure portal. | |
| Deployment | In the 2506 release, KIR registries were added to the incorrect path. | Added registries to the correct path. |
| Upgrade | Fixed an issue where upgrade fails on environment validator. | |
| Deployment | Changed the default OS size for thin provisioned volumes. | |
| Security | Mitigation for security vulnerability CVE-2025-55316 was implemented. | |
| Registration, deployment, Add-server, Upgrade, Update | In this release, connectivity tests can take longer than 20 minutes in some environments. | There's no known workaround for this issue in this release. |
Known issues
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Deployment | Log collection doesn't start when it starts it the first time, and then shows 404 errors subsequent times. | There's no known workaround for this issue in this release. |
| Deployment | Deployment, add node, and repair node operations may fail with the error: Type 'EncryptClusterSharedVolumes' of Role 'AzureStackBitlocker' raised an exception: The job running on xxx failed due to: System.Management.Automation.RemoteException: -> Failed enabling bitlocker for C:\ClusterStorage\UserStorage_13 (F:) |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Update | When updating the Azure Local instance via the Azure Update Manager, the update progress and results may not be visible in the Azure portal. | To work around this issue, on each node, add the following registry key (no value needed):New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\HciCloudManagementSvc\Parameters" -forceThen on one of the nodes, restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management"This won't fully remediate the issue as the progress details may still not be displayed for a duration of the update process. To get the latest update details, you can Retrieve the update progress with PowerShell. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as noncompliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Update | When installing cumulative updates using Azure Update Manager, only the latest update for version 2507 is installed. If earlier update options (for versions 2505, 2506) are selected, they are not installed. | There's no workaround in this release. |
| Update | Update health check results not shown when it's been longer than 3 hours after health check completed | Rerun the update health checks to restart the 3 hour expiration clock. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2508
For the 2508 release of Azure Local, Microsoft released two security updates, each aligned with a specific OS build. The following table provides the specific versions and their OS builds:
| Solution version | OS build |
|---|---|
| 11.2508.1001.51 | 25398.1791 |
| 12.2508.1001.52 | 26100.4946 |
Important
The new deployments of this software use the 12.2508.1001.52 build. You can also update an existing deployment from 2507 by using 11.2508.1001.51.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Azure Local VMs | For Disconnected operations (preview) with Azure Local VMs, the Arc agent download will fail. | Corrected end point and now Arc agent download succeeds. |
| Deployment | Fixed issue for importing paths with spaces. | |
| Update | Fixed issue where active CAU runs get canceled prematurely. | |
| Deployment | Disk types not being determined correctly, resulting in false negative results on storage pool size determination. |
Known issues
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Registration, deployment, Add-server, Upgrade, Update | In this release, connectivity tests can take longer than 20 minutes in some environments. | There's no known workaround for this issue in this release. |
| Update | Update health check results not shown when it's been longer than 3 hours after health check completed | Rerun the update health checks to restart the 3 hour expiration clock. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Update | When updating the Azure Local instance via the Azure Update Manager, the update progress and results may not be visible in the Azure portal. | To work around this issue, on each node, add the following registry key (no value needed):New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\HciCloudManagementSvc\Parameters" -forceThen on one of the nodes, restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management"This won't fully remediate the issue as the progress details may still not be displayed for a duration of the update process. To get the latest update details, you can Retrieve the update progress with PowerShell. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as non-compliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Update | When installing cumulative updates using Azure Update Manager, only the latest update for version 2507 is installed. If earlier update options (for versions 2505, 2506) are selected, they are not installed. | There's no workaround in this release. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2507
For the 2507 release of Azure Local, Microsoft released two security updates, each aligned with a specific OS build. The following table provides the specific versions and their OS builds:
| Solution version | OS build |
|---|---|
| 11.2507.1001.9 | 25398.1732 |
| 12.2507.1001.10 | 26100.4652 |
Important
The new deployments of this software use the 12.2507.1001.10 build. You can also update an existing deployment from 2506 by using 11.2507.1001.9.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Comments |
|---|---|---|
| Update | Solution update fails with the error: Unable to install solution update "11.2506.1001.24" - Type 'UpdateFOD' of Role 'ComposedImageUpdate' raised an exception. |
|
| Upgrade | The upgrade banner is currently available for users using the Azure Government cloud. However, the environment checker fails, suggesting that Azure Government clouds are not supported. | |
| Azure Local VMs | When no storage path is specified during deployment, resources (VMs, data disks, and images) are automatically placed on the first storage path of the cluster, even when other storage paths are also available. Over time, this might cause insufficient disk space on that path, potentially resulting in deployment failures. | |
| Update | Cluster-Aware Updating runs might fail with the error:Type 'SBEPartnerConfirmCauDone' of Role 'SBE' raised an exception:<br>SBE_MsftCIOnlyCommon_CommonForTesting_4.2.2504.16: ErrorID: SBE-CAU-RUNNING-AFTER-DONE -- CAU run is still in progress when it should be done. See https://aka.ms/AzureLocal/SBE/CauHelp for help. Review full Get-CauRun output it identify if it is progressing or stuck. Wait for it to complete if progressing. |
Known issues
The following is a known issue with this release.
| Feature | Issue | Workaround |
|---|---|---|
| Update | When installing cumulative updates using Azure Update Manager, only the latest update for version 2507 is installed. If earlier update options (for versions 2505, 2506) are selected, they are not installed. | There's no workaround in this release. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Update | When updating the Azure Local instance via the Azure Update Manager, the update progress and results may not be visible in the Azure portal. | To work around this issue, on each node, add the following registry key (no value needed):New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\HciCloudManagementSvc\Parameters" -forceThen on one of the nodes, restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management"This won't fully remediate the issue as the progress details may still not be displayed for a duration of the update process. To get the latest update details, you can Retrieve the update progress with PowerShell. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as non-compliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2506
For the 2506 release of Azure Local, Microsoft released two security updates, each aligned with a specific OS build. The following table provides the specific versions and their OS builds:
| Solution version | OS build |
|---|---|
| 11.2506.1001.28 | 25398.1665 |
| 12.2506.1001.29 | 26100.4349 |
Important
The new deployments of this software use the 12.2506.1001.29 build. You can also update an existing deployment from 2505 using 11.2506.1001.28.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Workaround/Comments |
|---|---|---|
| Azure Local VMs | When creating a VM, there's no option to prompt for password. | Password is prompted when --password isn't explicitly passed. This provides customers a more secure way to input password. |
| Azure Local VMs | When creating a VM, --admin-username and --password are required for guest management enablement. |
Unbound requirement for guest management enablement. Now, when creating a VM, --admin-username and --password are required unless the OS disk is provided or the --authentication-type is ssh. |
| Azure Local VMs | In some cases, VM update operations were incorrectly shown as successful on the Azure portal even though they had failed in the underlying infrastructure. | Improved error reporting to ensure the Azure portal accurately reflects the true status of VM update operations. |
| Azure Local VMs | Deleting a logical network with an attached AKS cluster would leave behind orphaned on-premises resources. | Properly detects and handles AKS cluster dependencies during logical network deletion to prevent resource leaks. |
| Azure Local VMs | Unable to create VHDs using --download-url |
Correctly initializes VHD property before assigning the download URL, ensuring successful disk creation. |
| Azure Local VMs | In some cases, deleting a VM from multiple platforms (Azure portal, Windows Admin Center, Failover Cluster Manager) could cause its high availability (HA) status to remain stuck in a pending state. | Correctly updates the HA status when the VM is removed from the cluster, preventing it from getting stuck. |
| Azure Local VMs | After creating a VM, a temporary ISO file used for guest agent setup was sometimes left attached. | ISO file is automatically removed after VM creation. |
| Azure Local VMs | In some cases, VM deletions did not properly clean up associated network interfaces or disks, leaving behind orphaned resources that blocked reuse of IP addresses and storage. | All dependent resources are correctly detached and deleted when a VM is deleted, preventing resource leaks. |
| Deployment | Improved validation for the IP address of the infrastructure range. | |
| Deployment | Improved behavior for loading PowerShell modules. | |
| Deployment | Added flag to enable decryption of volumes when re-attaching them. |
Known issues in this release
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Security | Azure Local might face an issue during normal operations (for example, Update, Repair) while using Defender for Endpoint and when the Restrict App Execution setting is enabled for one or more servers in the deployment. | Disable the Restrict App Execution setting in the Defender portal and reboot. If the issue persists, open a support case. |
| Deployment | In rare instances, deployment fails with errors during validation that state that the mandatory Arc extensions are not yet installed. | If you face this issue, retry the deployment. |
| Update | Solution update fails with the error: Unable to install solution update "11.2506.1001.24" - Type 'UpdateFOD' of Role 'ComposedImageUpdate' raised an exception. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Deployment | After Azure portal deployment, SConfig network settings shows the error: Set-SCfNetworksetting : Cannot bind argument to parameter 'Value' because it is null. |
There's no known workaround in this release. |
| Update | Cluster-Aware Updating runs might fail with the error:Type 'SBEPartnerConfirmCauDone' of Role 'SBE' raised an exception:<br>SBE_MsftCIOnlyCommon_CommonForTesting_4.2.2504.16: ErrorID: SBE-CAU-RUNNING-AFTER-DONE -- CAU run is still in progress when it should be done. See https://aka.ms/AzureLocal/SBE/CauHelp for help. Review full Get-CauRun output it identify if it is progressing or stuck. Wait for it to complete if progressing. |
Wait for CAU run to complete (wait for Get-CauRun to report RunNotInProgress) and resume the update. |
| Azure Local VMs | When no storage path is specified during deployment, resources (VMs, data disks, and images) are automatically placed on the first storage path of the cluster, even when other storage paths are also available. Over time, this might cause insufficient disk space on that path, potentially resulting in deployment failures. | Update to 2507 as this build contains a fix for the issue. Or, create resources with a specified storage path. For more information, see Troubleshoot Azure Local Virtual Machines enabled by Azure Arc. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Azure Verification | VMs on Azure Local running Windows Server Azure Edition, Windows 10, or Windows 11 multi-session OS may not activate properly. A pop-up message or a watermark may display, indicating that Windows isn't activated. The VM will function, but the watermark will persist. | There's no known workaround in this release. |
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release when the Azure portal incorrectly reports the update status as Failed to update or In progress though the update is complete. | Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. The Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Update | When updating the Azure Local instance via the Azure Update Manager, the update progress and results may not be visible in the Azure portal. | To work around this issue, on each node, add the following registry key (no value needed):New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\HciCloudManagementSvc\Parameters" -forceThen on one of the nodes, restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management"This won't fully remediate the issue as the progress details may still not be displayed for a duration of the update process. To get the latest update details, you can Retrieve the update progress with PowerShell. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as non-compliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
| Upgrade | The upgrade banner is currently available for users using the Azure Government cloud. However, the environment checker fails, suggesting that Azure Government clouds are not supported. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
This article identifies critical known issues and their workarounds in Azure Local.
These release notes are continuously updated, and as critical issues requiring a workaround are discovered, they're added. Before you deploy your Azure Local instance, carefully review the information contained here.
Important
For information about supported update paths for this release, see Release information.
For more information about new features in this release, see What's new for Azure Local.
Known issues for version 2505
For the 2505 release of Azure Local, Microsoft released two security updates: one for existing deployments and another for new deployments. The following table provides information about different deployment types, their corresponding security updates, and OS builds:
| Deployment type | Solution version | OS build |
|---|---|---|
| Existing deployments | 11.2505.1001.22 | 25398.1611 |
| New deployments | 12.2505.1001.23 | 26100.4061 |
Important
The new deployments of this software use the 12.2505.1001.23 build. You can also update an existing deployment from 2504 using 11.2505.1001.22.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Workaround/Comments |
|---|---|---|
| Azure Local VMs | Timeout errors occur when creating a disk and gallery image. | Extended the timeout period to support larger disk and image size. |
| Azure Local VMs | Mocguestagent gets stuck in a start/stop loop and can't connect to the host agent. | Improved Mocguestagent connectivity. |
| Azure Local VMs | Cannot delete a VM in the Azure portal or CLI after deleting it in Hyper-V. | If you delete the VM in Hyper-V instead of the Azure portal or CLI, delete the resource it in the Azure portal or CLI to clean it up. |
| Azure Local VMs | Unable to delete a data disk that failed to attach during VM creation. | Fixed the attachment state of data disk to be accurate. You can now delete a data disk if it fails to attach during VM creation. |
| Azure Local VMs | OS updates can automatically install on the third Tuesday of the month (for example, May 20, June 17, or July 15). This can cause unexpected outages or future issues because of mismatched OS versions for Azure Local. | Removed logic that set up a scheduled CAU as part of some SBE updates. |
| Deployment | Deployment via Azure Resource Manager (ARM) template fails with the following error during validation:Type 'DeployArb' of Role 'MocArb' raised an exception: [DeployArb:Fetching SP in CloudDeployment Scenario] Exception calling 'GetCredential' with '1' argument(s): 'Exception of type 'CloudEngine.Configurations.SecretNotFoundException' was thrown.' at at Get-CloudDeploymentServicePrincipal. The error is because of a missing SPN during deployment. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Solution extension | Changed the severity level for the health check that validates the plugin's presence. | |
| Azure portal | Added a fix to fetch Storage account properties during redeployment. | |
| Azure portal | Added an error message about subscription access rights during Azure Local download. | |
| Azure portal | Added a warning message if the subscription isn't registered during the Azure Local download. | |
| Azure portal | Improved logic to show Azure Arc-enabled machines for selection during deployment. | |
| Azure portal | Enhanced the setting of machines' state during deployment. | |
| Azure portal | Improved error handling and data processing. | |
| Azure portal | Added a fix to disable the validation button until extension installations are complete during deployment. | |
| Deployment | Added validation to check for required permissions to change access control lists (ACL). | |
| Deployment | Added a server-side filter to the WMI call to improve performance and reduce call time. | |
| Deployment | Added fix to dispose of the PowerShell objects after use to improve performance when creating new PowerShell instances. | |
| Deployment | Fixed the time zone issue when running the Install Azure Stack HCI wizard and selecting a time zone. The Install Azure Stack HCI wizard now correctly applies the selected time zone during deployment. | |
| Security management | Fixed Security defaults, Application control, and Data protections pages showing as Unknown in the security compliance report. | |
| Add server Repair server |
Fixed running Add-server and Repair-server cmdlets with a customized storage adapter IP in Azure Local which resulted in the error: Type 'ConfigureAzureStackHostStorageAdpaterIPAddressesInAddRepairNode' of Role 'HostNetwork' raised an exception: Connecting to remote server <MACHINE> failed with the following error message: Access is denied.. |
Known issues in this release
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Update | A critical VM operational status not OK alert is shown in the Azure portal under Update readiness and in the Alerts pane after the update has completed successfully. Additionally, the alert appears when running the Get-HealthFault cmdlet. |
No action is required on your part. This alert will resolve automatically in a few days. |
| Deployment | Updating Azure Arc extensions manually from the Azure Local Machine page via the Azure portal will result in issues during deployment. The extensions that shouldn't be updated manually are: AzureEdgeDeviceManagement, AzureEdgeLifecycleManager, and AzureEdgeAKVBackupForWindows. |
Installing extensions manually from the Azure Local machine page isn't supported. |
| Upgrade | The upgrade banner is currently available for users using the Azure Government cloud. However, the environment checker fails, suggesting that Azure Government clouds are not supported. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release where the Azure portal may incorrectly display the update status as Failed to update or In progress, even though the update has actually completed successfully. This behavior is particularly observed when updating Azure Local instances via Azure Update Manager, where the update progress and results may not be visible in the portal. | You might need to wait up to 30 minutes or more to see the updated status. If the status still isn't refreshed after that time, follow these steps: Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as non-compliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
| Azure Arc registration | When registering a new machine with Azure Arc, registration fails during ImageRecipeValidationTests with the following error:"Responses": [ { "Name": "ImageRecipeValidation", "Status": "Failed", "Errors": [ { "ErrorMessage": "Diagnostics failed for the test category: ImageRecipeValidation.", "StackTrace": null, "ExceptionType": "DiagnosticsTestFailedException", "RecommendedActions": [ "Please contact Microsoft support." ] } ] } |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Upgrade | Failed to upgrade cluster with Get-AzureStackHCI ConnectionStatus in RepairRegistration due to the Virtualization-Based Security (VBS) master key lost during Secure Boot certificate installation. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Registration | After installing certain updates (including BIOS), clusters may report RepairRegistrationRequired and show a stale connection state. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2504
For the 2504 release of Azure Local, Microsoft released two security updates: one for existing deployments and another for new deployments. The following table provides information about different deployment types, their corresponding security updates, and OS builds:
| Deployment type | Solution version | OS build |
|---|---|---|
| Existing deployments | 11.2504.1001.21 | 25398.1551 |
| New deployments | 12.2504.1001.20 | 26100.3775 |
Important
The new deployments of this software use the 12.2504.1001.20 build. You can also update an existing deployment from 2503 using 11.2504.1001.21.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Workaround/Comments |
|---|---|---|
| Azure Local VMs | Subsequent deployments or operations on source image fail if a VM is created with OS disk and source image located on the same CSV and an error occurred during a previous copy of the source image. | |
| Azure Local VMs | Multiple Hyper-V VMs for a single Azure Local VM that failed to be created are left running on Azure Local. | |
| Azure Local VMs | Storage path deletion times out if AKS node disks are present. | No timeout and will error out with proper error message listing the resources on the storage path. |
| Azure Local VMs | Issues with deleting resources that are in use by other resources that no longer exist on the cluster. | Enhanced validation to check if resources are present on the cluster before attempting to delete. |
| Azure Local VMs | Issues with deleting and resizing an Azure Local VM that has checkpoint(s). | You can checkpoint an Azure Local VM with on-premises tools. The VM will remain manageable from the Azure portal. |
| Solution extension | Improved error message to fix firewall blocking access to solution extension manifest endpoints. | |
| Solution extension | Improved reliability of copying solution extension content locally to each machine. | |
| Solution extension | Added specification of plug-in name in the solution extension. | |
| Solution extension | Fixed issue where system was unable to get available solution extension updates. | |
| Update | Simplified the Azure portal experience for viewing the progress and history of update runs. | |
| Update | When monitoring update progress in the Azure Update Management portal, the progress might appear to not have updated for several hours. | Run Get-SolutionUpdate on one of the cluster nodes. If an update object is returned, the update might be taking longer than expected but it is progressing. If an update object isn't returned, the update may be stalled. For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
Known issues in this release
The following table lists the known issues in this release:
| Feature | Issue | Workaround |
|---|---|---|
| Add server Repair server |
The Add-server and Repair-server cmdlets fail with the error: Cluster Build ID matches node to add's Build ID. |
Use the OS image of the same solution version as that running on the existing cluster. To get the OS image, identify and download the image version from this Release table. |
| Add server Repair server |
If running Add-server and Repair-server cmdlets with customized storage adapter IP configured in your Azure Local instance, the operation might fail with the error: Type 'ConfigureAzureStackHostStorageAdpaterIPAddressesInAddRepairNode' of Role 'HostNetwork' raised an exception: Connecting to remote server <MACHINE> failed with the following error message : Access is denied.. |
Contact Microsoft Support if you experience this issue. |
| Security management | The Security defaults, Application control, and Data protections pages show Unknown for all security settings. | This issue is only in the security compliance report. The states of the security settings are unaffected. Use PowerShell to verify the compliance status of the security settings. For more information, see Manage secure baseline via PowerShell cmdlets |
| Deployment | In this release and previous releases, registration fails with the following error when you try to register Azure Local machines with Azure Arc: AZCMAgent command failed with error: >> exitcode: 42. Additional Info: See https://aka.ms/arc/azcmerror. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Azure Arc registration | When registering a new machine with Azure Arc, registration fails during ImageRecipeValidationTests with the following error:"Responses": [ { "Name": "ImageRecipeValidation", "Status": "Failed", "Errors": [ { "ErrorMessage": "Diagnostics failed for the test category: ImageRecipeValidation.", "StackTrace": null, "ExceptionType": "DiagnosticsTestFailedException", "RecommendedActions": [ "Please contact Microsoft support." ] } ] } |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Deployment | In the 2504 release, when you run the Install Azure Stack HCI wizard and select a time zone, the system continues to use Pacific Standard Time (PST), regardless of your selection. | This isn't a blocking issue, and deployment will still complete successfully. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release where the Azure portal may incorrectly display the update status as Failed to update or In progress, even though the update has actually completed successfully. This behavior is particularly observed when updating Azure Local instances via Azure Update Manager, where the update progress and results may not be visible in the portal. | You might need to wait up to 30 minutes or more to see the updated status. If the status still isn't refreshed after that time, follow these steps: Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as non-compliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
| Upgrade | Failed to upgrade cluster with Get-AzureStackHCI ConnectionStatus in RepairRegistration due to the Virtualization-Based Security (VBS) master key lost during Secure Boot certificate installation. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Registration | After installing certain updates (including BIOS), clusters may report RepairRegistrationRequired and show a stale connection state. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
Known and expected behaviors
The following table lists the known and expected system behaviors that shouldn't be considered as bugs or limitations.
| Feature | Behavior | Workaround |
|---|---|---|
| Operating system | Restoring the registry using RegBack isn't supported on Azure Local. This operation can remove the Lifecycle Manager (LCM) and Microsoft On-premises Cloud (MOC) settings on your Azure Local instance, which can corrupt the solution. | |
| Azure Local VM management | Using an exported Azure VM OS disk as a VHD to create a gallery image for provisioning an Azure Local VM is unsupported. | Run the command restart-service mochostagent to restart the mochostagent service. |
Known issues for version 2503
This software release maps to software version number 2503.0.13.
Important
The new deployments of this software use the 2503.0.13 build. You can also update from 2411.3.
Release notes for this version include the issues fixed in this release, known issues in this release, and release note issues carried over from previous versions.
Note
For detailed remediation for common known issues, see the Azure Local Supportability GitHub repository.
Fixed issues
The following table lists the fixed issues in this release:
| Feature | Issue | Workaround/Comments |
|---|---|---|
| Azure Local VMs | Intermittent failures or timeouts when creating or deleting Azure Local VMs due to internal service entering a deadlocked state. | You can now deploy Azure Local VMs without facing timeout issues. |
| Azure Local VMs | Unable to delete a gallery image if the source Azure Local VM gallery image was created from, was deleted. | You can now delete a gallery image even if the source Azure Local VM the gallery image was created from, was deleted. |
| Azure Local VMs | After Azure Arc resource bridge disaster recovery, some Azure Local VMs may lose network connectivity. | Updated Azure Arc resource bridge disaster recovery logic to ensure network configurations of Azure Local VMs persists. |
| Azure Local VMs | Inaccurate power state reporting on Azure for Azure Local VMs when the source image for the VM is deleted from the cluster. | Power operations shows consistent and accurate power state representation on Azure for Azure Local VMs with deleted source images. |
| Azure Local VMs | Inaccurate power state reporting on Azure for Azure Local VMs when attempting power operations. | Improved the accuracy of power state reconciliation by reducing latency and fixing a bug that impacted power operations visibility to Azure. |
| Azure Local VMs | Unable to create a gallery image with specified storage path. | You can now create a gallery image with specified storage path. |
| Azure Local VMs | Running azcmagent disconnect deletes the Azure Local VM. |
Don't use azcmagent disconnect on Azure Local VMs. Use only azcmagent disconnect -f or azcmagent disconnect --force-local-only. This command disconnects the connected machine agent and keeps the VM running (no longer deletes). |
| Azure Local VM management | The Mochostagent service might appear to be running but can get stuck without updating logs for over a month. You can identify this issue by checking the service logs in C:\programdata\mochostagent\logs to see if logs are being updated. |
Run the following command to restart the mochostagent service: restart-service mochostagent. |
| Azure Local VMs/Azure Migrate | Migration of Gen 1 (non-sysprep) VMs using Azure Migrate fails with the error: Failed to clean up seed ISO disk from the file system for VM. | Migration of Gen 1 (non-sysprep) VMs using Azure Migrate will no longer fail with this error. |
| Azure Local VMs/Azure Migrate | VM creation from OS disk fails due to incorrect storage precheck. | VM creation succeeds regardless if the source is gallery image or OS disk. |
| Deployment | When trying to deploy via the Azure portal, Azure Local machine nodes aren't visible in the Azure portal. | Azure Local deployments via the Azure portal are only supported for 2503 and later. For previous versions, deploy via Azure Resource Manager (ARM) template. |
| Deployment | During the Azure Local deployment, DeviceManagementExtension fails to install when a proxy is configured. |
Install previous DeviceManangementExtension version 1.2502.0.3012 when using a proxy. |
| Update | When updating from version 2408.2.7 to 2411.0.24, the update process could fail with the following error message: Type 'CauPreRequisites' of Role 'CAU' raised an exception: Could not finish cau prerequisites due to error 'Cannot remove item C:\UpdateDistribution\<any_file_name>: Access to the path is denied.' |
This issue is now fixed. |
| Update | Ensure that Solution Builder Extension updates of type Notify that have been imported get copied correctly before validation. | |
| Update | Improved the Solution Extension Secret Location cmdlet help to provide better examples. | |
| Update | Added retry logic to Cluster-Aware Updating runs and health checks for cluster nodes. | |
| Update | Increased system stability during the .NET 8 updates. | |
| Update | With the 2411 release, solution and Solution Builder Extension update aren't combined in a single update run. | To apply a Solution Builder Extension package, you need a separate update run. |
| Upgrade | Disable the Carbon PowerShell module if detected and load the known modules. | |
| Upgrade | Optimized the current Carbon PowerShell module solution. | |
| Upgrade | Added a check to validate enough free memory to start an Azure Arc resource bridge VM. | |
| Security | Mitigation for security vulnerability CVE-2024-21302 was implemented. See the Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates | |
| Deployment | During Azure Local deployment via portal, Validate selected machines fails with this error message: Mandatory extension [Lcm controller] installed version [30.2503.0.907] is not equal to the required version [30.2411.2.789] for Arc machine [Name of the machine]. Please create EdgeDevice resource again for this machine to fix the issue. |
Reinstall the correct version of AzureEdgeLifecycleManager extension. Follow these steps: 1. Select the machine and then select Install extensions.  2. Repeat this step for each machine you intend to cluster. It takes roughly 15 minutes for the installation to complete. 3. Verify that the AzureEdgeLifecycleManager extension version is 30.2411.2.789.  4. After the extensions are installed on all the machines in the list, select Add machines to refresh the list. 5. Select Validate selected machines. The validation should succeed. |
| Deployment | During the Azure Local deployment and update on OEM-licensed devices, ConfigureSecurityBaseline fails at the Apply security settings on servers step. |
This issue is now fixed. |
Known issues in this release
The following table lists the known issues in this release:
| Feature | Issue | Workaround/Comments |
|---|---|---|
| Azure Local VMs | Unable to delete an Azure Local VM enabled by Arc when one of the nodes is down. | Contact Microsoft Support if this issue occurs. |
| Azure Local VMs | Checkpoints on Azure Local VMs cause sync issues between Azure Local VMs and Portal. | Remove any checkpoints on the VM. |
| Updates | Updating to 2503.0.13 failed Update PreRequisites for Role 'MocArb' with exception: SyntaxWarning: invalid escape sequence '\W' at CheckAndInstall-CliExtensions. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Security vulnerability | There's a known security vulnerability in this release that may affect security scans for the updates. For more information, see Azure Arc Installer vulnerability CVE-2025-26627 - Host | |
| Azure Local VMs | There's a known security vulnerability in this release that may affect security scans for the updates. For more information, see Azure Arc Installer vulnerability CVE-2025-26627 - Guest | |
| Microsoft Defender for Cloud Azure Government |
In the Azure Government cloud, Microsoft Defender for Cloud recommendations for Azure Local do not show up in the Microsoft Defender for Cloud portal. | |
| Metrics Azure Government |
Metrics from Azure Local clusters in the Azure Government cloud fail to reach Azure. As a result, metrics don't show up in the Monitoring, Metrics, or workbook graphs. Metrics based alerts aren't triggered and new alerts can't be set up. | |
| Upgrade | Failed to upgrade cluster with Get-AzureStackHCI ConnectionStatus in RepairRegistration due to the Virtualization-Based Security (VBS) master key lost during Secure Boot certificate installation. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
| Registration | After installing certain updates (including BIOS), clusters may report RepairRegistrationRequired and show a stale connection state. |
For detailed steps on how to resolve this issue, see the Troubleshooting guide. |
Known issues from previous releases
The following table lists the known issues from previous releases:
| Feature | Issue | Workaround |
|---|---|---|
| Update | When viewing the readiness check results for an Azure Local instance via the Azure Update Manager, there might be multiple readiness checks with the same name. | There's no known workaround in this release. Select View details to view specific information about the readiness check. |
| Update | There's an intermittent issue in this release where the Azure portal may incorrectly display the update status as Failed to update or In progress, even though the update has actually completed successfully. This behavior is particularly observed when updating Azure Local instances via Azure Update Manager, where the update progress and results may not be visible in the portal. | You might need to wait up to 30 minutes or more to see the updated status. If the status still isn't refreshed after that time, follow these steps: Connect to your Azure Local instance via a remote PowerShell session. To confirm the update status, run the following PowerShell cmdlets: $Update = get-solutionupdate| ? version -eq "<version string>"Replace the version string with the version you're running. For example, "10.2405.0.23". $Update.stateIf the update status is Installed, no further action is required on your part. Azure portal refreshes the status correctly within 24 hours. To refresh the status sooner, follow these steps on one of the nodes. Restart the Cloud Management cluster group. Stop-ClusterGroup "Cloud Management"Start-ClusterGroup "Cloud Management" |
| Add server | In this release and previous releases, when adding a machine to the system, isn't possible to update the proxy bypass list string to include the new machine. Updating environment variables proxy bypass list on the hosts won't update the proxy bypass list on Azure resource bridge or AKS. | There's no workaround in this release. If you encounter this issue, contact Microsoft Support to determine next steps. |
| Azure portal | In some instances, the Azure portal might take a while to update and the view might not be current. | You might need to wait for 30 minutes or more to see the updated view. |
| Security | When fixing the compliance for the minimum password length rule, even after you've changed the minimum password length on the Azure Local host to 14, you continue to see it as non-compliant in Azure policy. | You can verify the length of the password using the net accounts cmdlet. In the output, find Minimum password length to see the value. |
Next steps
- Read the Deployment overview.
- For more information about previous releases, see Known issues in Azure Local 23xx releases and Known issues in Azure Local 24xx releases.