-
Notifications
You must be signed in to change notification settings - Fork 387
/
known-issues.yml
112 lines (87 loc) · 6.3 KB
/
known-issues.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
### YamlMime:FAQ
metadata:
title: General issues when using AKS enabled by Azure Arc
description: General known issues when using AKS enabled by Arc.
author: sethmanheim
ms.author: sethm
ms.service: azure-stack
ms.subservice: aks-hci
ms.topic: faq
ms.date: 07/11/2024
title: Resolve general issues when using AKS enabled by Azure Arc
summary: |
This article describes some general known issues that occur when using AKS enabled by Azure Arc. You can also review [known issues with Windows Admin Center](/azure-stack/aks-hci/known-issues-windows-admin-center) and [installation issues and errors](/azure-stack/aks-hci/known-issues-installation).
sections:
- name: Single section - ignored
questions:
- question: |
When running AksHci PowerShell cmdlets, an "Unable to Load DLL" error appears
answer: |
Antivirus software may be causing this error by blocking the execution of PowerShell binaries that are required to perform cluster operations. An example of a similar error is shown below:
[  ](media/known-issues/get-akshcicluster-error.png#lightbox)
To resolve this issue, verify the following processes and folders (which are required to perform AKS cluster operations) are excluded from the antivirus software:
Processes:
- kubectl.exe
- kvactl.exe
- mocctl.exe
- nodectl.exe
- wssdagent.exe
- wssdcloudagent.exe
- kubectl-adsso.exe
- AksHciHealth.exe
Folders:
- C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\
- C:\Program Files\WindowsPowerShell\Modules\TraceProvider\
- C:\Program Files\WindowsPowerShell\Modules\AksHci\
- C:\Program Files\WindowsPowerShell\Modules\Az.Accounts\
- C:\Program Files\WindowsPowerShell\Modules\Az.Resources\
- C:\Program Files\WindowsPowerShell\Modules\AzureAD\
- C:\Program Files\WindowsPowerShell\Modules\DownloadSdk\
- C:\Program Files\WindowsPowerShell\Modules\Kva\
- C:\Program Files\WindowsPowerShell\Modules\Microsoft.SME.CredSspPolicy\
- C:\Program Files\WindowsPowerShell\Modules\Moc\
- C:\Program Files\WindowsPowerShell\Modules\PackageManagement\
- C:\Program Files\AksHci\
- C:\AksHci\
- question: |
Running Remove-AksHciCluster results in the error: 'Error: unable to delete group clustergroup-spdb:...'
answer: |
When running [Remove-AksHciCluster](./reference/ps/remove-akshcicluster.md), the following error occurs because there may be a deadlock:
`Error: unable to delete group clustergroup-spdb: failed to delete group clustergroup-spdb: rpc error: code = DeadlineExceeded desc = context deadline exceeded`
To resolve this issue, restart CloudAgent.
- question: |
Error: invalid_client. The provided client secret keys are expired
answer: |
This error usually occurs when service principal (SPN) secret you used when running the PowerShell cmdlet running **Enable-AksHciArcConnection** expired.
Visit the Azure portal to create a new secret for your service principal (SPN). You can also use [certificate credentials for added security](/azure/active-directory/develop/active-directory-certificate-credentials). For an example of using the cmdlet, see [Enable-AksHciArcConnection](./reference/ps/enable-akshciarcconnection.md).
- question: |
Insufficient privileges to complete the operation
answer: |
This error usually occurs when the service principal (SPN) or your Azure credentials (username and password) used to connect your AKS cluster don't have sufficient privileges in the Azure subscription to perform the operation.
Review the privilege requirements in [Azure requirements for Kubernetes clusters in AKS enabled by Azure Arc](/azure/aks/hybrid/system-requirements#azure-requirements).
- question: |
Running Remove-AksHciCluster results in the error: 'A workload cluster with the name 'my-workload-cluster' was not found'
answer: |
XXX
If you encounter this error when running [Remove-AksHciCluster](./reference/ps/remove-akshcicluster.md), you should check to make sure you have used the correct information for removing the cluster.
- question: |
Transport: Error while dialing dial unix /var/run/moc-kms-plugin/kmsPlugin.sock: connect: no such file or directory
answer: |
This error happens when the KMS plugin on your AKS-HCI target cluster has stopped running because of an expired KMS plugin token.
Run [Repair-AksHciCerts](./reference/ps/repair-akshcicerts.md) to fix this issue.
- question: |
In a workload cluster with static IP addresses, all pods in a node are stuck in a 'ContainerCreating' state
answer: |
In a workload cluster with static IP addresses and Windows nodes, all of the pods in a node (including the `daemonset` pods) are stuck in a _ContainerCreating_ state. When attempting to connect to that node using SSH, the connection fails with a `Connection timed out` error.
To resolve this issue, use Hyper-V Manager or Failover Cluster Manager to turn off the VM of that node. After 5 to 10 minutes, the node should have been recreated and with all the pods running.
- question: |
Move AKS Arc resources location.
answer: |
Moving resources in AKS Arc isn't currently supported. You must delete the Kubernetes cluster, then re-deploy it to the desired location.
additionalContent: |
## Next steps
- [Troubleshooting overview](troubleshoot-overview.md)
- [Windows Admin Center known issues](/azure-stack/aks-hci/known-issues-windows-admin-center)
- [Installation issues and errors](/azure-stack/aks-hci/known-issues-installation)
- [Connect with SSH to Windows or Linux worker nodes](./ssh-connection.md)
If you continue to run into problems when you're using AKS enabled by Azure Arc, you can file bugs through [GitHub](https://aka.ms/aks-hci-issues).