Posted on

Azure Stack 1905 update

Applies to: Azure Stack integrated systems
Source: Azure Stack 1905 Update

Summary

This article describes the contents of the 1905 update package. The update includes what’s new improvements, and fixes for this release of Azure Stack.

Important
This update package is only for Azure Stack integrated systems. Do not apply this update package to the Azure Stack Development Kit!

Build reference

The Azure Stack 1905 update build number is 1.1905.0.40.

Update type

The Azure Stack 1905 update build type is Full. As a result, the 1905 update has a longer runtime than express updates like 1903 and 1904. Exact runtimes for full updates typically depend on the number of nodes that your Azure Stack instance contains, the capacity used on your system by tenant workloads, your system’s network connectivity (if connected to the internet), and your system hardware configuration. The 1905 update has had the following expected runtimes in our internal testing: 4 nodes – 35 hours, 8 nodes – 45 hours, 12 nodes – 55 hours, 16 nodes – 70 hours. 1905 runtimes lasting longer than these expected values are not uncommon and do not require action by Azure Stack operators unless the update fails. For more information about update build types, see Manage updates in Azure Stack.

What’s in this update

  • With this update, the update engine in Azure Stack can update the firmware of scale unit nodes. This requires a compliant update package from the hardware partners. Reach out to your hardware partner for details about availability.
  • Windows Server 2019 is now supported and available to syndicate through the Azure Stack Marketplace. With this update, Windows Server 2019 can now be successfully activated on a 2016 host.
  • A new Azure Account Visual Studio Code extension allows developers to target Azure Stack by logging in and viewing subscriptions, as well as a number of other services. The Azure Account extension works on both Azure Active Directory (Azure AD) and AD FS environments, and only requires a small change in Visual Studio Code user settings. Visual Studio Code requires a service principal to be given permission in order to run on this environment. To do so, import the identity script and run the cmdlets specified in Multi-tenancy in Azure Stack. This requires an update to the home directory, and registration of the Guest tenant directory for each directory. An alert is displayed after updating to 1905 or later, to update the home directory tenant for which the Visual Studio Code service principal is included.

Improvements

  • As a part of enforcing TLS 1.2 on Azure Stack, the following extensions have been updated to these versions:
    • microsoft.customscriptextension-arm-1.9.3
    • microsoft.iaasdiagnostics-1.12.2.2
    • microsoft.antimalware-windows-arm-1.5.5.9
    • microsoft.dsc-arm-2.77.0.0
    • microsoft.vmaccessforlinux-1.5.2Please download these versions of the extensions immediately, so that new deployments of the extension do not fail when TLS 1.2 is enforced in a future release. Always set autoUpgradeMinorVersion=true so that minor version updates to extensions (for example, 1.8 to 1.9) are automatically performed.
  • A new Help and Support Overview in the Azure Stack portal makes it easier for operators to check their support options, get expert help, and learn more about Azure Stack. On integrated systems, creating a support request will preselect Azure Stack service. We highly recommend that customers use this experience to submit tickets rather than using the global Azure portal. For more information, see Azure Stack Help and Support.
  • When multiple Azure Active Directories are onboarded (through this process), it is possible to neglect rerunning the script when certain updates occur, or when changes to the Azure AD Service Principal authorization cause rights to be missing. This can cause various issues, from blocked access for certain features, to more discrete failures which are hard to trace back to the original issue. To prevent this, 1905 introduces a new feature that checks for these permissions and creates an alert when certain configuration issues are found. This validation runs every hour, and displays the remediation actions required to fix the issue. The alert closes once all the tenants are in a healthy state.
  • Improved reliability of infrastructure backup operations during service failover.
  • A new version of the Azure Stack Nagios plugin is available that uses the Azure Active Directory authentication libraries (ADAL) for authentication. The plugin now also supports Azure AD and Active Directory Federation Services (AD FS) deployments of Azure Stack. For more information, see the Nagios plugin exchange site.
  • A new hybrid profile 2019-03-01-Hybrid was released that supports all the latest features in Azure Stack. Both Azure PowerShell and Azure CLI support the 2019-03-01-Hybrid profile. The .NET, Ruby, Node.js, Go, and Python SDKs have published packages that support the 2019-03-01-Hybrid profile. The respective documentation and some samples have been updated to reflect the changes.
  • The Node.js SDK now supports API profiles. Packages that support the 2019-03-01-Hybrid profile are published.
  • The 1905 Azure Stack update adds two new infrastructure roles to improve platform reliability and supportability:
    • Infrastructure ring: In the future, the infrastructure ring will host containerized versions of existing infrastructure roles – for example, xrp – that currently require their own designated infrastructure VMs. This will improve platform reliability and reduce the number of infrastructure VMs that Azure Stack requires. This subsequently reduces the overall resource consumption of Azure Stack’s infrastructure roles in the future.
    • Support ring: In the future, the support ring will be used to handle enhanced support scenarios for customers.In addition, we added an extra instance of the domain controller VM for improved availability of this role.These changes will increase the resource consumption of Azure Stack infrastructure in the following ways:Azure Stack SKUIncrease in Compute ConsumptionIncrease in Memory Consumption4 Nodes22 vCPU28 GB8 Nodes38 vCPU44 GB12 Nodes54 vCPU60 GB16 Nodes70 vCPU76 GB

Changes

  • To increase reliability and availability during planned and unplanned maintenance scenarios, Azure Stack adds an additional infrastructure role instance for domain services.
  • With this update, during repair and add node operations, the hardware is validated to ensure homogenous scale unit nodes within a scale unit.
  • If scheduled backups are failing to complete and the defined retention period is exceeded, the infrastructure backup controller will ensure at least one successful backup is retained.

Fixes

  • Fixed an issue in which a Compute host agent warning appeared after restarting a node in the scale unit.
  • Fixed issues in marketplace management in the administrator portal which showed incorrect results when filters were applied, and showed duplicate publisher names in the publisher filter. Also made performance improvements to display results faster.
  • Fixed issue in the available backup blade that listed a new available backup before it completed upload to the external storage location. Now the available backup will show in the list after it is successfully uploaded to the storage location.
  • Fixed issue with retrieving recovery keys during backup operation.
  • Fixed issue with OEM update displaying version as ‘undefined’ in operator portal.

Security updates

For information about security updates in this update of Azure Stack, see Azure Stack security updates.

Update planning

Before applying the update, make sure to review the following information:

Download the update

You can download the Azure Stack 1905 update package from the Azure Stack download page. When using the downloader tool, be sure to use the latest version and not a cached copy from your downloads directory.

Hotfixes

Azure Stack releases hotfixes on a regular basis. Be sure to install the latest Azure Stack hotfix for 1904 before updating Azure Stack to 1905.

Azure Stack hotfixes are only applicable to Azure Stack integrated systems; do not attempt to install hotfixes on the ASDK.

Before applying the 1905 update

The 1905 release of Azure Stack must be applied on the 1904 release with the following hotfixes:

After successfully applying the 1905 update

After the installation of this update, install any applicable hotfixes. For more information, see Microsofts’ servicing policy.

Automatic update notifications

Customers with systems that can access the internet from the infrastructure network will see the Update available message in the operator portal. Systems without internet access can download and import the .zip file with the corresponding .xml.

Tip
Subscribe to the following RSS or Atom feeds to keep up with Azure Stack hotfixes:

Known issues (post installation)

This article lists known issues in the 1905 release of Azure Stack. The list is updated as new issues are identified.

Important
Review this section before applying the update!

Update process

Host node update prerequisite failure

  • Applicable: This issue applies to the 1905 update.
  • Cause: When attempting to install the 1905 Azure Stack update, the status for the update might fail due to Host Node Update Prerequisite. This is generally caused by a host node having insufficient free disk space.
  • Remediation: Contact Azure Stack support to receive assistance clearing disk space on the host node.
  • Occurrence: Uncommon

Preparation failed

  • Applicable: This issue applies to all supported releases.
  • Cause: When attempting to install the 1905 Azure Stack update, the status for the update might fail and change state to PreparationFailed. This is caused by the update resource provider (URP) being unable to properly transfer the files from the storage container to an internal infrastructure share for processing. The 1905 update package is larger than previous update packages which may make this issue more likely to occur.
  • Remediation: Starting with version 1901 (1.1901.0.95), you can work around this issue by clicking Update now again (not Resume). The URP then cleans up the files from the previous attempt, and restarts the download. If the problem persists, we recommend manually uploading the update package by following the Import and install updates section.
  • Occurrence: Common

Portal

Subscription resources

  • Applicable: This issue applies to all supported releases.
  • Cause: Deleting user subscriptions results in orphaned resources.
  • Remediation: First delete user resources or the entire resource group, and then delete the user subscriptions.
  • Occurrence: Common

Subscription permissions

  • Applicable: This issue applies to all supported releases.
  • Cause: You cannot view permissions to your subscription using the Azure Stack portals.
  • Remediation: Use PowerShell to verify permissions.
  • Occurrence: Common

Marketplace management

  • Applicable: This issue applies to 1904 and 1905
  • Cause: The marketplace management screen is not visible when you sign in to the administrator portal.
  • Remediation: Refresh the browser or go to Settings and select the option Reset to default settings.
  • Occurrence: Intermittent

Docker extension

  • Applicable: This issue applies to all supported releases.
  • Cause: In both the administrator and user portals, if you search for Docker, the item is incorrectly returned. It is not available in Azure Stack. If you try to create it, an error is displayed.
  • Remediation: No mitigation.
  • Occurrence: Common

Upload blob

  • Applicable: This issue applies to all supported releases.
  • Cause: In the user portal, when you try to upload a blob using the OAuth(preview) option, the task fails with an error message.
  • Remediation: Upload the blob using the SAS option.
  • Occurrence: Common

Template

  • Applicable: This issue applies to all supported releases.
  • Cause: In the user portal, the template deployment UI does not populate parameters for the template names beginning with “_” (the underscore character).
  • Remediation: Remove the “_” (underscore character) from the template name.
  • Occurrence: Common

Networking

Load balancer

Add backend pool

  • Applicable: This issue applies to all supported releases.
  • Cause: In the user portal, if you attempt to add a Backend Pool to a Load Balancer, the operation fails with the error message failed to update Load Balancer….
  • Remediation: Use PowerShell, CLI or a Resource Manager template to associate the backend pool with a load balancer resource.
  • Occurrence: Common

Create inbound NAT

  • Applicable: This issue applies to all supported releases.
  • Cause: In the user portal, if you attempt to create an Inbound NAT Rule for a Load Balancer, the operation fails with the error message Failed to update Load Balancer….
  • Remediation: Use PowerShell, CLI or a Resource Manager template to associate the backend pool with a load balancer resource.
  • Occurrence: Common

Create load balancer

  • Applicable: This issue applies to all supported releases.
  • Cause: In the user portal, the Create Load Balancer window shows an option to create a Standard load balancer SKU. This option is not supported in Azure Stack.
  • Remediation: Use the Basic load balancer options instead.
  • Occurrence: Common

Public IP address

  • Applicable: This issue applies to all supported releases.
  • Cause: In the user portal, the Create Public IP Address window shows an option to create a Standard SKU. The Standard SKU is not supported in Azure Stack.
  • Remediation: Use the Basic SKU for public IP address.
  • Occurrence: Common

Compute

VM boot diagnostics

  • Applicable: This issue applies to all supported releases.
  • Cause: When creating a new Windows virtual machine (VM), the following error may be displayed: Failed to start virtual machine ‘vm-name’. Error: Failed to update serial output settings for VM ‘vm-name’. The error occurs if you enable boot diagnostics on a VM, but delete your boot diagnostics storage account.
  • Remediation: Recreate the storage account with the same name you used previously.
  • Occurrence: Common

VM resize

  • Applicable: This issue applies to the 1905 release.
  • Cause: Unable to successfully resize a managed disk VM. Attempting to resize the VM generates an error with “code”: “InternalOperationError”, “message”: “An internal error occurred in the operation.”
  • Remediation: We are working to remediate this in the next release. Currently, you must recreate the VM with the new VM size.
  • Occurrence: Common

Virtual machine scale set

CentOS

  • Applicable: This issue applies to all supported releases.
  • Cause: The virtual machine scale set creation experience provides CentOS-based 7.2 as an option for deployment. CentOS 7.2 is not available on Azure Stack Marketplace which will cause deployment failures calling out that the image is not found.
  • Remediation: Select another operating system for your deployment, or use an Azure Resource Manager template specifying another CentOS image that has been downloaded prior to deployment from the marketplace by the operator.
  • Occurrence: Common

Remove scale set

  • Applicable: This issue applies to all supported releases.
  • Cause: You cannot remove a scale set from the Virtual machine scale sets blade.
  • Remediation: Select the scale set that you want to remove, then click the Delete button from the Overview pane.
  • Occurrence: Common

Create failures during patch and update on 4-node Azure Stack environments

  • Applicable: This issue applies to all supported releases.
  • Cause: Creating VMs in an availability set of 3 fault domains and creating a virtual machine scale set instance fails with a FabricVmPlacementErrorUnsupportedFaultDomainSize error during the update process on a 4-node Azure Stack environment.
  • Remediation: You can create single VMs in an availability set with 2 fault domains successfully. However, scale set instance creation is still not available during the update process on a 4-node Azure Stack.

Scale set instance view blade doesn’t load

  • Applicable: This issue applies to 1904 and 1905 release.
  • Cause: The instance view blade of a virtual machine scale set located at Azure Stack portal -> Dashboard -> Virtual machine scale sets -> AnyScaleSet – Instances -> AnyScaleSetInstance fails to load, and displays a crying cloud image.
  • Remediation: There is currently no remediation and we are working on a fix. Until then, please use the CLI command az vmss get-instance-view to get the instance view of a scale set.

Ubuntu SSH access

  • Applicable: This issue applies to all supported releases.
  • Cause: An Ubuntu 18.04 VM created with SSH authorization enabled does not allow you to use the SSH keys to sign in.
  • Remediation: Use VM access for the Linux extension to implement SSH keys after provisioning, or use password-based authentication.
  • Occurrence: Common

Next steps