I receive an error trying to validate KVA when enabling Azure Kubernetes service

Question

No proxy, DNS is working fine. Stand alone server. I'm able to ping the cluster vm during testing. no outbound firewall blocks. Standard windows 2022 server just built and updated. No other changes or configs.

Here's the error:

Message

Applying platform configurations failed. Error: The provided configuration is not valid. Please review the report kva_validation_report.html, fix the configuration and retry. Failed tests: Validate KVA Details: C:\Program Files\AksHci\kvactl.exe validate --configfile "C:\AksHCI\1.0.25.10313\yaml\appliance.yaml" --provider=azurestackhci --enable-canary-diagnostics System.Collections.Hashtable.generic_non_zero 1 [Error: { "code": "CanaryDiagnosticsError", "message": "{\n "code": "GuestInternetConnectivityError",\n "message": "Name: http-connectivity-test-aks-hci. Message: Not able to connect to https://mcr.microsoft.com. Error returned: action failed after 5 attempts: Get \"https://mcr.microsoft.com\": dial tcp: lookup mcr.microsoft.com on 127.0.0.53:53: server misbehaving. AKSHCI network and internet connectivity validation failed: http-connectivity-test-aks-hci. 1. Please check your networking setup and ensure the URLs mentioned in : https://learn.microsoft.com/en-us/azure/aks/hybrid/system-requirements?tabs=allow-table#network-port-and-url-requirements are reachable from the Appliance VM. 2. Check firewall/proxy settings",\n "category": ""\n }", "category": "" }]

Answer 1

The error suggests a DNS resolution issue with mcr.microsoft.com.

Check DNS settings and ensure they are correct. Use a public DNS like 8.8.8.8 if necessary.

Verify there are no hidden proxies or firewall rules blocking outbound traffic to the required URLs.

Test connectivity to https://mcr.microsoft.com directly from the VM.

Review the AKS Hybrid network requirements to ensure your setup meets all conditions.

Answer 2

Hi, I am Henry and I'd like to help.

It looks like you're encountering a KVA validation error while enabling Azure Kubernetes Service (AKS) on Windows Server 2022. Based on the error message, the issue seems to be related to network connectivity, specifically the inability to reach https://mcr.microsoft.com.

1. Check DNS Configuration

• Even though DNS is working fine, try switching to a public DNS like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare).
• Run: nslookup mcr.microsoft.com
• If the lookup fails, there may be a deeper DNS issue.

2. Verify Internet Connectivity from the Appliance VM

• Open PowerShell and test connectivity:

Test-NetConnection -ComputerName mcr.microsoft.com -Port 443

• If this fails, check firewall rules or outbound network settings.

3. Check Firewall and Proxy Settings

• Ensure there are no hidden outbound blocks preventing access to Microsoft URLs.
• If using a proxy, configure it properly in AKS settings.

4. Manually Validate KVA

• Run the following command to manually validate:

C:\Program Files\AksHci\kvactl.exe validate --configfile "C:\AksHCI\1.0.25.10313\yaml\appliance.yaml" --provider=azurestackhci --enable-canary-diagnostics

• Review the generated kva_validation_report.html for more details.

5. Review AKS Hybrid System Requirements

• Ensure your setup meets all network port and URL requirements listed here.

Let me know if any of these solutions work for you.