Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article discusses how to identify and resolve the "WINDOWS_CSE_ERROR_CHECK_API_SERVER_CONNECTIVITY" error (5) that occurs when you try to add a Windows node pool in an Azure Kubernetes Service (AKS) cluster.
Prerequisites
One of the following tools is required:
- The PowerShell command-line shell for Windows nodes.
- The Netcat (
nc) command-line tool for Linux nodes.
Symptoms
When you try to add a Windows node pool in an AKS cluster, you receive the following error message:
Code="VMExtensionProvisioningError"
Message="CSE Error: WINDOWS_CSE_ERROR_CHECK_API_SERVER_CONNECTIVITY." Exit Code: 5. Details: Unable to establish connection from agents to Kubernetes API server.
Cause
Your cluster nodes can't connect to the cluster API server pod.
Troubleshooting steps
Connect to the respective node by following the steps described in Windows Server proxy connection for SSH:
Verify that your nodes can resolve the cluster's fully qualified domain name (FQDN):
On existing Windows nodes, run the following command:
Test-NetConnection -ComputerName <cluster-fqdn> -Port 443Or, on existing Linux nodes, run the following command:
nc -vz <cluster-fqdn> 443If the command output shows
FalseorTimeout, check your network configuration. For example, check whether you set "Deny" rules for the API server in network security groups (NSGs) of the virtual network.If you're using egress filtering through a firewall, make sure that traffic is allowed to your cluster FQDN.
If you've authorized IP addresses that are enabled on your cluster, the firewall's outbound IP address can be blocked. In this scenario, you must add the outbound IP address of the firewall to the list of authorized IP ranges for the cluster. For more information, see Secure access to the API server using authorized IP address ranges in AKS.
References
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.