Troubleshoot the K8SAPIServerConnFailVMExtensionError error code (51)

This article discusses how to identify and resolve the K8SAPIServerConnFailVMExtensionError error (also known as error code ERR_K8S_API_SERVER_CONN_FAIL, error number 51) that occurs when you try to start or create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.

Prerequisites

• The Netcat (nc) command-line tool

Symptoms

When you try to start or create an AKS cluster, you receive the following error message:

Unable to establish connection from agents to Kubernetes API server, please see https://aka.ms/aks-required-ports-and-addresses for more information.

Details: Code="VMExtensionProvisioningError"

Message="VM has reported a failure when processing extension 'vmssCSE'.

Error message: "Enable failed: failed to execute command: command terminated with exit status=51\n[stdout]\n{

"ExitCode": "51",

"Output": "Thu Oct 14 18:07:37 UTC 2021,aks-nodepool1-18315663-vmss000000\nConnection to

Cause

Your cluster nodes can't connect to your cluster API server pod.

Solution

Run a Netcat command to verify that your nodes can resolve the cluster's fully qualified domain name (FQDN):

nc -vz <cluster-fqdn> 443

If you're using egress filtering through a firewall, make sure that traffic is allowed to your cluster FQDN.

In rare cases, the firewall's outbound IP address can be blocked if you've authorized IP addresses that are enabled on your cluster. In this scenario, you must add the outbound IP address of your firewall to the list of authorized IP ranges for the cluster. For more information, see Secure access to the API server using authorized IP address ranges in AKS.

More information

• General troubleshooting of AKS cluster creation issues

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.