Troubleshoot the VMExtensionError_CniDownloadTimeout error code (41)
This article discusses how to identify and resolve the VMExtensionError_CniDownloadTimeout
error (also known as error code ERR_CNI_DOWNLOAD_TIMEOUT
, error number 41) that occurs when you try to create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.
Prerequisites
- The Curl command-line tool
Symptoms
When you try to create a Linux-based AKS cluster, you receive the following error message:
Message: We are unable to serve this request due to an internal error
SubCode: VMExtensionError_CniDownloadTimeout;
Message="VM has reported a failure when processing extension 'vmssCSE'.
Error message: "Enable failed: failed to execute command: command terminated with exit status=41\n[stdout]\n{
"ExitCode": "41",
Cause
Your cluster nodes can't connect to the endpoint that's used to download the Container Network Interface (CNI) libraries. In most cases, this issue occurs because a network virtual appliance is blocking Secure Sockets Layer (SSL) communication or an SSL certificate.
Solution
Run a Curl command to verify that your nodes can download the binaries:
curl https://acs-mirror.azureedge.net/cni/azure-vnet-cni-linux-amd64-v1.0.25.tgz
curl --fail --ssl https://acs-mirror.azureedge.net/cni/azure-vnet-cni-linux-amd64-v1.0.25.tgz --output /opt/cni/downloads/azure-vnet-cni-linux-amd64-v1.0.25.tgz
If you can't download these files, make sure that traffic is allowed to the downloading endpoint. For more information, see Azure Global required FQDN/application rules.
References
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.