Azure Stack Hub hotfix 1.2008.40.148

Summary

  • ETW trace sessions are configured to use 16 MB of non-pagedpool memory. Trace sessions now report lost event count (if any) per session, during ETL file rotation in TraceCollector Eventlog. This releases critical non-paged pool memory for other services on hosts and VMs. Also fixed various bugs in Tracecollector.
  • Fixed a bug in resource provider (for example, Event Hubs) deployment, update, or secret rotation. The operation previously failed with no apparent failure cause. The fix allows the operation to complete successfully.
  • Extended the update readiness checks to cover more Service Fabric health and VM health checks; for example, memory usage and storage disk capacity checks.
  • Fixed bugs that increased memory pressure on infrastructure.
  • Fixed bugs that caused operator portal blades to fail to load.
  • Improved reliability of Process Watchdog.

Fixes rolled up from previous hotfix releases

  • Improved update reliability by adding detection and self-healing for low available memory conditions on ERCS VMs at the beginning of the update orchestration.
  • Fixed a bug in which BCDR runner logs fill up MASLogs folders on physical hosts.
  • Added monitoring for WMI and remediation.
  • Added Network Controller IMOS size check to Test-AzureStack.
  • Fixed internal secret rotation failures (failing at the NC:Secret rotate step), seen after updating to Azure Stack Hub version 1.2008.25.114 or higher from the latest 2005 release.
  • Configured stamp ADFS to monitor corporate ADFS signing certificate rollover. This is for Azure Stack Hub with ADFS identity systems when Azure Stack Hub is configured with corp ADFS and a federation metadata endpoint.
  • Fixed alert to remediation linking. Moved memory-critical alert to preview.
  • Fixed health package registration, removing duplicate artifact creation.
  • Improved reliability of RdAgent upgrade.
  • Enhanced idempotent logic in handling malfunctioning TPMs.
  • Fixed an issue in which uninstalling some extensions put previously deployed extensions into a failed state.
  • Fixed an issue in which duplicate installed updates were shown in the update history list.
  • Fixed an intermittent issue in which FRU of SRNG could fail connecting to the ECE agent.
  • Fixed VM NICs getting a different hardware identifier after VM is deallocated and restarted.
  • Monitored and rebooted VMs based on memory pressure.
  • Added AzsGBRReadiness in Test-AzureStack to check physical disks' health for granular bitmap repair readiness.
  • Reactivated firewall rules to enable SNMP traffic on ERCS VMs.
  • Fixed an issue in which modifying any properties on the Local Network Gateway was causing other VPN connections on that gateway to disconnect.
  • Fixed an issue in which infrastructure VM deployment can fail after applying a hotfix.
  • Cleaned up stale user profile folders to clear disk space.
  • Fixed an issue in which a secondary blob data partition cannot be loaded in some error cases.
  • Fixed some bugs with the use of temporary domain accounts.
  • Enhanced temporary domain account naming to ensure uniqueness.
  • Patched SDN-related binaries on the physical nodes.
  • Improved reliability and diagnosing capabilities of patch and update.
  • Added auto-remediation for SQL cluster.
  • Updated Healthagent to use Nugetstore.
  • Filtered WHS alert for Netadapter.
  • Fixed an issue in which the copy of a certificate used by Service Fabric was overwritten.
  • Fixed appearance of ghost NICs when deleting a resource group.
  • Fixed regression in Test-AzureStack that caused VM deployment test case to automatically skip.
  • Improved resiliency of VM provisioning, extension, and image operations.
  • Fixed an invalid state in Storage resource provider for storage accounts migrated from 1910 with suspended state.
  • Fixed a bug in local health system that potentially increased memory pressure on infrastructure.
  • Fixed issue in internal secret rotation that would fail with a timeout error if value-add resource providers were unhealthy.
  • Fixed a bug in which closed alerts' Last Modified Time was updated in the operator portal even if the alert stayed closed.
  • Optimized operator alert request handling, which reduces the chance of timeouts when viewing alerts in the operator portal or monitoring them via System Center Operations Manager (SCOM).
  • Check and enforce key protectors on cluster shared volumes per host.
  • Fixed issue in which Managed Disk usage data was not being reported after the 2008 update.
  • Fixed VMs losing connectivity while SuspendNode is occurring in MAS, as part of host reboot during patch and update.
  • Added PEP to retrieve current registration details, stale object cleanup for Remove-Registration.
  • Fixed a bug that caused the Infrastructure Roles panel in the operator portal to display incorrect health information.
  • Improved reliability of log collection for SDN roles by collecting logs on the file share.
  • Fixed an issue that can raise an audit scanner health alert in PEP cmdlet.
  • Removed invalid repair interface for seedringservices.
  • Improved SDN network reliability on the physical nodes.
  • Enabled SQL container logs.
  • Fixed an issue that erroneously raises an alert: "Node inaccessible for VM Placement."
  • Fixed a remote management enabling issue for Azure Stack registrations done prior to 1910 release.
  • Improved reliability of host node update.
  • Critical fix for disk space exhaustion on physical hosts, network controllers, gateways, and load balancers.
  • Fixed remote management resource replication for resource arrays with continuation token.
  • Fixed an issue in which a storage account might be partially restored due to a KVS race condition in the SRP background usage job.
  • Fixed an issue in which a virtual subnet was not being cleaned up if the tunnel was moved to a different GW VM and then the VGW was deleted.
  • Fixed an issue that could cause registration and internal secret rotation to fail.
  • Fixed an issue in the internal secret rotation, which might cause a failure in the next update.
  • Addressed an issue with internal secret rotation for NRP with a large number of subscriptions.
  • Mitigated connection problems to ERCS following startup.
  • Mitigated a potential issue with upgrading to future versions.
  • Addressed memory leak based on health runners and suppressed faulty alerts.
  • Added memory-specific settings to crash dump settings.
  • Remediated ERCS memory pressure during patch & update.
  • Included AzsInfraRoleSummary Test-Azurestack test as UpdateReadiness.
  • Fixed an issue where certificate rotation on IoT Hub fails with "Internal execution error."

Hotfix information

To apply this hotfix, you must have version 1.2008.13.88 or later.

Important

As outlined in the release notes for the 2008 update, make sure that you refer to the update activity checklist on running Test-AzureStack (with specified parameters), and resolve any operational issues that are found, including all warnings and failures. Also, review active alerts and resolve any that require action.

File information

Download the following files. Then, follow the instructions on the Apply updates in Azure Stack page on the Microsoft Docs website to apply this update to Azure Stack.

Download the zip file now.

Download the hotfix xml file now.

More information

Azure Stack Hub update resources

Apply updates in Azure Stack

Monitor updates in Azure Stack by using the privileged endpoint