Azure Stack 1804 update

Applies to: Azure Stack integrated systems

This article describes the improvements and fixes in the 1804 update package, known issues for this release, and where to download the update. Known issues are divided into issues directly related to the update process and issues with the build (post-installation).


This update package is only for Azure Stack integrated systems. Do not apply this update package to the Azure Stack Development Kit.

Build reference

The Azure Stack 1804 update build number is 20180513.1.

New features

This update includes the following improvements for Azure Stack.

  • Visual Studio support for disconnected Azure Stack deployments using AD FS. Within Visual Studio you now can add subscriptions and authenticate using AD FS federated User credentials.

  • Use Av2 and F series virtual machines. Azure Stack can now use virtual machines based on the Av2-series and F-series virtual machine sizes. For more information see Virtual machine sizes supported in Azure Stack.

  • New administrative subscriptions. With 1804 there are two new subscription types available in the portal. These new subscription types are in addition to the Default Provider subscription and visible with new Azure Stack installations beginning with version 1804. Do not use these new subscription types with this version of Azure Stack. We will announce the availability to use these subscription types in with a future update.

    If you update Azure Stack to version 1804, the two new subscription types are not visible. However, new deployments of Azure Stack integrated systems and installations of the Azure Stack Development Kit version 1804 or later have access to all three subscription types.

    These new subscription types are part of a larger change to secure the Default Provider subscription, and to make it easier to deploy shared resources like SQL Hosting servers. As we add more parts of this larger change with future updates to Azure Stack, resources deployed under these new subscription types might be lost.

    The three subscription types now visible are:

    • Default Provider subscription: Continue to use this subscription type.
    • Metering subscription: Do not use this subscription type.
    • Consumption subscription: Do not use this subscription type

Fixed issues

  • In the admin portal, you no longer have to refresh the Update tile before it displays information.

  • You can now use the admin portal to edit storage metrics for Blob service, Table service, and Queue service.

  • Under Networking, when you click Connection to set up a VPN connection, Site-to-site (IPsec) is now the only available option.

  • Various fixes for performance, stability, security, and the operating system that is used by Azure Stack.

Additional releases timed with this update

The following are now available, but don't require Azure Stack update 1804.

  • Update to the Microsoft Azure Stack System Center Operations Manager Monitoring Pack. A new version ( of the Microsoft System Center Operations Manager Monitoring Pack for Azure Stack is available for download. With this version, you can use Service Principals when you add a connected Azure Stack deployment. This version also features an Update Management experience that allows you to take remediation action directly from within Operations Manager. There are also new dashboards that display resource providers, scale units, and scale unit nodes.

  • New Azure Stack Admin PowerShell Version 1.3.0. Azure Stack PowerShell 1.3.0 is now available for installation. This version provides commands for all Admin resource providers to manage Azure Stack. With this release, some content will be deprecated from the Azure Stack Tools GitHub repository.

    For installation details, follow the instructions or the help content for Azure Stack Module 1.3.0.

  • Initial release of Azure Stack API Rest Reference. The API reference for all Azure Stack Admin resource providers is now published.

Before you begin


Known issues with the update process

  • During installation of the 1804 update, you might see alerts with the title Error – Template for FaultType UserAccounts.New is missing. You can safely ignore these alerts. These alerts will close automatically after the update to 1804 completes.

  • Do not attempt to create virtual machines during the installation of this update. For more information about managing updates, see Manage updates in Azure Stack overview.

Post-update steps

After the installation of 1804, install any applicable Hotfixes. For more information view the following knowledge base articles, as well as our Servicing Policy.

Known issues (post-installation)

The following are post-installation known issues for build 20180513.1.


  • You cannot apply driver updates by using an OEM Extension package with this version of Azure Stack. There is no workaround for this problem.

  • After you install or update to this version of Azure Stack, you might not be able to view Azure Stack scale units in the Admin portal.
    Workaround: Use PowerShell to view information about Scale Units. For more information, see the help content for Azure Stack Module 1.3.0.

  • When you use AD FS for your Azure Stack identity system and update to this version of Azure Stack, the default owner of the default provider subscription is reset to the built-in CloudAdmin user.
    Workaround: To resolve this issue after you install this update, use step 3 from the Trigger automation to configure claims provider trust in Azure Stack procedure to reset the owner of the default provider subscription.

  • Some administrative subscription types are not available. When you upgrade Azure Stack to this version, the two subscription types that were introduced with version 1804 are not visible in the console. This is expected. The unavailable subscription types are Metering subscription, and Consumption subscription. These subscription types are visible in new Azure Stack environments beginning with version 1804 but are not yet ready for use. You should continue to use the Default Provider subscription type.

  • The ability to open a new support request from the dropdown from within the administrator portal isn’t available. Instead, use the following link:

  • You might not have use of the horizontal scroll bar along the bottom of the admin and user portals. If you can’t access the horizontal scroll bar, use the breadcrumbs to navigate to a previous blade in the portal by selecting the name of the blade you want to view from the breadcrumb list found at the top left of the portal. Breadcrumb

  • It might not be possible to view compute or storage resources in the administrator portal. The cause of this issue is an error during the installation of the update that causes the update to be incorrectly reported as successful. If this issue occurs, contact Microsoft Customer Support Services for assistance.

  • You might see a blank dashboard in the portal. To recover the dashboard, select the gear icon in the upper right corner of the portal, and then select Restore default settings.

  • Deleting user subscriptions results in orphaned resources. As a workaround, first delete user resources or the entire resource group, and then delete user subscriptions.

  • You cannot view permissions to your subscription using the Azure Stack portals. As a workaround, use PowerShell to verify permissions.

  • In the admin portal, you might see a critical alert for the Microsoft.Update.Admin component. The Alert name, description, and remediation all display as:

    • ERROR - Template for FaultType ResourceProviderTimeout is missing.

    This alert can be safely ignored.

Health and monitoring

  • You might see alerts for the Health controller component that have the following details:

    Alert #1:

    • NAME: Infrastructure role unhealthy
    • SEVERITY: Warning
    • COMPONENT: Health controller
    • DESCRIPTION: The health controller Heartbeat Scanner is unavailable. This may affect health reports and metrics.

    Alert #2:

    • NAME: Infrastructure role unhealthy
    • SEVERITY: Warning
    • COMPONENT: Health controller
    • DESCRIPTION: The health controller Fault Scanner is unavailable. This may affect health reports and metrics.

    Both alerts can be safely ignored. They will close automatically over time.


  • When selecting a virtual machine size for a virtual machine deployment, some F-Series VM sizes are not visible as part of the size selector when you create a VM. The following VM sizes do not appear in the selector: F8s_v2, F16s_v2, F32s_v2, and F64s_v2.
    As a workaround, use one of the following methods to deploy a VM. In each method, you need to specify the VM size you want to use.

    • Azure Resource Manager template: When you use a template, set the vmSize in the template to equal the desired VM size. For example, the following is used to deploy a VM that uses the F32s_v2 size:

          "properties": {
          "hardwareProfile": {
                  "vmSize": "Standard_F32s_v2"
    • Azure CLI: You can use the az vm create command and specify the VM size as a parameter, similar to --size "Standard_F32s_v2".

    • PowerShell: With PowerShell you can use New-AzureRMVMConfig with the parameter that specifies the VM size, similar to -VMSize "Standard_F32s_v2".

  • Scaling settings for virtual machine scale sets are not available in the portal. As a workaround, you can use Azure PowerShell. Because of PowerShell version differences, you must use the -Name parameter instead of -VMScaleSetName.

  • When you create an availability set in the portal by going to New > Compute > Availability set, you can only create an availability set with a fault domain and update domain of 1. As a workaround, when creating a new virtual machine, create the availability set by using PowerShell, CLI, or from within the portal.

  • When you create virtual machines on the Azure Stack user portal, the portal displays an incorrect number of data disks that can attach to a D series VM. All supported D series VMs can accommodate as many data disks as the Azure configuration.

  • When a VM image fails to be created, a failed item that you cannot delete might be added to the VM images compute blade.

    As a workaround, create a new VM image with a dummy VHD that can be created through Hyper-V (New-VHD -Path C:\dummy.vhd -Fixed -SizeBytes 1 GB). This process should fix the problem that prevents deleting the failed item. Then, 15 minutes after creating the dummy image, you can successfully delete it.

    You can then try to redownload the VM image that previously failed.

  • If provisioning an extension on a VM deployment takes too long, users should let the provisioning time-out instead of trying to stop the process to deallocate or delete the VM.

  • Linux VM diagnostics is not supported in Azure Stack. When you deploy a Linux VM with VM diagnostics enabled, the deployment fails. The deployment also fails if you enable the Linux VM basic metrics through diagnostic settings.


  • Under Networking, if you click Create VPN Gateway to set up a VPN connection, Policy Based is listed as a VPN type. Do not select this option. Only the Route Based option is supported in Azure Stack.

  • After a VM is created and associated with a public IP address, you can't disassociate that VM from that IP address. Disassociation appears to work, but the previously assigned public IP address remains associated with the original VM.

    Currently, you must use only new public IP addresses for new VMs you create.

    This behavior occurs even if you reassign the IP address to a new VM (commonly referred to as a VIP swap). All future attempts to connect through this IP address result in a connection to the originally associated VM, and not to the new one.

  • If you raise a Quota limit for a Network resource that is part of an Offer and Plan that is associated with a tenant subscription, the new limit is not applied to that subscription. However, the new limit does apply to new subscriptions that are created after the quota is increased.

    To work around this problem, use an Add-On plan to increase a Network Quota when the plan is already associated with a subscription. For more information, see how to make an add-on plan available.

  • You cannot delete a subscription that has DNS Zone resources or Route Table resources associated with it. To successfully delete the subscription, you must first delete DNS Zone and Route Table resources from the tenant subscription.

  • Azure Stack supports a single local network gateway per IP address. This is true across all tenant subscriptions. After the creation of the first local network gateway connection, subsequent attempts to create a local network gateway resource with the same IP address are blocked.

  • On a Virtual Network that was created with a DNS Server setting of Automatic, changing to a custom DNS Server fails. The updated settings are not pushed to VMs in that Vnet.

  • Azure Stack does not support adding additional network interfaces to a VM instance after the VM is deployed. If the VM requires more than one network interface, they must be defined at deployment time.

  • You cannot use the admin portal to update rules for a network security group.

    Workaround for App Service: If you need to remote desktop to the Controller instances, you modify the security rules within the network security groups with PowerShell. Following are examples of how to allow, and then restore the configuration to deny:

    • Allow:

      Connect-AzureRmAccount -EnvironmentName AzureStackAdmin
      $nsg = Get-AzureRmNetworkSecurityGroup -Name "ControllersNsg" -ResourceGroupName "AppService.local"
      $RuleConfig_Inbound_Rdp_3389 =  $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "Inbound_Rdp_3389"
      ##This doesn’t work. Need to set properties again even in case of edit
      #Set-AzureRmNetworkSecurityRuleConfig -Name "Inbound_Rdp_3389" -NetworkSecurityGroup $nsg -Access Allow  
      Set-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $nsg `
        -Name $RuleConfig_Inbound_Rdp_3389.Name `
        -Description "Inbound_Rdp_3389" `
        -Access Allow `
        -Protocol $RuleConfig_Inbound_Rdp_3389.Protocol `
        -Direction $RuleConfig_Inbound_Rdp_3389.Direction `
        -Priority $RuleConfig_Inbound_Rdp_3389.Priority `
        -SourceAddressPrefix $RuleConfig_Inbound_Rdp_3389.SourceAddressPrefix `
        -SourcePortRange $RuleConfig_Inbound_Rdp_3389.SourcePortRange `
        -DestinationAddressPrefix $RuleConfig_Inbound_Rdp_3389.DestinationAddressPrefix `
        -DestinationPortRange $RuleConfig_Inbound_Rdp_3389.DestinationPortRange
      # Commit the changes back to NSG
      Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
    • Deny:

      Connect-AzureRmAccount -EnvironmentName AzureStackAdmin
      $nsg = Get-AzureRmNetworkSecurityGroup -Name "ControllersNsg" -ResourceGroupName "AppService.local"
      $RuleConfig_Inbound_Rdp_3389 =  $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "Inbound_Rdp_3389"
      ##This doesn’t work. Need to set properties again even in case of edit
      #Set-AzureRmNetworkSecurityRuleConfig -Name "Inbound_Rdp_3389" -NetworkSecurityGroup $nsg -Access Allow  
      Set-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $nsg `
        -Name $RuleConfig_Inbound_Rdp_3389.Name `
        -Description "Inbound_Rdp_3389" `
        -Access Deny `
        -Protocol $RuleConfig_Inbound_Rdp_3389.Protocol `
        -Direction $RuleConfig_Inbound_Rdp_3389.Direction `
        -Priority $RuleConfig_Inbound_Rdp_3389.Priority `
        -SourceAddressPrefix $RuleConfig_Inbound_Rdp_3389.SourceAddressPrefix `
        -SourcePortRange $RuleConfig_Inbound_Rdp_3389.SourcePortRange `
        -DestinationAddressPrefix $RuleConfig_Inbound_Rdp_3389.DestinationAddressPrefix `
        -DestinationPortRange $RuleConfig_Inbound_Rdp_3389.DestinationPortRange
      # Commit the changes back to NSG
      Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg 


  • Only the resource provider is supported to create items on servers that host SQL or MySQL. Items created on a host server that are not created by the resource provider might result in a mismatched state.

  • Special characters, including spaces and periods, are not supported in the Family or Tier names when you create a SKU for the SQL and MySQL resource providers.


After you update to Azure Stack 1804, you can continue to use the SQL and MySQL resource providers that you previously deployed. We recommend you update SQL and MySQL when a new release becomes available. Like Azure Stack, apply updates to SQL and MySQL resource providers sequentially. For example, if you use version 1802, first apply version 1803, and then update to 1804.

The install of update 1804 does not affect the current use of SQL or MySQL resource providers by your users. Regardless of the version of the resource providers you use, your users data in their databases is not touched, and remains accessible.

App Service

  • Users must register the storage resource provider before they create their first Azure Function in the subscription.

  • In order to scale out infrastructure (workers, management, front-end roles), you must use PowerShell as described in the release notes for Compute.

  • App Service can only be deployed into the Default Provider Subscription at this time. In a future update App Service will deploy into the new Metering Subscription introduced in Azure Stack 1804 and all existing deployments will be migrated to this new subscription also.


  • Usage Public IP address usage meter data shows the same EventDateTime value for each record instead of the TimeDate stamp that shows when the record was created. Currently, you can’t use this data to perform accurate accounting of public IP address usage.

Download the update

You can download the Azure Stack 1804 update package from here.

See also