![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 96%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAY%3C/text%3E%3C/svg%3E)
The activity log message “Upgrade Failed with status Unspecified, error: Unknown error” indicates that the node image upgrade PUT operation on the agent pool failed, but the platform didn’t surface a specific error code in that view. To identify the root cause and remediate, use the standard AKS failed-operation troubleshooting flow and then check for the common failure conditions that affect upgrades.
- In the Azure portal, open the AKS cluster → Activity log and filter Status = Failed and the time range around 24 March. Open the failed Create or Update Agent Pool event and review the Status section and the JSON payload for any error
codeandmessage. This is the primary place where the underlying failure reason is exposed. - If an error code is present (for example
QuotaExceeded,RequestDisallowedByPolicy,PublicIPCountLimitReached,SubnetIsFull,OverconstrainedAllocationRequest,OutboundConnFailVMExtensionError, or a drain/PDB-related error), use the corresponding remediation:-
RequestDisallowedByPolicy: a policy is blocking the operation. Review the policy assignment on the subscription/resource group and modify or exclude it so the agent pool update is allowed. -
QuotaExceeded: the region or SKU quota is exhausted. Check current usage and either delete unused resources or request a quota increase before retrying the node image upgrade. -
PublicIPCountLimitReached: the subscription/region has hit the public IP limit. Free unused public IPs or request a higher limit. -
OverconstrainedAllocationRequestor allocation failures: the requested VM size/zone has no capacity. Choose a different VM size or region for the node pool. -
OutboundConnFailVMExtensionError: the VM extension cannot reach required endpoints. Verify NSG and firewall rules allow outbound access tohttps://aka.ms/aks/outbound,https://aka.ms/aks/ssh,https://aka.ms/aks/agent, andhttps://aka.ms/aks/containerinsights. - Drain/PDB-related errors: pods cannot be drained from nodes. Use
kubectl get pods --all-namespaces -o wideandkubectl describe podto find stuck pods; temporarily relax or remove PodDisruptionBudgets, or force-delete problematic pods, then retry the upgrade. - Subnet too small or
SubnetIsFull: the subnet cannot allocate more IPs for upgraded nodes. Move the node pool to a larger subnet or recreate it with a larger address space.
-
- If the cluster itself is marked as Failed after the upgrade attempt, follow the failed-cluster guidance: use the activity log and the Diagnose and solve problems blade on the AKS resource to detect and fix common issues, including network, DNS, or infrastructure problems.
- After correcting the identified issue (quota, policy, networking, PDB, subnet, or capacity), re-run the node image upgrade for the affected node pools.
Because the failure is reported only as “Unknown error” in the screenshot, the concrete root cause will be one of the underlying errors surfaced in the detailed activity log JSON or Diagnose and Solve Problems output. Those tools should be used to pinpoint which of the documented failure patterns applies to the environment on 24 March.
References: