add TSG for Azure Local 2601

[andyk-ms]

Azure Local Update Failed when updating from earlier preview versions (Local Identity Deployment, or ADLess Deployment) to 2601 with Error: "Access is denied"

[Copilot]

Pull request overview

This PR adds a new Troubleshooting Guide (TSG) for Azure Local update failures when updating from earlier preview versions (Local Identity / ADLess Deployments) to version 2601. The issue manifests as an "Access is denied" error in the AgentLifecycleManager during the update action plan, caused by local admin credentials being removed from the ECE Store.

Changes:

• Adds a new TSG document (AZLUpate2601.md) describing the symptoms, cause, and mitigation steps for the 2601 update failure
• Provides PowerShell commands to re-add local admin credentials to the ECE Service Secret store and resume the failed update

[Copilot]

The Move-ClusterGroup -Name parameter specifies the cluster group name, not the destination node. Since the cluster group is already piped in via Get-ClusterGroup, the correct parameter to specify the destination node is -Node. As seen in other TSGs (e.g., TSG/Update/Update-Hangs-after-Secret-Rotation.md line 215: Move-ClusterGroup -Name $Name -Node $targetNode), -Node is the parameter for the target node. This should be -Node <Hostname of your current node> instead of -Name <Hostname of your current node>.

Running this command as written would fail or produce unexpected behavior in a production environment.

Suggested change

	Get-ClusterGroup -Name "Azure Stack HCI Orchestrator Service Cluster Group" | Move-ClusterGroup -Name <Hostname of your current node>
	Get-ClusterGroup -Name "Azure Stack HCI Orchestrator Service Cluster Group" | Move-ClusterGroup -Node <Hostname of your current node>

[Copilot]

The markdown headings on lines 3, 14, and 17 are missing a space after the # symbol. Standard markdown requires a space (e.g., # Symptoms instead of #Symptoms). Without the space, many markdown renderers will not interpret these as headings. Also, the title on line 1 should be formatted as a markdown heading with # prefix, consistent with all other TSGs in this directory (see, e.g., TSG/Update/ECEAgent-Slowness-During-Update.md line 1, TSG/Update/CauPostVersionCheck-2510-23H2.md line 1, TSG/Update/Resumed-update-fails-immediately.md line 1).

[Copilot]

The file is named AZLUpate2601.md — "Upate" is a typo for "Update". Other TSGs in this directory use a descriptive hyphenated naming convention (e.g., Update-fails-with-ARB-offline.md, Resumed-update-fails-immediately.md). Per the project guidelines, most new MD files should follow <Type>-<Topic>-<Specifics>.md. Consider renaming to something like Update-2601-Access-Denied-LocalIdentity.md.

[Copilot]

The code blocks should include a language identifier (e.g., ```powershell) for proper syntax highlighting and consistency with other TSGs in this directory (see TSG/Update/Get-SolutionUpdate-GatewayTimeout.md, TSG/Update/Update-preparation-fails-Could-not-find-part-of-the-file-path.md). The Troubleshoot-Template.md also specifies: "Any code block should be wrapped in triple backticks with language identifier." This applies to lines 5, 23, 29, and 35.

[Copilot]

The TSG/Update/README.md table of contents has not been updated to include a link to this new TSG. Per the project guidelines, "The table of contents in the component's README.md files should be updated when adding new content." Please add an entry such as * [Azure Local Update to 2601 fails with "Access is denied" for Local Identity Deployments](./AZLUpate2601.md) to TSG/Update/README.md.