Azure · AlBurns-MSFT · Feb 2, 2026 · Jan 30, 2026 · Jan 30, 2026 · Feb 1, 2026
diff --git a/TSG/EnvironmentValidator/Networking/README.md b/TSG/EnvironmentValidator/Networking/README.md
@@ -4,18 +4,47 @@ For Azure Local Network Resources not related to Environment Validator, see [TSG
 
 ## 📚 Table of Contents
 
+- [Troubleshoot: Add Node Network ATC Service](Troubleshoot-Network-Test-AddNode-NetworkATC-Service.md)
+- [Troubleshoot: AKS DNS Server CIDR Overlap](Troubleshoot-Network-Test-AKS-DnsServer-Cidr-Overlap.md)
+- [Troubleshoot: AKS POD CIDR IP Pool Overlap](Troubleshoot-Network-Test-AKS-PodCidr-IpPool-Overlap.md)
+- [Troubleshoot: AKS Proxy Server CIDR Overlap](Troubleshoot-Network-Test-AKS-ProxyServer-Cidr-Overlap.md)
+- [Troubleshoot: AKS Service CIDR IP Pool Overlap](Troubleshoot-Network-Test-AKS-ServiceCidr-IpPool-Overlap.md)
+- [Troubleshoot: Cluster Network Intent Status](Troubleshoot-Network-Test-Cluster-Intent-Status.md)
+- [Troubleshoot: Cluster Management Intent Exists](Troubleshoot-Network-Test-Cluster-MgmtIntent-Exists.md)
+- [Troubleshoot: Cluster Storage Intent Exists](Troubleshoot-Network-Test-Cluster-StorageIntent-Exists.md)
 - [Troubleshoot: Host Network Configuration Readiness](Troubleshoot-Network-Test-HostNetworkConfigurationReadiness.md)
+- [Troubleshoot: Infrastructure IP Azure Endpoint Connection](Troubleshoot-Network-Test-InfraIP-Azure-Endpoint-Connection.md)
+- [Troubleshoot: Infrastructure IP DNS Client Readiness](Troubleshoot-Network-Test-InfraIP-DNS-Client-Readiness.md)
+- [Troubleshoot: Infrastructure IP DNS Port 53 Connection](Troubleshoot-Network-Test-InfraIP-DNS-Port-53.md)
+- [Troubleshoot: Infrastructure IP Hyper-V Readiness](Troubleshoot-Network-Test-InfraIP-Hyper-V-Readiness.md)
+- [Troubleshoot: Infrastructure IP IP Readiness](Troubleshoot-Network-Test-InfraIP-IPReadiness.md)
+- [Troubleshoot: Infrastructure IP vNIC Readiness](Troubleshoot-Network-Test-InfraIP-vNIC-Readiness.md)
+- [Troubleshoot: Infrastructure IP VMSwitch Readiness](Troubleshoot-Network-Test-InfraIP-VMSwitch-Readiness.md)
 - [Troubleshoot: Infrastructure IP Pool Readiness](Troubleshoot-Network-Test-InfraIpPoolReadiness.md)
+- [Troubleshoot: Intent Virtual Adapter Existence](Troubleshoot-Network-Test-IntentVirtualAdapterExistence.md)
 - [Troubleshoot: Management Adapter Readiness](Troubleshoot-Network-Test-ManagementAdapterReadiness.md)
+- [Troubleshoot: Management IP Connection](Troubleshoot-Network-Test-MgmtIP-Connection.md)
+- [Troubleshoot: Management IP in Infrastructure Subnet](Troubleshoot-Network-Test-MgmtIp-In-InfraSubnet.md)
+- [Troubleshoot: Management IP Not in Infrastructure Pool](Troubleshoot-Network-Test-MgmtIp-NotIn-InfraPool.md)
+- [Troubleshoot: Management IP Not Overlap Storage Subnet](Troubleshoot-Network-Test-MgmtIP-Not-Overlap-Storage-Subnet.md)
+- [Troubleshoot: Management IP On Correct Adapter](Troubleshoot-Network-Test-MgmtIP-On-Correct-Adapter.md)
 - [Troubleshoot: MOC Stack Network Port](Troubleshoot-Network-Test-MOCStackNetworkPort.md)
 - [Troubleshoot: Network Adapter Driver Consistency Check](Troubleshoot-Network-Test-NetworkAdapter-DriverConsistency.md)
 - [Troubleshoot: Network Adapter Inbox Driver Check](Troubleshoot-Network-Test-NetworkAdapter-InboxDriver.md)
 - [Troubleshoot: Network Default Gateway Requirement](Troubleshoot-Network-Test-NetworkDefaultGatewayRequirement.md)
+- [Troubleshoot: Network Intent Requirement](Troubleshoot-Network-Test-NetworkIntentRequirement.md)
+- [Troubleshoot: New Node Duplicate IP](Troubleshoot-Network-Test-NewNode-Duplicate-IP.md)
+- [Troubleshoot: New Node First Adapter Validity](Troubleshoot-Network-Test-NewNode-First-Adapter.md)
+- [Troubleshoot: New Node IP Conflict](Troubleshoot-Network-Test-NewNode-IP-Conflict.md)
+- [Troubleshoot: New Node Name and IP Match](Troubleshoot-Network-Test-NewNode-Name-IP-Match.md)
+- [Troubleshoot: New Node Outside Management Range](Troubleshoot-Network-Test-NewNode-Outside-MgmtRange.md)
 - [Troubleshoot: Storage Adapter IP Configuration](Troubleshoot-Network-Test-StorageAdapterIPConfiguration.md)
 - [Troubleshoot: Storage Adapter Readiness](Troubleshoot-Network-Test-StorageAdapterReadiness.md)
 - [Troubleshoot: Storage Connections Connectivity Check](Troubleshoot-Network-Test-StorageConnections-ConnectivityCheck.md)
 - [Troubleshoot: Storage Connections No Validation Method](Troubleshoot-Network-Test-StorageConnections-NoValidationMethod.md)
 - [Troubleshoot: Storage Connections VMSwitch Configuration](Troubleshoot-Network-Test-StorageConnections-VMSwitch-Configuration.md)
+- [Troubleshoot: Storage Connectivity Type](Troubleshoot-Network-Test-StorageConnectivityType.md)
+- [Troubleshoot: Storage VLAN for 2-Node Switchless](Troubleshoot-Network-Test-StorageVlan-2Node-Switchless.md)
 
 ---
 

diff --git a/...entValidator/Networking/Troubleshoot-Network-Test-AKS-DnsServer-Cidr-Overlap.md b/...entValidator/Networking/Troubleshoot-Network-Test-AKS-DnsServer-Cidr-Overlap.md
@@ -0,0 +1,167 @@
+# AzureLocal_Network_Test_AKS_Subnet_POD_SERVICE_CIDR_DNSServer_Overlap
+
+<table border="1" cellpadding="6" cellspacing="0" style="border-collapse:collapse; margin-bottom:1em;">
+  <tr>
+    <th style="text-align:left; width: 180px;">Name</th>
+    <td><strong>AzureLocal_Network_Test_AKS_Subnet_POD_SERVICE_CIDR_DNSServer_Overlap</strong></td>
+  </tr>
+  <tr>
+    <th style="text-align:left; width: 180px;">Severity</th>
+    <td><strong>Informational</strong>: This validator provides information but will not block operations.</td>
+  </tr>
+  <tr>
+    <th style="text-align:left;">Applicable Scenarios</th>
+    <td><strong>Deployment</strong></td>
+  </tr>
+</table>
+
+## Overview
+
+This validator checks that DNS server addresses configured on the management adapter do not overlap with the Kubernetes POD CIDR or Service CIDR subnets. While this is informational and will not block deployment, DNS servers in these ranges may indicate a configuration issue.
+
+## Requirements
+
+DNS servers should meet the following recommendation:
+1. DNS server IP addresses should not fall within the POD CIDR subnet (default: `10.244.0.0/16`)
+2. DNS server IP addresses should not fall within the Service CIDR subnet (default: `10.96.0.0/12`)
+
+## Troubleshooting Steps
+
+### Review Environment Validator Output
+
+Review the Environment Validator output JSON. Check the `AdditionalData.Detail` field for information about the DNS server addresses and whether they overlap with AKS CIDR ranges.
+
+```json
+{
+  "Name": "AzureLocal_Network_Test_AKS_Subnet_POD_SERVICE_CIDR_DNSServer_Overlap",
+  "DisplayName": "Test for DNS server overlaps with POD CIDR Subnet 10.244.0.0/16 and Service CIDR Subnet 10.96.0.0/12",
+  "Title": "Test for DNS server overlaps with POD CIDR Subnet 10.244.0.0/16 and Service CIDR Subnet 10.96.0.0/12",
+  "Status": 1,
+  "Severity": 0,
+  "Description": "Checking DNS server address(es) not within the POD CIDR Subnet 10.244.0.0/16 and Service CIDR Subnet 10.96.0.0/12",
+  "Remediation": "Verify DNS servers configured are not overlapping with AKS pre-defined POD subnet and Service subnet. Check https://learn.microsoft.com/en-us/azure/aks/aksarc/aks-hci-ip-address-planning for more information.",
+  "TargetResourceID": "DNSServer-10.244.0.10",
+  "TargetResourceName": "DNSServer-10.244.0.10",
+  "TargetResourceType": "DNSServer-10.244.0.10",
+  "Timestamp": "\\/Date(timestamp)\\/",
+  "AdditionalData": {
+    "Source": "DNSServerPODServiceCIDR",
+    "Resource": "DNSServerPODServiceCIDR",
+    "Detail": "DNS server address(es): 10.244.0.10. POD CIDR: 10.244.0.0/16; Service CIDR: 10.96.0.0/12",
+    "Status": "FAILURE",
+    "TimeStamp": "<timestamp>"
+  }
+}
+```
+
+---
+
+### Informational: DNS Server Overlaps with POD or Service CIDR
+
+**Message:**
+```text
+DNS server address(es): 10.244.0.10. POD CIDR: 10.244.0.0/16; Service CIDR: 10.96.0.0/12
+```
+
+**Description:** The DNS server address configured on the management adapter overlaps with the POD CIDR or Service CIDR subnet. This is informational and will not block deployment, but may indicate a configuration issue or potential routing conflicts. Microsoft will upgrade the severity of this validator in the future.
+
+#### Recommended Actions
+
+##### Verify DNS Server Configuration
+
+1. Check the DNS server configuration on the management adapter:
+
+   ```powershell
+   # Get DNS configuration from appropriate adapter
+   # change $adapterName to the adapter name defined in your system.
+   $adapterName = "myAdapterName"
+    Get-DnsClientServerAddress -InterfaceAlias $adapterName -AddressFamily IPv4
+   ```
+
+2. Verify the DNS server IP addresses:
+   - Check if the reported DNS server IP is correct
+   - Verify the DNS server is reachable and functional
+   - Confirm this is the intended DNS server for your environment
+
+3. If the DNS server address is incorrect or in a conflicting range, consider reconfiguring it:
+
+   ```powershell
+   # Set DNS server to an address outside the CIDR ranges
+   # Replace with your actual DNS server address
+   $dnsServers = @("192.168.1.1", "192.168.1.2")
+   Set-DnsClientServerAddress -InterfaceAlias $adapterName -ServerAddresses $dnsServers
+   ```
+
+4. Verify the new DNS configuration:
+
+   ```powershell
+   Get-DnsClientServerAddress -InterfaceAlias $adapterName -AddressFamily IPv4
+
+   # Test DNS resolution
+   Resolve-DnsName "microsoft.com"
+   ```
+
+##### Understanding the Impact
+
+Having a DNS server in the POD or Service CIDR ranges may cause:
+- **Routing conflicts**: DNS queries may be misdirected when AKS workloads are deployed
+- **Connectivity issues**: DNS resolution may fail for pods or services
+- **Network complexity**: Troubleshooting becomes more difficult
+
+However, if the DNS server is:
+- Actually located at that address and functioning correctly
+- Properly routed and accessible
+- Not conflicting with AKS workload networking
+
+Then you may choose to accept this configuration and monitor for issues.
+
+##### When to Reconfigure
+
+Consider reconfiguring the DNS server address if:
+1. The DNS server is a placeholder or temporary configuration
+2. You plan to deploy AKS workloads on this cluster
+3. You want to avoid potential future networking conflicts
+4. You have DNS servers available in non-conflicting ranges
+
+##### When It's Acceptable to Proceed
+
+You may proceed without changes if:
+1. The DNS server is intentionally placed in this range
+2. You have verified it does not conflict with your AKS deployment plans
+3. Your network routing is configured to handle this scenario
+4. You've documented this configuration for future reference
+
+---
+
+## Additional Information
+
+### Default AKS CIDR Ranges
+
+- **POD CIDR**: `10.244.0.0/16` (default)
+  - Range: `10.244.0.0` to `10.244.255.255`
+  - Reserved for Kubernetes pod IP addresses
+- **Service CIDR**: `10.96.0.0/12` (default)
+  - Range: `10.96.0.0` to `10.111.255.255`
+  - Reserved for Kubernetes service IP addresses
+
+### Recommended DNS Server Placement
+
+For optimal network design, place DNS servers in ranges that do not conflict with:
+- POD CIDR: `10.244.0.0/16`
+- Service CIDR: `10.96.0.0/12`
+- Infrastructure IP pools
+
+**Common DNS server locations:**
+- Corporate DNS: Use your organization's existing DNS infrastructure
+- On-premises DNS: Typically in your datacenter's management network
+- Cloud DNS: Azure DNS or other cloud-provided DNS services
+
+**Example non-conflicting ranges:**
+- `192.168.x.x` - Private network range
+- `10.0.x.x` - Private network range (avoid `10.96-10.111` and `10.244`)
+- `172.16.x.x` - Private network range
+
+### Related Documentation
+
+- [AKS IP Address Planning](https://learn.microsoft.com/en-us/azure/aks/aksarc/aks-hci-ip-address-planning)
+- [Azure Local Network Requirements](https://learn.microsoft.com/en-us/azure-stack/hci/concepts/host-network-requirements)
diff --git a/...entValidator/Networking/Troubleshoot-Network-Test-AKS-PodCidr-IpPool-Overlap.md b/...entValidator/Networking/Troubleshoot-Network-Test-AKS-PodCidr-IpPool-Overlap.md
@@ -0,0 +1,148 @@
+# AzStackHci_Network_Test_AKS_Subnet_POD_CIDR_IP_Range_Overlap
+
+<table border="1" cellpadding="6" cellspacing="0" style="border-collapse:collapse; margin-bottom:1em;">
+  <tr>
+    <th style="text-align:left; width: 180px;">Name</th>
+    <td><strong>AzStackHci_Network_Test_AKS_Subnet_POD_CIDR_IP_Range_Overlap</strong></td>
+  </tr>
+  <tr>
+    <th style="text-align:left; width: 180px;">Severity</th>
+    <td><strong>Critical</strong>: This validator will block operations until remediated.</td>
+  </tr>
+  <tr>
+    <th style="text-align:left;">Applicable Scenarios</th>
+    <td><strong>Deployment</strong></td>
+  </tr>
+</table>
+
+## Overview
+
+This validator checks that IP pool ranges (StartingAddress to EndingAddress) do not overlap with the Kubernetes POD CIDR subnet. The POD CIDR is reserved for Kubernetes pod networking in AKS workloads, and customer IP pools must not conflict with this range.
+
+## Requirements
+
+IP pools must meet the following requirement:
+1. IP pool StartingAddress and EndingAddress must not fall within the POD CIDR subnet (default: `10.244.0.0/16`)
+
+## Troubleshooting Steps
+
+### Review Environment Validator Output
+
+Review the Environment Validator output JSON. Check the `AdditionalData.Detail` field for information about which IP pool is overlapping with the POD CIDR. The `TargetResourceID` field shows the specific IP pool range.
+
+```json
+{
+  "Name": "AzStackHci_Network_Test_AKS_Subnet_POD_CIDR_IP_Range_Overlap",
+  "DisplayName": "Test for overlaps with POD CIDR Subnet 10.244.0.0/16",
+  "Title": "Test for overlaps with POD CIDR Subnet 10.244.0.0/16",
+  "Status": 1,
+  "Severity": 2,
+  "Description": "Checking start and end address are not within the POD CIDR Subnet 10.244.0.0/16",
+  "Remediation": "Verify IP pool(s) are not overlapping with AKS pre-defined POD subnet. Check https://learn.microsoft.com/en-us/azure/aks/aksarc/aks-hci-ip-address-planning for more information.",
+  "TargetResourceID": "IpPool-10.244.1.10-10.244.1.20",
+  "TargetResourceName": "ManagementIPRange",
+  "TargetResourceType": "Network Range",
+  "Timestamp": "<timestamp>",
+  "AdditionalData": {
+    "Source": "CustomerNetwork",
+    "Resource": "CustomerSubnet",
+    "Detail": "Start IP '10.244.1.10' and End IP '10.244.1.20' overlaps with the POD subnet: 10.244.0.0/16.",
+    "Status": "FAILURE",
+    "TimeStamp": "<timestamp>"
+  }
+}
+```
+
+---
+
+### Failure: IP Range Overlaps with POD CIDR
+
+**Error Message:**
+```text
+IP Range: 10.244.1.10 - 10.244.1.20 overlaps with K8s Default POD CIDR: 10.244.0.0/16. Please reconfigure the network to resolve this conflict.
+```
+
+**Root Cause:** The IP pool range overlaps with the Kubernetes POD CIDR subnet (default: `10.244.0.0/16`). This creates a critical conflict because these addresses are reserved for Kubernetes pod networking in AKS workloads.
+
+#### Remediation Steps
+
+##### Reconfigure IP Pool to Avoid POD CIDR Range
+
+The IP pool must be reconfigured to use addresses outside the POD CIDR range (`10.244.0.0/16` by default).
+
+1. Review the current IP pool configuration to identify the overlapping range. Look at the `TargetResourceID` field in the error message to identify the specific IP pool (e.g., `IpPool-10.244.1.10-10.244.1.20`).
+
+2. Understand the POD CIDR range:
+   - Default POD CIDR: `10.244.0.0/16`
+   - This means addresses from `10.244.0.0` to `10.244.255.255` are reserved
+   - Your IP pools must be outside this entire range
+
+3. Choose a new IP range that does not overlap with the POD CIDR subnet. Recommended alternatives:
+   - `10.0.x.x/24` - Common for small networks
+   - `192.168.x.x/24` - Private network range
+   - `172.16.x.x` through `172.31.x.x` - Private network range
+   - Any other subnet in your enterprise that doesn't conflict with `10.244.0.0/16`
+
+4. Update the IP pool configuration through your deployment method:
+
+   **For Azure portal deployment:**
+   - Modify the IP pool configuration in the deployment wizard before proceeding
+
+   **Example IP pool configuration (outside POD CIDR):**
+   ```powershell
+   # Example: Change from 10.244.1.10-10.244.1.20 to 10.0.1.10-10.0.1.20
+   $ipPool = @{
+       StartingAddress = "10.0.1.10"
+       EndingAddress   = "10.0.1.20"
+   }
+   ```
+
+5. Verify the new IP range does not conflict with:
+   - POD CIDR: `10.244.0.0/16`
+   - Service CIDR: `10.96.0.0/12` (see related validator)
+   - Other network segments in your environment
+
+6. Retry the validation after reconfiguring the IP pool.
+
+> **Important**: Ensure the new IP range:
+> - Is routable within your network
+> - Does not conflict with existing infrastructure
+> - Has sufficient capacity for your deployment needs
+> - Is in the same subnet as node management IPs
+
+---
+
+## Additional Information
+
+### Default AKS CIDR Ranges
+
+- **POD CIDR**: `10.244.0.0/16` (default, can be customized)
+  - Reserved for Kubernetes pod IP addresses
+  - Critical: Must not overlap with customer networks
+- **Service CIDR**: `10.96.0.0/12` (default)
+  - Reserved for Kubernetes service IP addresses
+  - Warning: Should not overlap with customer networks
+
+### Understanding the POD CIDR Range
+
+The POD CIDR `10.244.0.0/16` includes all addresses from:
+- **Start**: `10.244.0.0`
+- **End**: `10.244.255.255`
+- **Total addresses**: 65,536 addresses
+
+Your IP pools must use addresses completely outside this range.
+
+### Recommended IP Addressing Schemes
+
+| Use Case | Recommended Range | CIDR Notation | Addresses |
+|----------|------------------|---------------|-----------|
+| Small deployment | 192.168.1.0 - 192.168.1.255 | 192.168.1.0/24 | 254 |
+| Medium deployment | 10.0.0.0 - 10.0.255.255 | 10.0.0.0/16 | 65,534 |
+| Large deployment | 172.16.0.0 - 172.31.255.255 | 172.16.0.0/12 | 1,048,574 |
+
+Avoid using `10.244.x.x` or `10.96.x.x` to prevent conflicts with AKS default ranges.
+
+### Related Documentation
+
+- [AKS IP Address Planning](https://learn.microsoft.com/en-us/azure/aks/aksarc/aks-hci-ip-address-planning)
+- [Azure Local Network Requirements](https://learn.microsoft.com/en-us/azure-stack/hci/concepts/host-network-requirements)