Unable to configure Azure Insights on Azure VM running Windows - azure

I am attempting to configure the Log Analytics agent for Insights on my Azure VM running Windows. When I attempt to deploy the monitoring configuration, the DependencyAgentWindows VM extension fails to install. I have the same solution working on a similar VM and am stumped on what the issue is for the failing VM.
{"code":"DeploymentFailed","message":"At least one resource deployment> operation failed. Please list deployment operations for details.> Please see https://aka.ms/DeployOperations for usage
details.","details":"code":"VMExtensionHandlerNonTransientError","message":"The
handler for VM extension type
'Microsoft.Azure.Monitoring.DependencyAgent.DependencyAgentWindows'
has reported terminal failure for VM extension
'DependencyAgentWindows' with error message: 'Install failed for
plugin (name:
Microsoft.Azure.Monitoring.DependencyAgent.DependencyAgentWindows,
version 9.10.16.22650) with exception Command
C:\Packages\Plugins\Microsoft.Azure.Monitoring.DependencyAgent.DependencyAgentWindows\9.10.16.22650\scripts\RunPs1.cmd
of Microsoft.Azure.Monitoring.DependencyAgent.DependencyAgentWindows
has exited with Exit code: 52'.\r\n \r\n'Install handler failed for
the extension. More information on troubleshooting is available at
https://aka.ms/VMExtensionDependencyAgentWindowsTroubleshoot'"}]}
I have tried to deploying the Monitoring Configuration and installing the DepencyAgentWindows VM Extension through the Portal and through PowerShell. I am expecting the DepencyAgentWindows VM Extension to install properly and be able to enable Insights successfully.

I tried to reproduce same in my environment I got the results successfully like below.
This issue usually occurs if network connectivity issues preventing the plugin from being downloaded and if the extension won't work properly if the vm agent is failing to report a status to the Azure platform..
To resolve this issue:
Try to delete if any other extension is already exists in your vm
In virtual machine -> extension -> uninstall
In monitor -> virtual machine -> configure insights -> enable -> monitoring configuration -> configure
When I try to deploy, it deployed successfully like below:
If still issue persists, try to uninstall the vm and Redeploy it and also check the MsDoc to know the supported operating system versions.

Related

Onboarding Azure Arc VM fails: can't install Azure Connected Machine Agent

I'd like to add an offsite Windows VM to Azure Arc for health monitoring. The VM is hosted by Vultr and runs Windows Server 2016 Standard Build 14393.
However, installing AzureConnectedMachineAgent.msi on the target VM fails with error code 1603. Installation log also contains this error:
Start-Service : Service 'Guest Configuration Extension service
WixQuietExec64: (ExtensionService)' cannot be started due to the following error: Cannot start
WixQuietExec64: service ExtensionService on computer '.'.
WixQuietExec64: At C:\Program Files\AzureConnectedMachineAgent\ExtensionService\GC\Modules\Exte
WixQuietExec64: nsionService\ServiceHelper.psm1:367 char:5
Any suggestions on how to fix this?
You may Check if the user with which you are logged into the VM have
sufficient permissions to start a system service
If you find the following in the
%ProgramData%\AzureConnectedMachineAgent\Log\himds.log or in installation logs :
time="2021-02-11T08:39:38-08:00" level=error msg="Cannot open event source: Azure Hybrid Instance Metadata Service."
You can verify the permissions by collecting the following registry
key from an impacted server.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomS
Mitigation can be to grant the permission to write to the
SECURITY_SERVICE_RID S-1-5-6 which would grant the required
permissions to the himds service account.
https://learn.microsoft.com/en-us/windows/win32/secauthz/well-known-sids.
If the registry key does NOT exist on the impacted VM, then this
resolution will NOT apply as there will be a separate root cause such
as AV interference.
If the root cause is not found here ,then a procmon trace needs to be
taken to analyze the root cause for the msi not being able to start a
service.
( In case a procmon trace has to be analyzed , please open an MS
Support ticket)
To get support for Windows Agent and extensions in Azure, the Windows
Agent on the Windows VM must be later than or equal to version
2.7.41491.911. However the cause for the failure of agent installation is different in this case.
You may also want to check %programdata%\ext_mgr_logs\gc_ext_telemetry.txt log which must have had an entry something like this :
<GCLOG>........ Not starting Extension Service since machine is an Azure VM</GCLOG>
Cause:
This can happen while attempting to install the agent on an Azure VM.This is an unsupported production scenario.One Should not be installing this agent on an Azure VM as it conflicts with the Azure Guest Agent and interferes with Azure VM management.
If one wishes to use an Azure VM simply for testing purposes then
they can follow the below document for guidance
https://learn.microsoft.com/en-us/azure/azure-arc/servers/plan-evaluate-on-azure-virtual-machine

Azure Devops: installing a Windows Service

I am trying to automate installing windows service using Azure DevOps pipeline. I installed Windows Service Manager from here: https://marketplace.visualstudio.com/items?itemName=MDSolutions.WindowsServiceManagerWindowsServiceManager and added it to the pipeline as a task. The windows service should be installed on the virtual machine where the pipeline is, so I provided "LocalSystem" as Run As Username, and nothing for password. The service was not installed with the following error:
Service ' (MyServiceName)' cannot be created due to the following error: The account name is invalid or does not exist, or the password is invalid for the account name specified
I tried also the credentials I use to get to the virtual machine, but it gave the same error. How can this be solved?
Added:
The service can be installed without problems using installutil.
Azure Devops: installing a Windows Service
You could try to use deployment groups to test, if you are using the private agent:
As the document state:
Service Name - The name of the Windows Service installed on the Deployment Group Target.
You could also refer to the similar thread for some more details.

How to fix the Error "Error Code: ERROR_DESTINATION_INVALID" in Azure DevOps release pipelines

I have created the app service in existing internal app service environment. And then I’m trying to deploy the source code into above app service using Azure DevOps CI & CD pipelines. But, in the release pipeline I’m getting the below error message in Azure DevOps:
Error: Error Code: ERROR_DESTINATION_INVALID
More Information: Could not connect to the remote computer ("xx-xxxx-v1-api-dev.scm.xxx-int-nonp.xxxcloudapps.com"). Make sure that the remote computer name is correct and that you are able to connect to that computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DESTINATION_INVALID.
Error: The remote name could not be resolved: 'xx-xxxx-v1-api-dev.scm.xxx-int-nonp.xxxxcloudapps.com'
Error count: 1.
Note: I’m using self-hosted agent in the release pipeline. I have tried to access Kudu environment for the above service in the private virtual machine. But, the kudu not opening.
So, please suggest me how to fix the above issue.
Kindly set/add the following to the Application setting and see if it helps.
Name: WEBSITE_WEBDEPLOY_USE_SCM
Value: false
If I have understood your issue correctly (using private link).
For accessing the Kudu console, or Kudu REST API (deployment with Azure DevOps self-hosted agents for example), you must create two records in your Azure DNS private zone or your custom DNS server. Kindly check this document for more details. If you haven't added the records, kindly see if that works.
Name Type Value
mywebapp.privatelink.azurewebsites.net A PrivateEndpointIP
mywebapp.scm.privatelink.azurewebsites.net A PrivateEndpointIP
https://learn.microsoft.com/azure/app-service/networking/private-endpoint#dns
Ensure that the release pipeline is running in the right host. Because the endpoint is private for the SCM too, the DevOps Agent must be in a network with access with the endpoint, so mandatory to use self-hosted Devops Agent.
Kindly see this doc for more details:
https://learn.microsoft.com/azure/app-service/networking/private-endpoint#dns
If the issue still persists, kindly capture a network trace/HAR or client-side HTTP log/review the logs.
P.S. Kindly do not share any PII data on the public forum for your privacy.

Azure pipeline 'WinRMCustomScriptExtension' underlying connection was closed in non-public VM

In Azure pipeline when creating a VM through deployment template, we have the option to 'Configure with WinRM agent' as given below.
This acts as a custom extension behind the scenes. But the downloading of this custom extension can be blocked by an internal vnet in Azure. This is the error we are getting.
<datetime> Adding extension 'WinRMCustomScriptExtension' on virtual machine <vmname>
<datetime> Failed to add the extension to the vm: <vmname>. Error: "VM has reported a failure when processing extension 'WinRMCustomScriptExtension'. Error message: \"Failed to download all specified files. Exiting. Error Message: The underlying connection was closed: An unexpected error occurred on a send.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "
Since the files cannot be downloaded, I am thinking of a couple of solutions:
How can I know which powershell files azure is using to setup winrm?
Location to store files would be storage account (same vnet as VM)
Perhaps not use WinRM at all and use custom script extension to resolve
everything (with all files from storage account). I hope error from extension stops the pipeline if it happens.
Is there a better solution to resolve this? To me it looks like a bad design by azure as it is not covering non-public VMs.
EDIT:
Found answer to #1) https://aka.ms/vstsconfigurewinrm. This was shown in Raw logs of the pipeline when diagnostics were enabled
Even if you know - how does it help you? It won't be able to download them anyway and you cant really tell it to use local files
If you enable service endpoins and allow your subnet to talk to the storage account - it should work
there is a way to configure WinRM when you create the VM. Keyvault example
You could use script extension like you wanted to as well, but script extension has to download stuff to the Vm as well. Example

Failed to delete the virtual machine extension in Azure ARM VM

I am getting a error message while removing the extension from a Linux VM in Azure Resource Manager Mode .
Failed to delete the virtual machine extension 'CustomScriptForLinux'. Error: VM has reported a failure when processing extension 'VMAccessForLinux'. Error message: "Enable failed.".
Removing some VM Extensions is not supported; others have properties that can be set that change VM behavior radically.
You can remove the extension by using Azure PowerShell cmdlets or by using the Service Management REST API operations.
Remove-AzureVMExtension – Use the cmdlet to remove classic VM extension
Remove-AzureRmVMExtension – Use the cmdlet to remove ARM VM extension
For more details on removing the extension check the link Add, Update, or Disable Extensions.

Resources