I am trying to add the Antimalware extension to a virtual machine for protection but when i try to add the extension in the Azure portal i get the following error:
Failed to add extension to virtual machine. The virtual machine request is invalid The specified source image is a user image. The image must be a platform image.
I have installed the VMAgent.
As extra information i have tried using powershell commands to install the extension by using the following commands and getting the respective responses:
$vm = Get-AzureVM –ServiceName "MyServiceName" –Name "MyVMName"
VERBOSE: ... - completed operation: Get Deployment*
Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM
WARNING: The resource extension reference list is null or empty
AvailabilitySetName :
ConfigurationSets : {Microsoft.WindowsAzure.Commands.ServiceManagement.Model.NetworkConfigurationSet}
DataVirtualHardDisks : {"MyVMName"}
Label :
OSVirtualHardDisk : Microsoft.WindowsAzure.Commands.ServiceManagement.Model.OSVirtualHardDisk
RoleName : "MyVMName"
RoleSize : Large
RoleType : PersistentVMRole
WinRMCertificate :
X509Certificates :
NoExportPrivateKey : False
NoRDPEndpoint : False
NoSSHEndpoint : False
DefaultWinRmCertificateThumbprint : F4CF28C735C5E557C7B47742E4F16A08959272F1
ProvisionGuestAgent :
ResourceExtensionReferences : {IaaSAntimalware}
DataVirtualHardDisksToBeDeleted :
Update-AzureVM -Name "MyServiceName" -ServiceName "MyVMName" -VM $vm.VM
VERBOSE: 11:15:10 - Completed Operation: Get Deployment
VERBOSE: 11:15:10 - Begin Operation: Update-AzureVM
VERBOSE: 11:15:42 - Completed Operation: Update-AzureVM
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
Update-AzureVM 387b77a2-c8fc-233a-913d-cd364c855429 Succeeded
After i run the commands i check and VMAgent is installed on the VM but no extension.
Does anyone have any ideas?
Thanks!!
The cause might be your first line
$vm = Get-AzureVM –ServiceName "MyServiceName" –Name "MyVMName"
When -servicename and -name are not specified, Get-AzureVM returns no VM object
Set-AzureVMextension only works with -VM input
Try this:
https://gist.github.com/andreaswasita/428fc5519b0ddac76b01
In my experience, this warning is due to the Azure Guest agent not being deployed on the VM, not running on the VM, or being out-of-date. If the VM doesn't have a healthy (and current) guest agent, you won't be able to deploy extensions.
You can check the guest agent status with:
$vm.GuestAgentStatus
You'd be looking for a "Status" of "Ready"; anything else and the extension is likely to fail. Extending Klaad's code then...
# Azure Cloud Service and Azure VM Name
$service= Read-Host -Prompt 'Azure Cloud Service:'
$name = Read-Host -Prompt 'Azure VM:'
# Get the Cloud Service and Azure VM
$vm = Get-AzureVM –ServiceName $service –Name $name
# Check for health of the agent
If ($vm.GuestAgentStatus.Status -ne "Ready") {
Write-Error "The VM agent appears to not be installed or is in an unhealthy state."
}
Else {
# Add Microsoft Antimalware Agent to the Azure VM
Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM
# Update the Azure VM and install the Antimalware Agent
Update-AzureVM -Name $name -ServiceName $service -VM $vm.VM
}
To check if the agent is there, you can look for the following three processes on the server:
WaAppAgent.exe
WindowsAzureGuestAgent.exe
WindowsAzureTelemetryService.exe
You can download the agent from here (current version at time of edit is 2.6.1198.718).
Installation requires two steps (Source: Zach Millis):
Install the agent. This requires you to run PowerShell as an Administrator and execute the installer from within the PowerShell prompt. (Do not run directly)
Update Azure so it knows about the agent. This requires the following code to be executed:
Code:
# Azure Cloud Service and Azure VM Name
$service= Read-Host -Prompt 'Azure Cloud Service:'
$name = Read-Host -Prompt 'Azure VM:'
# Get the Cloud Service and Azure VM
$vm = Get-AzureVM –ServiceName $service –Name $name
# Provision the guest agent so Azure knows about it
$vm.VM.ProvisionGuestAgent = $TRUE
# Update the Azure VM and install the Antimalware Agent
$vm | Update-AzureVM
# Refresh the connection to the VM to get the new status
$vm = Get-AzureVM –ServiceName $service –Name $name
# Check status - should now be "Ready"
$vm.GuestAgentStatus
That should be it.
Related
When following the tutorial https://learn.microsoft.com/en-us/azure/application-gateway/create-ssl-portal (using Free Trial as subcription) I always fail for the error
ErrorCode: AuthorizationFailed
ErrorMessage: The client '<mai e-mail address>' with object id'xxx' does not have authorization to perform action 'Microsoft.Compute/virtualMachines/extensions/write' over scope '/subscriptions/yyy/resourceGroups/myResourceGroupAG/providers/Microsoft.Compute/virtualMachines/myVM/extensions/IIS' or the scope is invalid. If access was recently granted, please refresh your credentials.
ErrorTarget:
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : zzz
When runnig the command
Set-AzVMExtension `>> -ResourceGroupName myResourceGroupAG `
>> -ExtensionName IIS `
>> -VMName myVM `
>> -Publisher Microsoft.Compute `
>> -ExtensionType CustomScriptExtension `
>> -TypeHandlerVersion 1.4 `
>> -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}' `
>> -Location 'West US 2'
According to the portal Access control I (JM in the picture) should have role Virtual machine Contributor, but it doesn't help.
I tried with same PowerShell script command it is perfectly working for me.
You can try to run Disconnect-AzAccount and Clear-AzContext as a solution, so that the context of all the user are deleted and after that you can again login to azure from powershell by Connect-Azaccount.
The Owner Access in Subscription level is sufficient to perform the operation that you are trying to perform so , Separately giving the Virtual Machine Contributor Role is not required.
OR
To workaround this issue you can manually install IIS server .
Step 1: Login to you VM.
Step 2 : Manage->Add role and feature
Step 3 : Select Webserver IIS -> Next->Install
I have an Azure runbook where I am trying to deallocate VMs. When I run the runbook I get the error
Stop-AzureVM : No default subscription has been designated. Use Select-AzureSubscription -Default <subscriptionName> to
set the default subscription.
I have used the below in my script.
Add-AzureRmAccount
Select-AzureRMSubscription
After calling the select, it prints out
PSComputerName : localhost
PSSourceJobInstanceId :
Account :
Environment :
Subscription :
Tenant :
with the correct subscrption and tenant information so it seems the select is working correctly, but for some reason I still cannot use the Stop-AzureVM cmdlet.
Any ideas?
The command Stop-AzureVM is Azure Service Management PowerShell command. It just can be used to stop Azure classic VM. But the command Add-AzureRmAccount is Azure Resource Management PowerShell command. After running the command, we just can manage Azure Resource Management resources. For more details, please refer to here and here.
So with Azure ARM VM, please use the command Stop-AzureRmVM to stop it. Meanwhile, regarding how to stop Azure classic VM, please refer to the following steps
Create Azure Classic Run As Account
Script
$ConnectionAssetName = "AzureClassicRunAsConnection"
# Get the connection
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
# Authenticate to Azure with certificate
$CertificateAssetName = $Conn.CertificateAssetName
$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID
#stop VM
Stop-AzureVM -ServiceName "ContosoService01" -Name "MyVM" -Force
Besides, regarding how to check if the VM is classic, please refer to the blog
Try Running the below :
Get-Module AzureRm.Profile -ListAvailable
This issue might occur when there is multiple instances of the module. If there are multiple instance remove the older modules and retain the new module.
To remove the old module : Uninstall-Module -Name AzureRm.Profile -RequiredVersion 4.6.0#(olderversion if you have any)
i'm looking for a powershell way to disconnect a virtual machine from an OMS workspace.
I wrote a powershell script to move a VM to an other subscription. So i have to re-connect this VM from 'source workspace' to 'destination workspace'.
Just removing OMS extension show me the virtual machine as "Not connected" into Azure portal "Log Analytics workspace >Workspace Data Sources>Virtual machines".
This cmdlet should do the tricks (the doc is not really clear), but i always have the same message
remove-AzureRmOperationalInsightsDataSource -Workspace $OmsWkspceITS -Name CentosMove
Confirm
Are you sure you want to remove data source 'CentosMove' in workspace 'itsoms'?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Yes"): yes
WARNING: DataSource 'CentosMove' does not exist in workspace 'itsoms'.
(CentosMove is my VM name).
Our ITSOMS workspace is used for years now with hundred of VM, many solutions, NSG logflows analytics,..
$OmsWkspceITS
Name : itsoms
ResourceGroupName : rg_its_exploit
ResourceId : /subscriptions/blablabla/resourcegroups/blabla/providers/microsoft.operationalinsights/workspaces/itsoms
Location : westeurope
Tags :
Sku : standalone
CustomerId : xx
PortalUrl : https://weu.mms.microsoft.com/Accou...
ProvisioningState : Succeeded
The only Datasources i can get with this cmdlet are those like this one
Get-AzureRmOperationalInsightsDataSource -WorkspaceName $OmsWkspceITS.Name -ResourceGroupName $OmsWkspceITS.ResourceGroupName -Name DataSource_LinuxSyslog_syslog
Name : DataSource_LinuxSyslog_syslog
ResourceGroupName : rg_its_exploit
WorkspaceName : itsoms
ResourceId : /subscriptions/xx/resourceGroups/rg_its_exploit/providers/Microsoft.OperationalInsights/workspaces/itsoms/datasources/DataSource_LinuxSyslog_syslog
Kind : LinuxSyslog
Properties : {"syslogName":"syslog".....}
I'm maybe not looking at the right cmdlet i think ...
Thanks for your help :)
To accomplish your requirement use cmdlets Remove-AzureRmVMExtension and Set-AzureRmVMExtension.
For illustration check below commands.
To disconnect Linux VM agent:
Remove-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘OmsAgentForLinux’
To disconnect Windows VM agent:
Remove-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘MicrosoftMonitoringAgent’
To connect Linux VM agent to a Log Analytics workspace:
$WorkspaceID = "xxxxxxxxxxxxxxxxxxxxxxxxx"
$WorkspaceKey = "xxxxxxxxxxxxxxxxxxxxxxxx"
Set-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘OmsAgentForLinux’ -Publisher ‘Microsoft.EnterpriseCloud.Monitoring’ -ExtensionType ‘OmsAgentForLinux’ -TypeHandlerVersion ‘1.0’ -Location 'LOCATION' -SettingString "{‘workspaceId’: ‘$WorkspaceID’}" -ProtectedSettingString "{‘workspaceKey’: ‘$WorkspaceKey’}"
To connect Windows VM agent to a Log Analytics workspace:
$WorkspaceID = "xxxxxxxxxxxxxxxxxxxxxxxxx"
$WorkspaceKey = "xxxxxxxxxxxxxxxxxxxxxxxx"
Set-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘MicrosoftMonitoringAgent’ -Publisher ‘Microsoft.EnterpriseCloud.Monitoring’ -ExtensionType ‘MicrosoftMonitoringAgent’ -TypeHandlerVersion ‘1.0’ -Location 'LOCATION' -SettingString "{‘workspaceId’: ‘$WorkspaceID’}" -ProtectedSettingString "{‘workspaceKey’: ‘$WorkspaceKey’}"
Hope this helps!! Cheers!! :)
The most recent information I could find while scouring the net was a post 6 months old (back toward the original deployment of D-Series servers). How can you seamlessly upgrade an A-Series Azure VM to a D-Series Azure VM without a huge headache?
To find out what sizes are available in your Region (and see the InstanceSize naming sceheme to use in Powershell) use this PowerShell Cmdlet:
Get-AzureLocation | Where-Object {$_.DisplayName.Contains("<your-region>")}
View the VirtualMachineRoleSizes property to see what sizes you have access to.
To update a VM you can use the following set of commands:
Get-AzureVM -ServiceName <cloudservice> -Name <vmname> | Set-AzureVMSize -InstanceSize <sizevalue> | Update-AzureVM
If you run the above command on a running VM it will be restarted in order to provision it on the right host infrastructure to support your desired Series.
# To Upgrade or downgrade your Azure VM Plan you can use the following script
$ResourceGroupName = "CMLAB"
$VMName = "2007CMCEN"
$NewVMSize = "Standard_A5"
$vm = Get-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VMName
$vm.HardwareProfile.vmSize = $NewVMSize
Update-AzureRmVM -ResourceGroupName $ResourceGroupName -VM $vm
I am trying to install the Microsoft Antimalware extension to an existing virtual machine.
Steps to reproduce the problem:
Using Visual Studio
1) Connect to Azure from VS
2) Select Server from Virtual Machines
3) Open Configuration properties.
4) Select Microsoft Antimalware from extensions and click Add.
5) Click Update. Outputs...
Updating virtual machine myVM...
Failed to update virtual machine. The probe setting for the endpoint group HTTP-80 is null. An external endpoint HTTP cannot specify a probe setting.
Using PowerShell
When following these MS instructions to install Antimalware using the Powershell , I get the error:
PS C:\> Update-AzureVM -Name $service -ServiceName $name -VM $vm.VM
Update-AzureVM : Could not find a deployment for 'myVM' in 'Production' slot.
At line:1 char:1
+ Update-AzureVM -Name $service -ServiceName $name -VM $vm.VM
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Update-AzureVM], ApplicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.UpdateAzureVMCommand
To install antimalware via the powershell:
Make sure you are using the latest Azure Powershell version (version 0.8.12)
Get-Module
Now create a configuration file on disk in json format:
$JsonString="{ 'AntimalwareEnabled': true }"
$JsonString |Out-File $home\downloads\AzureAntimalware.json
Then select and update your VM:
Get-AzureVM -Servicename "myService" -Name "myVM" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile $home\downloads\AzureAntimalware.json | Update-AzureVM
This will install System Center Endpoint Protection onto the virtual machine.
When you try and launch System Center Endpoint Protection from the start menu you may be presented with the following error message:
Your system administrator has restricted access to this app.
To fix this issue, open a command prompt on the VM and enter:
cd "c:/program files/microsoft security client"
configsecuritypolicy cleanuppolicy.xml
This will create the necessary config files and fix the problem.
You will now be able to launch System Center Endpoint Protection from the start menu and configure the program in the usual way.
I'm a little late replying so you've probably solved the issue.
This is how I resolved it using Powershell:
http://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409 – Download the VM agent and install on the virtual machine
Activate the VM agent with the following:
$vm = Get-AzureVM –serviceName $svc –Name $name
$vm.VM.ProvisionGuestAgent = $TRUE
Update-AzureVM –Name $name –VM $vm.VM –ServiceName $svc
You can check if it’s running by opening task manager and clicking the details tab – Look for WaAppAgent.exe, WindowsAzureGuestAgent.exe, WindowsAzureTelemetryService.exe
Once running you can install AntiMalware with the following:
$servicename = "<SERVICE NAME HERE>"
$name = "<NAME HERE>"
# Get the VM
$vm = Get-AzureVM –ServiceName $servicename –Name $name
# Add Microsoft Antimalware Agent to the Virtual Machine
Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM
# Update the VM which will install the Antimalware Agent
Update-AzureVM -Name $servicename -ServiceName $name -VM $vm.VM
You can check it works by looking in services.msc for Microsoft Antimalware service