I've installed the agent using the onboarding script provided in the Azure portal, in addition to also attempting to install it via Windows Admin Center. Both methods have failed and indicate an x509 TLS certificate error with the domain 'agentserviceapi.azure-automation.net'.
I have attempted to install it on a number of Windows Server 2019 machines.
An example of the error is shown below (it does not show the full list of endpoints):
time="2020-07-11T17:29:38+01:00" level=info msg="Onboarding Machine. It usually takes a few minutes to complete. Sometimes it may take longer depending on network and server load status."
time="2020-07-11T17:29:38+01:00" level=info msg="Check network connectivity to all endpoints..."
time="2020-07-11T17:29:39+01:00" level=error msg="x509: certificate is valid for gcsts.guestconfiguration.azure.com, ase-gas.guestconfiguration.azure.com ...
... not agentserviceapi.azure-automation.net. Please check firewall rules and network connections"
After checking the TLS certificate within a browser from multiple machines, I can see that it is indeed invalid, which suggests this isn't an issue with firewall rules or network connections.
Help on this matter would be appreciated.
I get the same result trying to add a Windows 2016 server.
Indeed, there seems to be a problem with the certificate from : agentserviceapi.azure-automation.net
https://www.ssllabs.com/ssltest/analyze.html?d=agentserviceapi.azure-automation.net
Hello All,
Apologize for the inconvenience caused. There is a server-side issue with the agent service endpoint which is under investigation.
We are also in the process of releasing an updated version of the agent (version 0.10) which avoids this issue.
Linux users can run the update commands for their distro from
https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent
to fetch the updated version. It has also been published to download.microsoft.com and via Microsoft Update for Windows.
I've tried the new version of the agent (version 0.10), and can confirm this fixes this issue. Thanks to tbgangav-MSFT for letting us know.
Hello All,
Apologize for the inconvenience caused. There is a server-side issue with the agent service endpoint which is under investigation.
We are also in the process of releasing an updated version of the agent (version 0.10) which avoids this issue.
Linux users can run the update commands for their distro from
https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent
to fetch the updated version. It has also been published to download.microsoft.com and via Microsoft Update for Windows.
https://learn.microsoft.com/answers/comments/46533/view.html
