x509 error when onboarding machine

Jonathan Hesketh 51 Reputation points
2020-07-11T16:54:22.673+00:00

Hi,

I've installed the agent using the onboarding script provided in the Azure portal, in addition to also attempting to install it via Windows Admin Center. Both methods have failed and indicate an x509 TLS certificate error with the domain 'agentserviceapi.azure-automation.net'.

I have attempted to install it on a number of Windows Server 2019 machines.

An example of the error is shown below (it does not show the full list of endpoints):

time="2020-07-11T17:29:38+01:00" level=info msg="Onboarding Machine. It usually takes a few minutes to complete. Sometimes it may take longer depending on network and server load status."

time="2020-07-11T17:29:38+01:00" level=info msg="Check network connectivity to all endpoints..."

time="2020-07-11T17:29:39+01:00" level=error msg="x509: certificate is valid for gcsts.guestconfiguration.azure.com, ase-gas.guestconfiguration.azure.com ...
... not agentserviceapi.azure-automation.net. Please check firewall rules and network connections"

After checking the TLS certificate within a browser from multiple machines, I can see that it is indeed invalid, which suggests this isn't an issue with firewall rules or network connections.

Help on this matter would be appreciated.

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
329 questions
Accepted answer
  1. tbgangav-MSFT 10,386 Reputation points
    2020-07-14T04:18:58.723+00:00

    Hello All,

    Apologize for the inconvenience caused. There is a server-side issue with the agent service endpoint which is under investigation.

    We are also in the process of releasing an updated version of the agent (version 0.10) which avoids this issue.

    Linux users can run the update commands for their distro from https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent to fetch the updated version. It has also been published to download.microsoft.com and via Microsoft Update for Windows.

    12112-arc4.png

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jonathan Hesketh 51 Reputation points
    2020-07-14T16:43:48.96+00:00

    Hi,

    I've tried the new version of the agent (version 0.10), and can confirm this fixes this issue. Thanks to tbgangav-MSFT for letting us know.

    Hello All,

    Apologize for the inconvenience caused. There is a server-side issue with the agent service endpoint which is under investigation.

    We are also in the process of releasing an updated version of the agent (version 0.10) which avoids this issue.

    Linux users can run the update commands for their distro from https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent to fetch the updated version. It has also been published to download.microsoft.com and via Microsoft Update for Windows.

    https://learn.microsoft.com/answers/comments/46533/view.html