question

JonathanHesketh avatar image
5 Votes"
JonathanHesketh asked tbgangav-MSFT commented

x509 error when onboarding machine

Hi,

I've installed the agent using the onboarding script provided in the Azure portal, in addition to also attempting to install it via Windows Admin Center. Both methods have failed and indicate an x509 TLS certificate error with the domain 'agentserviceapi.azure-automation.net'.

I have attempted to install it on a number of Windows Server 2019 machines.

An example of the error is shown below (it does not show the full list of endpoints):

time="2020-07-11T17:29:38+01:00" level=info msg="Onboarding Machine. It usually takes a few minutes to complete. Sometimes it may take longer depending on network and server load status."

time="2020-07-11T17:29:38+01:00" level=info msg="Check network connectivity to all endpoints..."

time="2020-07-11T17:29:39+01:00" level=error msg="x509: certificate is valid for gcsts.guestconfiguration.azure.com, ase-gas.guestconfiguration.azure.com ...
... not agentserviceapi.azure-automation.net. Please check firewall rules and network connections"


After checking the TLS certificate within a browser from multiple machines, I can see that it is indeed invalid, which suggests this isn't an issue with firewall rules or network connections.

Help on this matter would be appreciated.

azure-arc
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Having the same issue as well, both in Windows Server 2019 Datacenter and Amazon Linux 2 instance. My case, however, is when trying to get these machines using Azure Arc.
11955-screen-shot-2020-07-12-at-131210.png


11956-screen-shot-2020-07-12-at-131257.png


0 Votes 0 ·

I get the same result trying to add a Windows 2016 server.

Indeed, there seems to be a problem with the certificate from : agentserviceapi.azure-automation.net

https://www.ssllabs.com/ssltest/analyze.html?d=agentserviceapi.azure-automation.net

0 Votes 0 ·
tbgangav-MSFT avatar image
2 Votes"
tbgangav-MSFT answered tbgangav-MSFT commented

Hello All,

Apologize for the inconvenience caused. There is a server-side issue with the agent service endpoint which is under investigation.

We are also in the process of releasing an updated version of the agent (version 0.10) which avoids this issue.

Linux users can run the update commands for their distro from https://docs.microsoft.com/en-us/azure/azure-arc/servers/manage-agent to fetch the updated version. It has also been published to download.microsoft.com and via Microsoft Update for Windows.

12112-arc4.png



arc4.png (58.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for addressing the issue, and providing an update to circumvent it.
Can confirm that version 0.10 works flawlessly.

1 Vote 1 ·

Hello again, Just FYI - This should now be working with either the new 0.10 or the previous 0.9 package.

0 Votes 0 ·
JonathanHesketh avatar image
0 Votes"
JonathanHesketh answered tbgangav-MSFT commented

Hi,

I've tried the new version of the agent (version 0.10), and can confirm this fixes this issue. Thanks to tbgangav-MSFT for letting us know.


Hello All,

Apologize for the inconvenience caused. There is a server-side issue with the agent service endpoint which is under investigation.

We are also in the process of releasing an updated version of the agent (version 0.10) which avoids this issue.

Linux users can run the update commands for their distro from https://docs.microsoft.com/en-us/azure/azure-arc/servers/manage-agent to fetch the updated version. It has also been published to download.microsoft.com and via Microsoft Update for Windows.

https://docs.microsoft.com/answers/comments/46533/view.html
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to know! Thanks for the confirmation!

0 Votes 0 ·