Troubleshooting MMA Agent Configuration with SSL Proxy

Problem description

You might encounter this error message during the setup wizard of the Microsoft Monitoring Agent.

Moreover, the MonitoringAgent.log file might contain a similar message

Rejecting certificate CN=YYYYY.azure.com since it did not chain to a trusted 
root, actual root was CN=XXXX, OU=XXXX, O=XXXX 2018-03-06T15:45:21.1858236-06:00 

Debug: Failed to trust remote certificate: The underlying connection was 
closed: Could not establish trust relationship for the SSL/TLS secure channel. 

Possible cause

This is likely caused by the presence in the network of a device (aka intercepting proxy) that perform HTTP inspection on web traffic.

For additional information: HTTPS Inspection and your PKI

Resolution

In order to resolve, bypass HTTP inspection on the device for the following URLs

Resource Port number Bypass HTTP Inspection
Agent
*.ods.opinsights.azure.com 443 Yes
*.oms.opinsights.azure.com 443 Yes
*.blob.core.windows.net 443 Yes
*.azure-automation.net 443 Yes

As described as a requirement for Azure Log Analytics in the following article

Connect Operations Manager to Log Analytics - System requirements

For general feedback on the Resource Center or content, please submit your response to UserVoice. For specific requests and content updates regarding the Services Hub, contact our Support Team to submit a case.