Troubleshooting Azure Arc for Servers

While working with Azure Arc I’ve come across a couple of scenarios I’ve had to troubleshoot, in this blog post I want to share some practical tips to help you if you encounter issues. 

If you've like to view a video of the troubleshooting steps you can find it here:

Is the agent installed?

One of the questions I’ve had to troubleshoot is whether the Azure Arc agent installed successfully on the server?

Within a Windows server, you can check this in one of two ways.  The first way is to check within “Programs & Features” or “Apps & Features”, depending on what version of Windows Server you are using. 

You should see the “Azure Connected Machine Agent” installed on your server. 

The result of checking Apps & Features

The second way is to open up the command prompt or PowerShell and type in the command

azcmagent version
Check if the Azure Arc agent is installed

This command will confirm which version of the Azure Arc agent is installed.  If you receive an error when this command runs, this could indicate that the agent hasn’t successfully installed. 

The agent has installed but hasn’t connected 

A scenario I’ve come across is the Azure Arc agent has been installed, but hasn’t been able to connect to the Azure environment.  To try and resolve this you can issue a command from the server side and establish that connection. 

💡
The following commands are for Agents that connect through public connectivity.

To establish the connection you need to provide an authentication method, you can either use your own credentials or you can use a Service Principal

To use your own credentials the command you would issue from a PowerShell terminal on the server is: 

azcmagent connect --location "westeurope" --resource-group "arclab" --subscription-id "0000000a-0000-000a-a000-00000000000a"

To use a Service Principal to establish the connection you would issue the following command from a PowerShell terminal in the server:  

azcmagent connect --location "westeurope" --resource-group "arclab" --subscription-id "0000000a-0000-000a-a000-00000000000a" --tenant-id “0000000a-0000-000a-a000-00000000000a” --service-principal-id "0000000a-0000-000a-a000-00000000000a" --service-principal-secret "replacewithyoursecret"

The agent is in a disconnected state

If your server has previously connected and worked fine, but is now in a disconnected state you can issue the “azcmagent connect” command to reconnect the agent. 

You will need to re-establish the connection and provide an authentication method to do so, again when using the azcmagent connect command you can provide the authentication through either your own credentials or using a Service Principal. 

💡
The following commands are for Agents that connect through public connectivity.

To use your own credentials the command you would issue from a PowerShell terminal on the server is: 

azcmagent connect --location "westeurope" --resource-group "arclab" --subscription-id "0000000a-0000-000a-a000-00000000000a"

To use a Service Principal to establish the connection you would issue the following command from a PowerShell terminal in the server:  

azcmagent connect --location "westeurope" --resource-group "arclab" --subscription-id "0000000a-0000-000a-a000-00000000000a" --tenant-id “0000000a-0000-000a-a000-00000000000a” --service-principal-id "0000000a-0000-000a-a000-00000000000a" --service-principal-secret "replacewithyoursecret"

Check the status of the agent

If you want to check what the general status of the Azure Arc agent you can use the command:

azcmagent show

This will display information such as the Azure resource group, resource ID, subscription ID, tenant ID and Azure region the agent is connected to.  Where the log files are stored, and if there are any errors or the last successful heartbeat. 

Result of the azcmagent show command to check the status of the Azure Connected Machine Agent

View log files

Within Windows the log files are stored in %ProgramData%\AzureConnectedMachineAgent\Log

You can use these to troubleshoot any errors or understand what the agent has been doing during a certain time period.   

Within PowerShell you can issue a command to show you the last X lines of the log.  If I wanted to see the last 5 lines of log I use the command: 

Get-Content C:\ProgramData\AzureConnectedMachineAgent\Log\himds.log -Tail 5
View the last 5 entries in the Azure Arc agent log file

Change the proxy server the agent is using

If you are routing the Azure Arc agent traffic through your proxy server but you need to change the proxy server URL you can do this from the command line on the server. 

To change the proxy server details you can issue the command:

azcmagent config set proxy.url "http://proxyserveraddress:port"

If you want to completely clear the proxy configuration and route the traffic via another route you can issue the command: 

azcmagent config clear proxy.url

Conclusion

The Azure Arc agent is a powerful and useful tool, but occasionally you will have to dive into the depths of it and troubleshoot and issue. 

Knowing the azcmagent command and its options can be useful to troubleshoot those issues or change the configuration of the Arc agent. 

Let me know if you have any troubleshooting tips or questions!