UPDATED: Aug 17 2023
We had a client with a server that did not have updated information in Azure Sentinel side, but passed all of the validation and communication tests on the Azure Arc client side (i.e. on the clients file server).
NOTE: If you want to know how to test your Azure Arc, we have a separate article for that HERE.
After quite some time of troubleshooting both ends, we just gave up and uninstalled then reinstalled the Azure Arc client. Just like before, the client server passed all of the validation and communication tests but on the Azure Sentinel side, new information was not coming through.
It turned out that uninstalling Azure Arc from the server and then reinstalling it was not sufficient. Azure Arc’s uninstall leaves a pile of old files on your computer server which then stifles the new install. We needed to not only uninstall Azure Arc via Programs and Features, but also to manually delete any of these folders that still exist after the uninstall:
You can download current and previous versions of the Azure Arc agent directly from Microsoft HERE but make sure you delete these folders (if they exist) before you reinstall.
You will likely have to END TASK on these programs:
We have found that a reboot was NOT required after the install, uninstall, or reinstall, which made working on a live production file server much easier.
Then you need to enter your command to connect the agent to Azure Arc:
azcmagent connect --resource-group "[resrouce-group]" --tenant-id "[Tenant ID]" --location "[Azure Region]" --subscription-id "[subscription]" -c
So mine looks something like:
azcmagent connect --resource-group "rg-sentinel" --tenant-id "79054a16-7b7c-424d-bf39-097decefgc75" --location "canadacentral" --subscription-id "74b879bf-65b7-5be1-9eg8-12f559f41fa7" -c
Wait 20 minutes for everything to sync up and then check your Azure Sentinel.
This website uses cookies.
View Comments