Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: Azure Local 2311.2 and later
This article explains how to get remote support for the Azure Stack HCI operating system for Azure Local. It gives an overview of remote support, the terms and conditions, and the steps to enable remote support on your Azure Local. It also covers setting up proxy settings, submitting a support request, and other remote support tasks.
Overview
Remote support lets a Microsoft support professional fix your support case faster by letting them access your device for limited troubleshooting and repair. You can enable remote support by granting consent and choosing the access level and duration.
After you enable remote support, Microsoft support gets just-in-time (JIT) limited time access to your device. Access is provided over a secure, audited, and compliant channel to ensure all activities are monitored. Microsoft support can only access your device after you submit a support request, which ensures that your device remains secure and your privacy is maintained.
Remote support terms and conditions
The following are the data handling terms and conditions for remote access. Carefully read them before granting access.
By approving this request, the Microsoft support organization or the Azure engineering team supporting this feature ("Microsoft Support Engineer") will be given direct access to your device for troubleshooting purposes and/or resolving the technical issue described in the Microsoft support case.
During a remote support session, a Microsoft Support Engineer may need to collect logs. By enabling remote support, you have agreed to a diagnostics log collection by a Microsoft Support Engineer to address a support case. You also acknowledge and consent to the upload and retention of those logs in an Azure storage account managed and controlled by Microsoft. These logs may be accessed by Microsoft in the context of a support case and to improve the health of Azure Local.
The data will be used only to troubleshoot failures that are subject to a support ticket, and will not be used for marketing, advertising, or any other commercial purposes without your consent. The data may be retained for up to ninety (90) days and will be handled following our standard privacy practices.
Any data previously collected with your consent will not be affected by the revocation of your permission.
For more information about the personal data that Microsoft processes, how Microsoft processes it, and for what purposes, see the Microsoft Privacy Statement.
Workflow
Here's the high-level workflow to enable remote support:
- Configure proxy settings
- Enable remote support via PowerShell
- Submit a support request
- Other remote support operations
Configure proxy settings
If you use a proxy with Azure Local, add these endpoints to your allowlist:
- *.servicebus.windows.net
- *.core.windows.net
- login.microsoftonline.com
- https://asztrsprod.westus2.cloudapp.azure.com
- https://asztrsprod.westeurope.cloudapp.azure.com
- https://asztrsprod.eastus.cloudapp.azure.com
- https://asztrsprod.westcentralus.cloudapp.azure.com
- https://asztrsprod.southeastasia.cloudapp.azure.com
- https://edgesupprd.trafficmanager.net
Enable remote support via PowerShell
The Remote Support Arc extension, listed as AzureEdgeRemoteSupport in the Azure portal, makes setup easier and boosts support efficiency. It comes preinstalled on all system nodes, so there's no action for you to take. For more information about the Remote Support Arc extension, see Azure Local remote support Arc extension.
To enable remote support on your Azure Local, follow these steps:
On the client you use to connect to your system, run PowerShell as an admin.
Open a remote PowerShell session to a node on your Azure Local. Run the following command, and enter your node credentials when prompted:
$cred = Get-credential Enter-PsSession -ComputerName <NodeName> -Credential $credHere's a sample output:
PS C:\Users\Administrator> etsn -ComputerName v-host1 -Credential $credTo enable remote support, run this command:
Enable-RemoteSupport -AccessLevel <Diagnostics or DiagnosticsRepair> -ExpireInMinutes <1440>Here's sample output:
PS C:\Users\Administrator> etsn -ComputerName v-host1 -Credential $cred PS C:\Users\HciDeploymentUser\Documents> Enable-RemoteSupport -AccessLevel Diagnostics -ExpireInMinutes 1440 By approving this request, the Microsoft support organization or the Azure engineering team supporting this feature ('Microsoft Support Engineer') will be given direct access to your device for troubleshooting purposes and/or resolving the technical issue described in the Microsoft support case. During a remote support session, a Microsoft Support Engineer may need to collect logs. By enabling remote support, you have agreed to a diagnostic logs collection by Microsoft Support Engineer to address a support case You also acknowledge and consent to the upload and retention of those logs in an Azure storage account managed and controlled by Microsoft. These logs may be accessed by Microsoft in the context of a support case and to improve the health of Azure Local. The data will be used only to troubleshoot failures that are subject to a support ticket, and will not be used for marketing, advertising, or any other commercial purposes without your consent. The data may be retained for up to ninety (90) days and will be handled following our standard privacy practices (https://privacy.microsoft.com/en-US/). Any data previously collected with your consent will not be affected by the revocation of your permission. Proceed with enabling remote support? [Y] Yes [N] No [?] Help (default is "Y"): Y Enabling Remote Support for 'Diagnostics' expiring in '1440' minutes. Remote Support successfully Enabled. State : Active CreatedAt : 9/6/2023 10:05:52 PM +00:00 UpdatedAt : 9/6/2023 10:05:52 PM +00:00 ConnectionStatus : Connecting ConnectionErrorMessage : TargetService : PowerShell AccessLevel : Diagnostics ExpiresAt : 9/7/2023 10:05:50 PM +00:00 SasCredential :Note
First time users, if you enable Remote Support through a remote PowerShell session, you might receive the following error:
Processing data from remote server NodeName failed with the following error message: The I/O operation has been aborted because of either a thread exit or an application request.For more information, see Error handling.
After you enable remote support, you can perform different operations to grant remote access for Microsoft Support. The next sections show some examples.
Enable remote support diagnostics
Enable remote support for diagnostics
In this example, you grant remote support access for diagnostic-related operations only. The consent expires in 1,440 minutes (one day) after which remote access can't be established.
Enable-RemoteSupport -AccessLevel Diagnostics -ExpireInMinutes 1440
Use the ExpireInMinutes parameter to set the duration of the session. In the example, consent expires in 1,440 minutes (one day). After one day, remote access can't be established.
You can set ExpireInMinutes a minimum duration of 60 minutes (one hour) and a maximum of 20,160 minutes (14 days).
If you don't define a duration, the remote session expires in 480 minutes (8 hours) by default.
Enable remote support for diagnostics and repair
In this example, you grant remote support access for diagnostic and repair related operations only. Since an expiration isn't explicitly provided, access expires in eight hours by default.
Enable-RemoteSupport -AccessLevel DiagnosticsRepair
For information about access levels, see List of Microsoft support operations.
For information on other available operations, see Other remote support operations.
Submit a support request
Microsoft support can access your device only after you submit a support request. To learn how to create and manage support requests, see Create an Azure support request.
Other remote support operations
There are other operations you can perform to get information about access or a remote session. The next sections detail some examples of those operations.
Retrieve existing consent grants
In this example, you retrieve any previously granted consent. The result includes expired consent from the last 30 days.
Get-RemoteSupportAccess -IncludeExpired
Revoke remote access consent
In this example, you revoke remote access consent. Any existing sessions are terminated and new sessions can no longer be established.
Disable-RemoteSupport
List existing remote sessions
In this example, you list all remote sessions made to the device since FromDate.
Get-RemoteSupportSessionHistory -FromDate <Date>
Get details on a specific remote session
In this example, you get the details for the remote session with the ID SessionID.
Get-RemoteSupportSessionHistory -IncludeSessionTranscript -SessionId <SessionId>
Note
Session transcript details are kept for 90 days. You can retrieve details for a remote session within 90 days after the session.
Error handling
When you enable remote support on Azure Local, you might encounter an error. This section describes the error message, its cause, and suggested resolutions.
When you run the enable remote support command for the first time, you might see the following error message:
PS C:\Users\Administrator> etsn -ComputerName v-host1 -Credential $cred
PS C:\Users\HciDeploymentUser\Documents> Enable-RemoteSupport -AccessLevel Diagnostics -ExpireMinutes 1440
Proceed with enabling remote support?
[Y] Yes [N] No [?] Help (default is "Y"): Y
Type Keys Name
---- ---- ----
Container {Name=SupportDiagnosticEndpoint} SupportDiagnosticEndpoint
Processing data from remote server NodeName failed with the following error message: The I/O operation has been aborted because of either a thread exit or an application request.
Error Message: Processing data from remote server NodeName failed with the following error message: The I/O operation has been aborted because of either a thread exit or an application request.
Cause: When you enable remote support, a Windows Remote Management (WinRM) service restart is required to activate Just Enough Administration (JEA). During the remote support JEA configuration, WinRM restarts twice, which can disrupt the PowerShell session to the node.
Suggested resolutions: You can choose one of the following options to resolve this error and enable remote support:
- Wait for a few minutes. Repeat step #2 and #3 for each JEA endpoint to reconnect to your machine and enable remote support.
- After the third run of the enable remote support command, you shouldn’t see any other error. Refer to the output at step #3 for a successful example of the remote support installation.
- Instead of using the remote PowerShell session, you can enable remote support by connecting to each node using Remote Desktop Protocol and enabling it.
Next steps
- Learn about Azure Arc extension management.
- Learn about the Azure Local remote support Arc extension.