Edit

Share via

Troubleshoot Azure Local Virtual Machines enabled by Azure Arc

Applies to: Azure Local 2311.2 and later

This article describes how to collect logs and troubleshoot issues with Azure Local Virtual Machines (VMs) enabled by Azure Arc. It also lists the current limitations and known issues with Azure Local VM management, along with recommended resolutions.

Property isn't supported for this operation

Error:

Property '<Property Name>' isn't supported for this operation on your Azure Local cluster version. Please update your cluster if you want to set this property for this operation. Please view aka.ms/hciproperties.

Cause:

This error occurs when the feature you're trying to use isn't available for the software version running on your Azure Local instance. This can happen if the software version on your cluster is outdated or the feature was introduced in a later version.

Resolution:

To resolve this issue, update your Azure Local instance to the latest version. For more information, see Update via PowerShell or Update via Azure portal.

Cluster extension doesn't support resource type

Error:

The cluster extension '<Cluster Extension Azure Resource Manager ID>' doesn't support resource type 'Microsoft.AzureStackHCI/<Resource Type>'. The currently enabled resource types are '<Supported Resource Type Names>'. Please ensure the 'Microsoft.AzureStackHCI' cluster extension version metadata file supports the resource type. [ClusterExtensionVersion='<Cluster Extension Version>'] [CorrelationId='<Correlation ID>'].

Cause:

This error occurs when the feature you're trying to use isn't available for the software version running on your Azure Local instance. This can happen if the software version on your cluster is outdated or the feature was introduced in a later version.

Resolution:

To resolve this issue, update your Azure Local instance to the latest version. For more information, see Update via PowerShell or Update via Azure portal.

Unable to select an image for Trusted launch VMs

Trusted launch for Azure Local VMs currently supports only a select set of Azure Marketplace images. For a list of supported images, see Guest operating system images. When you create a Trusted launch VM in the Azure portal, the Image dropdown list shows only the images supported by Trusted launch. The Image dropdown appears blank if you select an unsupported image, including a custom image. The list also appears blank if none of the images available on your Azure Local system are supported by Trusted launch.

Failure when trying to enable guest management

When trying to run the command to enable guest management, you see the following error:

Error: Deployment failed. Correlation ID: aaaa0000-bb11-2222-33cc-444444dddddd. VM Spec validation failed for guest agent provisioning: Invalid managed identity. A system-assigned managed identity must be enabled in parent resource: Invalid Configuration

This failure is because the managed identity wasn't created for this VM. System-assigned Managed Identity is required to enable guest management.

Resolution:

Follow these steps to verify that the Managed Identity isn't created for this VM and then enable System-assigned Managed Identity.

  1. In the Azure portal, go to the VM. Browse to the Overview page. On the Properties tab, under Configuration, the Guest management should show as Disabled. Select the JSON View from the top right corner.

    Screenshot of how to get to JSON view.

  2. Under Identity parameter, the type should show as None.

    Screenshot of JSON view indicating the Managed Identity is absent.

  3. To create managed identity, connect to the Azure Local machine via Remote Desktop Protocol (RDP). Run the following command:

    az extension add --name connectedmachine

  4. Verify that the connected machine CLI extension is installed on the system. Here's a sample output with the extension successfully installed. The connectedmachine indicates that version 0.7.0 is installed.

    [v-hostl]: PS C:\Clusterstorage\lnfrastructure_l\ArcHci> az version
{
"azure-cli": "2.53.0",
"azure-cli-core": "2.53.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {
    "akshybrid": "0.1.1",
    "arcappliance"^ "1.0.2",
    "connectedk8s": "1.5.4",
    "connectedmachine": "0.7.0",
    "customlocation": "0.1.3",
    "hybridaks": "0.2.4",
    "k8s-extension": "1.4.5",
    "stack-hci-vm": "0.1.8"
    }
}
[v-hostl]: PS C:\ClusterStorage\Infrastructure_l\ArcHci>
    ```

  5. Run the following command to assign a system managed identity to the VM.

    az connectedmachine update --ids "<Resource Manager ID for the VM>" --set identity.type="SystemAssigned"

  6. Go to the Azure portal and browse to the Overview page. The JSON View should indicate that the system managed identity is now assigned to the VM.

    Screenshot of JSON view when Managed Identity is enabled.

Failure deploying a VM image from a storage account

You see the following error when trying to deploy a VM image from a storage account on your Azure Local:

Error: {"code":"moc-operator galleryimage serviceClient returned an error while reconciling: rpc error: code = Unknown desc = ===== RESPONSE ERROR (ErrorCode=AuthorizationPermissionMismatch) =====\nDescription=, Details: (none)\n","message":"moc-operator galleryimage serviceClient returned an error while reconciling: rpc error: code = Unknown desc = ===== RESPONSE ERROR (ErrorCode=AuthorizationPermissionMismatch) =====\nDescription=, Details: (none)\n"}

Or, you see this error:

Error: {"code":"moc-operator galleryimage serviceClient returned an error while reconciling: rpc error: code = Unknown desc = ===== RESPONSE ERROR (ErrorCode=NoAuthenticationInformation) =====\nDescription=, Details: (none)\n","message":"moc-operator galleryimage serviceClient returned an error while reconciling: rpc error: code = Unknown desc = ===== RESPONSE ERROR (ErrorCode=NoAuthenticationInformation) =====\nDescription=, Details: (none)\n"}

The failure occurs because the user creating the image doesn't have the right permissions to access the image from the storage account. The user must have the Storage Blob Data Contributor role on the storage account that you use for the image. For more information, see Assign Azure roles for access to blob data.

Resolution:

Add the Storage Blob Data Contributor role to the user that needs to create an image from this storage account. Once role is added, retry deploying the image.

You might also see the following error when trying to deploy a VM image from a storage account:

Error: {"code":"moc-operator galleryimage serviceClient returned an error while reconciling: rpc error: code = Unknown desc = ===== RESPONSE ERROR (ErrorCode=InvalidBlobType) =====\nDescription=The blob type is invalid for this operation.\nRequestId:5e74055f-e01e-0033-66eb-ff9734000000\nTime:2024-09-05T23:32:56.3001852Z, Details: (none)\n","message":"moc-operator galleryimage serviceClient returned an error while reconciling: rpc error: code = Unknown desc = ===== RESPONSE ERROR (ErrorCode=InvalidBlobType) =====\nDescription=The blob type is invalid for this operation.\nRequestId:5e74055f-e01e-0033-66eb-ff9734000000\nTime:2024-09-05T23:32:56.3001852Z, Details: (none)\n","additionalInfo":[{"type":"ErrorInfo","info":{"category":"Uncategorized","recommendedAction":"","troubleshootingURL":""}}]}

This failure is because the blob type isn't correct within the storage account. The image must be of page blob type.

Resolution:

Upload the image into your storage account in page blob format and retry deploying the image.

Ensure that the user has the right permissions, and the blob is in the correct format. For more information, see Add VM image from Azure Storage account.

Failure to deploy an Azure Local VM

You see the following error when trying to deploy an Azure Local VM:

Error: {"code":"ConflictingOperation","message":"Unable to process request 'Microsoft.AzureStackHCI/virtualMachineInstances'. There is already a previous running operation for resource '/subscriptions/<subscription ID>/resourceGroups/<Resource group name>/providers/Microsoft.HybridCompute/machines/<VM name>/providers/Microsoft.AzureStackHCI/virtualMachineInstances/default'. Please wait for the previous operation to complete."}

This failure is because the SystemAssigned managed identity object isn't under the Microsoft.HybridCompute/machines resource type.

Resolution:

Verify in your deployment template that:

The SystemAssigned managed identity object is under Microsoft.HybridCompute/machines resource type and not under Microsoft.AzureStackHCI/VirtualMachineInstances resource type.

The deployment template should match the provided sample template. For more information, see the sample template in Create Azure Local virtual machines enabled by Azure Arc.

Azure CLI installation isn't recognized

If your environment fails to recognize Azure CLI after installing it, run the following code block to add the Azure CLI installation path to the environment path.

        if ( -not( $env:PATH -like '*C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin*') ) {
            $env:PATH += "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin;"
            Write-Host "Updated path $env:PATH"
        }

Next steps