Forum Discussion
Re-install MDE.Windows extension
Onboarding several servers into MDE via Azure Arc.
For one of the servers, experienced this error when Azure Arc tried to install the MDE.Windows extension.
I suspect need to re-install the Unified Agent Manually using the downloaded Unified Agent downloaded from the MDE portal. Presume if do that, Azure Arc will recognise that the client has been installed?
Following the advice, removed the extension but cannot determine how to re-install it?
Anyone else come across this?
Huge apologies for not posting sooner. I did not end up testing this out in my tenant as planned, but here it as provided by the Microsoft engineer. Hope it works!
Step 1
$vm = Get-AzConnectedMachine -ResourceGroupName <Your RG name> -Name <Your VM name>
Step 2
$mdePackage = Invoke-AzRestMethod -Uri https://management.azure.com/subscriptions/$($vm.id.split('/')[2])/providers/Microsoft.Security/mdeOnboardings/?api-version=2021-10-01-preview
Step 3
$protectedSetting = @{
"defenderForEndpointOnboardingScript" = ($mdePackage.content | ConvertFrom-Json).value.properties.onboardingPackageWindows
}
/home/xxx> $Setting = @{
"azureResourceId" = $vm.Id
"vNextEnabled" = $true
}Step 4
New-AzConnectedMachineExtension -Name 'MDE.Windows' -ExtensionType 'MDE.Windows' -ResourceGroupName $vm.ResourceGroupName -MachineName $vm.Name -Location $vm.Location -Publisher 'Microsoft.Azure.AzureDefenderForServers' -Settings $Setting -ProtectedSetting $protectedSetting -AutoUpgradeMinorVersion -TypeHandlerVersion '1.0'
14 Replies
- Got confirmation from Microsoft that a patch was issued/pushed to resolve the issue, no details on root-cause, doubt will ever see it
- In a surprising turn of events, all servers which had the error installing the MDE.Windows extension, now have the extension installed. So I think either...
1. Azure just kept trying until it succeeded
2. Microsoft found the root cause and fixed the back-end
3. Microsoft engineers used a manual method and fixed directly on our tenant.
Am following up with Microsoft- Hi man, do you know more about this manual method used by microsoft engineer?
- They only sent me a revised version of the instructions which didn't work the first time. I'll give it a try and then share
- Hi,
I had the same issue.
In my case mostly downlevel os servers were affected. I had to fix those manually (see https://github.com/microsoft/mdefordownlevelserver).
Would be great to have an automated way to fix this (e.g. via Azure Arc extension or maybe via Azure Policy (?))
Regards,
Phil- By doing this manually, my understanding is that although they will be onboarded, Azure Arc won't recognise this and the MDE.Windows extension won't show as being installed for that server.
Was that your experience too?- Indeed, in my case after a while (can't say how long it really took) after the manual onboarding the MDE.Windows extension was shown again in the Azure Arc | Servers view.
- Hi,
i have the same problem. It's impossible to install this using Extension so in my case i manualy install this package (you can download it from security.microsoft.com -> Settings -> Endpoint -> Onboarding).
You can try do this in another way - uninstall all installed product (in this case only ARC because MDE is not installed) and install this one more time - and here should be normal automatic deploy process (if you have configure automatic agent provisioning).
Regards!- I've learnt from Microsoft support that it is possible to re-install the MDE.Windows extension manually, as a rest API or via CLI.
Either way is not straightforward. Although the instructions have been provided to me by Microsoft support, I want to test out both ways in my own tenant so can share my experience in doing this- We attempted this yesterday on a call with Microsoft engineers for troubleshooting and as it turned out, it failed. Microsoft engineers are figuring out the issue and resolving this
