Update Management - Domain Controllers are not assessed

Brass Contributor

hi guys,

 

I enabled Update Management on Azure through the Automation account, i have multiple VMs of different roles all of them are working fine and assessed but only the 2 domain controllers are not assessed  ! is there extra configuration need to be done ? has anyone seen this before? 

 

The Update Agent Readiness is working fine for all machines. 

 

 

8 Replies

Hi

Please check the  Operations Manager log on the machines. Seems like the OMS agent is not reporting. This could be due to a lot of things:

- Some firewall rules blocking outgoing Internet traffic

- Some security restrictions preventing the normal functioning of the agent.

 

You can start by checking the status of the oms agent from Control panel and than looking at the Operations Manager event log. You can also try to install the OMS agent manually and connecting it to the Log Analytics workspace

Hi,

 

the operations manager log is clear , with no errors regarding discovery or failure of running a script, and the oms agent is reporting to the oms log space all the performance counters and antimalware status, it is working fine except that for the updates it keep on a state of not assessed. 

 

there are only warnings on the log about this: 

 

"HealthService (4724) Health Service Store: A request to write to the file "C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Health Service Store\edbtmp.log" at offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (24 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem."

 

Can you provide more details? How these machines were onboarded? What is the OS level of these? What version of .net framework they have installed? Do you have heartbeat data for those machines?

- They were onboarded by deploying the MMA agent using ARM template.

- The OS of the machines is Windows Server 2016 Datacenter.

- .Net framework installed is .NET Framework 4.6.2

- yes the heartbeats data are there as well performance data and Antimalware

 

Can you go to the Automation account -> Update Management tab. At the top there are a few actions. Click on Manage Machines to see what kind of setting you have there.

updatemanagement.png

here is the settings as you see also all machines are assessed except only for 2 domain controllers. 

BUT the UPDATE AGENT READINESS is green and ready for all Machines

May be try to set it on the second option and see if that will help. You might have to wait up to 12 hours until assessment is done. 

Ok Stanislav , thanks for your replies , i will do that and update the conversation later.