Sep 06 2021 07:06 AM
Azure Update management not working
Environment:
Azure Windows based VM
Forced Tunnelling
Onpremise Firewall supports only IP Addresses
Update management error:
AssessmentError
Exception from HRESULT: 0x80072F8F
AssessmentErrorStackTrace
System.Runtime.InteropServices.COMException (0x80072F8F): Exception from HRESULT: 0x80072F8F at Microsoft.EnterpriseManagement.Mom.Modules.ChangeTracking.WUA.IUpdateSearcher2.EndSearch(ISearchJob searchJob) at Microsoft.EnterpriseManagement.Advisor.PatchManagement.WindowsUpdateHelper.GetUpdateSnapshot(TimeSpan timeout, Boolean onlineSearch, DateTime lastTimeUpdateApplied, IAutomaticUpdates2 automaticUpdates, UpdateModuleState state)
Troubleshooting:
Due to Forced Tunnelling the traffic has to go to the onpremise FW.
Unfortunately the onpremise FW allows only IP Addresses and as per the following article:
It suggest to allow port 443 for url:
Azure Public
*.ods.opinsights.azure.com
*.oms.opinsights.azure.com
*.blob.core.windows.net
*.azure-automation.net & *.oms.opinsights.azure.com
Though, no IP address that I can NSlookup for *.azure-automation.net”
Therefore, trying the alternate approach:
Tried enabling service Tags via Azure Firewall, but as the traffic still goes to Onpremise FW we either need the IP Address for the URL to be allowed
Else, use User Defined Route (UDR) to direct the Traffic for Service TAGS: “Azure Monitor” & “GuestAndHybridManagement“ via UDR and allowed the same using CLI, still no good.
Checking for suggestions.
Thanks in advance to reading through.