Azure Arc: How To Update Arc Agent Using Azure Automation
Published Aug 02 2021 12:00 AM 9,354 Views

Hi there :smile:, in my previous post named Maintain Your Microsoft Monitoring Agent Up To Date With Azure Automation, I discussed a possible method for updating the Microsoft Monitoring Agent (MMA) at scale.

Today I would like to talk to you about a similar approach to use on Azure Arc enabled servers. The corresponding agent called Connected Machine agent receives improvements on an ongoing basis. You can check the what is the latest version and what’s in it on the What's new with Azure Arc enabled servers agent Microsoft’ documentation page.




Since the Connected Machine agent (aka Arc agent) is not an extension, it cannot be updated automatically by the Azure platform itself as for other extensions (i.e., MMA, AMA, Dependency agent, etc.). With that said, and always considering the Shared responsibility in the cloud, how can you maintain that agent up to date?




Well, there are at least three methods:

  1. Azure Automation
  2. Software Distribution
  3. Windows Update

In this post I will focus on the 1st method that requires, indeed, an Automation Account already created and configured as well as the Hybrid Runbook Worker role deployed on the Arc enabled server you want to update the agent on (see image below for an overview of communication flow).




Without focusing on the Automation Account and Hybrid Runbook Workers for which you can refer to the documentation, let us get into the PowerShell that the runbook is made of. The script requires just one parameter: the proxy server, with which the target Arc enabled server can connect to Internet to download the new agent version, in the form of http://proxyname:port.




Below reported, there is the script code I created for Windows-based computers:




    This sample script is designed to ease the Arc Agent update at scale.

    This sample script is designed to ease the Arc Agent update at scale. It require the proxy URL in the form of http://proxyFQDN:port. If no proxy is necessary, enter NONE. The script will behave accordingly.
    It will download the latest agent version from the Microsoft Download web site and will run the installation silently (unattended mode).

    Required. The proxy server and the port (i.e. http://myproxy:8080). Enter NONE to not use any proxy.

    .\Update-ArcAgent_Windows.ps1 -proxy none

    AUTHOR:   Bruno Gabrielli
    VERSION:  1.0
    LASTEDIT: May 26th, 2021

                HelpMessage='Insert the proxy server and the port (i.e. http://myproxy:8080). Enter NONE to not use any proxy.',
# Setting variables
$setupFilePath = "C:\Temp"

# Setting variables specific for ARC Agent
$setupFileName = "AzureConnectedMachineAgent.msi"

$argumentListArc = @('/i', "$setupFilePath\AzureConnectedMachineAgent.msi", "/qn", "/l*v", "$setupFilePath\AzcmAgentUpgradeSetup.log")

$URI_ARC = ""

#region Functions


# Checking if temporary path exists otherwise create it
if(!(Test-Path $setupFilePath))
    Write-Output "Creating folder $setupFilePath since it does not exist ... "
    New-Item -path $setupFilePath -ItemType Directory
    Write-Output "Folder $setupFilePath created successfully."

#Check if the file was already downloaded hence overwrite it, otherwise download it from scratch
if (Test-Path $($setupFilePath+"\"+$setupFileName))
    Write-Output "The file $setupFileName already exists, overwriting with a new copy ... "
    Write-Output "The file $setupFileName does not exist, downloading ... "

# Downloading the file
    if($proxy -eq "NONE")
        $Response = Invoke-WebRequest -Uri $URI_ARC -OutFile $($setupFilePath+"\"+$setupFileName) -ErrorAction Stop
        $Response = Invoke-WebRequest -Proxy "$proxy" -ProxyUseDefaultCredentials -Uri $URI_ARC -OutFile $($setupFilePath+"\"+$setupFileName) -ErrorAction Stop

    # This will only execute if the Invoke-WebRequest is successful.
    if (Test-Path $($setupFilePath+"\"+$setupFileName))
        Write-Output "Download of $setupFileName, done!"
        Write-Output "Starting the upgrade process ... "
        #cd $setupFilePath
        start-process "msiexec.exe" -ArgumentList $argumentListArc -Wait
        Write-Output "Agent Upgrade process completed."
        Write-Output "Download of $setupFileName, failed! The upgrade process cannot be completed."
    $StatusCode = $_.Exception.Response.StatusCode.value__
    Write-Output "An error occurred during file download. The error code is ==$StatusCode==."

Write-Output "Runbook execution completed."




Copy/Paste the above code into a new script, TEST IT, TEST IT AND TEST IT AGAIN and if everything works as expected import it into a new runbook and schedule it accordingly. Wait for the execution and check the agent version in the Arc enabled server you run the script/runbook on and … the game is done.





Bruno :happyface:



The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

Version history
Last update:
‎Nov 08 2022 08:10 AM
Updated by: