Troubleshooting Azure Monitor Agent (AMA) on Windows virtual machines

RamanaReddy V
4 min readDec 1, 2023

--

As part of the Azure cloud migration process, the transition from OMS (Operations Management Suite) to AMA (Azure Monitor Agent) involves configuring data collection components for gathering logs from Virtual Machines (VM) or Virtual Machine Scale Sets (VMSS). This integration requires setting up a DCE (Data Collection Endpoint), defining DCR (Data Collection Rule), specifying LAW (Log Analytics Workspace), and implementing AMPLS (Azure Monitor Private Link Service).

For DCE & DCR setup please refer below link .

While working with Windows VMs, I successfully integrated AMA (Azure Monitor Agent) within the VM by following the appropriate steps. However, despite the proper integration, the AMA agent is unable to retrieve logs from the VM.

  1. I installed the AMA (Azure Monitor Agent) extension at the VM level.
AMA Extension

2. I added the VM to the Data Collection Endpoint (DCE) with the appropriate Azure Monitor Private Link Service (AMPLS).

AMPLS Integration with DCE

3. I integrated the VM into the Data Collection Endpoint (DCE).

Connected Resources to DCE

4. I established Data Collection Rule (DCR) and subsequently associated them with both the Data Collection Endpoint (DCE) and the VM.

DCR Association with VM & DCR

5. I navigated to both the VM-level logs and Log Analytics Workspace (LAW) logs to verify the VM’s heartbeat. However, I could not find any logs pulled from the VM using the Azure Monitor Agent(AMA) .

VM level logs

Troubleshooting — windows :

  1. I’m using a serial console with PowerShell Integrated Development Environment (IDE) to access the VM.
  2. To inspect for configuration-related issues, navigate to the directory where configuration files are located.
cd C:\WindowsAzure\Resources

Within this directory, you will find the “AMADataStore.{Your VM Name}” folder.

AMAdatastore dir

Navigate to the full path of the configuration folder, and retrieve the latest log file. (i.e. MonAgentHost.{x}.log)

cd C:\WindowsAzure\Resources\AMADataStore.{Your VM Name}\Configuration
MonAgentHost

3. To obtain the data from the log file, use a command similar to the following in PowerShell:

Get-Content MonAgentHost.1.log -tail 20
MSI Token Error

If you’re encountering an MSI (Managed Service Identity) token error, it indicates that there is no identity enabled on the VM. To resolve this issue, you need to ensure that Managed Identity is correctly configured for the VM.

VM Identity Error

4. Enabling System-Assigned Identity is a suitable choice for scenarios where you want Azure to automatically create and manage the identity for the VM.

By enabling System-Assigned Identity, the VM will be automatically assigned a managed identity that can be used to authenticate with Azure services.

System Assigned Identity

5. Waiting for 5–10 minutes to check the heartbeat of the VM is a reasonable approach after making changes to the Azure Monitor Agent (AMA) configuration and enabling System-Assigned Identity. This allows time for the changes to take effect, and for the AMA agent to establish the necessary connections and begin logging.

AMA Agent pulled the logs from VM

After the waiting period, if you are now able to see AMA agent logs indicating a successful heartbeat from the VM, it suggests that the configuration adjustments and identity settings have been effective. This is a positive sign that the monitoring integration is working as expected.

Ref:

  1. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-troubleshoot-windows-vm
  2. https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview?tabs=portal
  3. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal
  4. https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-endpoint-overview?tabs=portal

--

--

RamanaReddy V
RamanaReddy V

No responses yet