Azure Monitor agent on Windows client devices - no more events in workspace

MarcVanderhaegen 241 Reputation points
2023-01-20T20:45:42.0866667+00:00

Hello,

We are running, for a few weeks now, a POC testing Azure Monitor and Windows Client devices. It was running fine until yesterday evening.

Since around 21h30 (GMT+1) there is no more heartbeat, events or perf events from the machines arriving in the workspace.

I have tried installing the AMA on two other machines (one Windows 10 and one Windows 11) with the same result, nothing in the workspace.

I have checked the workspace insights and there are no operational errors or warnings. All the already enrolled devices are now marked as 'unhealthy'; the new devices are not appearing in the count of devices.

On the windows Client device, there are no error in the Service.log

On the other hand we have another POC testing Azure Monitor and Windows Servers, using another workspace and there, we have no problem at all. All the agents are healthy.

Any idea how I can troubleshoot this or do I need to open a case at MS Support ?

Thanks for your help

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,803 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SanthiSwaroopNaikBukke-4908 595 Reputation points
    2023-01-20T20:47:36.6966667+00:00

    Azure Monitor is a service that provides real-time monitoring data for Azure resources and on-premises servers. The Azure Monitor agent is a component that can be installed on Windows client devices to collect performance and event data for those devices and send it to an Azure Monitor workspace for analysis.

    If you are no longer seeing events in your Azure Monitor workspace for a Windows client device that has the Azure Monitor agent installed, there are a few things you can check:

    1. Verify that the agent is still running on the client device. You can check the Windows Task Manager to see if the "Microsoft Monitoring Agent" process is running.
    2. Check the agent's configuration to ensure that it is correctly configured to send data to the correct Azure Monitor workspace.
    3. Check the Azure Monitor workspace to ensure that data collection is enabled for the client device. You can also check if there's any issue with the workspace or the Log Analytics.
    4. Check the network connectivity between the client device and Azure. The agent needs to be able to connect to Azure to send data, so a network issue could be preventing data from being sent.
    5. Check the security of the client device. Ensure that there's no firewalls or security software blocking the communication between the agent and Azure.
    6. Check for any recent updates of the agent, it could be that the agent was updated and it's not longer compatible with the version of the agent running on the client device.
    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. AnuragSingh-MSFT 19,846 Reputation points
    2023-01-24T10:19:42.5533333+00:00

    MarcVanderhaegen, following up on Santhi's response above to check if it helped.

    Below are some additional points that should help you: -

    1. Since the issue with the client machines, check if they have connectivity to the following HTTP endpoints (see Prerequisites)
      • global.handler.control.monitor.azure.com
      • <virtual-machine-region-name>.handler.control.monitor.azure.com (example: westus.handler.control.azure.com)
      • <log-analytics-workspace-id>.ods.opinsights.azure.com (example: 12345a01-b1cd-1234-e1f2-1234567g8h99.ods.opinsights.azure.com) (If using private links on the agent, you must also add the data collection endpoints) As these are client machines, possibly they are out of the network where these are enabled and are getting blocked at the moment.
    2. If the process and Service (Microsoft Monitoring Agent) on these machines are in running state, check the agent diagnostics logs available in C:\Resources\Azure Monitor Agent\ This should have the current logs from the machines to see if they are running into any issues.
    3. the "Daily Cap" limit on the Log Analytics Workspace could also have prevented the log ingestion - see Set daily cap on Log Analytics workspace
    4. Also check the Logs (Application, System, Services etc) in the Event Viewer on the machines to see if there are any errors which could cause this issue (auth failure, process crash etc.)

    Please let us know if you have any questions.

  4. MarcVanderhaegen 241 Reputation points
    2023-02-08T08:50:07.8066667+00:00

    Hello,

    The problem is solved, it was a code bug on Microsoft side preventing news agents or restarted agents from getting any DCRs.
    The fix has been deployed and the machines are now communicating correctly.

    Marc