GuestConfig agent failed to compute compliance status for Windows Server 2022 in Azure

Question

Hello Team,

I'm trying to Compliant the "Windows Web Server ha Secure Communication Protocols" Policy for my azure VM. The Compliance Status shows me Non-Compliant because of GuestConfig agent failed to compute the compliance status.

Cannot validate argument on parameter 'MinimumTLSVersion'. The argument "[parameters('MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112')]" does not belong to the set "1.1,1.2" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again. The PowerShell DSC resource '[SecureWebServer]s1' with SourceInfo 'SecureWebServerConfig.ps1::6::5::SecureWebServer' threw one or more non-terminating errors while running the Test-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details. LV.JPG

Registry Keys are set to correct. Guest Policy Configuration Extension with System managed Identity is Enabled.

Reinstalled Guest Extension but haven't gotten compliant with this policy.

Does anyone have any different Suggestions for this?

Thanks in Advance.

Regards,

Rahul

Answer 1

Hello there,

The agent installed by the Guest Configuration extension must be able to reach content packages listed by Guest Configuration assignments, and report status to the Guest Configuration service. The machine can connect using outbound HTTPS over TCP port 443, or if a connection is provided through private networking.

For the machine to authenticate to the Guest Configuration service, the machine must have a System-Assigned Managed Identity. The identity requirement on a virtual machine is met if the following property is set. 

"identity": {
  "type": "SystemAssigned"
}

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer–