Can I remove my VMAccessAgent for VM migration from Classic to ARM causing migration issue without breaking RDP network connection

IT Administrator 0 Reputation points

Hi everyone,

I am trying to migrate a DC VM in Azure from Classic to ARM before Microsoft decommissions it and am getting some errors when attempting to migrate it
I had a previous GBInfo extension error and removed the extension and it got rid of that error, but I still have this error:

Migration is not supported for deployment 'VM01' in hosted service 'XX' because it has an input endpoint 'ADFS-HTTPS' which has endpoint ACLs. Migration of endpoint ACLs is not currently supported. VM VM01 in HostedService XX contains Extension Microsoft.Compute.VMAccessAgent reporting Status : Error. Hence, the VM cannot be migrated. Please ensure that the Extension status being reported is Success or uninstall it from the VM and retry migration.,Additional Details: Message=VMAccess Extension does not support Domain Controller. Code=1

I have this extension error:
User's image

and when I open the error:


  • Version


  • Status


  • Message

VMAccess Extension does not support Domain Controller.

  • Detailed status

View detailed status

  • Handler status


I have these EndPoints:

User's image

But I am worried if I remove the VMAccessagent extension to go ahead with the migration to ARM do it may break my RDP connection to the server and will not be able to get to the server afterwards?

Do I just remove the ADFS-HTTPS EndPoint and recreate it after the migration and not touch the VMAccessAgent even thought it has the error above but I am also worried it is needed to run the other EndPoints?

Can someone share some information on this please?

Much appreciated


Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
5,929 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 20,806 Reputation points Microsoft Employee

    Hi @IT Administrator

    Removing the VMAccessAgent should not break RDP access to the VM and you can safely remove the extension. The ADFS-HTTPS endpoint is used to enable secure communication between the VM and ADFS for users to securely authenticate. You can recreate this endpoint post migration by following these steps:

    • Open the Azure portal and navigate to the migrated VM.
    • In the VM's blade, select the Networking tab.
    • Locate the ADFS-HTTPS endpoint and select it.
    • In the endpoint's blade, select Delete.
    • Wait for the endpoint to be deleted and select Add.
    • Follow the prompts to recreate the endpoint with the same settings as before.

    Related Articles

    0 comments No comments