Ensure that both the licensing package and SSU are downloaded for the Azure Arc-enabled server as documented at KB5031043: Procedure to continue receiving security updates after extended support has ended on October 10, 2023.
If installing the Extended Security Update enabled by Azure Arc fails with errors such as "ESU: Trying to Check IMDS Again LastError=HRESULT_FROM_WIN32(12029)" or "ESU: Trying to Check IMDS Again LastError=HRESULT_FROM_WIN32(12002)", there is a known remediation approach:
Download this intermediate CA published by Microsoft.
Install the downloaded certificate as Local Computer under
Intermediate Certificate Authorities\Certificates. Use the following command to install the certificate correctly:
certutil -addstore CA 'Microsoft Azure TLS Issuing CA 01 - xsign.crt'
Install security updates. If it fails, reboot the machine and install security updates again.
If you have other issues receiving ESUs after successfully enrolling the server through Arc-enabled servers, or you need additional information related to issues affecting ESU deployment, see Troubleshoot issues in ESU.
If there are further updates on this issue, I will post it here.