Azure Policy to deploy VM application is success when run on our Resource group, but app is not installed

rajesh.john 0 Reputation points
2024-11-08T17:48:36.8+00:00

We are attempting to install software agents on our VM's in Azure (looking for something similar to aws systems manager and state manager)

Azure Policy that has VM application defined on it runs fine and also completes with success, but application is not installed on it...

Where can i find the logs for this azure policy remediations ?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
932 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pavan Minukuri 765 Reputation points Microsoft Vendor
    2024-11-08T19:37:05.25+00:00

    Hi rajesh.john,
    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    To troubleshoot the installation of software agents on your Azure VMs using Azure Policy, you can find logs related to policy remediations in several places within the Azure portal. Here’s where to look for logs and troubleshoot your Azure Policy remediation tasks:
    Azure Portal - Policy Compliance:

    Navigate to the Azure Portal.
    Go to Policy and select Assignments.
    Locate the specific policy assignment related to your VM applications.
    Click on the assignment to view its compliance state. This will show which resources are compliant or non-compliant.

    Activity Log:
    In the Azure Portal, go to Monitor > Activity Log.
    Filter the logs by resource type (e.g., Virtual Machines) and the specific time frame during which you executed the policy.
    Look for events related to policy evaluations and remediation actions.

    Guest Configuration Logs (for Guest Configuration Policies):

    If using Guest Configuration policies, check the logs on the VM itself. The Guest Configuration extension logs are typically located at: C:\Windows\Logs\Azure\GuestConfiguration

    These logs provide insights into whether the Guest Configuration agent was able to apply the desired settings or install applications.
    Azure Automation Runbook Logs:
    If you are using Azure Automation runbooks to handle installations based on policy compliance, check the output of those runbooks in the Azure Automation account.

    Go to Automation Accounts, select your account, then navigate to Jobs under Process Automation to see details of each runbook execution.

    For better understanding please refer attached link: https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/software-installation-using-machine-configuration-and-azure-policy/3695636

    If you have any further queries, do let us know. If the Answer is helpful, please click "Accept Answer".


  2. rajesh.john 0 Reputation points
    2024-11-22T18:07:10.1033333+00:00

    Hello

    the issue is not resolved yet, these are my progress on this effort

    I am able to create VMAppExtension using Resource Manager template and also able to deploy them to my VM. After deployment i am able to see the VMAppExtension listed under Extension on my VM with Status (unavailable)..

    But, the splunk agent is not installed on the VM, need to know what else should we check for this agent install via VM extensions


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.