Share via

Critical Test MOC NodeAgent Cert Hostname Drift failed: NodeAgent cert hostname drift

MB 90 Reputation points
2026-05-22T18:12:47.86+00:00

We're following this alert that was sent today to apply to our Azure Local clusters
User's image

however on 2 of the clusters we're getting the following message when running Test-SupportAksArcKnownIssues

Test-SupportAksArcKnownIssues : Critical Test MOC NodeAgent Cert Hostname Drift failed: NodeAgent cert hostname drift: server01: ImagePath does not contain

'--nodeagentfqdn server01.domain.ca' as a complete argument; server02: ImagePath does not contain '--nodeagentfqdn server02.domain.ca' as a complete

argument; server03: ImagePath does not contain '--nodeagentfqdn server03.domain.ca' as a complete argument; server04: ImagePath does not contain

'--nodeagentfqdn server04.domain.ca' as a complete argument

At line:1 char:1

+ Test-SupportAksArcKnownIssues

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException*

*+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SupportAksArcKnownIssues*

We're following the documentation provided here.

https://learn.microsoft.com/en-ca/azure/azure-local/manage/remediate-support-tool-infrastructure?view=azloc-2604

The tool installs fine on all the clusters, except 2 of the clusters we get the error above when testing the node agent cert hostname drift. Although everything seems to be fine.

Azure Local
0 comments

Answer accepted by question author

Himanshu Shekhar 6,710 Reputation points Microsoft External Staff Moderator
2026-05-25T05:57:31.8966667+00:00

Hey there! It looks like Test-SupportAksArcKnownIssues is complaining because the NodeAgent service on those two clusters doesn’t have the FQDN argument baked into its ImagePath—so the hostname drift check will always fail. Here’s how you can fix it:

Check the service ImagePath on each node Run this on an elevated PowerShell prompt:

Get-ItemProperty `
  -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\wssdagent' `
  -Name ImagePath

You should see something like: “C:\Program Files\WssdCloudAgent\Microsoft.Management.Hybrid.CloudAgent.exe” … --nodeagentfqdn server01.domain.ca …

If the FQDN flag is missing, update the registry value

$svcPath = 'C:\Program Files\WssdCloudAgent\Microsoft.Management.Hybrid.CloudAgent.exe'
$args   = '--nodeagent --nodeagentfqdn server01.domain.ca --hostagent ...'  # include any other flags you already have
Set-ItemProperty `
  -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\wssdagent' `
  -Name ImagePath `
  -Value "`"$svcPath`" $args"

Restart the CloudAgent service

Restart-Service wssdagent

Re-run the remediation and test commands

Invoke-SupportAksArcRemediation
Test-SupportAksArcKnownIssues

You should no longer see the “--nodeagentfqdn … as a complete argument” error.

Why this happens • In some versions of the remediation tool there was a logic issue where it didn’t append the FQDN argument correctly. • Manually ensuring the registry ImagePath matches the other healthy clusters will let the drift check pass.

Follow-up questions, if this doesn’t do the trick:

  1. After you update the ImagePath, does Get-ItemProperty actually show the FQDN flag in place?
  2. Did you run Invoke-SupportAksArcRemediation after fixing the registry?
  3. Are these nodes domain-joined and resolving their own FQDN correctly?

Hope that helps!

References

• Remediation support tool infrastructure: https://learn.microsoft.com/en-ca/azure/azure-local/manage/remediate-support-tool-infrastructure?view=azloc-2604

• Drift detection for Azure Local: https://learn.microsoft.com/azure/azure-local/manage/drift-detection?view=azloc-2604

Was this answer helpful?

1 person found this answer helpful.

Answer accepted by question author

Edy 301 Reputation points
2026-05-25T01:50:51.5+00:00

Just run Invoke-SupportAksArcRemediation to update the MocAgent and then Test-SupportAksArcKnownIssues will work again

Was this answer helpful?

1 person found this answer helpful.

Answer accepted by question author

AI answer

2026-05-22T18:13:11.4033333+00:00

The error indicates that the Support tool’s Test-SupportAksArcKnownIssues check for MOC NodeAgent cert hostname drift is failing because the NodeAgent service’s ImagePath on those two clusters doesn’t contain the expected --nodeagentfqdn <hostname> argument. This is a drift condition that the tool is explicitly looking for.

To address this issue on the affected clusters, follow the documented remediation flow for Azure Local infrastructure components:

  1. Ensure the Support tool is correctly installed and up to date on the affected clusters: 
       Install-Module -Name Support.AksArc
   Import-Module Support.AksArc -Force
    If already installed, update it: 
       Remove-Module -Name Support.AksArc
   Update-Module -Name Support.AksArc
   Import-Module -Name Support.AksArc
  2. Run the remediation command provided by the Support tool to test and fix known issues, including NodeAgent-related drift: 
       Invoke-SupportAksArcRemediation
    This command is designed to detect and remediate common Azure Local infrastructure problems, including issues with MOC components that can lead to VM-related risks.
  3. After remediation completes, rerun the diagnostic check to confirm the drift is resolved: 
       Test-SupportAksArcKnownIssues
  4. If the drift persists or the remediation fails on those clusters, collect additional diagnostics using the Azure Local Support Diagnostic Tool and then contact Microsoft Support:
    • Install/update the diagnostic tool: 
           Install-Module -Name Microsoft.AzLocal.CSSTools
     Update-Module -Name Microsoft.AzLocal.CSSTools
     Remove-Module -Name Microsoft.AzLocal.CSSTools
     Import-Module -Name Microsoft.AzLocal.CSSTools
    • Run a cluster-wide diagnostic check and generate a data bundle: 
           Invoke-AzsSupportInsight -ComputerName (Get-ClusterNode).Name
     New-AzsSupportDataBundle –Component <Component>
    Provide the resulting bundle to Microsoft Support when opening a support request for Azure Local → Arc VM management → Arc-enabled VM operations, as indicated in the notification.

These steps align with the recommended use of the Remediation Support Tool for Azure Local infrastructure component issues and the Azure Local Support Diagnostic Tool for deeper troubleshooting when automated remediation does not fully resolve drift.

References:

AI-generated content may be incorrect. Read our transparency notes for more information.

Was this answer helpful?

1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.