Hello @Janne Kujanpää
Welcome to the Microsoft Q&A platform. Happy to answer your question.
This is the most common issue with the VMs deployed through custom images that has security hardening. The Azure VM Agent is installed by default on any Windows VM deployed from an Azure Marketplace image. Since the VMs you deployed has guest agent installed but not successfully running, I am assuming these CIS provided images are packaged with guest agent already.
In cases, where the guest agent services are not started or not running, post VM deployment, it could be because one of the below prerequisites are not in place.
- The Windows VM Agent needs at least Windows Server 2008 SP2 (64-bit) to run, with the .NET Framework 4.See Minimum version support for virtual machine agents in Azure.
- Ensure your VM has access to IP address 168.63.129.16(Azure Wire Server IP. For more information, see What is IP address 168.63.129.16.
- Ensure that DHCP is enabled inside the guest VM. This is required to get the host or fabric address from DHCP for the IaaS VM Agent and extensions to work. If you need a static private IP, you should configure it through the Azure portal or PowerShell, and make sure the DHCP option inside the VM is enabled. Learn more about setting up a static IP address with PowerShell.
You could also install this Windows VM guest agent manually, using the procedure here in case of guest agent partial installation/failures.
Here is the path for most commonly useful logs for troubleshooting the Windows Azure Guest Agent issues on windows VMs
C:\WindowsAzure\Logs\WaAppAgent.log
C:\WindowsAzure\Logs\TransparentInstaller.log
Reference TSG for extension related issue Troubleshooting extension failures
Windows Azure Guest Agent doc Overview of windows guest agent
Please "Accept as Answer" if any of above helped so that, it can help others in community looking for remediation for the similar issues.