![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 60%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
470 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi @Kelly Rusk
Welcome to Microsoft Q&A! Thanks for posting the question.
I understand that you are trying to deploy an extension-based User Hybrid Runbook Worker on Azure Windows VM with Public Access disabled for Azure Automation Account, as shown below:
From the error posted above, I could think of the following major reasons for its failure (I am also providing a summary of steps to be followed in the later section of this answer to help you configure it again)
1. The virtual network of VM is different from the Azure Automation Account's private endpoint's virtual network (OR they are not connected).
2. System assigned identity is not enabled on the Azure VM (which is the designated Hybrid Worker).
---
Below are the steps that I took for testing "extension-based user hybrid worker" connection to Azure Automation Account with Public Access Disabled.
a. Create a Virtual Network in Azure with subnet. Azure Automation Account's private endpoint and Azure VM (Hybrid worker) will connect to this VNET. You can keep the address spaces and subnet addresses as default.
b. Follow the instruction available here to connect the automation account to private endpoint. (It can take up to 35 minutes for it to take effect):
c. Create a Windows Virtual Machine and connect it to the the VNET created in Step a. above.
d. Deploy the extension-based user hybrid worker using the steps available here.
e. Test your runbook against this hybrid worker. You can examine the following logs in Windows Event Viewer, to check for errors:
>>. Application logs available under "Windows Logs" in Event Viewer on the Hybrid worker machine. This would contain logs related to installation failures/crashes happening for related process.
>>. Operational logs available under "Applications and Services Logs --> Microsoft-SMA" in Event Viewer on the Hybrid worker machine. This would contain logs related to the functioning of runbook worker as well execution of runbook jobs.
>>. As the steps above are for extension-based deployment, you can also examine activity logs in Azure Portal for the VM for any failures.
Please let me know if you have any questions.
---
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.