如何对失败的VM Endpoint Protection安装进行故障排除 [英] How to Troubleshoot failed VM Endpoint Protection Installation
问题描述
我该如何解决Azure订阅中VM上的端点保护失败的问题?
安装是通过Azure安全中心中的推荐操作"触发的.
以下是失败"日志条目中的关联JSON文件:
{
渠道":运营",
"correlationId":"64348edc-1d97-b8cd-56cd-e0683e705595",
" description":",
"eventDataId":"57b8a4d3-619d-460a-8fb0-283ee2242689",
" eventName" ;: {
值":扩展安装",
"localizedValue":扩展安装"
},
类别":{
值":管理",
"localizedValue":管理性"
},
"eventTimestamp":"2018-07-27T17:27:44.8982713Z",
"id":/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS/events/57b8a4d3-619d-460a-8fb0-283ee2242689/ticks ,
级别":错误",
"operationId":"182bc503-917a-4866-bcb5-0ff81339bd5c",
" operationName" ;: {
值":"Microsoft.Security/dataCollectionAgents/install/action",
"localizedValue":"Microsoft.Security/dataCollectionAgents/install/action"
},
"resourceGroupName":"CQFLUENCYRG",
"resourceProviderName":{
值":"Microsoft.Compute",
"localizedValue":"Microsoft.Compute"
},
"resourceType":{
值":"Microsoft.Compute/virtualMachines",
"localizedValue":"Microsoft.Compute/virtualMachines"
},
"resourceId":"/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS",
状态":{
值":失败",
"localizedValue":失败"
},
"subStatus":{
"value":",
"localizedValue":"
},
"submissionTimestamp":"2018-07-27T17:27:44.9151825Z",
"subscriptionId":"7144852a-326b-4996-a90f-5c0653ccf335",
"relatedEvents":[]
}
任何线索都会有所帮助....
谢谢
Paul
Paul,
我在安装端点保护时也遇到了问题.我看了看这个文件:
C:\ WindowsAzure \ Logs \ AggregateStatus \ aggregatestatus
我注意到此块处于JSON格式化状态:
{ "handlerName":"Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent", "handlerVersion":"1.0.11081.4", 状态":未就绪", 代码":400, "formattedMessage":{ "lang":"en-US", 消息":"Microsoft Monitoring Agent配置不正确,请重新启动VM或删除/添加MicrosoftMonitoringAgent扩展." },重新启动VM不能解决问题,但是删除并安装代理可以解决问题.如果您以前没有卸载过代理,请看这里:
https://docs.microsoft.com/zh-CN/azure/log-analytics/log-analytics-agent-manage#uninstall-agent
如果这没有帮助,请告诉我们您是否在"aggregatestatus"文件中看到任何感兴趣的内容.
How do I go about troubleshooting a failed endpoint protection on a VM in our Azure subscription?
The Install was triggered from a Recommended Action in Azure Security Center.
Here's the associated JSON file from the 'failed' log entry:
{
"channels": "Operation",
"correlationId": "64348edc-1d97-b8cd-56cd-e0683e705595",
"description": "",
"eventDataId": "57b8a4d3-619d-460a-8fb0-283ee2242689",
"eventName": {
"value": "Extension Installation",
"localizedValue": "Extension Installation"
},
"category": {
"value": "Administrative",
"localizedValue": "Administrative"
},
"eventTimestamp": "2018-07-27T17:27:44.8982713Z",
"id": "/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS/events/57b8a4d3-619d-460a-8fb0-283ee2242689/ticks/636683092648982713",
"level": "Error",
"operationId": "182bc503-917a-4866-bcb5-0ff81339bd5c",
"operationName": {
"value": "Microsoft.Security/dataCollectionAgents/install/action",
"localizedValue": "Microsoft.Security/dataCollectionAgents/install/action"
},
"resourceGroupName": "CQFLUENCYRG",
"resourceProviderName": {
"value": "Microsoft.Compute",
"localizedValue": "Microsoft.Compute"
},
"resourceType": {
"value": "Microsoft.Compute/virtualMachines",
"localizedValue": "Microsoft.Compute/virtualMachines"
},
"resourceId": "/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS",
"status": {
"value": "Failed",
"localizedValue": "Failed"
},
"subStatus": {
"value": "",
"localizedValue": ""
},
"submissionTimestamp": "2018-07-27T17:27:44.9151825Z",
"subscriptionId": "7144852a-326b-4996-a90f-5c0653ccf335",
"relatedEvents": []
}Any clues will be helpful....
Thanks,
Paul
解决方案Hi Paul,
I was also having issues installing endpoint protection. I looked at this file:
C:\WindowsAzure\Logs\AggregateStatus\aggregatestatus
I noticed this block in the JSON formatted status:
{ "handlerName": "Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent", "handlerVersion": "1.0.11081.4", "status": "NotReady", "code": 400, "formattedMessage": { "lang": "en-US", "message": "Microsoft Monitoring Agent is not configured correctly, please restart the VM or remove/add MicrosoftMonitoringAgent extension." },Restarting the VM did not resolve the issue, but removing and installing the agent did. Take a look here if you have not uninstalled the agent before:
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-manage#uninstall-agent
If this doesn't help, let us know if you see anything of interest in the 'aggregatestatus' file.
这篇关于如何对失败的VM Endpoint Protection安装进行故障排除的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!