如何对失败的VM Endpoint Protection安装进行故障排除 [英] How to Troubleshoot failed VM Endpoint Protection Installation

问题描述

我该如何解决Azure订阅中VM上的端点保护失败的问题?

安装是通过Azure安全中心中的推荐操作"触发的.

以下是失败"日志条目中的关联JSON文件:

{
    渠道":运营"，
    "correlationId":"64348edc-1d97-b8cd-56cd-e0683e705595"，
    " description":"，
    "eventDataId":"57b8a4d3-619d-460a-8fb0-283ee2242689"，
    " eventName" ;: {
       值":扩展安装"，
       "localizedValue":扩展安装"
    }，
    类别":{
       值":管理"，
       "localizedValue":管理性"
    }，
    "eventTimestamp":"2018-07-27T17:27:44.8982713Z"，
    "id":/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS/events/57b8a4d3-619d-460a-8fb0-283ee2242689/ticks ，
    级别":错误"，
    "operationId":"182bc503-917a-4866-bcb5-0ff81339bd5c"，
    " operationName" ;: {
       值":"Microsoft.Security/dataCollectionAgents/install/action"，
       "localizedValue":"Microsoft.Security/dataCollectionAgents/install/action"
    }，
    "resourceGroupName":"CQFLUENCYRG"，
    "resourceProviderName":{
       值":"Microsoft.Compute"，
       "localizedValue":"Microsoft.Compute"
    }，
    "resourceType":{
       值":"Microsoft.Compute/virtualMachines"，
       "localizedValue":"Microsoft.Compute/virtualMachines"
    }，
    "resourceId":"/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS"，
    状态":{
       值":失败"，
       "localizedValue":失败"
    }，
    "subStatus":{
       "value":"，
       "localizedValue":"
    }，
    "submissionTimestamp":"2018-07-27T17:27:44.9151825Z"，
    "subscriptionId":"7144852a-326b-4996-a90f-5c0653ccf335"，
    "relatedEvents":[]
}

任何线索都会有所帮助....

谢谢

Paul

解决方案

Paul，

我在安装端点保护时也遇到了问题.我看了看这个文件:

C:\ WindowsAzure \ Logs \ AggregateStatus \ aggregatestatus

我注意到此块处于JSON格式化状态:

 {
        "handlerName":"Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent"，
        "handlerVersion":"1.0.11081.4"，
        状态":未就绪"，
        代码":400，
        "formattedMessage":{
          "lang":"en-US"，
          消息":"Microsoft Monitoring Agent配置不正确，请重新启动VM或删除/添加MicrosoftMonitoringAgent扩展."
        }，

重新启动VM不能解决问题，但是删除并安装代理可以解决问题.如果您以前没有卸载过代理，请看这里:

https://docs.microsoft.com/zh-CN/azure/log-analytics/log-analytics-agent-manage#uninstall-agent

如果这没有帮助，请告诉我们您是否在"aggregatestatus"文件中看到任何感兴趣的内容.

How do I go about troubleshooting a failed endpoint protection on a VM in our Azure subscription?

The Install was triggered from a Recommended Action in Azure Security Center.

Here's the associated JSON file from the 'failed' log entry:

{
    "channels": "Operation",
    "correlationId": "64348edc-1d97-b8cd-56cd-e0683e705595",
    "description": "",
    "eventDataId": "57b8a4d3-619d-460a-8fb0-283ee2242689",
    "eventName": {
        "value": "Extension Installation",
        "localizedValue": "Extension Installation"
    },
    "category": {
        "value": "Administrative",
        "localizedValue": "Administrative"
    },
    "eventTimestamp": "2018-07-27T17:27:44.8982713Z",
    "id": "/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS/events/57b8a4d3-619d-460a-8fb0-283ee2242689/ticks/636683092648982713",
    "level": "Error",
    "operationId": "182bc503-917a-4866-bcb5-0ff81339bd5c",
    "operationName": {
        "value": "Microsoft.Security/dataCollectionAgents/install/action",
        "localizedValue": "Microsoft.Security/dataCollectionAgents/install/action"
    },
    "resourceGroupName": "CQFLUENCYRG",
    "resourceProviderName": {
        "value": "Microsoft.Compute",
        "localizedValue": "Microsoft.Compute"
    },
    "resourceType": {
        "value": "Microsoft.Compute/virtualMachines",
        "localizedValue": "Microsoft.Compute/virtualMachines"
    },
    "resourceId": "/subscriptions/7144852a-326b-4996-a90f-5c0653ccf335/resourceGroups/CQFLUENCYRG/providers/Microsoft.Compute/virtualMachines/TRADOS",
    "status": {
        "value": "Failed",
        "localizedValue": "Failed"
    },
    "subStatus": {
        "value": "",
        "localizedValue": ""
    },
    "submissionTimestamp": "2018-07-27T17:27:44.9151825Z",
    "subscriptionId": "7144852a-326b-4996-a90f-5c0653ccf335",
    "relatedEvents": []
}

Any clues will be helpful....

Thanks,

Paul

解决方案

Hi Paul,

I was also having issues installing endpoint protection.  I looked at this file:

C:\WindowsAzure\Logs\AggregateStatus\aggregatestatus

I noticed this block in the JSON formatted status:

      {
        "handlerName": "Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent",
        "handlerVersion": "1.0.11081.4",
        "status": "NotReady",
        "code": 400,
        "formattedMessage": {
          "lang": "en-US",
          "message": "Microsoft Monitoring Agent is not configured correctly, please restart the VM or remove/add MicrosoftMonitoringAgent extension."
        },

Restarting the VM did not resolve the issue, but removing and installing the agent did.  Take a look here if you have not uninstalled the agent before:

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-manage#uninstall-agent

If this doesn't help, let us know if you see anything of interest in the 'aggregatestatus' file.  

这篇关于如何对失败的VM Endpoint Protection安装进行故障排除的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！