Updating the Azure Arc Agent (Connected Machine Agent)

This article has not been completed yet. However, it may already contain helpful Information and therefore it has been published at this stage.

Prerequisites:

  • A server with an outdated Arc Agent version installed

While trying to set up a resource health check in Azure, I noticed that an agent installed on an arc enabled server is no longer up to date.

So I decided to document a way to bring this agent up to date.

Ubuntu & Debian:

# Updating the local package index
sudo apt update
# Installing an Agent Update
sudo apt upgrade azcmagent

Windows:

Automatic Upgrade:

The recommended way of keeping the Windows agent up to date is to automatically obtain the latest version through Microsoft Update.

Windows Server doesn't check for updates in Microsoft Update by default. To receive automatic updates for the Azure Connected Machine Agent (Azure Arc - Agent), you must configure the Windows Update client on the machine to check for other Microsoft products.

For Windows Servers that belong to a  workgroup:

# Modifying the lokal Update - Service
$ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
$ServiceID = "7971f918-a847-4430-9279-4a52d1efe18d"
$ServiceManager.AddService2($ServiceId,7,"")

For Windows Servers that belong to a domain:

  1. Sign into a computer used for server administration with an account that can manage Group Policy Objects (GPO) for your organization.
  2. Open the Group Policy Management Console.
  1. Expand the forest, domain, and organizational unit(s) to select the appropriate scope for your new GPO. If you already have a GPO you wish to modify, skip to step 6.
  2. Right-click the container and select Create a GPO in this domain, and Link it here....
  3. Provide a name for your policy such as "Enable Microsoft Update".
  4. Right-click the policy and select Edit.
  5. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Update.
  6. Select the Configure Automatic Updates setting to edit it.
  7. Select the Enabled radio button to allow the policy to take effect.
  8. At the bottom of the Options section, check the box for Install updates for other Microsoft products at the bottom.
  9. Select OK.

For Windows Servers that receive updates from an WSUS-Server:

Add the following products and classifications to your configuration:

  • Product Name: Azure Connected Machine Agent (select all 3 sub-options)
  • Classifications: Critical Updates, Updates

Manual Upgrade:

  1. Sign in to the computer with an account that has administrative rights.
  2. Download the latest agent installer from https://aka.ms/AzureConnectedMachineAgent
  3. Run AzureConnectedMachineAgent.msi to start the Setup Wizard.
# Alternative way via CLI
msiexec.exe /i AzureConnectedMachineAgent.msi /qn /l*v "C:\Support\Logs\azcmagentupgradesetup.log"

References:

Managing the Azure Arc-enabled servers agent - Azure Arc
This article describes the different management tasks that you will typically perform during the lifecycle of the Azure Connected Machine agent.