xkaspers
commented
1 week ago We have the exact same issue. It looks like this has started since extension version 1.29.75.0. Might be earlier versions as well, but at least version 1.29.71.0 and lower seem to work as we also have VM's with extension version 1.29.71.0 and those are working fine.
We use Azure Firewall in the environment, and can see in the logging errors with "SNI TLS extension was missing" for Virtual Machines that do not connect correctly to the guest configuration url's.
The workaround with the tag for private networking works. When adding the tag and restarting the guest configuration service in the OS, the connection starts working directly.
rbnmk
We have been facing issues on few VMs where we have applied custom guest configuration, the status of it in the VM configuration management pane is pending, and on Azure policy compliant status is non-compliant.
Initially it was working as expected and VM was complaint.
under gc_agent log file in "C:\ProgramData\GuestConfig\gc_agent_logs" We can see an below error's.
few Min's before it was working as expected.
below work around was found : If we update the tag mentioned in below article, it started to work with private networking. https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview#communicate-over-private-link-in-azure
But the question is, why the connection suddenly stopped working on public network? ( no changes in network has been done, and outbound towards internet port 443 is already opened)