search

Azure / avdaccelerator

AVD Accelerator deployment automation to simplify the setup of AVD (Azure Virtual Desktop) based on best practices
MIT License
308 stars 201 forks source link

Deployment failing due to MicrosoftAntiMalware extension conflict #571

Closed cuzzo333 closed 6 months ago

cuzzo333 commented 6 months ago

What happened? Provide a clear and concise description of the bug, including deployment details.

Attempting to use the AVD accelerator results in a failure during what looks like the session host VM provisioning stage. During this stage the host pool and associated VMs are deployed and two VM extensions are installed. One extension to domain join the VMs, which provisioning is successful for. The second extension to install MicrosoftAntiMalware (which looks like Windows Defender) where the provisioning fails due a conflict timeout error.

For reference I have attempted deployment using the win11-23h2-avd and win11-22h2-avd marketplace images.

Please provide the correlation id associated with your error or bug.

0ccac30f-5f2e-4af1-b80a-cae3fe9b1d3b

What was the expected outcome?

For the session pool VMs to finish deploying successfully. A more desired outcome would be to have an option to disable the AntiMalware extension from attempting to install.

Looking through the AVD accelerator ARM template it looks like the AntiMalware extension is set to not install, starting line 41071:

                    "extensionAntiMalwareConfig": {
                      "type": "object",
                      "defaultValue": {
                        "enabled": false
                      },

Further along in the template, line 44999, I found a second setting where "AntimalwareEnabled": true.

I may have missed some logic in the template which is installing the AntiMalware extension but during the AVD accelerator deployment i don't see any options to set the installation true/false.

Relevant log output

The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/9ad91719-7331-4eb0-8105-0c50793f1ab3/resourceGroups/rg-avd-pool-compute-eastus2-test/providers/Microsoft.Compute/virtualMachines/vm-avd0003/extensions/MicrosoftAntiMalware)
VM has reported a failure when processing extension 'MicrosoftAntiMalware' (publisher 'Microsoft.Azure.Security' and type 'IaaSAntimalware'). Error message: 'System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
   at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
   at Microsoft.Azure.Security.EngineConfiguratorWmi.EnableAntiMalware(String ServiceName)
   at Microsoft.Azure.Security.CampEngine.Enable(AntimalwareConfig newConfig)'. More information on troubleshooting is available at https://aka.ms/VMExtensionIaaSAntimalwareWindowsTroubleshoot.  (Code: VMExtensionProvisioningError)
danycontre commented 6 months ago

@cuzzo333 thank you for reporting the issues, we are reviewing it.

danycontre commented 6 months ago

@cuzzo333 we haven't been able to replicate the issue.

While we work in the logic to make antimalware optional, please provide more details on the options selected for your deployment so we can continue to test replicating the issue.

danycontre commented 6 months ago

Unable to get further details from requestor.