[Question/Feedback]: No VMs resources are listed as compliant.

[jpgutton]

Check for previous/existing GitHub issues

• [X] I have checked for previous/existing GitHub issues

Description

I am working on deploying AMBA, I tried deploying to different tenants, using aligned and unaligned deployment, either through pipeline or CLI, everything is working great except for all the VM policies which marks all as non-compliant. VMs where created an hour after AMBA deployment, remediation task gives nothing except the errors below.

[Brunoga-MS]

hello @jpgutton , thanks for your feedback. I would like to understand more about this issue, since it looks like there was something wrong during the deployment. Could you please share the exact steps and order of execution?

Thanks, Bruno.

[jpgutton]

I redid a test, clean everything, removed all existing policies:

,delete all MG, and most of the existing resources in the target subs, create a new MG hierarchy using the contoso one from the doc.

I use the CLI to deploy the template, the only change I did in the param file was to set the location to Canada Central.

I then deploy some resources like VNet etc and the policies went well.

When I deployed a VM from the portal (next next next...) it didn't work. I waited then run the remediation script and the result is the same.

Note: I deployed it also in an unaligned hierarchy in my AIRS sub and after 2 remediations it works for the VM (existing and new).

[Brunoga-MS]

Hello @jpgutton , thanks for sharing. Given the outcome you shared, I suspect something strange with the MSDN subscription. I will investigate further on using an MSDN instance and let you know.

Thanks, Bruno.

[jpgutton]

I have PAYG subs, I'll clean everything and will redo the test.

[Brunoga-MS]

@jpgutton, could you please check if you have the VMInsights enabled or just a workspace deployed in the same subscription? I tried using my MSDN and it was failing for me as well with the same error on a machine that was not onboarded into VMInsights; I created a workspace, enabled VMInsights and after the data started appearing in the LAW I re-run the remediation and it went through. Was it maybe the case of your AIRS as well?

[Brunoga-MS]

Hello @jpgutton , I run my tests once again without any workspace or VMInsights onboarding and I was able to remediate VMs. I think it was just a sync issue going on for some time (like the policy compliance async results).

Let me know if tests on your side went good.

Thanks, Bruno.

[jpgutton]

Hello, @Brunoga-MS I cleaned up everything and redeploy using PAYG subs, yesterdays I had mixed results, even after remediation, some VMs were seen as compliant some other not with the same error (AMA deployed by policy on one sub, VM Insight by hand on a second one). This morning, I deployed new VMs in the same subs and all new ones are all green this PM.

Not sure why, maybe some latency in the policies. Ièll close it, will do more test next week in a new environment.