Skip to content

Commit 5012f81

Browse files
authored
Merge pull request #103102 from BethWilke/task1665735a
Moved section
2 parents f932269 + 927b972 commit 5012f81

File tree

1 file changed

+36
-37
lines changed

1 file changed

+36
-37
lines changed

articles/automation/troubleshoot/hybrid-runbook-worker.md

Lines changed: 36 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ This article provides information on troubleshooting issues with Hybrid Runbook
1616

1717
## General
1818

19-
The Hybrid Runbook Worker depends on an agent to communicate with your Automation account to register the worker, receive runbook jobs, and report status. For Windows, this agent is the Log Analytics agent for Windows (also referred to as the Microsoft Monitoring Agent (MMA)). For Linux, it's the Log Analytics agent for Linux.
19+
The Hybrid Runbook Worker depends on an agent to communicate with your Automation account to register the worker, receive runbook jobs, and report status. For Windows, this agent is the Log Analytics agent for Windows, also referred to as the Microsoft Monitoring Agent (MMA). For Linux, it's the Log Analytics agent for Linux.
2020

2121
### <a name="runbook-execution-fails"></a>Scenario: Runbook execution fails
2222

@@ -28,11 +28,11 @@ Runbook execution fails and you receive the following error:
2828
"The job action 'Activate' cannot be run, because the process stopped unexpectedly. The job action was attempted three times."
2929
```
3030

31-
Your runbook is suspended shortly after it attempts to execute it three times. There are conditions that may interrupt the runbook from completing. The related error message may not include any additional information.
31+
Your runbook is suspended shortly after it attempts to execute three times. There are conditions that may interrupt the runbook from completing. The related error message may not include any additional information.
3232

3333
#### Cause
3434

35-
The following are potential possible causes:
35+
The following are possible causes:
3636

3737
* The runbooks can't authenticate with local resources
3838

@@ -46,7 +46,7 @@ The following are potential possible causes:
4646

4747
Verify the computer has outbound access to *.azure-automation.net on port 443.
4848

49-
Computers running the Hybrid Runbook Worker should meet the minimum hardware requirements before the worker is configured to host this feature. Runbooks and the background processes they use may cause the system to be over-used and cause runbook job delays or timeouts.
49+
Computers running the Hybrid Runbook Worker should meet the minimum hardware requirements before the worker is configured to host this feature. Runbooks and the background process they use may cause the system to be over-used and cause runbook job delays or timeouts.
5050

5151
Confirm the computer that will run the Hybrid Runbook Worker feature meets the minimum hardware requirements. If it does, monitor CPU and memory use to determine any correlation between the performance of Hybrid Runbook Worker processes and Windows. Any memory or CPU pressure may indicate the need to upgrade resources. You can also select a different compute resource that can support the minimum requirements and scale when workload demands indicate an increase is necessary.
5252

@@ -66,7 +66,6 @@ At line:3 char:1
6666
+ CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], ArgumentException
6767
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand
6868
```
69-
7069
#### Cause
7170

7271
This error occurs when you attempt to use a [Run As Account](../manage-runas-account.md) in a runbook that runs on a Hybrid Runbook Worker where the Run As Account certificate's not present. Hybrid Runbook Workers don't have the certificate asset locally by default, which is required by the Run As Account to function properly.
@@ -75,6 +74,33 @@ This error occurs when you attempt to use a [Run As Account](../manage-runas-acc
7574

7675
If your Hybrid Runbook Worker is an Azure VM, you can use [Managed identities for Azure resources](../automation-hrw-run-runbooks.md#managed-identities-for-azure-resources) instead. This scenario simplifies authentication by allowing you to authenticate to Azure resources using the managed identity of the Azure VM instead of the Run As Account. When the Hybrid Runbook Worker is an on-premises machine, you need to install the Run As Account certificate on the machine. To learn how to install the certificate, see the steps to run the PowerShell runbook Export-RunAsCertificateToHybridWorker in [Running runbooks on a Hybrid Runbook Worker](../automation-hrw-run-runbooks.md).
7776

77+
### <a name="error-403-on-registration"></a>Scenario: Error 403 during registration of Hybrid Runbook Worker
78+
79+
#### Issue
80+
81+
The worker's initial registration phase fails and you receive the following error (403).
82+
83+
```error
84+
"Forbidden: You don't have permission to access / on this server."
85+
```
86+
87+
#### Cause
88+
89+
The following are possible causes:
90+
* There's a mistyped workspace ID or workspace key (primary) in the agent’s settings.
91+
* The Hybrid Runbook Worker can't download the configuration, causing an account linking error. When Azure enables solutions, it supports only certain regions for linking a Log Analytics workspace and an Automation account. It's also possible that an incorrect date and/or time is set on the computer. If the time is +/-15 minutes from the current time, onboarding fails.
92+
93+
#### Resolution
94+
95+
##### Mistyped workspace ID/key
96+
To verify if the agent’s workspace ID or workspace key has been mistyped, see [Adding or removing a workspace – Windows agent](../../azure-monitor/platform/agent-manage.md#windows-agent) for the Windows agent or [Adding or removing a workspace – Linux agent](../../azure-monitor/platform/agent-manage.md#linux-agent) for the Linux agent. Make sure to select the full string from the Azure portal and copy and paste it carefully.
97+
98+
##### Configuration not downloaded
99+
100+
Your Log Analytics workspace and Automation Account must be in a linked region. For a list of supported regions, see [Azure Automation and Log Analytics workspace mappings](../how-to/region-mappings.md).
101+
102+
You might also need to update the date and or time zone of your computer. If you select a custom time range, make sure that the range is in UTC, which can differ from your local time zone.
103+
78104
## Linux
79105

80106
The Linux Hybrid Runbook Worker depends on the [Log Analytics agent for Linux](../../azure-monitor/platform/log-analytics-agent.md) to communicate with your Automation account to register the worker, receive runbook jobs, and report status. If registration of the worker fails, here are some possible causes for the error:
@@ -87,7 +113,7 @@ The Log Analytics agent for Linux isn't running
87113

88114
#### Cause
89115

90-
If the agent isn't running, it prevents the Linux Hybrid Runbook Worker from communicating with Azure Automation. The agent may not be running for various reasons.
116+
If the agent isn't running, it prevents the Linux Hybrid Runbook Worker from communicating with Azure Automation. The agent might not be running for various reasons.
91117

92118
#### Resolution
93119

@@ -102,41 +128,14 @@ nxautom+ 8595 1 0 14:45 ? 00:00:02 python /opt/microsoft/omsconfi
102128
The following list shows the processes that are started for a Linux Hybrid Runbook Worker. They're all located in the `/var/opt/microsoft/omsagent/state/automationworker/` directory.
103129

104130

105-
* **oms.conf** - This value is the worker manager process. It's started directly from DSC.
131+
* **oms.conf** - The worker manager process. It's started directly from DSC.
106132

107-
* **worker.conf** - This process is the Auto Registered Hybrid worker process, it's started by the worker manager. This process is used by Update Management and is transparent to the user. This process isn't present if the Update Management solution isn't enabled on the machine.
133+
* **worker.conf** - The Auto Registered Hybrid worker process, it's started by the worker manager. This process is used by Update Management and is transparent to the user. This process isn't present if the Update Management solution isn't enabled on the machine.
108134

109-
* **diy/worker.conf** - This process is the DIY hybrid worker process. The DIY hybrid worker process is used to execute user runbooks on the Hybrid Runbook Worker. It only differs from the Auto registered Hybrid worker process in the key detail that it uses a different configuration. This process isn't present if the Azure Automation solution is disabled and the DIY Linux Hybrid Worker isn't registered.
135+
* **diy/worker.conf** - The DIY hybrid worker process. The DIY hybrid worker process is used to execute user runbooks on the Hybrid Runbook Worker. It only differs from the Auto registered Hybrid worker process in the key detail that it uses a different configuration. This process isn't present if the Azure Automation solution is disabled and the DIY Linux Hybrid Worker isn't registered.
110136

111137
If the agent isn't running, run the following command to start the service: `sudo /opt/microsoft/omsagent/bin/service_control restart`.
112138

113-
### <a name="error-403-on-registration"></a>Scenario: Error 403 during registration of Hybrid Runbook Worker
114-
115-
#### Issue
116-
117-
The worker's initial registration phase fails and you receive the following error (403).
118-
119-
```error
120-
"Forbidden: You don't have permission to access / on this server."
121-
```
122-
123-
#### Cause
124-
125-
The following are possible causes:
126-
* There's a mistyped workspace ID or workspace key (primary) in the agent’s settings.
127-
* The Hybrid Runbook Worker can't download the configuration, causing an account linking error. When Azure enables solutions, it supports only certain regions for linking a Log Analytics workspace and an Automation account. It's also possible that an incorrect date and/or time is set on the computer. If the time is +/-15 minutes from the current time, onboarding fails.
128-
129-
#### Resolution
130-
131-
##### Mistyped workspace ID/key
132-
To verify if the agent’s workspace ID or workspace key has been mistyped, see [Adding or removing a workspace – Windows agent](../../azure-monitor/platform/agent-manage.md#windows-agent) for the Windows agent or [Adding or removing a workspace – Linux agent](../../azure-monitor/platform/agent-manage.md#linux-agent) for the Linux agent. Make sure to select the full string from the Azure portal and copy and paste it carefully.
133-
134-
##### Configuration not downloaded
135-
136-
Your Log Analytics workspace and Automation Account must be in a linked region. For a list of supported regions, see [Azure Automation and Log Analytics workspace mappings](../how-to/region-mappings.md).
137-
138-
You might also need to update the date and or time zone of your computer. If you select a custom time range, make sure that the range is in UTC, which can differ from your local time zone.
139-
140139
### <a name="class-does-not-exist"></a>Scenario: The specified class doesn't exist
141140

142141
If you see the error **The specified class does not exist..** in the `/var/opt/microsoft/omsconfig/omsconfig.log`, the Log Analytics agent for Linux needs to be updated. Run the following command to reinstall the agent:
@@ -175,7 +174,7 @@ This issue can be caused by your proxy or network firewall blocking communicatio
175174

176175
#### Resolution
177176

178-
Logs are stored locally on each hybrid worker at C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes. You can check if there are any warning or error events in the **Application and Services Logs\Microsoft-SMA\Operations** and **Application and Services Logs\Operations Manager** event log that indicate a connectivity or other issue that affects onboarding of the role to Azure Automation or issue while under normal operations. For additional help troubleshooting issues with the Log Analytics agent, see [Troubleshoot issues with the Log Analytics Windows agent](../../azure-monitor/platform/agent-windows-troubleshoot.md).
177+
Logs are stored locally on each hybrid worker at C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes. You can verify if there are any warning or error events in the **Application and Services Logs\Microsoft-SMA\Operations** and **Application and Services Logs\Operations Manager** event log that indicate a connectivity or other issue that affects onboarding of the role to Azure Automation or issue while under normal operations. For additional help troubleshooting issues with the Log Analytics agent, see [Troubleshoot issues with the Log Analytics Windows agent](../../azure-monitor/platform/agent-windows-troubleshoot.md).
179178

180179
[Runbook output and messages](../automation-runbook-output-and-messages.md) are sent to Azure Automation from hybrid workers just like runbook jobs that run in the cloud. You can also enable the Verbose and Progress streams the same way you would for other runbooks.
181180

0 commit comments

Comments
 (0)