Share via

Azure Migrate - Having to use Agent Based Dependency - issue with Agent install

Gareth Morrallee 40 Reputation points
2025-01-13T18:51:45.82+00:00

Hi - due to a plane of separation at VMWare level we're having to configure the MMA agents on the servers to assess. However when we try to connect them to the LAW we get the following error:

Error: Failed to connect, exception : System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

We've checked the network and there is communication between the clients and the LAW on port 443 (ran a "tnc lawaddress -p 443") and have checked that TLS 1.2 is enabled on the client - all OK. Firewall doesn't look to have any issues either.

Have installed on a test machine elsewhere with the same LAW credentials and it's fine. So it's obviously something at the hardware level but unsure what. Client servers are 2019.

Any ideas?!

PS I know the MMA Agent is basically EoL now but not sure if there is any other way to do agent based assessment of VMs at this time?!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,886 questions
Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
855 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pavan Minukuri 1,045 Reputation points Microsoft Vendor
    2025-01-13T21:19:55.7066667+00:00

    Hi @Gareth Morrallee
    Welcome to Microsoft Q&A, Thanks for asking question here!

    The error with the MMA connecting to the Log Analytics Workspace likely a TLS handshake issue caused by a mismatch in encryption protocol please try with below steps:

    1.Make sure both the client and server support TLS 1.2 and verify if it's enabled on the server by checking the Windows Registry.
    2.The error suggests a cipher suite mismatch, so ensure your server has the necessary TLS 1.2 cipher suites enabled and update the server's configuration if needed.
    3.If hardening policies disable lower TLS versions, you may need to adjust registry entries to allow TLS 1.2 connections.

    Add or ensure the following registry keys exist:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Disabled"=dword:00000000
"Enabled"=dword:00000001

    4.Even if port 443 is open, make sure there are no proxy settings blocking SSL/TLS connections, and configure the SSL inspection proxy to bypass traffic for Azure endpoints if needed.
    5.Check for issues with the certificates used by MMA, remove any outdated or invalid certificates, and generate a new one by restarting the MMA service.
    6.Check the event logs for the MMA service to find specific error messages that may explain the connection issue.

    Reference documents: https://stackoverflow.com/questions/67297713/azure-log-analytics-agentmicrosoft-monitoring-agent-installation-error-error
    https://learn.microsoft.com/en-us/services-hub/unified/health/troubleshooting-mma-agent
    https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agent-windows-troubleshoot?tabs=UpdateMMA
    https://learn.microsoft.com/en-us/answers/questions/1141299/azure-migrate-service-mma-installation-issue-on-ano
    Please let me know if you required anything!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.