Skip to content

Update Azure Arc Connectivity Check drop (ArcEndpointCheck.ps1 v2.6.0)#1908

Open
fabiotreze wants to merge 2 commits into
Azure:canaryfrom
fabiotreze:arc-endpoint-check
Open

Update Azure Arc Connectivity Check drop (ArcEndpointCheck.ps1 v2.6.0)#1908
fabiotreze wants to merge 2 commits into
Azure:canaryfrom
fabiotreze:arc-endpoint-check

Conversation

@fabiotreze

Copy link
Copy Markdown
Contributor

Description

This PR updates the Azure Arc Connectivity Check drop (script_automation/arc_endpoint_check) with a hardened, docs-aligned version of ArcEndpointCheck.ps1 (v2.6.0) and a refreshed _index.md.

What's changed

  • Endpoint alignment with the official Connected Machine agent network requirements (core vs. optional groups: SQL, AMA, MDE, WAC).
  • Automatic mode detection (Public vs. Azure Private Link) via azcmagent show -j and DNS/RFC1918 heuristic.
  • Proxy awareness mirroring the agent precedence (-ProxyUrl > azcmagent proxy.url > HTTPS_PROXY); the Windows system-wide proxy is only reported, never applied, matching the agent. Honors azcmagent proxy.bypass categories to skip HTTP probes that the agent would not send through the proxy.
  • IPv4 (A record) preference to avoid misclassifying Private Link endpoints that also expose a public AAAA record.
  • Resilient GNS handling: dynamic allowlist (guestnotificationservice) failures are treated as WARN (not FAIL) so a transient SERVFAIL doesn't fail the run; DNS gets one retry.
  • AMA metrics endpoint (global.prod.microsoftmetrics.com) added.
  • Runs azcmagent check with the correct flags per mode (--enable-pls-check for Private; --extensions all --include-all with -CheckIncludeAll).
  • Exit code 0 when all checks pass, 1 on any failure — usable in onboarding pipelines.

Files

  • script_automation/arc_endpoint_check/ArcEndpointCheck.ps1
  • script_automation/arc_endpoint_check/_index.md

Validated on a real Windows Server (Azure Arc-enabled, Private Link + Explicit Proxy) across all parameter combinations.

Added a function to validate proxy URIs and updated proxy handling logic to ensure only valid URIs are accepted.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant