azure_arc icon indicating copy to clipboard operation
azure_arc copied to clipboard
verified publisher icon microsoft

[Bug / Issue]: Heartbeat from nested VMs not landing in Azure Arc

Open lmiroslaw opened this issue 2 months ago • 4 comments

Jumpstart Solution

  • [x] Jumpstart ArcBox
  • [ ] Jumpstart LocalBox
  • [ ] Jumpstart Agora
  • [ ] A specific Jumpstart scenario
  • [ ] Jumpstart Drops
  • [ ] Something else

What happened?

Solution: JumpStart - ArcBox, bicep based deployment

Issue: VMs under HyperV cannot sent heartbeat message to Azure Arc. Error message is that the tenantID does not exist although that's not the case. Also Credentials

See `DeploymentStatus.log

Name : Azure Arc Connected Machine is connected Path : {, Azure Arc Connected Machine is connected} Data : ExpandedName : Azure Arc Connected Machine is connected ExpandedPath : ArcBox-Ubuntu-01.Azure Arc Connected Machine is connected Result : Failed ErrorRecord : {Expected 'Connected', but got $null.}`

We need a URL from you

https://jumpstart.azure.com/azure_jumpstart_arcbox/ITPro

Deployment Method

Bicep

Relevant log output.

and `level=fatal msg="error connecting machine to Azure: failed to send a heartbeat: [certStore] ClientAssertionCredential authentication failed.  --------------------------------------------------------------------------------\nRESPONSE]--------------------------------------------------------------------------------/nRESPONSE) 400: 400 Bad Request\n--------------------------------------------------------------------------------\n{\n  \"error\": \"invalid_tenant\",\n  \"error_description\": \"AADSTS90002: Tenant 'XXX' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant. (...)   \"error_uri\": \"https://login.microsoftonline.com/error?code=90002\"\n}\n--------------------------------------------------------------------------------\n\n[certFile] error acquiring token from certificate: ClientCertificateCredential authentication failed.`

Code of Conduct and Licensing

  • [x] I agree to follow this project's Code of Conduct and Licensing terms.

lmiroslaw avatar Oct 06 '25 13:10 lmiroslaw

Hi @lmiroslaw - could you please share the zip-file in the C:\ArcBox\Logs folder on ArcBox-Client ?

janegilring avatar Oct 12 '25 05:10 janegilring

@lmiroslaw Did you have a chance to grab the logs and share?

janegilring avatar Oct 23 '25 14:10 janegilring

Logs10.11.2025.zip There you go and sorry for a long silence @janegilring

lmiroslaw avatar Nov 10 '25 13:11 lmiroslaw

@lmiroslaw Here is the relevant error from the logs:

Onboarding failed with response status: Request error: Error occurred during heart beat, Details: failed to send a heartbeat: [certStore] ClientAssertionCredential authentication failed. \"AADSTS90002: Tenant '8b198d3a-cd06-4a80-b118-44ffc216e58d' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant

It fails to onboard the machines with the above error message, so I would suggest double-checking the value provided for tenant ID during deployment. Could it be that 8b198d3a-cd06-4a80-b118-44ffc216e58d is the subscription ID, and that it was provided as the value for the tenant ID parameter?

The easiest would be to simply delete the resource group and perform a new deployment using the correct value for tenant ID.

janegilring avatar Nov 28 '25 04:11 janegilring