I’m experiencing a problem with Azure Site Recovery during the setup of disaster recovery for a virtual machine (VM). Recently, I’ve been receiving an error indicating that the extension update settings are unhealthy, particularly related to auto-update settings. When I attempt to address the issue by clicking the repair button, it redirects me to the renew certificate page. Unfortunately, clicking the "Renew Certificate" button doesn’t trigger any action.
Despite having confirmed that I possess the required contribute permissions for the subscription and attempting to resolve the problem with Global admin users, the issue persists. I would greatly appreciate any assistance in resolving this matter.
2
Answers
After a workaround on your issue, it looks like a Site Recovery extension appears to be failing to update or load. Uninstalling the extension and restarting the process is one way to resolve this issue. For that, go to the VM causing the backup failure in the portal and go to
site recovery extensionand uninstall it.Refer MSDoc for the above relevant information.
Alternatively, you can repair the Azure Site Recovery extension directly on the VM rather than using the "Repair" button in the portal. Connect to the virtual machine and start a remote PowerShell session or use a CLI command called
az vm repair repair-and-restore.Using CLI, you can also list out the repair list scripts as shown and search for any updates required for it.
You can also refer MSDoc for more relevant information.
The issue here is with your Run as Automation account that probably need renewing the certificate as it might have expired. The redirection link to run as automation account encountering an issue.
In general, Run as account’s self signed cert expires one month from the date of creation. At some point before your Run As account expires, you must renew the certificate. You can renew it any time before it expires.
If it is an enterprise or third-party certificate.Every certificate has a built-in expiration date. If the certificate you assigned to the Run As account was issued by a certification authority (CA), you need to perform a different set of steps to configure the Run As account with the new certificate before it expires. You can renew it any time before it expires.
Import the renewed certificate following the steps for Create a new certificate.
Have you tried navigating to the account by searching for it in the global search bar on azure portal and try navigating to cert renewal blade and see same behavior?
I believe the blocker here could be something to do with the announcement of Azure Automation Run As Account and replacing them with Managed Identities. For details, you can refer to https://learn.microsoft.com/en-us/azure/automation/manage-run-as-account
https://learn.microsoft.com/en-us/azure/automation/automation-managed-identity-faq#my-run-as-account-will-expire-soon-how-can-i-renew-it