I'm trying to set up the Azure Arc Windows Admin Center for a physical host, but I keep running into problems with the extension failing during the provisioning process. The error I get is: "RetrieveCertificate: Failed to retrieve certificate from key vault using app service." It appears this error is connected to a Microsoft-managed Key Vault and certificate that we don't seem to have in our subscription. We've managed to connect a couple of servers using Azure Arc successfully with the WAC extension, but now it seems we can't onboard any new servers without them failing with the same error. After reviewing local logs, the installation completes successfully, but the certificate retrieval step gives a 401 Unauthorized error, leading to a provisioning failure. I've seen a few reports that describe similar issues and was hoping someone might have encountered this recently and found a workaround.
2 Answers
I've hit this error multiple times over the past few months, not just with new installs. I manage around 600 Arc-joined servers and just a few days ago, most of them experienced the same problem. We've contacted Microsoft support several times when issues arise, and they confirm that it's on their end, but they usually tell us to wait for a fix. We've tried everything from downgrading versions to complete reinstalls, but it looks like this is more about their services being down rather than anything wrong with our setup.
Have you checked your network setup? Sometimes firewalls can block the necessary connectivity. It might be worth taking a look at your firewall logs to see if anything is being filtered that could be causing this issue.
Thanks for the reply! The server is behind a corporate firewall that allows outbound HTTPS connectivity. The Azure Arc connection appears fine for now, but I'll definitely check with our networking team to see if there's anything we're missing.
Thank you for sharing your experience! It’s good to know that it’s not just us dealing with this. We recently started using Azure Arc and the WAC extension, and while it has worked well on a couple of hosts, this issue really puts a damper on our rollout plans. I'll keep an eye on this and share any updates I find as well.