Microsoft Azure - FAQ

Microsoft Azure - FAQ

1. What happens to the Azure monitor in Applications Manager when you delete any of the supported services from the Azure portal?

  1. When a resource is deleted in Azure portal, the monitor status depends on the 'Action on Deleted Resources' option.
    1. Continue Alerting: The monitor will continue generating alerts indicating that the resource has been deleted.
    2. Stop Alerting: The monitor will stop generating alerts about the deleted resource.
    3. Unmanage Resource:  The monitor will transition to an unmanaged state.
    4. Delete Resource: The monitor will be removed entirely from Applications Manager.
  2. Furthermore, an entry will be added in Audit logs upon deletion of Azure monitors in Applications Manager. You can check this under Settings  Tools  Audit logs  choose Actions as 'Azure monitor deletion'.

2. What are the various methods of adding an Azure monitor in Applications Manager?

  1. AD Application & Service Principal:
    1. You have to create an AD App & Service Principal and assign a role for the same in the Azure portal. This will enable you to obtain the Client ID and AppKey information which you can then use to add a monitor in Applications Manager. Refer to the prerequisites to know more. 
  2. Azure Organizational Account (Powershell):
    1. Create the AD App & Service principal, assign roles for each, and generate ClientID and AppKey by executing the PowerShell script using the Org account credentials. Refer to the prerequisites to know more.
  3. OAuth:
    1. Create an AD App & Service Principal, assign a role to the same, and perform App registration in the Azure portal.
    2. Configure the OAuth Provider in Applications Manager (Admin → OAuth Provider).
    3. Choose the created OAuth Provider in the newly created monitor page to add the Azure monitor. Refer to the prerequisites to know more.

3. What are the APIs used for data collection?

Service API
Subscription Subscriptions - Get
Access Token Access token - Get
Virtual Machines Virtual Machines - List
Virtual Machines - Get
VM - Diagnostic agent Storage Accounts - List
Storage Accounts - List Keys
Storage Accounts Storage Accounts - List
Storage Accounts - Get
SQL Databases Servers - List
Databases - List By Server
Databases - Get
Service Bus Namespaces - List By Subscription
Storage Accounts - Get
Topics - List By Namespace
Queues - List By Namespace
Topics - Get
Queues - Get
Kubernetes Service (AKS) Managed Clusters - List
Managed Clusters - Get
SQL Managed Instance (SQL MI) Managed Instances - List
Managed Instances - Get
Load Balancer Load Balancers - List All
Load Balancers - Get
Azure Monitor Metrics Metrics - List
Billing Billing Periods - Get
Query - Usage
Data Collection Resources - Get
Discovery Resources - List
NotesNote: Refer to the GET request of each service to identify the API used for Azure data collection in Applications Manager.

4. What are the different types of errors that can occur in Applications Manager and how can I fix them?

  1. "Authentication failed. Access is denied." (Occurs while adding a new monitor)
  2. "Authentication failed. Reason: Host Unavailable." (Occurs while adding a new monitor and during data collection)
  3. "Az Powershell module is not installed." (Occurs while adding a new monitor)
  4. "Azure service discovery failed. Invalid application key" (Occurs when adding a monitor using method 1)
  5. "Azure service discovery failed. Invalid application key"  (Occurs when adding a monitor using mode 2)
Notes
Note: Troubleshooting for other Azure services (SQL, VMs, and Storage Account) monitoring is available in the K-base separately.

5. What are the different hosts and ports that will be accessed while monitoring Azure in Applications Manager?

Ensure the connectivity between Applications Manager and Azure for the below mentioned Hosts & Ports. Also, check your network firewall access and proxy configuration in Applications Manager.
  1. Hosts (Azure Global):
    1. login.microsoftonline.com - Used for Authentication in all the services
    2. management.azure.com - Used for Data Collection in all the services
    3. <storage-account>.table.core.windows.net - Used to fetch Diagnostic Extension metrics from the Azure Virtual Machine
    4. Azure SQL DB Server Name - Used to establish a JDBC connection to fetch query metrics (For example, the JDBC Url would be: jdbc:sqlserver://<DBserver>.database.windows.net:1433)
  2. Hosts (Azure Gov Cloud):
    1. login.microsoftonline.us - Used for Authentication in all the services
    2. management.usgovcloudapi.net - Used for Data Collection in all the services
    3. <storage-account>.table.core.usgovcloudapi.net - Used to fetch Diagnostic Extension metrics from the Azure Virtual Machine
    4. Azure SQL DB Server Name - Used to establish a JDBC connection to fetch query metrics (For example, the JDBC Url would be: jdbc:sqlserver://<DBserver>.database.usgovcloudapi.net:1433)
  3. Hosts (Azure China):
    1. login.partner.microsoftonline.cn - Used for Authentication in all the services
    2. management.chinacloudapi.cn - Used for Data Collection in all the services
    3. <storage-account>.table.core.chinacloudapi.cn - Used to fetch Diagnostic Extension metrics from the Azure Virtual Machine
    4. Azure SQL DB Server Name - Used to establish a JDBC connection to fetch query metrics (For example, the JDBC Url would be: jdbc:sqlserver://<DBserver>.database.chinacloudapi.cn:1433)
  4. Azure Kubernetes FQDN from the Azure portal - Used to connect to the Kubernetes cluster using kubectl commands
  5. Ports:
    1. HTTPS: 443
    2. SQL DB (JDBC): 1433
    3. VM Guest OS metrics via PowerShell: 5985, 5986

6. How to troubleshoot the errors?

Invalid Application Key error

  1. When the Client Secret expires for a given Entra application Client ID, this error message is displayed in Azure Monitor.
  2. Follow the below steps to create a new Client Secret for the Azure monitor.
    1. Open Azure portal and navigate to Microsoft Entra ID
    2. Under the Manage section, go to App Registrations and select the 'All applications' tab.
    3. Click the respective application,
      1. If the Discovery mode of Azure monitor is AD Application & Service Principal mode, click the application created by the user (OR)
      2. If the Discovery Mode of Azure monitor is Azure Organizational Account mode, click the application starting as "ApplicationsManager-<YourSubscriptionID>".
    4. Under the Manage section, go to Certificates & secrets and click the Client Secrets tab.
    5. Delete the expired Client Secret.
    6. Click New client secret, enter a description and set Expires to 730 days (24 months).
    7. Click Add to create a new Client Secret and copy the Value field.
    8. Update the Client Secret Value (Application Key) in Applications Manager Azure monitor with the copied value.


                  New to ADSelfService Plus?

                    • Related Articles

                    • Microsoft Azure VM - Enabling Diagnostics extension for Windows & Linux VMs

                      Diagnostic Extension is now considered a legacy approach and it is limited to some server distributions. It is recommended to switch to Azure Monitor Agent (AMA). From Applications Manager v171400, Azure monitor agent is supported. Refer here to know ...
                    • Azure Virtual Machine - FAQ

                      1. How is data collection happening for Azure Virtual Machine monitors? Microsoft Azure monitor discovery modes in AppManager: AD Application mode Organizational Account mode OAuth mode Azure VM monitor - Data collection methods: Azure Monitor Azure ...
                    • Azure SQL Database - FAQ

                      1. Why have we removed the Diagnostic Settings dependency in Azure SQL Database monitor? Till APM v15240: Azure SQL Database was using Diagnostic Settings to perform data collection. Prerequisites had to be fulfilled to turn on Diagnostic Settings ...
                    • Azure Storage Account - FAQ

                      1. Why have we removed the Diagnostic Settings dependency in Azure Storage Account monitor? Till APM v15300: Azure Storage Account monitor was using Diagnostic Settings to perform data collection. Azure Storage Account monitor was dependent on ...
                    • How to install .NET agent on Azure app services?

                      You can track the performance of your .NET and .NET Core web app's key metrics like response time, throughput, and Apdex score via the APM Insight .NET agent hosted in Azure App Services. Installing APM Insight extension via Azure portal 1. Log in to ...