Corpnet joined Windows VM: cannot access anymore with warning agent status is not ready

Matteo Interlandi 25 Reputation points β€’ Microsoft Employee

I have been using this VM for 2+ years with no issues. Yesterday all of a sudden my password was not accepted anymore. Then I couldn't connect anymore to the VM and now I am seeing "agent status is not ready".

I tried to restart, reapply and redeploy but nothing worked.

  1. Himanshu Shekhar 6,710 Reputation points β€’ Microsoft External Staff β€’ Moderator

    The "Agent Not Ready" status indicates that the in-guest Azure VM Guest Agent has lost communication with the Azure platform. Since operations like Reset Password, Reapply, and Redeploy rely on a healthy guest agent to push configuration into the VM, they will not take effect until agent connectivity is restored. This explains why the actions you tried did not yield results.

    Next Steps – Requesting Your Confirmation

    To proceed efficiently, kindly help me with the following:

    1. Recent changes (last 24–48 hours):
    • Any Windows Updates / patching applied?
    • Any changes to NSG, UDR, DNS, Firewall, or routing?

    Is the VM Domain-joined / Entra-joined? If yes, was there any password policy or AD-related change?

    Any disk encryption (ADE/BitLocker) activity?

    1. Diagnostic access – please enable (if not already):

    Boot Diagnostics (Screenshot + Serial Log)

    Serial Console access - This will allow us to inspect the guest OS state directly and confirm whether the OS is fully booted and whether the WindowsAzureGuestAgent / RdAgent services are running.

    Based on the diagnostics, we will proceed with the most suitable option:

    • Option A – In-guest fix via Serial Console: Restart the Guest Agent services and validate connectivity to the Azure WireServer (168.63.129.16).
    • Option B – Offline OS Disk Repair: Using the Azure VM Repair Extension, this will attach the OS disk to a rescue VM and run Microsoft-supported recovery scripts to: Repair the Guest Agent , Reset the local admin password and Fix any boot/profile-level corruption
    • Option C – OS Disk Swap (validation): If required, we can snapshot the OS disk and attach it to a test VM to isolate whether the issue is at the guest OS layer or the platform layer.

    Note: As a precaution, I would recommend taking a snapshot of the OS disk before we begin any repair activity, to ensure data safety.

  2. Matteo Interlandi 25 Reputation points β€’ Microsoft Employee

    Ok I got locked out because I typed the psw too many times. The serial console doesn't work, how can I get to the enter the key?

  3. Suresh Gogune 0 Reputation points

    Root Causes of the issue could be

    Cause Impact
    Guest Agent Service Stopped VM can't communicate with cloud provider
    -------- --------
    Agent Crashed/Corrupted Password reset operations fail
    Network Connectivity Issues Agent can't reach cloud endpoints
    Firewall/Proxy Blocking Agent blocked from cloud services
    Password Reset Already Failed Agent down when reset was attempted

    Step 1: Check Guest Agent Service Status

    Powershell

    ===========

    Get-Service WindowsAzureGuestAgent | Select-Object Status, DisplayName

    Step 2: Start the Agent Service if Stopped

    Start-Service WindowsAzureGuestAgent

    Step 3: Check agent log for errors

    Get-Content "C:\WindowsAzure\Logs\WaAppAgent.log" -Tail 50

    Look for:

    Connection timeouts

    SSL/TLS errors

    Network unreachable

    Authentication failures

    1. Verify network connectivity.

    Test-NetConnection -ComputerName "blob.core.windows.net" -Port 443

    1. Restart VM

    Sometimes a VM restart resolves transient agent issues: ------------->>

    Restart-Computer -Force

  4. Himanshu Shekhar 6,710 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Since the VM is now locked out due to multiple failed password attempts and the VM Agent is in a β€œNot Ready” state, reset actions from the portal won’t work because they rely on a healthy agent to push changes inside the VM. - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/windows-azure-guest-agent

    If Serial Console is also not accessible, it usually indicates either boot diagnostics/serial access prerequisites are not met or access is blocked (for example, due to storage firewall restrictions or permissions). - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/serial-console-windows

    Recommended next steps

    1. Try Serial Console access again (from Azure Portal only)
    2. Ensure boot diagnostics is enabled
    3. Confirm you have Contributor (or higher) access
    4. Check if boot diagnostics storage has firewall restrictions

    If Serial Console is still not working (most reliable path now):

    Proceed with VM Repair (offline method) - This will attach the OS disk to a recovery VM

    From there we can:

    • Reset the local admin password
    • Repair Guest Agent
    • Fix any OS-level issue blocking access

    Note - Optional validation is to Take a snapshot of the OS disk before repair (recommended for safety)

  5. Himanshu Shekhar 6,710 Reputation points β€’ Microsoft External Staff β€’ Moderator

    Just checking if provided response was helpful! please let me know if you have any queries.

Sign in to comment
Sign in to answer

Your answer