Update Agent readiness stuck on Not configured Using a proxy


If you are like me, for a moment I was tearing my hair out on this one. I followed all the white papers and instructions but no matter what, I could not get some systems to show “ready” under the Update Agent Readiness column within an Automation Account in Azure.

No matter what I would do, these systems would not create a Hybrid Worker Group. The registry was clear, I could even manually make one which would register but never run. I also confirmed that the Hybrid Worker Groups were not registered in other workspaces – all clear.

The frustrating part was that the base MMA agent settings were working because you can see the Compliance column was showing fine and the system itself registers with the workspace – but that Update Agent Readiness setting? Never changes from Not Configured.

I was starting to wonder if it was something to do with the systems being outside of Azure – but this could not be the case, as I had other systems reporting in no problem.

Short answer: The Proxy Settings were not set in all the required places

In my case to cut a long story short; it was due to proxy settings – but not where you might think. It was in a config file in the Agent folder on the server – I had already set the WINHTTP Proxy – I could even browse to the workspace URL via browser (shows an error, but it still connected).

How do you make the Update Readiness routine show Ready in Automation Account via Proxy?

As it turns out, if you need that Update Agent to use a proxy, you actually need to modify a lesser known config file under the MMA Agent’s Agent folder. This does not appear to be properly documented as at April 26 of 2021.

I ran a poor man’s traffic watch (read: netstat -ano 1 | find “<IP Address>”) and found that a file called MonitoringHost.exe was trying to directly connect to my workspace – totally ignoring all proxy settings configured on my system.

I took a look at that file and noticed the SCOM branding and wondered if this was governed by some other process outside of WINHTTP.

It would seem that the update agent hybrid worker group setup relies on routines that have come straight out of the SCOM binaries dating back to at least 2016.

To make the updateagent routines work properly, in addition to setting the WINHTTP proxy via NETSH, you must also modify a file so that proxy settings take affect. This file is MonitoringHost.exe.Config. By default, this file will be located under C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.EXE.Config

Simply add in the following proxy values under the Configuration setting:

<defaultProxy enabled="true" useDefaultCredentials="true">
<proxy proxyaddress="http://yourproxy.com:8080" bypassonlocal="true" />

Once set, restart the MMA and ensure that any other health services are restarted in order to encourage the Update routine to kick off again. I found mine came green and ready after about 5 minutes. I could see evidence of the Hybrid Worker in the registry and at the back end in Azure.


Please enter your comment!
Please enter your name here