We had a server connected to Log Analytics workspace through the MMA agent and it had suffered a few hard power-downs. The machine went into fixing files on the disk and such in a checkdsk action. Maybe something got broken at that time. But we saw that it was no longer talking to Log Analytics and the Update Management solution in the Automation solution. Time to investigate.
Some of the errors we saw were:
HTTP operation failed with error “12044L”(12044L). The query will be retried later.
Loading the private key for the client authentication certificate for service “Log Analytics – xxxxxxxxxxxxxxxxxxxxxxxxxxx” failed with error “Keyset does not exist” (0x80090016). Connections to the service may be made without authentication. This can cause failures if the service requires the agent to be authenticated. The agent will continue to periodically retry loading the authentication configuration.
We also had a few messages with temporary DNS resolving issues, but that seemed only during a limited time.
So this 3009 event actually does tell us a bit more. It is saying it has a problem with a certificate used to talk to the Log Analytics workspace from the local agent and there is a thumbprint.
SO we can find the certificate with certlm.msc and see what we find.
Go to the Microsoft Monitoring Agent certificates and see if you can find the faulty certificate there with that thumbprint in the error message.
Sure enough I found a few certificates there. One was outdated and the other one had a valid date and had the thumbprint I was looking for. But something was not right with it.
SO I stopped the Microsoft Monitoring Agent service and removed the two certificates that didn’t work. Started the Microsoft Monitoring Agent again and it auto created a new certificate and started using it.