Attention Azure Log Analytics Users
Starting from 30 June 2023, older versions of Microsoft Monitoring Agents (MMAs) will no longer communicate with Azure Log Analytics. This is due to a shift from the Baltimore CyberTrust CA Root to the DigiCert Global G2 CA Root. This also includes Azure Automation Hybrid Workers based on the Microsoft Monitoring Agent.
What You Need to Know
- MMAs prior to the Winter 2020 release and those before SCOM 2019 UR3 will be affected.
- Any agent older than the mentioned versions will cease to work and upload to Log Analytics.
- The change impacts TLS communications if the new DigiCert Global G2 CA Root certificate is missing or if the application references the old Baltimore Root CA.
Immediate Action Required
- Check your MMA versions.
- If you’re using an outdated version, update immediately to ensure uninterrupted service.
- Be aware that various Azure products leverage the MMA. Even if you haven’t personally installed the MMA, your services might still be affected.
Stay Updated, Stay Secure. Ensure all your agents are up-to-date to continue benefiting from Azure Log Analytics.
Error Message
You should see the following error message in the logs:
Event ID 4004 Error Message
Log Name: Operations Manager
Event ID: 4004
Message: HTTP operation failed with error “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.” (0x800B0109). The query will be retried later. The article KB3126513 has additional troubleshooting information for connectivity issues.
Read more from this article – Troubleshoot issues with the Log Analytics agent for Windows – Azure Monitor | Microsoft Learn
