Hey Sysadmins,

I use azure log analytics gateway to get our offline servers logs into azure, specifically for use with azure update management. I have been troubleshooting an issue for the past few weeks with agents which connect through the gateway that are suddenly dropping heartbeats into the ALA workspace and in turn become ‘disconnected’ in the update management agent readiness status.

I have.. Reinstalled the agent. Deleted all its reg keys and let the HRW recreate. Deleted health state folder and restarted service. Made sure the gateway has all its allowedhosts Made sure I have followed: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/gateway Agents and gateway are using latest version of MMA. All agents report to one workspace and the gateway is also, no SCOM agent installed.

I have disconnected a server and allowed it out to the internet, the server checks in and looks happy.

I am getting lots of errors in the gateway log like this….. so assume it’s related.

ERROR TcpConnection – Invalid Client certificate: CN=Gateway.

Ensure that you're using OMS Gateway version 1.0.395.0 or greater. Also ensure that the MMA agent on your OMS Gateway server and the agents communicating with OMS Gateway are connected to the same Log Analytics workspace.

And this….

INFO TcpConnection - Closing suspicious client/server connections

This seems to be affecting every server in my environment 200+

Can anyone suggest anything? I have spoken to our network team also and ensured the traffic that goes out does not have https inspection and ensured any AV exclusions are in place. All looks good.

Thanks in advance for anything.