Bulk update OMS Workspace Key with PowerShell by Bas Wijdenes

Azure Log Analytics and “The agent could not authenticate with the Microsoft Operations Management Suite service. Please check that the Workspace Key is correct.”

We have a new developer environment at work as a showcase for new customers. A colleague was given the task to use Azure Automation for Update management, because we also use SCOM for monitoring, it did not quite work out and I referred him to my blog post for more than one agent.

He indicated that it still did not work, so I took a look myself. The servers themselves were linked to Azure OMS workspace. So, I only needed to create the Azure Automation environment and link it to the correct Log Analytics. Then you can ‘Enable’ the servers for Update Management, and these were also ‘Ready to Enable’.

After waiting for an hour, the servers were unfortunately still not within Azure Automation Update Management. If you tried to add them again, the status was ‘Already enabled’.

After a short search I found out that not one of the servers had the correct OMS Workspace Key anymore. PowerShell showed the below message.

“The agent could not authenticate with the Microsoft Operations Management Suite service. Please check that the Workspace Key is correct.”

It is likely that someone had pressed ‘Regenerate Key’ by mistake, and then you must manually provide the servers with the new Workspace Key.

Well, obviously, I modified the Workspace Key on the management server and it came in Azure Automation Update Management within 15 minutes.

This only needed to be implemented on all servers. In this tutorial I explain how you can update the Workspace Key of LogAnalytics in bulk with PowerShell.


Update the OMS Workspace Key with PowerShell.

How do you know that none of the servers could authenticate with OMS?

This is easier for me, we currently have no machines other than servers in the new developer environment. To retrieve all servers I used a PowerShell command that first filtered Active Directory on all servers.

Open PowerShell_ISE in an elevated prompt. Otherwise you cannot change the OMS Workspace Key.

$servers = Get-ADComputer -Filter {operatingsystem -like "*server*"}

Now $servers contains all the servers in your Active Directory. Adjust this filter so that you have the correct servers, or import a CSV file.

I usually do $servers.count to check if the amount is correct.

To check whether the servers also give the error message “The agent could not authenticate with the Microsoft Operations Management Suite service. Please check that the Workspace Key is correct.” you can run this in bulk.

$scriptblock =  
    {   
        $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
        $AgentCfg.GetCloudWorkspaces()
    }
    foreach ($server in $servers)
{
    write-output $server.dnshostname
    invoke-command -ComputerName $server.dnshostname -ScriptBlock    $scriptblock
    
}

Now you see which Azure Log Analytics the server is talking to, and whether it does not give an error message.
Here you can apply a new filter. I did not do that because all servers have the error message.


Bulk updating the Log Analytics WorkSpace Key with PowerShell.

I have already filled $servers, so unless you apply a new filter you can use $servers again.
With the bulk script below you update all servers in $servers. Do not forget to customize the WorkspaceID and WorkspaceKey.

You can also download the script from Technet Script Center.
Click here for the downloadable link.

$scriptblock =  
    {  
        $WorkspaceID = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
        $WorkspaceKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
        $AgentCfg = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
        $AgentCfg.GetCloudWorkspaces()
        $AgentCfg.AddCloudWorkspace($WorkspaceID,$WorkspaceKey)
        restart-service HealthService
    }

foreach ($server in $servers)
{
    write-output $server.dnshostname
    invoke-command -ComputerName $server.dnshostname -ScriptBlock $scriptblock
}

I did not find these commands myself. A short search showed a Technet from Kevin Holman.


Recap

Do you need more help, or are you unable to filter? Leave a comment. Are there still things that are missing, or are not clear? Leave a comment aswell.

You may have found this post because you cannot install the agents, then please check out this blog post.


A little extra

This post contains PowerShell. Would you like to learn the basics better? I have created a new website to learn basic PowerShell in an ’emulator’ environment.
Click here to go learn Basic PowerShell.

Published by

Bas

My name is Bas Wijdenes and I work full-time as a Services Engineer. In my spare time I write about the error messages that I encounter during my work. Furthermore, I am currently occupied with Office 365, Azure infra, and PowerShell for automating daily tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *