Azure Automation Account using a private endpoint experiencing issues communicating with Hybrid Workers - Stack Overflow

I have an Azure Automation account that uses Hybrid Workers to run PowerShell runbooks. Everything was working perfectly fine until I added a private endpoint to my Automation Account. Since then, my runbooks will just hang and never complete. I think my issue may be that I need a Azure Arc Private Link Scope. I configured the Azure Arc Private Link Scope and added my Azure Arc resource (Hybrid Worker) to it, however I am getting the same result.

At this current point I have two private endpoints

1. pe-pls-arc-dev (private link scope)
2. pe-aa-dev (automation account)

Any advice as to how to get my Automation Account using a private endpoint to be able to communicate with my Hybrid Workers would be greatly appreciated.

I have an Azure Automation account that uses Hybrid Workers to run PowerShell runbooks. Everything was working perfectly fine until I added a private endpoint to my Automation Account. Since then, my runbooks will just hang and never complete. I think my issue may be that I need a Azure Arc Private Link Scope. I configured the Azure Arc Private Link Scope and added my Azure Arc resource (Hybrid Worker) to it, however I am getting the same result.

At this current point I have two private endpoints

1. pe-pls-arc-dev (private link scope)
2. pe-aa-dev (automation account)

Any advice as to how to get my Automation Account using a private endpoint to be able to communicate with my Hybrid Workers would be greatly appreciated.

https://learn.microsoft.com/en-us/azure/automation/how-to/private-link-security

• azure
• azure-automation

Share Improve this question Follow edited Jan 6 at 5:01 Jahnavi 8,24111 gold badge66 silver badges1313 bronze badges asked Jan 2 at 20:39 Pittsburgh_PowerPittsburgh_Power 111 bronze badge 3

• Are you trying to execute any specific code? @Pittsburgh_Power – Jahnavi Commented Jan 3 at 9:21
• I have a number of runbooks, but to rule out bad code, I have boiled my runbook down to a hello world. This same runbook does work on other automation accounts that are not using a private endpoint. – Pittsburgh_Power Commented Jan 3 at 13:19
• Checking on the same. Will update you. @Pittsburgh_Power – Jahnavi Commented Jan 6 at 5:04

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

There might be few issues arises when added private network link endpoint to an automation account.

When experiencing any issues related to this kind of automation account scenarios, firstly you can check the private endpoint and the Hybrid Worker group configurations, and also the firewall, gateways and the DNS server configurations.

Also, you can verify the virtual network link on the automation account private DNS zone configuration and check if it has attached to the same virtual network exactly for fixing the issue.

And then, you can resolve the conflict by using an Azure Private DNS zone for privatelink.azure-automation.net and add in your automation service private IP as detailed in the SO by @Sam Cogan.

Furtherly, by referring to this blog, you need to also check few more points which helps to resolve the conflict as given below.

You can check the hybrid workers limit and add more Hybrid Workers to the Hybrid Worker group if needed.

Azure Automation Agent-based User Hybrid Runbook Worker for both Windows and Linux are retired recently and would not be supported furtherly. You need to complete migration of existing Agent-based User Hybrid Workers to Extension-based Hybrid Workers to work with them.

I would rather suggest use an Azure run time environment when executing a runbook to make it work as expected.

I have tried executing a sample hello world PowerShell script as you did, it worked in my environment successfully with Azure runtime.