Make sure to follow this article first:
If you cannot access 168.63.129.16 on ports 80 and 32526
It turns out the agent can ONLY contact Microsoft's servers via the primary static IP. I had ended up with two private IP addresses and the one that Azure thought was primary wasn't the one set to primary on the NIC.
Reason for the switch is I had two VMS that I had to redeploy to a new size. That involved taking snapshots and recreating a whole new VM and then moving over IP addresses. And they ended up backwards because I never knew about this potential issue.
Solution: flip primary and secondary
The solution was just flipping these. You might think would be as simple as clicking 'Make Primary', but that gave some weird error so I had to manually flip them. Try clicking 'Make Primary' first and see if you get an error!
- Do NOT attempt this with high traffic, it may take a few minutes
- Take a screenshot or photo of the initial IP configuration
- Change the secondary IP to something unused 10.0.0.110
- Wait until the operation is complete
- Change the primary IP to the initial secondary value.
- Wait until the operation is complete
- Change the secondary IP back to the initial primary value
- Make any DNS or other changes needed if you need the public IP to map to the private one. (Another reason not to do this at peak hours).
If you don't wait until the operation is complete you'll get an error saying something about 'cleaning up the IP'.
I then had to reboot my VM and it took longer than I'd expect for it to come up again.
This took about 12 minutes for me to flip and wait for IP cleanup.
But the agent now works.