Create or Update Virtual Machine Extension Failed

Question

Create or Update Virtual Machine Extension Failed

Pranab Nath 0

Can you please help on this issue "Create or Update Virtual Machine Extension"?

Resource/subscriptions/d9bfd93a-a9f4-453c-8b6f-b3c85bcdc54c/resourcegroups/FPS_SERVER/providers/Microsoft.Compute/virtualMachines/FpsSteveServer/extensions/MDE.Linux
Operation nameCreate or Update Virtual Machine Extension
Time stampWed Apr 23 2025 04:27:56 GMT+0100 (British Summer Time)
Event initiated by Windows Azure Security Resource Provider
Error codeResourceOperationFailure
MessageThe resource operation completed with terminal provisioning state 'Failed'.

Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-04-23T10:40:29.37+00:00

Hi Pranab Nath,

Based on the error description, you were unable to create/update extension for your Linux VM.

Try to check the VM agent status, as the VM Agent is required to manage, install and execute extensions. If the VM Agent isn't running or is failing to report a Ready status to the Azure platform, then the extensions won't work correctly. https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/troubleshoot

SSH to the VM and verify VM agent health

systemctl status waagent

Use appropriate package manager (apt-get for Ubuntu/Debian, yum for RHEL/CentOS) to update or install the waagent package. After installation or update, restart the service.

sudo systemctl restart waagent.

Check the packages and Install these prerequisites before deploying the extension. https://learn.microsoft.com/en-us/defender-endpoint/linux-support-install

If the information is helpful, please click on "Upvote"

If you have any queries, please do let us know, we will help you.
Pranab Nath 0 Reputation points

2025-04-24T15:00:44.41+00:00

Getting error on trying to install

sudo apt-get update && sudo apt-get install walinuxagent

Write error - write (28: No space left on device)

Ign:10 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

Ign:10 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

Err:10 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

Write error - write (28: No space left on device)

Fetched 256 kB in 9s (29.2 kB/s)

Reading package lists... Done

E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-updates/restricted/binary-amd64/Packages Write error - write (28: No space left on device)

E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-security/main/binary-amd64/Packages Write error - write (28: No space left on device)

E: Some index files failed to download. They have been ignored, or old ones used instead.
Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-04-24T16:22:32.1333333+00:00

Hi Pranab Nath,

Could be please check disk space, df -h and try to delete large unnecessary files.

Try to increase disk size from Azure Portal.
Mounika Reddy Anumandla 4,705 Reputation points Microsoft External Staff

2025-04-25T06:50:46.75+00:00

Hi Pranab Nath,

Trying to understand if your issue is resolved and if the above information helped you!

Let me know if you have any further queries!

If the information is helpful, please click "upvote" to let us know.
Pranab Nath 0 Reputation points

2025-04-25T11:33:48.0766667+00:00

Disk space freed and the agent installation went fine; however, the agent service is not starting:

fpsSkdSteveServer@FpsSteveServer:~$ sudo apt-get update && sudo apt-get install walinuxagent

[sudo] password for fpsSkdSteveServer:

Hit:1 http://azure.archive.ubuntu.com/ubuntu focal InRelease

Hit:2 http://azure.archive.ubuntu.com/ubuntu focal-updates InRelease

Hit:3 http://azure.archive.ubuntu.com/ubuntu focal-backports InRelease

Hit:4 http://azure.archive.ubuntu.com/ubuntu focal-security InRelease

Hit:5 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease

Reading package lists... Done

Reading package lists... Done

Building dependency tree

Reading state information... Done

walinuxagent is already the newest version (2.2.46-0ubuntu1.2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Pranab Nath 0 Reputation points

2025-04-25T11:34:20.0833333+00:00

The agent service is not starting:

fpsSkdSteveServer@FpsSteveServer:~$ sudo systemctl status waagent

Unit waagent.service could not be found.

fpsSkdSteveServer@FpsSteveServer:~$ sudo systemctl restart waagent

Failed to restart waagent.service: Unit waagent.service not found.
Pranab Nath 0 Reputation points

2025-04-25T12:02:18.4+00:00
However, when I change the name of the agent to walinuxagent it works

fpsSkdSteveServer@FpsSteveServer:~$ sudo systemctl status walinuxagent

[sudo] password for fpsSkdSteveServer:

● walinuxagent.service - Azure Linux Agent

Loaded: loaded (/lib/systemd/system/walinuxagent.service; enabled; vendor preset: enabled) Drop-In: /usr/lib/systemd/system/walinuxagent.service.d └─10-Slice.conf /run/systemd/system.control/walinuxagent.service.d └─50-CPUAccounting.conf, 50-CPUQuota.conf, 50-MemoryAccounting.conf Active: active (running) since Thu 2025-04-24 11:41:47 UTC; 24h ago

Main PID: 106204 (python3)

Tasks: 7 (limit: 9516) Memory: 275.0M CPU: 2min 41.619s CGroup: /azure.slice/walinuxagent.service ├─106204 /usr/bin/python3 -u /usr/sbin/waagent -daemon └─106211 python3 -u bin/WALinuxAgent-2.13.1.1-py3.9.egg -run-exthandlers

Apr 25 10:43:04 FpsSteveServer python3[106211]: 2025-04-25T10:43:04.640018Z INFO ExtHandler ExtHandler Downloading agent manifest

Apr 25 10:46:53 FpsSteveServer python3[106211]: 2025-04-25T10:46:53.703274Z INFO ExtHandler ExtHandler [HEARTBEAT] Agent WALinuxAgent-2.13.1.1 is running as the goal s>

Apr 25 11:09:28 FpsSteveServer python3[106211]: 2025-04-25T11:09:28.573640Z INFO CollectLogsHandler ExtHandler Starting log collection...

Apr 25 11:10:27 FpsSteveServer python3[106211]: 2025-04-25T11:10:27.778061Z INFO CollectLogsHandler ExtHandler Successfully collected logs. Archive size: 19798040 b, e>

Apr 25 11:10:31 FpsSteveServer python3[106211]: 2025-04-25T11:10:31.913143Z INFO CollectLogsHandler ExtHandler Successfully uploaded logs.

Apr 25 11:11:58 FpsSteveServer python3[106211]: 2025-04-25T11:11:58.385261Z INFO TelemetryEventsCollector ExtHandler Collected 55 events for extension: Microsoft.CPlat>

Apr 25 11:16:58 FpsSteveServer python3[106211]: 2025-04-25T11:16:58.919601Z INFO ExtHandler ExtHandler [HEARTBEAT] Agent WALinuxAgent-2.13.1.1 is running as the goal s>

Apr 25 11:41:52 FpsSteveServer python3[106211]: 2025-04-25T11:41:52.843740Z WARNING ExtHandler ExtHandler [PERIODIC] For Extension Handler Microsoft.Azure.Security.Azu>

Apr 25 11:43:05 FpsSteveServer python3[106211]: 2025-04-25T11:43:05.181906Z INFO ExtHandler ExtHandler Downloading agent manifest

Apr 25 11:47:00 FpsSteveServer python3[106211]: 2025-04-25T11:47:00.305856Z INFO ExtHandler ExtHandler [HEARTBEAT] Agent WALinuxAgent-2.13.1.1 is running as the goal s>

lines 1-25/25 (END)

Pranab Nath 0

And the VM activity log still shows Failed:

UpgradeVMExtensions	Failed	9 minutes ago	Fri Apr 25 2025 12:54:03 GMT+0100 (British Summer Time)
UpgradeVMExtensions	Failed	9 minutes ago	Fri Apr 25 2025 12:54:03 GMT+0100 (British Summer Time)

Pranab Nath 0 Reputation points

2025-04-28T11:06:16.1733333+00:00

Hi

There is no error details provided in the VM activity log that can help in debugging and solving the issue

Resource /SUBSCRIPTIONS/D9BFD93A-A9F4-453C-8B6F-B3C85BCDC54C/RESOURCEGROUPS/FPS_SERVER/PROVIDERS/MICROSOFT.COMPUTE/VIRTUALMACHINES/FPSSTEVESERVER

Operation name UpgradeVMExtensions

Time stamp Mon Apr 28 2025 06:23:42 GMT+0100 (British Summer Time)

Event initiated by -

Error code ResourceOperationSubmissionFailed

Message The resource operation 'SubmissionFailed'.
Pranab Nath 0 Reputation points

2025-04-28T11:09:45.68+00:00

In addition MDE.linux extension is not support on the VM

Name: MDE.Linux

Type: Microsoft.Azure.AzureDefenderForServers.MDE.Linux

Version: 1.0.5.2

Latest Version: 1.0.5.2

Status: Provisioning failed

Automatic version upgrade: Not supported
Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-04-28T11:56:14.99+00:00

Hi Pranab Nath,

Please check with the subscription plan you are using. https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-endpoint

https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint-linux

You can leverage Defender for Cloud to deploy the MDE.Linux extensionhttps://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-defender-for-endpoint

You can try to use installer script based deployment to deploy Microsoft Defender for Endpoint on Linux. https://learn.microsoft.com/en-us/defender-endpoint/linux-installer-script
Pranab Nath 0 Reputation points

2025-05-07T09:00:41.8433333+00:00
HI

During manual installation one of the steps is failing as below:

fpsSkdSteveServer@FpsSteveServer:~/MDE$ sudo python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Generating /etc/opt/microsoft/mdatp/mdatp_onboard.json ...

fpsSkdSteveServer@FpsSteveServer:~/MDE$ mdatp health --field org_id

Could not connect to the daemon

***Error connecting to server socket***
Pranab Nath 0 Reputation points

2025-05-07T09:14:53.0733333+00:00
Do we need to implement this section?

Defender for Endpoint package external package dependencies

The following external package dependencies exist for the mdatp package:

The mdatp RPM package requires glibc >= 2.17, policycoreutils, selinux-policy-targeted, mde-netfilter

For DEBIAN the mdatp package requires libc6 >= 2.23, uuid-runtime, mde-netfilter

For Mariner the mdatp package requires attr, diffutils, libacl, libattr, libselinux-utils, selinux-policy, policycoreutils, mde-netfilter

Note

Beginning with version 101.24082.0004, Defender for Endpoint on Linux no longer supports the Auditd event provider. We're transitioning completely to the more efficient eBPF technology. If eBPF isn't supported on your machines, or if there are specific requirements to remain on Auditd, and your machines are using Defender for Endpoint on Linux version 101.24072.0001 or lower, the following other dependencies on the auditd package exist for mdatp:

The mdatp RPM package requires audit, semanage.

For DEBIAN, the mdatp package requires auditd.

For Mariner, the mdatp package requires audit.

The mde-netfilter package also has the following package dependencies:

For DEBIAN, the mde-netfilter package requires libnetfilter-queue1, libglib2.0-0

For RPM, the mde-netfilter package requires libmnl, libnfnetlink, libnetfilter_queue, glib2

For Mariner, the mde-netfilter package requires libnfnetlink, libnetfilter_queue

If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies. Defender for Endpoint package external package dependencies

The following external package dependencies exist for the mdatp package:

The mdatp RPM package requires glibc >= 2.17, policycoreutils, selinux-policy-targeted, mde-netfilter

For DEBIAN the mdatp package requires libc6 >= 2.23, uuid-runtime, mde-netfilter

For Mariner the mdatp package requires attr, diffutils, libacl, libattr, libselinux-utils, selinux-policy, policycoreutils, mde-netfilter

Note

Beginning with version 101.24082.0004, Defender for Endpoint on Linux no longer supports the Auditd event provider. We're transitioning completely to the more efficient eBPF technology. If eBPF isn't supported on your machines, or if there are specific requirements to remain on Auditd, and your machines are using Defender for Endpoint on Linux version 101.24072.0001 or lower, the following other dependencies on the auditd package exist for mdatp:

The mdatp RPM package requires audit, semanage.

For DEBIAN, the mdatp package requires auditd.

For Mariner, the mdatp package requires audit.

The mde-netfilter package also has the following package dependencies:

For DEBIAN, the mde-netfilter package requires libnetfilter-queue1, libglib2.0-0

For RPM, the mde-netfilter package requires libmnl, libnfnetlink, libnetfilter_queue, glib2

For Mariner, the mde-netfilter package requires libnfnetlink, libnetfilter_queue

If the Microsoft Defender for Endpoint installation fails due to missing dependencies errors, you can manually download the prerequisite dependencies.
Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-05-07T10:12:35.82+00:00
Hi Pranab Nath,

First try to install Defender for Endpoint for Linux (mdatp) https://learn.microsoft.com/en-us/defender-endpoint/linux-install-manually

If any installation is failed due to dependency error, try to download the prerequisite dependencies exist for the mdatp package: https://learn.microsoft.com/en-us/defender-endpoint/linux-support-install#make-sure-you-have-the-correct-package

After completion of above steps, now onboarding Defender for Endpoint with the Python script. First, download the onboarding package from Microsoft Defender for Endpoint portal and run the python script from the server.

sudo python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Later, check the mdatp health using the command: mdatp health

If you have any queries, please do let us know, we will help you.
Pranab Nath 0 Reputation points

2025-05-07T10:37:32.37+00:00

Hi

The following commands ran successfully, yet "UpgradeVMExtensions" continues to fail:

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field real_time_protection_enabled

true

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field definitions_status

"up_to_date"

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field healthy

true

3 answers

Your answer

Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-04-23T10:40:29.37+00:00

Hi Pranab Nath,

Based on the error description, you were unable to create/update extension for your Linux VM.

Try to check the VM agent status, as the VM Agent is required to manage, install and execute extensions. If the VM Agent isn't running or is failing to report a Ready status to the Azure platform, then the extensions won't work correctly. https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/troubleshoot

SSH to the VM and verify VM agent health

systemctl status waagent

Use appropriate package manager (apt-get for Ubuntu/Debian, yum for RHEL/CentOS) to update or install the waagent package. After installation or update, restart the service.

sudo systemctl restart waagent.

Check the packages and Install these prerequisites before deploying the extension. https://learn.microsoft.com/en-us/defender-endpoint/linux-support-install

If the information is helpful, please click on "Upvote"

If you have any queries, please do let us know, we will help you.
Pranab Nath 0 Reputation points

2025-04-24T15:00:44.41+00:00

Getting error on trying to install

sudo apt-get update && sudo apt-get install walinuxagent

Write error - write (28: No space left on device)

Ign:10 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

Ign:10 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

Err:10 http://azure.archive.ubuntu.com/ubuntu focal-security/main amd64 Packages

Write error - write (28: No space left on device)

Fetched 256 kB in 9s (29.2 kB/s)

Reading package lists... Done

E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-updates/restricted/binary-amd64/Packages Write error - write (28: No space left on device)

E: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/focal-security/main/binary-amd64/Packages Write error - write (28: No space left on device)

E: Some index files failed to download. They have been ignored, or old ones used instead.
Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-04-24T16:22:32.1333333+00:00

Hi Pranab Nath,

Could be please check disk space, df -h and try to delete large unnecessary files.

Try to increase disk size from Azure Portal.
Mounika Reddy Anumandla 4,705 Reputation points Microsoft External Staff

2025-04-25T06:50:46.75+00:00

Hi Pranab Nath,

Trying to understand if your issue is resolved and if the above information helped you!

Let me know if you have any further queries!

If the information is helpful, please click "upvote" to let us know.
Pranab Nath 0 Reputation points

2025-04-25T11:33:48.0766667+00:00

Disk space freed and the agent installation went fine; however, the agent service is not starting:

fpsSkdSteveServer@FpsSteveServer:~$ sudo apt-get update && sudo apt-get install walinuxagent

[sudo] password for fpsSkdSteveServer:

Hit:1 http://azure.archive.ubuntu.com/ubuntu focal InRelease

Hit:2 http://azure.archive.ubuntu.com/ubuntu focal-updates InRelease

Hit:3 http://azure.archive.ubuntu.com/ubuntu focal-backports InRelease

Hit:4 http://azure.archive.ubuntu.com/ubuntu focal-security InRelease

Hit:5 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease

Reading package lists... Done

Reading package lists... Done

Building dependency tree

Reading state information... Done

walinuxagent is already the newest version (2.2.46-0ubuntu1.2).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Pranab Nath 0 Reputation points

2025-04-25T11:34:20.0833333+00:00

The agent service is not starting:

fpsSkdSteveServer@FpsSteveServer:~$ sudo systemctl status waagent

Unit waagent.service could not be found.

fpsSkdSteveServer@FpsSteveServer:~$ sudo systemctl restart waagent

Failed to restart waagent.service: Unit waagent.service not found.
Pranab Nath 0 Reputation points

2025-04-25T12:04:26.86+00:00

And the VM activity log still shows Failed:

UpgradeVMExtensions Failed 9 minutes ago Fri Apr 25 2025 12:54:03 GMT+0100 (British Summer Time)

UpgradeVMExtensions Failed 9 minutes ago Fri Apr 25 2025 12:54:03 GMT+0100 (British Summer Time)
Pranab Nath 0 Reputation points

2025-04-28T11:06:16.1733333+00:00

Hi

There is no error details provided in the VM activity log that can help in debugging and solving the issue

Resource /SUBSCRIPTIONS/D9BFD93A-A9F4-453C-8B6F-B3C85BCDC54C/RESOURCEGROUPS/FPS_SERVER/PROVIDERS/MICROSOFT.COMPUTE/VIRTUALMACHINES/FPSSTEVESERVER

Operation name UpgradeVMExtensions

Time stamp Mon Apr 28 2025 06:23:42 GMT+0100 (British Summer Time)

Event initiated by -

Error code ResourceOperationSubmissionFailed

Message The resource operation 'SubmissionFailed'.
Pranab Nath 0 Reputation points

2025-04-28T11:09:45.68+00:00

In addition MDE.linux extension is not support on the VM

Name: MDE.Linux

Type: Microsoft.Azure.AzureDefenderForServers.MDE.Linux

Version: 1.0.5.2

Latest Version: 1.0.5.2

Status: Provisioning failed

Automatic version upgrade: Not supported
Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-04-28T11:56:14.99+00:00

Hi Pranab Nath,

Please check with the subscription plan you are using. https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-endpoint

https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint-linux

You can leverage Defender for Cloud to deploy the MDE.Linux extensionhttps://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-defender-for-endpoint

You can try to use installer script based deployment to deploy Microsoft Defender for Endpoint on Linux. https://learn.microsoft.com/en-us/defender-endpoint/linux-installer-script
Pranab Nath 0 Reputation points

2025-05-07T09:00:41.8433333+00:00

HI

During manual installation one of the steps is failing as below:

fpsSkdSteveServer@FpsSteveServer:~/MDE$ sudo python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Generating /etc/opt/microsoft/mdatp/mdatp_onboard.json ...

fpsSkdSteveServer@FpsSteveServer:~/MDE$ mdatp health --field org_id

Could not connect to the daemon

***Error connecting to server socket***
Markapuram Sudheer Reddy 1,675 Reputation points Microsoft External Staff

2025-05-07T10:12:35.82+00:00

Hi Pranab Nath,

First try to install Defender for Endpoint for Linux (mdatp) https://learn.microsoft.com/en-us/defender-endpoint/linux-install-manually

If any installation is failed due to dependency error, try to download the prerequisite dependencies exist for the mdatp package: https://learn.microsoft.com/en-us/defender-endpoint/linux-support-install#make-sure-you-have-the-correct-package

After completion of above steps, now onboarding Defender for Endpoint with the Python script. First, download the onboarding package from Microsoft Defender for Endpoint portal and run the python script from the server.

sudo python3 MicrosoftDefenderATPOnboardingLinuxServer.py

Later, check the mdatp health using the command: mdatp health

If you have any queries, please do let us know, we will help you.
Pranab Nath 0 Reputation points

2025-05-07T10:37:32.37+00:00

Hi

The following commands ran successfully, yet "UpgradeVMExtensions" continues to fail:

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field real_time_protection_enabled

true

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field definitions_status

"up_to_date"

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field healthy

true

Answer 1

Dear Pranab Nath,

Thank you for reaching out regarding the issue with the Virtual Machine Extension. I understand you’re encountering a failure when attempting to create or update the MDE.Linux extension on the virtual machine FpsSteveServer.

Check the Activity Log or Azure Monitor logs in the Azure Portal for more detailed error messages related to this operation. This can often provide clues about the root cause (e.g., permissions, network issues, or resource constraints).

Ensure the MDE.Linux extension is compatible with the OS version and VM configuration. Cross-check the Microsoft Defender for Endpoint (MDE) documentation for prerequisites.

Confirm the VM (FpsSteveServer) is running and accessible. Sometimes, extensions fail to deploy if the VM is in a stopped or problematic state.

Ensure the account or service principal initiating the operation has the required permissions (e.g., Microsoft.Compute/virtualMachines/extensions/write).

Transient issues (e.g., network timeouts) can cause failures. Retry the deployment after a few minutes.

If the Azure extension continues to fail, consider manually installing the MDE agent on the Linux VM using the manual deployment instructions.

If the issue persists, please share еhe full error logs (from Azure Portal > Virtual Machine > Extensions > Failed Deployment). The OS version of the VM. Any recent changes to the VM’s network/firewall settings.

p.s. https://learn.microsoft.com/en-us/defender-endpoint/linux-install-manually

best regards,

Alex

P.S. If my answer help to you, please Accept my answer

Answer 2

Pranab Nath 0

Hi

The following commands ran successfully, yet "UpgradeVMExtensions" continues to fail:

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field real_time_protection_enabled

true

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field definitions_status

"up_to_date"

fpsSkdSteveServer@FpsSteveServer:~$ mdatp health --field healthy

true

Arko 2,210 Reputation points Microsoft External Staff

2025-05-08T10:19:26.09+00:00
Hello Pranab Nath,

Since you've already installed Microsoft Defender for Endpoint (mdatp) manually and confirmed that the agent is running and healthy (mdatp health shows true and definitions_status is up_to_date), the failing MDE.Linux VM extension is now redundant.

The reason you're still seeing the UpgradeVMExtensions failure is because Azure is trying to upgrade or reapply the MDE.Linux extension, which conflicts with the already-installed agent. This is a common scenario when Defender is installed manually but the VM still has a stale extension record.

To fix this, you can safely delete the extension using Azure CLI

az vm extension delete \ --name "MDE.Linux" \ --vm-name "FpsSteveServer" \ --resource-group "FPS_SERVER"

Once removed, the provisioning errors should stop showing up in the activity log.

Answer 3

Hello Pranab Nath,

I faced the exact same issue end-to-end in a fresh environment and was able to identify the root cause.
pranab1 In your case, Microsoft Defender for Endpoint (mdatp) was already manually installed and running correctly on the VM, but Azure is still trying to apply or upgrade the MDE.Linux VM extension. Since the extension expects to handle onboarding and configuration itself, it fails when it detects that the agent is already active or the expected configuration isn’t available. That’s why you keep seeing provisioning errors like exit code: 53 or SubmissionFailed even though mdatp health shows everything is up to date and healthy.

pranab2

This situation creates a conflict between the manually installed agent and the extension-based deployment that Azure is still attempting. The clean fix is to simply remove the stale or failed MDE.Linux extension from the VM. This will stop Azure from retrying the extension deployment and won’t impact the functioning of the Defender agent that you installed manually.

You can run the following command to remove the extension


az vm extension delete \

  --name "MDE.Linux" \

  --vm-name "FpsSteveServer" \

  --resource-group "FPS_SERVER"

pranab3

After that, there’s nothing more you need to do, as your manual installation is already working and reporting healthy. If you’re managing Defender manually across your fleet, you might also want to disable automatic extension deployment via Defender for Cloud policy to avoid similar conflicts in the future.

Share via

Create or Update Virtual Machine Extension Failed

3 answers

Your answer