Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more.
Microsoft announced several Azure integration services with Windows Admin Center, such as Azure Backup, Azure File Sync, Azure Network Adapter, Azure Site Recovery and more. Please check the following document for the complete list of Azure integration services.
In this blog post, I will show you how to collect the events that Windows Admin Center produces into Azure Log Analytics workspace.
The prerequisites are very simple as follows:
- Make sure you are running Windows Admin Center (WAC) Version 1809.5 or later.
- Create Azure Log Analytics workspace. Please check the following article to see how to create a Log Analytics workspace in Azure.
- Install the Microsoft Monitoring Agent on Windows Admin Center.
- Collect Windows Admin Center event logs.
Once Windows Admin Center is deployed in your environment, you are ready to start.
Install Microsoft Monitoring Agent on Windows Admin Center
Before installing the Microsoft Monitoring Agent for Windows, you need to get the workspace ID and key for your Log Analytics workspace. This information is required by the setup wizard to properly configure the agent and ensure it can successfully communicate with Log Analytics.
- Open the Azure portal, click All services found in the upper left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics.
- In your list of Log Analytics workspaces, select the workspace that you created earlier. Select Advanced settings.
- Select Connected Sources, and then select Windows Servers. Copy the value of Workspace ID and Primary Key as shown in the following screenshot, you will use them in the next step. In this example, I don’t have any Windows computer connected yet.
Within the same blade, click and Download Windows Agent (64 bit).
- Run MMASetup-AMD64.exe setup to install the agent on Windows Admin Center computer.
- On the Welcome page, click Next. On the License Terms page, read the license and then click I Agree.
- On the Destination Folder page, you can change or keep the default installation folder and then click Next.
- On the Agent Setup Options page, choose to Connect the agent to Azure Log Analytics and then click Next.
- On the Azure Log Analytics page, paste the Workspace ID and Workspace Key (Primary Key) that you copied from the previous step. If the computer should report to a Log Analytics workspace in Azure Government cloud, select Azure US Government from the Azure Cloud drop-down list. In this example, we are using Azure Commercial.
- If the computer needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide the URL and port number of the proxy server. If your proxy server requires authentication, type the username and password to authenticate with the proxy server and then click Next.
- On the Ready to Install page, review your selections and then click Install.
- On the Microsoft Monitoring Agent configuration completed successfully page, click Finish.
- Once completed, the Microsoft Monitoring Agent appears in Control Panel. You can verify that the agent is connected to Log Analytics. When connected, on the Azure Log Analytics tab, the agent displays a message stating: The Microsoft Monitoring Agent has successfully connected to the Microsoft Log Analytics service as shown in the following screenshot.
Collect Windows Admin Center Events
Now that you have Windows Admin Center registered to Microsoft Azure and connected to Azure Log Analytics, you ready to collect events from the Windows Admin Center. To do so, please follow the steps below:
- Open the Azure Portal and browse to Log Analytics workspace, select your workspace > Advanced settings > Data > Windows Event Logs.
- Add the Microsoft-ServerManagementExperience channel as shown in the following screenshot.
- Click Save at the top of the page to save the configuration.
- Once the configuration is successfully saved, click OK.
View Windows Admin Center Events
Now that you have enabled data collection, let’s run a simple log search example to see some data from the Windows Admin Center computer.
- Open the Azure Portal, click All services. In the list of resources, type Monitor. As you begin typing, the list filters based on your input. Select Monitor.
- On the Monitor – Overview navigation menu, select Logs and then select a workspace where Windows Admin Center is connected to.
- On the Log query pane, in the query field type Event and then click Run.
- Collected events are returned in the default table view, and you can see how many total records were returned this includes all events level such as Information, Warning, and Error. You can filter any column and change the Time range.
- For example, the best way to get only the latest 10 error events for the last 3 days is to use where and top, which sorts the entire table on the Windows Admin Center server side and then returns the top error records as shown in the following example:
Event | where (EventLevelName == "Error") | where (TimeGenerated > ago(3days)) | top 10 by TimeGenerated
- Last but not least, you can create custom alerts to get notified when something goes wrong. For more information on how to create custom alerts, please check the following article.
That’s it there you have it!
In this article, I showed you how to collect the events that Windows Admin Center produces into Azure Log Analytics workspace for monitoring with Azure Monitor, so you can explore the logs collected by Log Analytics by generating a query using the Kusto query language, you can also create useful alerting. For more information on how to get started with queries in Log Analytics, please check the following article.
I hope that Microsoft will look in the future for on-premises servers that are on-boarded in Windows Admin Center so we can collect their events into Azure Log Analytics as well.
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.