What causes AZCM0042 exactly?

Question

What causes AZCM0042 exactly?

GabeCz 26

I'm installing 2510 as instructed in the link below and run the 3 commands that are instructed to be run. (down in the bottom if this post the ws32tm commands is all what the website suggests)

For a better chance of reproducing my problem, I just paste my ps1 here. i will modify the actual ip and dns servers to XXX.XXX.XXX.XXX for privacy and leave everything else as is. After doing so, and running the invoke command i get this:

Bootstrap reported error: AZCMAgent command failed with error: >> exitcode: 42; >> errorcode: AZCM0042 ; >> errormsg: Failed to Create Resource: RequestCorrelationId:ce4c5d43-32d8-4500-a065-281ed1af80d1 Message: The requested resource was not found. Code: HCRP404 httpStatusCode:404 ;. Additional Info: See https://aka.ms/arc/azcmerror

Question: why is the official method coming from microsoft.com causing the error above?

I also tried to install azurecli 2.71 explicitly and add its path to the path and reboot. same result.

Here are the official instructions:

https://learn.microsoft.com/en-us/azure/azure-local/deploy/download-23h2-software?view=azloc-2510

I take that the commands and permissions on the page "Assign required permissions for Azure Local deployment" have to be ran and set 1x in a lifetime of a resource group and never again. Is that right? As they're setting things on the resource group level and that is not being modified after this.

I have a workaround where I'm running 50 different commands on all the nodes but then why is it not in the official method? Install azure cli, install python, add these to some exception, modify secpol, etc, etc.

PLEASE reproduce this. all 6 nics are on the same vlan but those hci trunks are set to vlan0-4096 so the nodes can 'imitate' vlans.

1st PS1:

#VMname

$VMName = "AALocalCZG1"

#Remove IPv6

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6}

#Rename NICs on Hyper-V because why not

#1

$Node1macNIC1 = Get-VMNetworkAdapter -VMName $VMName -Name "Mgmt0"

$Node1macNIC1.MacAddress

$Node1finalmacNIC1=$Node1macNIC1.MacAddress|ForEach-Object{($_.Insert(2,"-").Insert(5,"-").Insert(8,"-").Insert(11,"-").Insert(14,"-"))-join " "}

$Node1finalmacNIC1

#6

$Node1macNIC6 = Get-VMNetworkAdapter -VMName $VMName -Name "Mgmt1"

$Node1macNIC6.MacAddress

$Node1finalmacNIC6=$Node1macNIC6.MacAddress|ForEach-Object{($_.Insert(2,"-").Insert(5,"-").Insert(8,"-").Insert(11,"-").Insert(14,"-"))-join " "}

$Node1finalmacNIC6

#2

$Node1macNIC2 = Get-VMNetworkAdapter -VMName $VMName -Name "Comp0"

$Node1macNIC2.MacAddress

$Node1finalmacNIC2=$Node1macNIC2.MacAddress|ForEach-Object{($_.Insert(2,"-").Insert(5,"-").Insert(8,"-").Insert(11,"-").Insert(14,"-"))-join " "}

$Node1finalmacNIC2

#3

$Node1macNIC3 = Get-VMNetworkAdapter -VMName $VMName -Name "Comp1"

$Node1macNIC3.MacAddress

$Node1finalmacNIC3=$Node1macNIC3.MacAddress|ForEach-Object{($_.Insert(2,"-").Insert(5,"-").Insert(8,"-").Insert(11,"-").Insert(14,"-"))-join " "}

$Node1finalmacNIC3

#4

$Node1macNIC4 = Get-VMNetworkAdapter -VMName $VMName -Name "Stor0"

$Node1macNIC4.MacAddress

$Node1finalmacNIC4=$Node1macNIC4.MacAddress|ForEach-Object{($_.Insert(2,"-").Insert(5,"-").Insert(8,"-").Insert(11,"-").Insert(14,"-"))-join " "}

$Node1finalmacNIC4

#5

$Node1macNIC5 = Get-VMNetworkAdapter -VMName $VMName -Name "Stor1"

$Node1macNIC5.MacAddress

$Node1finalmacNIC5=$Node1macNIC5.MacAddress|ForEach-Object{($_.Insert(2,"-").Insert(5,"-").Insert(8,"-").Insert(11,"-").Insert(14,"-"))-join " "}

$Node1finalmacNIC5

#Set NIC Names on the OS

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($Node1finalmacNIC1) Get-NetAdapter -Physical | Where-Object {$_.MacAddress -eq $Node1finalmacNIC1} | Rename-NetAdapter -NewName "Mgmt0"} -ArgumentList $Node1finalmacNIC1

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($Node1finalmacNIC6) Get-NetAdapter -Physical | Where-Object {$_.MacAddress -eq $Node1finalmacNIC6} | Rename-NetAdapter -NewName "Mgmt1"} -ArgumentList $Node1finalmacNIC6

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($Node1finalmacNIC2) Get-NetAdapter -Physical | Where-Object {$_.MacAddress -eq $Node1finalmacNIC2} | Rename-NetAdapter -NewName "Comp0"} -ArgumentList $Node1finalmacNIC2

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($Node1finalmacNIC3) Get-NetAdapter -Physical | Where-Object {$_.MacAddress -eq $Node1finalmacNIC3} | Rename-NetAdapter -NewName "Comp1"} -ArgumentList $Node1finalmacNIC3

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($Node1finalmacNIC4) Get-NetAdapter -Physical | Where-Object {$_.MacAddress -eq $Node1finalmacNIC4} | Rename-NetAdapter -NewName "Stor0"} -ArgumentList $Node1finalmacNIC4

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($Node1finalmacNIC5) Get-NetAdapter -Physical | Where-Object {$_.MacAddress -eq $Node1finalmacNIC5} | Rename-NetAdapter -NewName "Stor1"} -ArgumentList $Node1finalmacNIC5

#Disable DHCP

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-NetIPInterface -InterfaceAlias "Mgmt0" -Dhcp Disabled}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-NetIPInterface -InterfaceAlias "Mgmt1" -Dhcp Disabled}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-NetIPInterface -InterfaceAlias "Comp0" -Dhcp Disabled}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-NetIPInterface -InterfaceAlias "Comp1" -Dhcp Disabled}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-NetIPInterface -InterfaceAlias "Stor0" -Dhcp Disabled}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-NetIPInterface -InterfaceAlias "Stor1" -Dhcp Disabled}

#Remove assigned IP addresses

#Get-NetIPInterface | Remove-NetIPAddress -Confirm:$false

#And finally set fix IP for Mgmt0

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {New-NetIPAddress -InterfaceAlias "Mgmt0" -IPAddress "XXX.XXX.XXX.71" -PrefixLength 24 -AddressFamily IPv4 -DefaultGateway "XXX.XXX.XXX.1"}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Set-DnsClientServerAddress -InterfaceAlias "Mgmt0" -ServerAddresses "XXX.XXX.7.15,XXX.XXX.XXX.14,XXX.XXX.XX.70"}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All }

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {Install-WindowsFeature -Name Hyper-V -IncludeManagementTools}

Invoke-Command -VMName $VMName -Credential $cred -ScriptBlock {param($VMName) Rename-Computer -NewName $VMName -Restart} -ArgumentList $VMName

2nd PS1 (reboot after 1st PS1 ran)

$domaincontrollerfqdn="vlan7dc.ourdomain.local"  
w32tm /config /manualpeerlist:$domaincontrollerfqdn /syncfromflags:manual /reliable:yes /update  
w32tm /resync /force  
w32tm /query /status    
	Restart-Computer -Force

3 answers

Your answer

Answer 1

The error code AZCM0042 indicates that there was a failure to create a resource during the Azure Connected Machine Agent (AZCM) installation process. Specifically, the error message states that the requested resource was not found, which corresponds to a 404 HTTP status code. This can occur for several reasons:

Incorrect Resource Configuration: Ensure that the resource group and other configurations specified in your scripts are correct and that the resources you are trying to create do not already exist or conflict with existing resources.
Permissions Issues: The account being used to run the commands must have the necessary permissions to create resources in the specified resource group. Verify that the permissions have been assigned correctly.
Network Configuration: Since you mentioned that all NICs are on the same VLAN, ensure that there are no network issues preventing the Azure service from communicating with your resources. Check firewall settings and network security groups.
Azure CLI Version: You noted that you installed Azure CLI 2.71. Ensure that this version is compatible with the commands you are running and that it is correctly configured in your environment.
Resource Availability: Sometimes, Azure services may experience temporary outages or issues. Check the Azure status page to see if there are any ongoing issues that could affect resource creation.
Script Execution Context: Ensure that the scripts are being executed in the correct context and that all required modules and dependencies are available and correctly configured.

If the problem persists, consider checking the Azure logs for more detailed error messages that could provide further insights into the issue.

GabeCz 26 Reputation points

2025-11-26T18:21:24.39+00:00

hi and thanks everyone

i'm still waiting for my resources being cleaned out, i have another topic open (forgot to switch users) here is the question # 5634946

i ran the commands suggested in private, but did not work.

i have been suggested to run

Get-AzResource -ResourceName "<resourceName>" -ResourceGroupName "<rgName>"

for every node. and figured i just run

remove-azresource

too, but that ended up me getting a "True" message within 0.00ms so i figured that did do exactly nothing.

So i will test these suggestions above from Adam, thanks for it, and let you know how it goes.

Before this, and i still have the scripts, i explicitly installed python, and azcli, and enabled/added extra permissions on the nodes just to make sure everything works, and it still does, but i really wish it was as easy as the online documentation shows. So i tried with only running the commands/scripts shown in those documentations, and it still seems to fail.

i can share my ps1 files in private with ms employees with pleasure as they contain our IDs.

and/or remove the ids and share it so. just to show what extra things i did to make it work "semi-oob"

Answer 2

I’ve seen AZCM0042 before when onboarding nodes.

AZCM0042 is not a networking, Python, or CLI version problem. It’s always the backend rejecting the request because it cannot find the expected resource path during Arc onboarding.

and the error always means one thing:

The Arc resource your bootstrap script is trying to create doesn’t exist or
Azure can’t find the deployment you're referencing. The 404 in the message is literal. Azure Local is calling the Arc backend to create the machine resource, and the backend responds, “resource not found.”

The most common reasons are:

Wrong resource group or region the script is trying to create the Arc machine in a resource group or location that doesn’t match what was registered earlier. Azure Local is very strict about that.

Required Arc resource providers weren’t registered Even if you think they’re registered, one missing provider (especially Microsoft.HybridCompute or Microsoft.AzureStackHCI) will cause this exact 42/404 failure.

Role assignments weren’t applied or haven’t propagated yet The account running the bootstrap must have Contributor at minimum on the resource group, plus the specific roles listed in the Azure Local docs. Missing one will cause AZCM0042 immediately.

Wrong subscription context during the CLI call If the Azure CLI is pointing to a different subscription than the one you prepared for Azure Local, the bootstrap cannot find the target resources and throws AZCM0042.

Cluster bootstrap trying to create resources before the RG is fully ready I’ve hit this when the resource group was created only seconds earlier. Waiting a few minutes or recreating the RG fixed it.

The fix is normally one of these:

Re-register all required providers:

   az provider register --namespace Microsoft.HybridCompute 
   az provider register --namespace Microsoft.AzureStackHCI 
   az provider register --namespace Microsoft.ResourceConnector

Make sure the CLI is using the correct subscription: az account show
Confirm your RG and location match the ones in the Azure Local registration.

GabeCz 26 Reputation points

2025-11-26T20:56:07.5733333+00:00

So not having to wait for the other issue to be resolved, i created a new resource group.

Please confirm, that these are the correct and enoug role assignments to assign (if there's more than needed, it's ok with me):

owner (inherited),
reader (inherited),
azure connected machine onboarding,
azure connected machine resource administrator,
azure connected machine resource manager,
azure stack hci administrator (inherited),
key vault administrator (inherited),
key vault contributor,
key vault data access administrator,
key vault secrets officer,
storage account contributor

i already ran these below, they are applied on subscription not on resource group level right?

Register-AzResourceProvider -ProviderNamespace "Microsoft.HybridCompute" Register-AzResourceProvider -ProviderNamespace "Microsoft.GuestConfiguration" Register-AzResourceProvider -ProviderNamespace "Microsoft.HybridConnectivity" Register-AzResourceProvider -ProviderNamespace "Microsoft.AzureStackHCI" Register-AzResourceProvider -ProviderNamespace "Microsoft.Kubernetes" Register-AzResourceProvider -ProviderNamespace "Microsoft.KubernetesConfiguration" Register-AzResourceProvider -ProviderNamespace "Microsoft.ExtendedLocation" Register-AzResourceProvider -ProviderNamespace "Microsoft.ResourceConnector" Register-AzResourceProvider -ProviderNamespace "Microsoft.HybridContainerService" Register-AzResourceProvider -ProviderNamespace "Microsoft.Attestation" Register-AzResourceProvider -ProviderNamespace "Microsoft.Storage" Register-AzResourceProvider -ProviderNamespace "Microsoft.Insights"

Answer 3

Ankit Yadav 6,345 Microsoft External Staff Moderator

Hello @GabeCz ,

As Adam mentioned earlier, these types of errors are most often caused by configuration issues or by required endpoints being blocked or unreachable.

To help narrow things down, could you please validate and confirm that the following requirements have been fully met in your deployment:

Verify that all required permissions are correctly assigned, as outlined here: Azure Local prerequisites.
Be sure to review the sections on Azure Local machine prerequisites and Assign Azure permissions for deployment.
Ensure that every necessary endpoint is accessible and not being blocked by NSG or firewall rules. You can find the detailed list here: Azure Local endpoints and Firewall requirements.
If you’re registering without an Arc Gateway, please refer to the specific guidance provided in: Deployment without Arc Gateway
If you're registering using Arc Gateway, please refer to the guidance outlined here: Deployment with Azure Arc Gateway

GabeCz 26 Reputation points

2025-11-27T03:02:07.2366667+00:00

So creating a new resource group and adding the listed roles and role assignments, basically per-say starting from scratch did the trick.

I think my old resource group was over used and abused with my previous probably 100+ test nodes and wrong configurations failed deployments, etc.

Seems like when I deleted a node / cluster / solution / whatever, it did not delete it completely and there must've been some overlapping settings/ids I do not know what.

After a clean start with new resource group, my nodes are getting registered in the portal via Arc Gateway, which btw for others who struggle: it takes time! I waited 40+ minutes (43 to be precise in my case but it varies depending on free / available resources I read). Do not start before it says "Deployment completed" I think that was also ONE of the many causes when I tried to register in my old test resource group.
Ankit Yadav 6,345 Reputation points Microsoft External Staff Moderator

2025-11-27T06:28:44.4866667+00:00

Hello @GabeCz ,Glad to know that the issue has been resolved.

Your deduction is spot-on: The previous deployment left behind orphaned resources and conflicting configurations, which would have caused the issue.

Since creating a new resource group and adding the necessary roles and assignments fixed it, this confirms what Adam and I suspected earlier: missing roles and assignments were the root cause.

For future deployments,

it's good to use dedicated resource groups for different environments to prevent config drift.

Since the issue has been resolved, Please take a moment to "Accept Answer" and upvote it 👍 to make it helpful to the community.

Thank you for helping to improve Microsoft Q&A!

Share via

What causes AZCM0042 exactly?

3 answers

Your answer