Share via

IaasAntiMalware Extension Fails Intermittently on Azure VM

Srikanth P 5 Reputation points
2025-12-03T07:35:20.0466667+00:00

Hi,

I'm Using Terraform azurerm provider to provision IaasAntmalware Extension once VM is deployed. But this extension is failing DLL Not found error as below resulting terraform to fail but in Azure after sometime the extension is resolved on itself. In Terraform it tries to recreate extension again and fails with already exists error. The terraform resources have dependency as well to execute extension after VM is deployed

This issue is intermittent and not observed on all VM's. We are using Base Windows Images like 2019/2022 server and observed this on both images.

Error:Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'IaasAntimalware' (publisher 'Microsoft.Azure.Security' and type 'IaasAntimalware'). Error message: 'Enable step getting DllNotFoundException: system.DllNotFoundException: Unable to load DLL 'MpClient.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)

Looking for permanent fix so that this wont be occured again.

NOTE: If i remove uninstall the extension and retrigger the terraform it works fine.

Thanks

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jilakara Hemalatha 5,970 Reputation points Microsoft External Staff Moderator
    2025-12-03T08:07:42.2666667+00:00

    Hi Srikanth P

    Thanks for reaching out Q/A. IaaS Antimalware extension failing intermittently on your Azure VMs. Here’s a bit of insight and steps you might want to take to resolve this problem permanently:

    Suggested Steps to Troubleshoot:

    1. Check VM Agent Health**: Since the VM Agent is crucial for managing extensions, run a health diagnostic on it. You can use the VM assist for Windows tool to check for any underlying issues with the Azure VM Agent.
    2. Monitoring Logs: You should check the logs located at %Systemdrive%\WindowsAzure\Logs\Plugins\Microsoft.Azure.Security.IaaSAntimalware\<version>\CommandExecution.log. This might give you more details on what's causing the DLL Not found errors.
    3. Ensure Connectivity: Confirm that your VMs have internet connectivity, as the Antimalware extension requires this for updates. If there's any network restriction, that could prevent it from loading necessary components.
    4. Extension Configuration: Make sure you have followed all prerequisites for the Antimalware extension. This includes making sure that Windows Defender is installed and running properly, especially if you are using a Windows Server 2016 or later.
    5. Retry Installation: As you've noticed that uninstalling and then reinstalling the extension works, consider making this a part of your provision script in Terraform to minimize the chances of failure.
    6. Extension Timeout Settings: If the failures seem intermittent, you might need to adjust the timeout settings for the extension execution in Terraform to give it a longer duration to initialize correctly.
    7. Resource Monitoring: Monitor your VM’s resources to ensure there are no constraints such as CPU or memory pressure during the extension installation, as this can also lead to errors.

    Please refer below documentations:

    Hope this helps! If issue persists further, I would appreciate it if you could provide more details on:

    1. Have you checked if the VM Agent is running smoothly and reporting a "Ready" status?
    2. What is the exact frequency of these intermittent failures? Is it after specific actions or load conditions?
    3. Have you noticed any specific patterns or times when the failures seem to occur more frequently?
    4. Are there any network security rules that could be impacting the extension's ability to connect to the internet?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.