![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 31%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Hi Josue Gonzalez,
Thanks for Posting your Question in Microsoft Q&A forum
You can test and troubleshoot connectivity as follows:
1.Check connectivity from the bridge appliance to vCenter
- Use SSH or console access to the appliance VM.
- Try a simple network test:
ping <vCenter_IP_or_hostname>nc -vz <vCenter_IP_or_hostname> 443 - If
pingfails it tells network or firewall blocking. -
If ncfails on port 443 it tells firewall likely blocking communication. - connectivity issues like no route to host or appliance network unavailable errors often stem from blocked TCP ports or network misconfigurations. Fixing these typically involves working with your network team to open port 22 (SSH), port 6443 (appliance API), and ensuring proper routing
Check Azure Arc Resource Bridge status and logs
Run:
az arcappliance show --name <bridge-name> --resource-group <rg>
This shows the resource bridge's current "ProvisioningState", such as WaitingForHeartbeat, Validating, Connecting, Connected, or Running
You can refrer: https://free.blessedness.top/en-us/azure/azure-arc/resource-bridge/deploy-cli?utm_source
If something looks stuck, collect logs:
az arcappliance logs vmware \
--ip <appliance_IP> \
--username <vSphere_user> \
--password <vSphere_pass> \
--address <vCenter_address> \
--out-dir logs/
or, if you prefer using kubeconfig:
az arcappliance get-credentials -n <bridge-name> -g <rg>
az arcappliance logs vmware --kubeconfig kubeconfig --out-dir logs/
These help you root-cause what’s going wrong
Check that ARC has necessary network access
The bridge appliance must be able to reach specific Azure services. If it cannot connect, the vCenter resource may show as Disconnected in the Arc portal.
Microsoft requires that outbound HTTPS (TCP/443) access is allowed to the following endpoints:
-
management.azure.com(Azure Resource Manager) -
login.microsoftonline.com(Azure AD authentication) -
*.dp.kubernetesconfiguration.azure.com(Kubernetes configuration service) -
*.his.arc.azure.com(Hybrid identity services for Arc) -
mcr.microsoft.com(Microsoft Container Registry) - login.windows.net (Microsoft Entra ID)
- pas.windows.net (Microsoft Entra ID)
If these endpoints are blocked by firewall or proxy, the appliance will not be able to communicate with Azure and will appear disconnected.
Use the azcmagent tool (if applicable for connected servers) to test endpoint reachability:
azcmagent check --location "<your-region>"
This runs checks against key Azure endpoints to verify connectivity
Refer document for more network requirements: https://free.blessedness.top/en-us/azure/azure-arc/network-requirements-consolidated?utm_source
Update credentials if needed
If the vCenter credentials stored in the bridge appliance have expired or changed, the connection to vCenter will fail, causing the Arc portal to show it as “Disconnected” even though the appliance is still running. To resolve this, update the vCenter credentials in the appliance using the CLI
run the following command with the --skipWait flag:
az arcappliance update-infracredentials vmware --kubeconfig [REQUIRED] --address [REQUIRED] --username [REQUIRED] --password [REQUIRED] --skipWait
If you need to retrieve the kubeconfig, you can run the following command:
az arcappliance get-credentials --resource-group [REQUIRED] --name [REQUIRED] --credentials-dir [OPTIONAL]
Test with an Azure action
Finally, verify by performing any action from the Azure portal on a VM you’re managing on-premises via Arc:
- For example, try fetching details or initiating a restart on a VM.
- If you get an error, that flags a credential or connectivity issue with the bridge appliance
Refer document to troubleshoot the connectivity of Azure Arc resource bridge issues
you can refer https://free.blessedness.top/en-us/azure/azure-arc/site-manager/how-to-view-connectivity-status to view connectivity status for an Arc site (if needed)
If you're still having issues after trying these steps, it would be helpful to gather more details.
- What is the exact error message (if any) displayed in the Azure Arc portal regarding the disconnection?
- Have you changed any network configurations recently that could affect connectivity?
- Are there any firewall rules specifically set up on your vCenter or the network that might block traffic?
- Can you verify if both the Azure Arc resource bridge and the vCenter are running in the same network segment?
- Are you seeing any alerts or logs in the vCenter that might provide more insight into connectivity issues?
I hope the provided answer is helpful, do let me know if you have any further questions on this Please accept as Yes and upvote if the answer is helpful so that it can help others in the community.