Share via

RHEL 10 Azure Arc Agent (azcmagent) can no longer install the EDR extension with Arc Agent version 1.57

Janka Pirmin 25 Reputation points
2025-10-21T12:30:22.07+00:00

Hi together

Issue Summary: On RHEL 10, the Azure Agent (azcmagent) fails to install the EDR extension when using Azure Arc Agent version 1.57.

The following error appears in the logs:

gpg: Can't check signature: No public key

This error is found in:

/var/lib/GuestConfig/ext_mgr_logs/gc_ext.log

/var/lib/GuestConfig/ext_mgr_logs/gc_ext_telemetry.txt

The issue does not occur on RHEL 9, nor on RHEL 10 when using Arc Agent version 1.56 — both work without problems. The Problem only occurs in RHEL 10 and Arc Agent Version 1.57

Maybe this Fix from Version 1.53 was removed in Version 1.57?

Version 1.53 - June 2025

Fixed

[Linux Only] Resolved "No public key" error by adding GPG package signature validation.

Update 2025-10-22:
It works when we import the microsoft.asc Key from https://packages.microsoft.com/keys/microsoft.ascmanually

Importing the key:

gpg --import microsoft.asc

View the key:

gpg --list-keys

pub   rsa2048 2015-10-28 [SC]
      <String>
uid   [ultimate] Microsoft (Release signing) <[email protected]>

Do we have to integrate this in our configuration automation for ms azcmagent or should microsoft fix this?

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
0 comments
Answer accepted by question author
  1. Vinodh247 40,031 Reputation points MVP Volunteer Moderator
    2025-11-21T14:56:20.3766667+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    I believe Microsoft has to fix this. The Arc agent should ship with the correct package signing key or fetch it automatically. If 1.56 and earlier handle GPG validation correctly and 1.57 breaks only on RHEL 10, that is a regression in the agent, not something you should bake into your automation. Manually importing microsoft.asc is only a temporary workaround. Do not hardcode this into longterm configuration unless ms explicitly documents it.

    Suggest raise a support ticket or track the Arc Agent release notes; a patch release will almost certainly restore the key handling that 1.53 introduced.

    Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.