• The telegraf agent installation to a Windows VM keeps failing both from the UI and when attempting manually, even though all required ports are confirmed open.
• The agent status from Manage Telegraf Agents page is showing "PrerequisiteCheckException: ESXi port connectivity check failed for <hostname>:443"
• Upon reviewing the uaf_bootstrap.log, you may see the following error:
  
  >>2025-07-14 12:31:36,501 - INFO - config-utils - stage_status: FAILED, stage_mesg: ['install', 'reinstall', '14', 'FAILED', 'Failed to Connect to 
Salt Master. null.Verify Agent installation log for more details.']
  
  
• You validate that KB below doesn't apply:
  • Deploying telegraf agents fails with message failed to connect to salt master. 
    
    
• You may see in the uaf_bootstrap.log that 2 IP addresses are referenced
  • One IP is referring to the Salt Master and arc_virtual_ip
  • The other IP is referring to https_server, emqtt_https_server, arc_fqdn
  • This means that Application Monitoring HA is enabled for the collector group
    
    
• After disabling HA collector group, the agent  may fail with the error below after using a new cloud proxy residing in the same VLAN as the endpoint VM:
  
  install agents failed at to download: https://<ip_of_collector>:443/download/salt/ucp-minion.zip. errcode=1, errmsg=. Please check C:\Temp\Aria\arc_install_tmp_dir\uaf_bootstrap.log on the endpoint VM.. please check logs for more detail.
  
  
• Running the PowerShell command: tnc <ip_of_collector> -Port 443 results in TcpTestSucceeded : True
  
  NOTE: <ip_of_collector> = Cloud Proxy IP
  
  
• Reviewing uaf_bootstrap.log may show
  

  >>>[Tue 07/15/2025  8:13:48.33] - uaf-bootstrap - INFO - Downloading:  https://<ip_of_collector>:443/downloads/salt/ucp-minion.zip to C:\Temp\Aria\arc_install_tmp_dir\ucp-minion.zip

  C:\>powershell -Command C:\Temp\Aria\arc_install_tmp_dir\ignoreSSLcheck_Downloadfile.ps1 C:\Temp\Aria\arc_install_tmp_dir\ucp-minion.zip  https://<ip_of_collector>:443/downloads/salt/ucp-minion.zip 
Invoke-WebRequest : <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
At C:\Temp\Aria\arc_install_tmp_dir\ignoreSSLcheck_Downloadfile.ps1:34 char:1
+ Invoke-WebRequest "$dlUrl" -OutFile "$destFile"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc 
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

  
  
  
  • You may also see in this same log:
    
    Network failure: ARC server is not reachable/resolvable from end point
    
    
    
  • For the above error, check KB  - Telegraf Agent Installation failure due to Proxy Settings in case of browser proxy conflict.
    
    
•  When port 443 with HTTPS is used, it would want the FQDN of the Cloud Proxy instead of the IP
  
  • When running the commands below from the target end point, they may fail
    

    
    <path-to-wget.exe> --spider -t 1 -T 10 {cloudproxy_fqdn_or_virtual_IP}:4505 
<path-to-wget.exe> --spider -t 1 -T 10 {cloudproxy_fqdn_or_virtual_IP}:4506
<path-to-wget.exe> --spider -t 1 -T 10 {cloudproxy_fqdn_or_virtual_IP}:443

    nslookup <ARC_FQDN>
nslookup <ARC_IP>
    
    NOTE: <ARC_FQDN> is the Cloud Proxy's fully qualified domain name.

Aria Operations 8.18.x