Share via

ASR Enabling Replication with Replication

Anandha Chandrasekaran 40 Reputation points
2026-06-09T20:07:02.9666667+00:00

Hi, I understand that automatic upgrades of ASR appliance components and Mobility Service agents are not supported when private endpoints are enabled on the Recovery Services vault.

https://learn.microsoft.com/en-us/azure/site-recovery/upgrade-mobility-service-modernized

But, I wanted to clarify the initial replication setup process. When enabling replication for VMs for the first time, do we need to manually install the Mobility Service agent on each machine, or can the agent installation be initiated through the Azure portal or Terraform when creating Replicated items. Does push installation of Mobility Service agent work?

Azure Site Recovery
Azure Site Recovery

An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Suchitra Suregaunkar 14,595 Reputation points Microsoft External Staff Moderator
    2026-06-10T18:45:31.8+00:00

    Hello Anandha Chandrasekaran

    Thank you for posting your query on Microsoft Q&A platform.

    Yes, push installation of the Mobility Service agent works normally when you enable replication for the first time, even when private endpoints are enabled on the Recovery Services vault. You do not need to manually install the agent on each machine.

    Here's what happens during initial replication setup:

    Azure-to-Azure:

    • When you enable replication via Azure Portal, Terraform, or API, the Mobility Service extension is automatically deployed to the source VM. No manual installation needed.

    VMware-to-Azure (Modernized) / Physical-to-Azure:

    • When you enable replication, the replication appliance (or process server) automatically pushes the Mobility Service agent to your source machines, just like it does in non-private endpoint scenarios.

    What private endpoints actually restrict:

    The limitation you've read about applies only to automatic upgrades after the agent is already installed, not to the initial installation itself. Specifically:

    • Initial agent installation (push): Fully supported
    • Enabling replication via Portal/Terraform/API: Fully supported
    • Automatic upgrades of Mobility Service: Not supported (manual upgrade required)
    • Automatic appliance component upgrades: Not supported (manual upgrade required)

    So, during your initial setup, everything works as expected. The only ongoing operational difference is that you'll need to manually upgrade the Mobility Service and appliance components when updates are available, rather than relying on automatic updates.

    Prerequisites for push installation to work: To ensure push installation succeeds with private endpoints:

    • Configure private DNS resolution so the appliance and source machines can resolve the vault's private link FQDNs
    • Ensure network connectivity from source machines to the replication appliance or process server
    • Provide administrator/root credentials for the source machines (required for the push install process)
    • Allow necessary firewall rules (File and Printer Sharing, WMI for Windows; SSH for Linux)

    Official documentation:

    Here are the key Microsoft Learn articles that confirm this:

    1. Private endpoint support overview (confirms automatic upgrades are blocked, but initial replication and installation are supported): https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-replication-private-endpoints
    2. Upgrade Mobility Service with private endpoints (explicitly states the limitation is on upgrades, not initial installation): https://learn.microsoft.com/en-us/azure/site-recovery/upgrade-mobility-service-modernized#private-endpoint-enabled-vaults
    3. Mobility Service installation overview (explains push installation process): https://learn.microsoft.com/en-us/azure/site-recovery/vmware-azure-install-mobility-service
    4. Azure-to-Azure replication with private endpoints (confirms extension auto-deployment): https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication

    So, go ahead and enable replication through the Azure Portal or Terraform as you normally would. The Mobility Service will be installed automatically via push installation (VMware/Physical) or extension deployment (Azure-to-Azure). Private endpoints don't block this initial process, they only affect automatic upgrades down the road.

    Hope this clears things up! Let me know if you have any other questions.

    Thank you.

    Suchitra.

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-06-09T20:07:28.99+00:00

    Push installation of the Mobility Service agent from the Azure portal is supported and continues to work when enabling replication, even if private endpoints are enabled on the Recovery Services vault.

    Key points based on the referenced documentation:

    • The Mobility agent is required on each source machine to coordinate communication with the replication appliance and manage data replication.
    • For modernized deployments, the agent is typically installed and updated automatically from the configuration/replication appliance; manual download/installation is only needed when explicitly required (for example, when using command-line updates or specific OS/distros).
    • Private endpoints affect automatic updates of the Mobility agent and appliance components:
      • When private endpoints are enabled, automatic updates are blocked.
      • In that case, upgrades of the Mobility agent and appliance components must be done manually (for example, via the UnifiedAgentConfigurator command line for the agent, or manual MSI/MARS updates for appliance components).
    • This limitation is explicitly documented for updates; the context does not state that initial push installation is disabled. Instead, it focuses on how to keep agents and appliance components up to date when private endpoints are in use.

    Therefore:

    • Initial replication setup can still rely on the normal ASR workflow where the replication appliance pushes and installs the Mobility agent on source machines.
    • What changes with private endpoints is the upgrade path: after initial deployment, Mobility agents and appliance components must be upgraded manually (portal-triggered upgrades are not available when private endpoints are enabled; command-line/manual methods must be used instead).

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.