Official information from Microsoft
Microsoft Entra Connect Health agents are not officially supported on Windows Core servers.
Windows Server Core doesn't support installing the Microsoft Entra Connect Health agent.
source : https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-health-agent-install
Entra Connect Health for ADDS and DC in Server Core - workaround
To minimize the attack surface, many domain controllers are now in Server Core Edition.
The Entra Connect for ADDS agent health installs without issues, but running Register-MicrosoftEntraConnectHealthAgent esults in an error message.
To fix this issue, install the compatibility pack.
# Enable TLS1.2 in the current PowerShell session
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
# Install compatibility pack
Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~0.0.1.0(If the previous command failed, try one more time).
Restart the server.
The Register-MicrosoftEntraConnectHealthAgent command will succeed.
You can now run the Register-MicrosoftEntraConnectHealthAgent command without any problem. Your DC will now appear in Entra ID Connect Health.
Clap
Comments