If you're attempting to set up Disaster Recovery (Preview) on your Azure Local (formerly Azure Stack HCI), you might encounter an issue where the ASR Agent fails, as shown below.

This issue is caused by a known bug in Windows Defender Application Control (WDAC), which blocks the extension from running.

While there isn't a permanent fix available at the moment, a workaround can be applied to resolve this issue.

Workaround

First step is to remove the DoNotDelete Locks from the Azure Local Nodes and the Cluster so we are able to remove the ASR Extensions. Afterwards we can remove the ASR Extension

1. Login to Portal.azure.com

2. Locate your Azure Local Nodes under Azure Arc - Machines.
   

3. Click on your Node.

4. Under the Settings tab, click on Locks.

5. Delete DoNoteDelete Locks if you have any.
   

6. Repeat the process for the other nodes and Cluster.

7. Once the Locks have been removed, proceed with removing the ASR Extension.

8. Locate the Extensions tab of your Azure Local Cluster and uninstall the ASR Extension.
   

9. Verify that ASR Extension folder has been removed from the cluster, by navigating to C:\Packages\Plugins on a cluster node and make sure that the folder "Microsoft.SiteRecovery.Dra.Windows" is gone.
   

10. Check the active WDAC policy mode on the Cluster by running the following PowerShell command on a cluster node.
    Get-ASWDACPolicyMode

    This should return with the policy set to Enforced.
    

11. Change the policy to Audit mode by running the following PowerShell command.
    Enable-AsWdacPolicy -Mode Audit

12. Run the Get command again to verify that the mode has changed from Enforce to Audit.
    Get-ASWDACPolicyMode

    This should return with the policy in Audit mode.
    

13. Now, go back to Disaster Recovery (Preview) and follow the deployment steps to prepare the infrastructure again. After Disaster Recovery (Preview) has been installed, you can set WDAC back to Enforced mode.