none
ARM Linux VM Encryption Fails RRS feed

  • Question

  • Hello,

    We are trying to encrypt newly created Linux vm using ARM template but the encryption process fails with the error.
    Could you please let us know the cause of it ?



    Azure Portal Deployment Status Log : 

    {
      "code": "DeploymentFailed",
      "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.",
      "details": [
        {
          "code": "Conflict",
          "message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'AzureDiskEncryptionForLinux'. Error message: \\\"Enable failed.\\\".\"\r\n }\r\n ]\r\n }\r\n}"
        }
      ]
    }




    Linux VM Logs :

    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Parsing context for sequence number: 0
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: setting file path is/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-0.1.0.999336/config/0.settings
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Config decoded correctly.
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Encryption operation: EnableEncryption
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] op: Install
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] status: success
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] code: 0
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] msg: Install Succeeded
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7643: [Info] Executing: lvs --noheadings --nameprefixes --unquoted -o lv_name,vg_name,lv_kernel_major,lv_kernel_minor
    2019/05/28 11:01:39 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] substatus: {"os": "NotEncrypted", "data": "NotMounted"}
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Parsing context for sequence number: 0
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: setting file path is/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-0.1.0.999336/config/0.settings
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Config decoded correctly.
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Encryption operation: EnableEncryption
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Enabling extension
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Public settings:
    2019/05/28 11:01:41 {
    2019/05/28 11:01:41     "AADClientID": "<my add client id>", 
    2019/05/28 11:01:41     "DiskFormatQuery": "", 
    2019/05/28 11:01:41     "EncryptionOperation": "EnableEncryption", 
    2019/05/28 11:01:41     "KeyEncryptionAlgorithm": "RSA-OAEP", 
    2019/05/28 11:01:41     "KeyEncryptionKeyURL": "https://keyvaultencrypted.vault.azure.net/", 
    2019/05/28 11:01:41     "KeyVaultURL": "https://keyvaultencrypted.vault.azure.net/", 
    2019/05/28 11:01:41     "SequenceVersion": "1", 
    2019/05/28 11:01:41     "VolumeType": "OS"
    2019/05/28 11:01:41 }
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] the config file /var/lib/azure_disk_encryption_config/azure_crypt_config.ini not exists.
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] make sure path exists, executing: /bin/mkdir -p /mnt/azure_bek_disk
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: /bin/mkdir -p /mnt/azure_bek_disk
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] make sure path exists, executing: /bin/mkdir -p /mnt/azure_bek_disk
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: /bin/mkdir -p /mnt/azure_bek_disk
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: /bin/mount -L "BEK VOLUME" /mnt/azure_bek_disk -o fmask=077
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Command /bin/mount -L "BEK VOLUME" /mnt/azure_bek_disk -o fmask=077 failed with return code 1
    2019/05/28 11:01:41 stdout:
    2019/05/28 11:01:41 
    2019/05/28 11:01:41 stderr:
    2019/05/28 11:01:41 mount: /mnt/azure_bek_disk: can't find LABEL="BEK VOLUME".
    2019/05/28 11:01:41 
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Failed to get BEK from BEK VOLUME with error: 'NoneType' object has no attribute 'startswith'
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: lvs --noheadings --nameprefixes --unquoted -o lv_name,vg_name,lv_kernel_major,lv_kernel_minor
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: modprobe vfat
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: lsblk -o NAME,TYPE,FSTYPE,LABEL,SIZE,RO,MOUNTPOINT
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] 
    2019/05/28 11:01:41 NAME    TYPE FSTYPE LABEL            SIZE RO MOUNTPOINT
    2019/05/28 11:01:41 sda     disk                          30G  0 
    2019/05/28 11:01:41 sda1  part ext4   cloudimg-rootfs 29.9G  0 /
    2019/05/28 11:01:41 sda14 part                           4M  0 
    2019/05/28 11:01:41 sda15 part vfat   UEFI             106M  0 /boot/efi
    2019/05/28 11:01:41 sdb     disk                          16G  0 
    2019/05/28 11:01:41 sdb1  part ext4                     16G  0 /mnt
    2019/05/28 11:01:41 sr0     rom                          628K  0 
    2019/05/28 11:01:41 
    2019/05/28 11:01:41 
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] PRECHECK: Prechecks successful
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] handle.py found enable encryption operation
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Config did not change or first call, enabling encryption
    2019/05/28 11:01:41 [AzureDiskEncryptionForLinux-0.0]: cwd is /var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-0.1.0.999336
    2019/05/28 11:01:41 [AzureDiskEncryptionForLinux-0.0]: Parsing context, find_last_nonquery_operation=False
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Change log file to /var/log/azure/Microsoft.Azure.Security.AzureDiskEncryptionForLinux/extension.log
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Parsing context for sequence number: 0
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: setting file path is/var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux-0.1.0.999336/config/0.settings
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Config decoded correctly.
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: Encryption operation: EnableEncryption
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Enabling encryption
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] make sure path exists, executing: /bin/mkdir -p /var/lib/azure_disk_encryption_config/
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] Executing: /bin/mkdir -p /var/lib/azure_disk_encryption_config/
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: set most recent sequence number to 0
    2019/05/28 11:01:41 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] start creating kek secret
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] getting the access token.
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] trying to get the authorize uri from: Bearer authorization="https://login.windows.net/017bd9ae-a0e1-4125-ae2c-c0dec1cb6602", resource="https://vault.azure.net"
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] 200 [('content-length', '1324'), ('expires', '-1'), ('x-content-type-options', 'nosniff'), ('set-cookie', 'fpc=AoAhYFXTmHJDoZyK2o6TWIaiC47ZAQAAABUMf9QOAAAA; expires=Thu, 27-Jun-2019 11:01:42 GMT; path=/; secure; HttpOnly, x-ms-gateway-slice=prod; path=/; secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly'), ('x-ms-request-id', 'da15cbcc-67f6-4ddc-9367-fb614acd6f00'), ('strict-transport-security', 'max-age=31536000; includeSubDomains'), ('pragma', 'no-cache'), ('cache-control', 'no-cache, no-store'), ('date', 'Tue, 28 May 2019 11:01:42 GMT'), ('p3p', 'CP="DSP CUR OTPi IND OTRi ONL FIN"'), ('content-type', 'application/json; charset=utf-8')]
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] encrypting the secret using key: https://keyvaultencrypted.vault.azure.net/
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] result_content is: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    2019/05/28 11:01:42 <html xmlns="http://www.w3.org/1999/xhtml">
    2019/05/28 11:01:42 <head>
    2019/05/28 11:01:42 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
    2019/05/28 11:01:42 <title>404 - File or directory not found.</title>
    2019/05/28 11:01:42 <style type="text/css">
    2019/05/28 11:01:42 <!--
    2019/05/28 11:01:42 body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
    2019/05/28 11:01:42 fieldset{padding:0 15px 10px 15px;} 
    2019/05/28 11:01:42 h1{font-size:2.4em;margin:0;color:#FFF;}
    2019/05/28 11:01:42 h2{font-size:1.7em;margin:0;color:#CC0000;} 
    2019/05/28 11:01:42 h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
    2019/05/28 11:01:42 #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
    2019/05/28 11:01:42 background-color:#555555;}
    2019/05/28 11:01:42 #content{margin:0 0 0 2%;;}
    2019/05/28 11:01:42 .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;;}
    2019/05/28 11:01:42 -->
    2019/05/28 11:01:42 </style>
    2019/05/28 11:01:42 </head>
    2019/05/28 11:01:42 <body>
    2019/05/28 11:01:42 <div id="header"><h1>Server Error</h1></div>
    2019/05/28 11:01:42 <div id="content">
    2019/05/28 11:01:42  <div class="content-container"><fieldset>
    2019/05/28 11:01:42   <h2>404 - File or directory not found.</h2>
    2019/05/28 11:01:42   <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
    2019/05/28 11:01:42  </fieldset></div>
    2019/05/28 11:01:42 </div>
    2019/05/28 11:01:42 </body>
    2019/05/28 11:01:42 </html>
    2019/05/28 11:01:42 
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] 404 [('content-length', '1245'), ('x-content-type-options', 'nosniff'), ('x-powered-by', 'ASP.NET'), ('strict-transport-security', 'max-age=31536000;includeSubDomains'), ('server', 'Microsoft-IIS/10.0'), ('date', 'Tue, 28 May 2019 11:01:41 GMT'), ('content-type', 'text/html')]
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] secret value is None
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: 7709: [Info] archiving the encryption config file: /var/lib/azure_disk_encryption_config/azure_crypt_config.ini
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] op: EnableEncryption
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] status: error
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] code: 13
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] msg: Enable failed.
    2019/05/28 11:01:42 [Microsoft.Azure.Security.AzureDiskEncryptionForLinux-1.0]: [StatusReport (0)] substatus: {"os": "NotEncrypted", "data": "NotMounted"}


    Tuesday, May 28, 2019 12:00 PM

All replies

  • Thank you for posting here!

    May I know the memory size of the VM? (Ideally it’s should be 7GB)  Have you referred to the suggestion mentioned in this article

    Can you take a look at our VMExtensionProvisioning error and similar issue been discussed here and see if it helps you?

    Kindly let us know if the above helps or you need further assistance on this issue.

    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Tuesday, May 28, 2019 1:52 PM
    Moderator
  • Yes, It's 7 Gb memory VM.
    Tuesday, May 28, 2019 3:10 PM
  • Hey,

    If you look at logs, it seems something is not available or accessible due to that 404 error occurred.

    Log : 2019/05/28 11:01:42   <h2>404 - File or directory not found.</h2>

    I'm unable to understand the reason behind it.

    Tuesday, May 28, 2019 3:36 PM
  • Just for clarification: Have tried the suggestions mentioned in the above link? 

    Can you share me the your ARM template complete code, if possible?

    Wednesday, May 29, 2019 7:36 AM
    Moderator
  • @vpradeep Just checking in to see if you have had a chance to see the previous response. Could you share the above required information to understand/investigate this issue further?

    Monday, June 10, 2019 7:22 AM
    Moderator
  • Sorry for late response, the said issue has been resolved. But i am stuck in another issue related to this as,

    The ARM template for Linux machine does requires backup drive or it is optional? As per extension logs it seems encryption process looking for backup drive. In my use case, i don't want to take backup because the machine is fresh. I'll send you the template which we use.

    Thursday, June 13, 2019 11:44 AM
  • {
        "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        "contentVersion": "1.0.0.0",
        "parameters": {
          "aadClientID": {
            "metadata": {
              "description": "Client ID of AAD app which has permissions to KeyVault"
            },
            "type": "string"
          },
          "aadClientSecret": {
            "metadata": {
              "description": "Client Secret of AAD app which has permissions to KeyVault"
            },
            "type": "securestring"
          },
          "diskFormatQuery": {
            "defaultValue": "",
            "metadata": {
              "description": "the query string used to identify the disks to format and encrypt. This parameter only works when you set the EncryptionOperation as EnableEncryptionFormat. For example, passing [{\"dev_path\":\"/dev/md0\",\"name\":\"encryptedraid\",\"file_system\":\"ext4\"}] will format /dev/md0, encrypt it and mount it at /mnt/dataraid. This parameter should only be used for RAID devices. The specified device must not have any existing filesystem on it."
            },
            "type": "string"
          },
          "encryptionOperation": {
            "allowedValues": [
              "EnableEncryption",
              "EnableEncryptionFormat"
            ],
            "defaultValue": "EnableEncryption",
            "metadata": {
              "description": "EnableEncryption would encrypt the disks in place and EnableEncryptionFormat would format the disks directly"
            },
            "type": "string"
          },
          "volumeType": {
            "allowedValues": [
              "OS",
              "Data",
              "All"
            ],
            "defaultValue": "Data",
            "metadata": {
              "description": "Defines which drives should be encrypted. OS encryption is supported on RHEL 7.2, CentOS 7.2 & Ubuntu 16.04."
            },
            "type": "string"
          },
          "keyEncryptionKeyURL": {
            "defaultValue": "",
            "metadata": {
              "description": "URL of the KeyEncryptionKey used to encrypt the volume encryption key"
            },
            "type": "string"
          },
          "keyVaultName": {
            "type": "string",
            "metadata": {
              "description": "Name of the KeyVault to place the volume encryption key"
            }
          },
          "keyVaultResourceGroup": {
            "type": "string",
            "metadata": {
              "description": "Resource group of the KeyVault"
            }
          },
          "passphrase": {
            "defaultValue": "",
            "metadata": {
              "description": "The passphrase for the disks"
            },
            "type": "securestring"
          },
          "sequenceVersion": {
            "defaultValue": "1",
            "metadata": {
              "description": "sequence version of the bitlocker operation. Increment this everytime an operation is performed on the same VM"
            },
            "type": "string"
          },
          "useKek": {
            "allowedValues": [
              "nokek",
              "kek"
            ],
            "defaultValue": "nokek",
            "metadata": {
              "description": "Select kek if the secret should be encrypted with a key encryption key"
            },
            "type": "string"
          },
          "vmName": {
            "metadata": {
              "description": "Name of the virtual machine"
            },
            "type": "string"
          },
          "artifactsURL": {
            "type": "string",
            "defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master",
            "metadata": {
              "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
            }
          },
          "artifactsURLSasToken": {
            "type": "string",
            "defaultValue": "",
            "metadata": {
              "description": "The sasToken required to access _artifactsLocation.  When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
            }
          },
          "location": {
            "type": "string",
            "defaultValue": "[resourceGroup().location]",
            "metadata": {
              "description": "Location for all resources."
            }
          }
        },
        "variables": {
          "extensionName": "AzureDiskEncryptionForLinux",
          "extensionVersion": "0.1",
          "keyEncryptionAlgorithm": "RSA-OAEP",
          "updateVmUrl": "[concat(parameters('artifactsURL'), '/node/nested/encrypt/enableEncryptionSettings.json', parameters('artifactsURLSasToken'))]",
          "keyVaultURL": "[concat('https://', parameters('keyVaultName'), '.vault.azure.net/')]",
          "keyVaultResourceID": "[concat(subscription().id,'/resourceGroups/',parameters('keyVaultResourceGroup'),'/providers/Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
        },
        "resources": [
          {
            "type": "Microsoft.Compute/virtualMachines/extensions",
            "name": "[concat(parameters('vmName'),'/', variables('extensionName'))]",
            "apiVersion": "2015-06-15",
            "location": "[parameters('location')]",
            "properties": {
              "protectedSettings": {
                "AADClientSecret": "[parameters('aadClientSecret')]",
                "Passphrase": "[parameters('passphrase')]"
              },
              "publisher": "Microsoft.Azure.Security",
              "settings": {
                "AADClientID": "[parameters('aadClientID')]",
                "DiskFormatQuery": "[parameters('diskFormatQuery')]",
                "EncryptionOperation": "[parameters('encryptionOperation')]",
                "KeyEncryptionAlgorithm": "[variables('keyEncryptionAlgorithm')]",
                "KeyEncryptionKeyURL": "[parameters('keyEncryptionKeyURL')]",
                "KeyVaultURL": "[variables('keyVaultURL')]",
                "SequenceVersion": "[parameters('sequenceVersion')]",
                "VolumeType": "[parameters('volumeType')]"
              },
              "type": "AzureDiskEncryptionForLinux",
              "typeHandlerVersion": "[variables('extensionVersion')]"
            }
          },
          {
            "apiVersion": "2015-01-01",
            "dependsOn": [
              "[resourceId('Microsoft.Compute/virtualMachines/extensions',  parameters('vmName'), variables('extensionName'))]"
            ],
            "name": "[concat(parameters('vmName'), '_encryption')]",
            "type": "Microsoft.Resources/deployments",
            "properties": {
              "mode": "Incremental",
              "parameters": {
                "keyEncryptionKeyURL": {
                  "value": "[parameters('keyEncryptionKeyURL')]"
                },
                "keyVaultResourceID": {
                  "value": "[variables('keyVaultResourceID')]"
                },
                "keyVaultSecretUrl": {
                  "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions',  parameters('vmName'), variables('extensionName'))).instanceView.statuses[0].message]"
                },
                "vmName": {
                  "value": "[parameters('vmName')]"
                }
              },
              "templateLink": {
                "contentVersion": "1.0.0.0",
                "uri": "[variables('updateVmUrl')]"
              }
            }
          }
        ],
        "outputs": {
          "BitLockerKey": {
            "type": "string",
            "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions',  parameters('vmName'), variables('extensionName'))).instanceView.statuses[0].message]"
          }
        }
      }
    • Edited by vpradeep Thursday, June 13, 2019 11:46 AM
    Thursday, June 13, 2019 11:45 AM
  • Thursday, June 13, 2019 12:03 PM
  • @vpradeep  Apologies for the delay! This may require a deeper investigation, so If you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email toAzCommunity[at]Microsoft[dot]com referencing this thread and subscription ID. Please mention "ATTN subm" in the subject field. Thank you for your cooperation on this matter and look forward to your reply.
    Tuesday, June 25, 2019 7:09 AM
    Moderator