none
Set-AzureRmVMDiskEncryptionExtension - Error RRS feed

  • Question

  • Hi,

    we are getting the following error. Any Ideas?

    --------------------------------------------------------------------------

    Set-AzureRmVMDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported

    a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to configure bitlocker as expected.

    Exception: DismountAndDeleteBekDirectory: Bek Volume missing, InnerException: , stack trace:    bei

    Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerOperations.DismountAndDeleteBekDirectory() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerOperations.cs:Zeile 487.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.GenerateAndUploadProtectors() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 893.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.EnableEncryption() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 1255.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 1505.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 1593.".'

    ErrorCode: VMExtensionProvisioningError

    ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to

    configure bitlocker as expected. Exception: DismountAndDeleteBekDirectory: Bek Volume missing, InnerException: , stack

    trace:    bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerOperations.DismountAndDeleteBekDirectory()

    in X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerOperations.cs:Zeile 487.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.GenerateAndUploadProtectors() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 893.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.EnableEncryption() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 1255.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 1505.

       bei Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in

    X:\bt\999878\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:Zeile 1593.".

    ErrorTarget:

    StartTime: 12.03.2019 16:43:08

    EndTime: 12.03.2019 16:43:59

    OperationID: 4bca6e1b-bfa1-43b2-be45-6f06cdcb46eb

    Status: Failed

    In Zeile:2 Zeichen:1

    + Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $VMResourceGr ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : CloseError: (:) [Set-AzureRmVMDiskEncryptionExtension], ComputeCloudException

        + FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.Extension.AzureDiskEncryption.SetAzureDiskEncryptionExtensio

       nCommand


    Tuesday, March 12, 2019 5:38 PM

All replies

  • Hello Gurjinder,

    Thanks for posting here!

    Install the latest Az powershell module as described here and run the below powershell script to encrypt the virtual machine. Let us know the result if the issue still persists

    ##encrypt the existing virtual machine using below script
    connect-AzAccount
    
    $rgName = "your resource group name"
    $location = "location name"
    
    Register-AzResourceProvider -ProviderNamespace "Microsoft.KeyVault"
    Get-AzResourceGroup -Location $location -Name $rgName
    
    #create a new keyvault
    $keyVaultName = "your key vault name"
    New-AzKeyVault -Location $location `
        -ResourceGroupName $rgName `
        -VaultName $keyVaultName `
        -EnabledForDiskEncryption
    
    Add-AzureKeyVaultKey -VaultName $keyVaultName -Name "myKey" -Destination "Software"
    $keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName;
    $diskEncryptionKeyVaultUrl = $keyVault.VaultUri;
    $keyVaultResourceId = $keyVault.ResourceId;
    $keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name myKey).Key.kid;
    
    
    Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName `
        -VMName "your vm name" `
        -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `
        -DiskEncryptionKeyVaultId $keyVaultResourceId `
        -KeyEncryptionKeyUrl $keyEncryptionKeyUrl `
        -KeyEncryptionKeyVaultId $keyVaultResourceId
    
    Get-AzVmDiskEncryptionstatus -ResourceGroupName $rgName -VMName "your Vm name" 

    You can also refer the similar issue here.

    kindly let us know, if you need any further assistance on this


    Wednesday, March 13, 2019 4:18 AM
    Moderator
  • Thank you very much for the feedback. Still getting the same error. Output for (Get-AzureRmKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName).EnabledForDiskEncryption) = True.

    Regards,

    Gurjinder


    Wednesday, March 13, 2019 4:52 PM
  • Could you help us with screenshot of error code to help better on this?
    Thursday, March 14, 2019 7:46 AM
    Moderator
  • @Gurjinder Pal Singh Just checking in to see if you have had a chance to see the previous response. Could you share the above required information to understand/investigate this issue further?

    Monday, March 25, 2019 8:53 AM
    Moderator
  • HI Gurjinder Pal Singh,

    Please confirm if the issue still persists. I have came across similar issues and fixed them. 

    Regards

    Mydeen

    Thursday, May 23, 2019 8:16 PM
  • Hi,

    so basically it was solved via the support - This is a DiskRP bug, where the isUnifiedDiskEncryption is set to false. How did you fixed it?

    Regards,

    Gurjinder




    Thursday, May 23, 2019 8:30 PM
  • Hi,

    I have faced lot of (different) issues. 

    One of them was bit locker feature won't be installed due to some missing updates,To fix the issues we need to install them. 

    Regards,

    Mydeen

    Sunday, May 26, 2019 6:03 PM