none
SET-AzureRmVMOSDisk fails if disk WAS encrypted.

    Question

  • Im replacing the disk on a vm, neither disk is currently encrypted yet i am getting an error message that claims it is

    Update-AzureRmVM : Swapping OS Disk is not supported for VMs using disk encryption.ErrorCode:

    OperationNotAllowedErrorMessage: Swapping OS Disk is not supported for VMs using disk

    encryption.ErrorTarget:StatusCode: 409ReasonPhrase: Conflict


    the source disk i'm copying to replace the target one  has this when i run

    Get-AzureRmVMDiskEncryptionStatus  -ResourceGroupName $resourceGroupName -VMName $vmName

    OsVolumeEncrypted          : 
    NotEncryptedDataVolumesEncrypted       : 
    NotEncryptedOsVolumeEncryptionSettings : 
    Microsoft.Azure.Management.Compute.Models.DiskEncryptionSettingsProgressMessage: 
    Disable Encryption completed successfully

    This seems like a bug in the tool AzureRmVMOSDisk

    Set-AzureRmVMOSDisk -VM $vmReplace -ManagedDiskId $disk.Id -Name $disk.Name
    Update-AzureRmVM -ResourceGroupName $resourceGroupName -VM $vmReplace

    UPDATE - info

    Bitlocker is OFF

     Get-BitLockerVolume
    VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                    Point                                   Percentage                           Enabled    Status    
    ----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
    Data            T:         32.00 FullyDecrypted         0          {}                                   Off       
    OperatingSystem C:         61.54 FullyDecrypted         0          {}                                   Off       
    

    I have removed the encryption extension (which was still present, using Remove-AzureRmVMDiskEncryptionExtension) and performed a reboot. Some re-config was done at boot.

    OsVolumeEncrypted          : NotEncrypted
    DataVolumesEncrypted       : NotEncrypted
    OsVolumeEncryptionSettings : 
    ProgressMessage            : No Encryption extension or metadata found on the VM


    Once it booted back in the "BEK" volume is still there, which i believe has something to do with encryption, but the disk swap cmdlet still does not work, giving the same error as above.



    Friday, January 11, 2019 2:28 PM

All replies

  • I've seen this error happen in before, but it's mainly because the source of the image of the existing disk was encrypted. Can you confirm if this was the case ?
    Saturday, January 12, 2019 12:18 AM
  • Yes it was previously encrypted. Then the excryption was re moved due to limiting the features of the backup method.

    I think that is why when you enquire about the disk encryption using Get-AzureRmVMDiskEncryptionStatus you get that message, like a left over.

    Microsoft.Azure.Management.Compute.Models.DiskEncryptionSettingsProgressMessage: 
    Disable Encryption completed successfully

    Tuesday, January 15, 2019 8:58 AM
  • Hi Adam - can you explain what you did to fix it , providing you did so?
    Friday, January 18, 2019 10:04 AM
  • @platinums99 Could you please reach to me via AZCommunity[AT]microsoft.com with a link to this Issue as well as your subscription ID and we can help get a support ticket opened for this issue. Please mention "ATTN Adam" in the subject field.
    Friday, January 18, 2019 6:21 PM
  • Adam

    i get a bounceback emailing that address - AZCommunity[AT]microsoft.com

    (replacing the [at] of course with @)

    Your message to cxpcommdai@microsoft.com couldn't be delivered.

    The group cxpcommdai only accepts messages from people in its organization or on its allowed senders list, and your email address isn't on the list.

    550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this group

    DM6PR21MB1273.namprd21.prod.outlook.com


    • Edited by platinums99 Monday, January 21, 2019 3:26 PM
    Monday, January 21, 2019 3:25 PM
  • I received your email, and sent you instructions regarding the ticket. 

    Thanks,

    Adam

    Tuesday, January 22, 2019 5:51 PM