none
SET-AzureRmVMOSDisk fails if disk WAS encrypted.

    Question

  • Im replacing the disk on a vm, neither disk is currently encrypted yet i am getting an error message that claims it is

    Update-AzureRmVM : Swapping OS Disk is not supported for VMs using disk encryption.ErrorCode:

    OperationNotAllowedErrorMessage: Swapping OS Disk is not supported for VMs using disk

    encryption.ErrorTarget:StatusCode: 409ReasonPhrase: Conflict


    the source disk i'm copying to replace the target one  has this when i run

    Get-AzureRmVMDiskEncryptionStatus  -ResourceGroupName $resourceGroupName -VMName $vmName

    OsVolumeEncrypted          : 
    NotEncryptedDataVolumesEncrypted       : 
    NotEncryptedOsVolumeEncryptionSettings : 
    Microsoft.Azure.Management.Compute.Models.DiskEncryptionSettingsProgressMessage: 
    Disable Encryption completed successfully

    This seems like a bug in the tool AzureRmVMOSDisk

    Set-AzureRmVMOSDisk -VM $vmReplace -ManagedDiskId $disk.Id -Name $disk.Name
    Update-AzureRmVM -ResourceGroupName $resourceGroupName -VM $vmReplace

    UPDATE - info

    Bitlocker is OFF

     Get-BitLockerVolume
    VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection
                    Point                                   Percentage                           Enabled    Status    
    ----------      ----- ---------- ------------           ---------- ------------              ---------- ----------
    Data            T:         32.00 FullyDecrypted         0          {}                                   Off       
    OperatingSystem C:         61.54 FullyDecrypted         0          {}                                   Off       
    

    I have removed the encryption extension (which was still present, using Remove-AzureRmVMDiskEncryptionExtension) and performed a reboot. Some re-config was done at boot.

    OsVolumeEncrypted          : NotEncrypted
    DataVolumesEncrypted       : NotEncrypted
    OsVolumeEncryptionSettings : 
    ProgressMessage            : No Encryption extension or metadata found on the VM


    Once it booted back in the "BEK" volume is still there, which i believe has something to do with encryption, but the disk swap cmdlet still does not work, giving the same error as above.



    Friday, January 11, 2019 2:28 PM

All replies

  • I've seen this error happen in before, but it's mainly because the source of the image of the existing disk was encrypted. Can you confirm if this was the case ?
    Saturday, January 12, 2019 12:18 AM
  • Yes it was previously encrypted. Then the excryption was re moved due to limiting the features of the backup method.

    I think that is why when you enquire about the disk encryption using Get-AzureRmVMDiskEncryptionStatus you get that message, like a left over.

    Microsoft.Azure.Management.Compute.Models.DiskEncryptionSettingsProgressMessage: 
    Disable Encryption completed successfully

    Tuesday, January 15, 2019 8:58 AM
  • Hi Adam - can you explain what you did to fix it , providing you did so?
    21 hours 0 minutes ago
  • @platinums99 Could you please reach to me via AZCommunity[AT]microsoft.com with a link to this Issue as well as your subscription ID and we can help get a support ticket opened for this issue. Please mention "ATTN Adam" in the subject field.
    12 hours 44 minutes ago