Encryption disconnect - Azure says its On - OS says its off RRS feed

  • Question

  • I am not sure if  this should be posted here or just in the general VM forum but i am having an issue decrypting my file server VM.

    Its a 2019 Azure VM, with a large data drive.

    I disabled the encryption. The data drive reads disabled but the OS drive still has encryption on according to the azure portal but if you get on the VM, bitlocker is off.

    No matter what I select in the encryption menu (none, os, os & data disks) and save, it just sits at "Encryption in progress" but it never starts and even if i leave it sitting on that status for 30 minutes+ ( i tried for 4 hours with the tab open) if i go anywhere else it says your edits will not be saved. So something is not applying correctly.

    I am afraid to turn the bitlocker back on manually inside the os to see if it syncs up again or removing the encryption extension will just completely screw up my VM.

    Any help would be greatly appreciated.

    If you are wondering why I am trying to remove encryption, its because you can't do file level recovery on encrypted volumes yet...not sure it would work correctly even if it was setup with the way this vm is right now.

    Chaos causes progress, Order inhibits it.

    • Edited by Goofoff Wednesday, April 8, 2020 2:22 PM
    Wednesday, April 8, 2020 12:16 AM

All replies

  • @GoofoffFirstly, apologies for the delay in responding here and any inconvenience this issue may have caused. Actually it takes time for decryption as well. 

    In Windows VM we can decrypt OS and Data disk however for linux if OS disk encrypted, then we can't decrypt. 

    Refer to this article: You can check the status of VM encryption status  Check the status in Azure PS you will get the exact status of the VM

    This article will help you :How to Disable encryption

    Note: Encrypting or disabling encryption may cause a VM to a reboot 

    If the issue still persist, Please share the screenshot the error message 

    Hope this helps!


    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    Thursday, April 9, 2020 10:12 AM
  • This is an azure marketplace windows 2019 vm.

    I am aware that it takes time to decrypt the drives.

    no matter what i do, what time i take. the OS drive still says its enabled on the azure portal. Since it says its enabled on the portal it reads it that way and doesn't let me do File level recovery.

    The OS says bit locker is off.

    Chaos causes progress, Order inhibits it.

    Thursday, April 9, 2020 4:56 PM
  • @Goofoff Thanks for responding back! 

    For better understand can you share the screen shot of the encryption status from the portal  and PowerShell

    (run the PowerShell cmdlets as mentioned above in the comments)

    Thursday, April 9, 2020 5:39 PM
  • after running Disable-AzureRMVMDiskEncryption it took about 3 minutes and then came back as succeeded but it still says.

    Chaos causes progress, Order inhibits it.

    Thursday, April 9, 2020 6:13 PM
  • @Goofoff  We will need the output of:

     1)Manage-bde -status

    -If all the drives show 0%, fully decrypted.

    2)Re-run the disable script

    3)Remove the extension

    4)Confirm drives are still at 0%, fully decrypted.

    5)Restart VM. Confirm Portal status. 

    Tuesday, April 14, 2020 5:34 AM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Wednesday, April 15, 2020 8:07 AM
  • This is a production file server so I need to be cautious of the reboots. Will post an update when I get a maint window. thanks 

    Chaos causes progress, Order inhibits it.

    Wednesday, April 15, 2020 6:12 PM
  •  Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, April 22, 2020 5:22 AM
  • attempting the fix tonite actually, will let you know the results.

    Chaos causes progress, Order inhibits it.

    Thursday, April 23, 2020 4:48 PM
  • Did not work. Removed the extension, rebooted a few times, The OS in the portal still showed as encrypted.

    I am just going to create a new VM and move the data I guess.

    Chaos causes progress, Order inhibits it.

    Monday, April 27, 2020 5:23 PM