question

Mahitha-6559 avatar image
0 Votes"
Mahitha-6559 asked SumanthMarigowda-MSFT answered

Unable to encrypt OS disk using ADE on windows 2012 r2 VM

I tried encrypting the os disk of my windows 2012 r2 vm but gives below error:

Set-AzVMDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported a failure
when processing extension 'AzureDiskEncryption'. Error message: "[2.2.0.39] Failed to configure bitlocker as expected. Exception:
Item has already been added. Key in dictionary: '\\?\Volume{ed39b51f-cbc1-48b0-8633-9c6e59fe633c}\' Key being added:
'\\?\Volume{ed39b51f-cbc1-48b0-8633-9c6e59fe633c}\', InnerException: , stack trace: at System.Collections.Hashtable.Insert(Object
key, Object nvalue, Boolean add)
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerOperations.GetMountPointsTable() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerOperations.cs:line 416
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerOperations.InitializeMachineVolumes() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerOperations.cs:line 708
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1693
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1797"
More information on troubleshooting is available at https://aka.ms/VMExtensionADEWindowsTroubleshoo

azure-disk-encryption
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered

@Mahitha-6559 It could permission issue, Can re-create the secret with the new version and try again to encrypt.

For understanding the issue: Did you complete disk encryption prerequisites before encrypting the VM? If not, I would recommend you to refer here.

There is a similar thread discussion in GitHub forum, please refer to the suggestion Encountering the following error while azure disk encryption

Also check: Go to the disk of a VM that needs to be encrypted->Click Identity->Turn Status to "ON" for a system or user assigned.


119875-image.png

Then execute below commands. It is available with explanation on https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

  • Check the values of the $KeyVault, $DiskEncryptionKeyVaultUrl, and $KeyVaultResourceId variables and make sure they are not null or empty.
    Check the Key Vault creation process thoroughly, and check if it is in the same region as the VM and that it has been enabled for disk encryption:Set-AzKeyVaultAccessPolicy -VaultName $keyVaultName - EnabledForDiskEncryption


If the issue still persist, can you share the completed Powershell code code.

Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



image.png (39.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.