question

SergeyZarembo-0282 avatar image
0 Votes"
SergeyZarembo-0282 asked JamesTran-MSFT commented

Remove Managed HSM in KeyVault

I did create Managed HSM in Azure KeyVault for tests, but now I cannot delete it.
When I try to do it in Azure Portal, I'm getting an error: 

 **Executed delete command
 Error details: The subscription is not registered or does not exist. (Code: BadRequest)"**

In the Powershell console I'm getting the error:

Remove-AzKeyVaultManagedHsm : Operation returned an invalid status code 'NotFound'

But in the same time the Managed HSM is still exists and continues to spend my expenses.

How should I delete the Managed HSM?


azure-key-vaultazure-dedicated-hsm
· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image JamesTran-MSFT ·

@SergeyZarembo-0282
Thank you for your post!

Based off our Provision and activate a Managed HSM using PowerShell documentation, you should've been able to delete your Managed HSM by deleting the Resource Group that it was created in. If you're still being billed for the Managed HSM, it could be because - deleting the resource group puts the Managed HSM into a soft-deleted state. The Managed HSM will continue to be billed until it is purged.


From your error message, it looks like the Managed HSM was deleted since the resource can't be found, can you check the status of soft-delete and purge protection for your managed HSM? For more info.

 Get-AzKeyVaultManagedHsm -Name "ContosoHSM"

If you're still being billed and want to remove the Managed HSM as soon as possible, I'd recommend working closer with our support team via an Azure support request.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·
SergeyZarembo-0282 avatar image SergeyZarembo-0282 JamesTran-MSFT ·

Thank you for answer.

I've applied Get-AzKeyVaultManagedHsm command and got the empty output only .

Also, I've tried to remove Resource group which contains Managed HSM, and I got the next error:
"Deletion of resource group 'bdashared' did not finish within the allowed time as resources with identifiers 'Microsoft.KeyVault/managedHSMs/szbdasdhared-hsm' could not be deleted. The provisioning state of the resource group will be rolled back. The subscription is not registered or does not exist."

0 Votes 0 ·
JamesTran-MSFT avatar image JamesTran-MSFT SergeyZarembo-0282 ·

@SergeyZarembo-028
Thank you for following up on this and I apologize for the delayed response!

  • For the "bdashared" Resource Group that your Managed HSM is in, are you still able to see the HSM as a resource of that resource group?

  • Can you retry the resource group deletion to see if you're still running into the same error?

  • If you can't see the HSM within your resource group can you see if the below CLI command show you HSM in a soft-deleted state?


List all soft-deleted HSMs:

 az keyvault list-deleted --subscription {SUBSCRIPTION ID} --resource-type hsm

If you have any other questions or would like to work closer with our support team on this, please let me know.
Thank you again for your time and patience throughout this issue!

0 Votes 0 ·
Show more comments

0 Answers