Azure Disk Encryption Error Related to Azure PowerShell 1.1.0

  • Article

Azure Disk Encryption enables you encrypt the virtual disk files for the virtual machines that you host in Microsoft Azure. This is a great capability because it makes the virtual disks virtually unreadable if they are lost or stolen.

Also, if you use Azure Security Center (and we hope you do!), you will receive a security alert for any virtual machines that you have not encrypted. We highly recommend that you encrypt your virtual disks, and we make that clear with the Azure Security Center alert.

That said, you need to perform the virtual disk encryption using the “right” version of PowerShell. Please use the latest version of Azure PowerShell SDK version to configure Azure Disk Encryption. Download the latest version of Azure PowerShell version 1.2.1. Azure Disk Encryption is NOT supported by Azure SDK version 1.1.0.

To determine the version of Azure PowerShell you’re using, you can use the get-module cmdlet:

PS C:\> import-module azure
PS C:\> get-module azure

ModuleType  Version   Name        ExportedCommands
----------      -------    ----           ----------------
Manifest        1.2.1       azure        {Add-AzureAccount, Add-AzureApplicationGatewaySslCertificate..

If you use Azure PowerShell 1.1.0, you will see the following error:

ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to configure bitlocker as expected.
Exception: Expecting state 'Element'.. Encountered 'Text' with name '', namespace ''. , InnerException: , stack trace:
at Microsoft.WindowsAzure.GuestAgent.Plugins.JsonExtensions.JsonSerialization.JsonSerializationHelpers.DeserializeJsonStringFromFile[T](StringfileName, ILogger logger)
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.Settings.BitlockerExtensionSettings..ctor(HandlerEnvironment environment, ILoggerlogger)
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.InitializeExtension()
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable()".

Workaround:

Use a previous version of Azure PowerShell:

  1. Uninstall the current version of Azure PowerShell by going into Control Panel, then Programs and Features, and uninstall Microsoft Azure PowerShell (version 1.1.0)
  2. Install Azure PowerShell 1.2.1 by using the Windows Standalone.

Please let us know if you run into any issues with Azure Disk Encryption. We closely monitor the comments section below if you would like to ask here. Or, if you prefer, we also monitor the Azure Disk Encryption MSDN forum.

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

image