azureazure-virtual-machine

VM has reported a failure when processing extension AzureDiskEncryption

I am running the following script:

$keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName;
$diskEncryptionKeyVaultUrl = $keyVault.VaultUri;
$keyVaultResourceId = $keyVault.ResourceId;
$keyEncryptionKeyUrl = (Get-AzureKeyVaultKey -VaultName $keyVaultName -Name myKey).Key.kid;

Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName `
-VMName "myVM" `
-DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `
-DiskEncryptionKeyVaultId $keyVaultResourceId `
-KeyEncryptionKeyUrl $keyEncryptionKeyUrl `
-KeyEncryptionKeyVaultId $keyVaultResourceId

which is returning the following around 1 minutes of processing:

Set-AzureRmVmDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to send DiskEncryptionData, Check KeyVault inputs, ResourceIds and retry encryption operation".' ErrorCode: VMExtensionProvisioningError ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "Failed to send DiskEncryptionData, Check KeyVault inputs, ResourceIds and retry encryption operation". ErrorTarget: StartTime: 3/2/19 2:10:59 PM EndTime: 3/2/19 2:10:59 PM

i have verified the values are all correctly passed to the set command and no nulls are being passed.

Solution

  • in this case OP needed to enable Key Vault for disk encryption, under advanced access policies.

    enter image description here