Receiving these errors on all 4 VMs I'm attempting to replicate with Terraform. I've added details for one VM so it's not drawn out.
I have previously successfully replicated VMs with this Terraform block, however I've recently added encryption sets for CMK encryption on managed disks for all VMs in primary region (success)..
& subsequently added target_disk_encryption_set_id for secondary region replication on each VM - post adding this is when the errors started to arise...
#SSRS VM ASR Replication
resource "azurerm_site_recovery_replicated_vm" "ssrs-replication" {
name = "ssrs-vm-replication"
resource_group_name = azurerm_resource_group.secondary.name
recovery_vault_name = azurerm_recovery_services_vault.vault.name
source_recovery_fabric_name = azurerm_site_recovery_fabric.primary.name
source_vm_id = azurerm_windows_virtual_machine.ssrs-vm.id
recovery_replication_policy_id = azurerm_site_recovery_replication_policy.policy.id
source_recovery_protection_container_name = azurerm_site_recovery_protection_container.primary.name
target_resource_group_id = azurerm_resource_group.secondary.id
target_recovery_fabric_id = azurerm_site_recovery_fabric.secondary.id
target_recovery_protection_container_id = azurerm_site_recovery_protection_container.secondary.id
managed_disk {
disk_id = lower(data.azurerm_managed_disk.ssrs_osdisk.id)
staging_storage_account_id = azurerm_storage_account.secondary.id
target_resource_group_id = azurerm_resource_group.secondary.id
target_disk_type = azurerm_windows_virtual_machine.ssrs-vm.os_disk[0].storage_account_type
target_replica_disk_type = azurerm_windows_virtual_machine.ssrs-vm.os_disk[0].storage_account_type
target_disk_encryption_set_id = azurerm_disk_encryption_set.ade_encryption_set_s.id
}
network_interface {
source_network_interface_id = azurerm_network_interface.ssrs-server-nic-s.id
target_subnet_name = azurerm_subnet.ssrs-secondary.name
recovery_public_ip_address_id = azurerm_public_ip.ssrs-pip-s.id
}
depends_on = [
azurerm_site_recovery_protection_container_mapping.container-mapping,
azurerm_site_recovery_network_mapping.network-mapping,
]
}
There are 3 more "config identical" blocks for a total of 4 VMs I'm attempting to replicate. The first 3 produced error 28040 & the last one 539.
Fails whilst preparing target. I've checked on the VM & the mobility service agent is provisioned successfully which further suggest issue involves encryption set:
My initial thoughts were possibly it doesn't like that the secondary encryption set is different to the primary one initially used to encrypt the disks. However, my understanding is that new disks are created in Secondary region so doubt that matters...