Azure Disk Encryption not working

Sudheer Kumar 1 Reputation point
2021-02-14T06:58:57.853+00:00

I'm facing issues while enabling Azure Disk Encryption on a Windows Server 2012 R2 OS disk. I'm getting error as "[2.2.0.36]Failed to configure machine for Bitlocker encryption. Reboot the VM and retry the operation". I have gone through "Unsupported scenarios" in Azure Documentation, but it is not matching with any of those conditions.

Kindly help me with the troubleshooting steps to fix this issue.

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
174 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. shiva patpi 13,251 Reputation points Microsoft Employee
    2021-02-14T19:27:32.683+00:00

    Hello @Sudheer Kumar ,
    Thanks for your query. I just created win server 2012 R2 and tried encryption successfully.

    Can you try this below troubleshooting details:

    Let us know if those troubleshooting link helps out in resolving the issue , if yes "please accept the answer"

    0 comments
  2. Sumarigo-MSFT 46,126 Reputation points Microsoft Employee
    2021-02-15T10:28:08.753+00:00

    @Sudheer Kumar Welcome to Microsoft Q&A, Thank you for posting your query!

    Adding more information to the above answer! Run the below powershell script to encrypt the virtual machine. Let us know the result if the issue still persists 

    ##encrypt the existing virtual machine using below script  
connect-AzAccount  
  
$rgName = "your resource group name"  
$location = "location name"  
  
Register-AzResourceProvider -ProviderNamespace "Microsoft.KeyVault"  
Get-AzResourceGroup -Location $location -Name $rgName  
  
#create a new keyvault  
$keyVaultName = "your key vault name"  
New-AzKeyVault -Location $location `  
    -ResourceGroupName $rgName `  
    -VaultName $keyVaultName `  
    -EnabledForDiskEncryption  
  
Add-AzureKeyVaultKey -VaultName $keyVaultName -Name "myKey" -Destination "Software"  
$keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName;  
$diskEncryptionKeyVaultUrl = $keyVault.VaultUri;  
$keyVaultResourceId = $keyVault.ResourceId;  
$keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name myKey).Key.kid;  
  
  
Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName `  
    -VMName "your vm name" `  
    -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `  
    -DiskEncryptionKeyVaultId $keyVaultResourceId `  
    -KeyEncryptionKeyUrl $keyEncryptionKeyUrl `  
    -KeyEncryptionKeyVaultId $keyVaultResourceId  
  
Get-AzVmDiskEncryptionstatus -ResourceGroupName $rgName -VMName "your Vm name"

    Additional information: How to enable ADE & troubleshooting article

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.