Unable to encrypt OS disk using ADE on windows 2012 r2 VM

Mahitha 21 Reputation points
2021-07-31T07:05:06.563+00:00

I tried encrypting the os disk of my windows 2012 r2 vm but gives below error:

Set-AzVMDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported a failure
when processing extension 'AzureDiskEncryption'. Error message: "[2.2.0.39] Failed to configure bitlocker as expected. Exception:
Item has already been added. Key in dictionary: '\?\Volume{ed39b51f-cbc1-48b0-8633-9c6e59fe633c}\' Key being added:
'\?\Volume{ed39b51f-cbc1-48b0-8633-9c6e59fe633c}\', InnerException: , stack trace: at System.Collections.Hashtable.Insert(Object
key, Object nvalue, Boolean add)
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerOperations.GetMountPointsTable() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerOperations.cs:line 416
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerOperations.InitializeMachineVolumes() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerOperations.cs:line 708
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1693
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1797"
More information on troubleshooting is available at https://aka.ms/VMExtensionADEWindowsTroubleshoo

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
174 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 46,126 Reputation points Microsoft Employee
    2021-08-02T10:09:14.333+00:00

    @Mahitha It could permission issue, Can re-create the secret with the new version and try again to encrypt.

    For understanding the issue: Did you complete disk encryption prerequisites before encrypting the VM? If not, I would recommend you to refer here.

    There is a similar thread discussion in GitHub forum, please refer to the suggestion Encountering the following error while azure disk encryption

    Also check: Go to the disk of a VM that needs to be encrypted->Click Identity->Turn Status to "ON" for a system or user assigned.

    119875-image.png

    Then execute below commands. It is available with explanation on https://video2.skills-academy.com/en-us/azure/virtual-machines/windows/encrypt-disks

    • Check the values of the $KeyVault, $DiskEncryptionKeyVaultUrl, and $KeyVaultResourceId variables and make sure they are not null or empty.
      Check the Key Vault creation process thoroughly, and check if it is in the same region as the VM and that it has been enabled for disk encryption:Set-AzKeyVaultAccessPolicy -VaultName $keyVaultName - EnabledForDiskEncryption

    If the issue still persist, can you share the completed Powershell code code.

    Hope this helps!
    Kindly let us know if the above helps or you need further assistance on this issue.

    -------------------------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.