Hi,
I am having issues with ADE extension on our Azure VMs. After the installation of the extension, everything looks good, disks are encrypted etc. But during the backup operations, using Azure Backup, ADE extension starts throwing error message. Disks are still encrypted but the status of the extension is "Provisioning failed". Here is the error message:
Set-AzVMDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported a failure when processing extension
'AzureDiskEncryption'. Error message: "[2.2.0.39] Failed to configure bitlocker as expected. Exception: ProtectKeyWithExternalKey failed with 2147942450, InnerException: ,
stack trace: at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerWmi.Win32EncryptableVolumeWrap.ProtectKeyWithExternalkey() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerWMI\Win32EncryptableVolumeWrap.cs:line 205
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerWmi.Win32EncryptableVolumeWrap.GenerateBitlockerKey(Boolean backupKeyToAD) in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerWMI\Win32EncryptableVolumeWrap.cs:line 473
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.GenerateProtectorForVolume(EncryptableVolume vol) in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 158
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.GenerateAndUploadProtectors() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 918
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.EnableEncryption() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1411
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1701
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1797"
More information on troubleshooting is available at https://aka.ms/VMExtensionADEWindowsTroubleshoot '
ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.2.0.39] Failed to configure bitlocker as expected. Exception:
ProtectKeyWithExternalKey failed with 2147942450, InnerException: , stack trace: at
Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerWmi.Win32EncryptableVolumeWrap.ProtectKeyWithExternalkey() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerWMI\Win32EncryptableVolumeWrap.cs:line 205
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerWmi.Win32EncryptableVolumeWrap.GenerateBitlockerKey(Boolean backupKeyToAD) in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerWMI\Win32EncryptableVolumeWrap.cs:line 473
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.GenerateProtectorForVolume(EncryptableVolume vol) in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 158
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.GenerateAndUploadProtectors() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 918
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.EnableEncryption() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1411
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1701
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in
X:\bt\1205850\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1797"
More information on troubleshooting is available at https://aka.ms/VMExtensionADEWindowsTroubleshoot
ErrorTarget:
StartTime: 9/27/2021 8:12:29 PM
EndTime: 9/27/2021 8:13:26 PM
OperationID: 1deb99a1-7728-40ef-8acd-9d48a0549ab8
Status: Failed
At line:71 char:11
- $action = Set-AzVMDiskEncryptionExtension -ResourceGroupName $rg -VMN ...
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : CloseError: (:) [Set-AzVMDiskEncryptionExtension], ComputeCloudException
- FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.Extension.AzureDiskEncryption.SetAzureDiskEncryptionExtensionCommand
Can you please help on this?