@Johnny Le Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Are you using Windows or Linux OS VM? Can you share the the screen shot of the error status?
Linux: `tar -cvzf /tmp/varlogazure.tar.gz /var/log/azure
tar -cvzf /tmp/varlibazureconfig.tar.gz /var/lib/azure_disk_encryption_config/
tar -cvzf /tmp/varlibextension.tar.gz /var/lib/waagent/Microsoft.Azure.Security.AzureDiskEncryptionForLinux*
tar -cvzf /tmp/waagent.log.tar.gz /var/log/waagent.log
cat /etc/fstab
df -h
lsblk
cat /etc/crypttab
blkid
ls -lh /mnt/azure_bek_disk/
ls -lh /dev/disk/azure/scsi1/
ls -lh /dev/disk/azure/
Get-AzureRmVMDiskEncryptionStatus -ResourceGroupName $rgName -VMName $vmName`
Please share the output!
-Is there any way I can force encryption on a single disk with VM encryption enabled?
We can rerun the commands to encrypt the vm(but I would advise not to do that)
Windows OS VM :
Run the manage-bde output in cmd and let me know the output
Troubleshooting steps:
1-Make sure your data disk is attached to your VM and Initialized
2-If your disk is already attached and initialized, can you make sure it's online and formatted in NTFS.
3-Once all the above is true, please re-run the encryption script using the "sequence version" variable. Keep in mind, if you used a KEK to encrypt you'll be using the KEK encryption script. All variables will remain the same as when you initially encrypted.
If this doesn't resolve your issue, can you please send the following logs, Screenshots:
Disk management
Updated manage-bde output after you executed the script
Portal status of your disks
"BiLockerExtension.txt" - located at "C:\WindowsAzure\Logs\Plugins\Microsoft.Azure.Security.AzureDiskEncryption\"
AzCommunity@microsoft.com
ATTN: Data Disk ADE issue - subm
Body: Please include this thread link
Some time you may see disk are not encrypted in the Portal.
Cause 2. Encryption inside guest OS should kick in automatically but in order to reflect in Azure Portal the encryption status for the new disk a Stop (de-allocate) must be performed in order for the extension to communicate the new status to the host.
Cause 3. This occurs when you disable encryption from OS level directly. The extension will not be updated by the OS if you manipulate manually Bitlocker as OS level. The manipulation of encryption must be done always using the high level commands for ADE extension.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to and wherever the information provided helps you, this can be beneficial to other community members.