Forum Discussion

MohamedT_Trabelsi's avatar
MohamedT_Trabelsi
Brass Contributor
Jan 23, 2024

Back up and restore encrypted Azure virtual machines

1- Back up an encrypted VM

If you want to backup an encrypted Azure VM and you have this error  : 

 

Protected Item Name: "VM;xxxxxxx;xxxxxxxxxxx;xxxxxxxxxxx"): backup.ProtectedItemOperationResultsClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="UserErrorKeyVaultPermissionsNotConfigured" Message="Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines. Please grant the required permissions to the Azure Backup Service. For more details, refer to http://aka.ms/UserErrorKeyVaultPermissionsNotConfigured "

 

Link : https://learn.microsoft.com/en-us/azure/backup/backup-azure-troubleshoot-vm-backup-fails-snapshot-timeout#usererrorkeyvaultpermissionsnotconfigured---backup-doesnt-have-sufficient-permissions-to-the-key-vault-for-backup-of-encrypted-vms

 

Why ? 

Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines

 

Solution : 

Azure Backup needs read-only access to back up the keys and secrets, along with the associated VMs.

 

 

 

 

Notes : 

 

2- Restore an encrypted VM

Encrypted VMs can only be restored by restoring the VM disk and creating a virtual machine instance as explained below. Replace existing disk on the existing VM, creating a VM from restore points and files or folder level restore are currently not supported.

 

Step 01 ==> Restore VM Disks

 

Step 02 ==> Recreate the VM from the template that was generated during the restore operation. https://learn.microsoft.com/en-in/azure/backup/backup-azure-arm-restore-vms#use-templates-to-customize-a-restored-vm

 

References : 

https://learn.microsoft.com/en-in/azure/backup/backup-azure-vms-encryption

https://learn.microsoft.com/en-in/azure/backup/restore-azure-encrypted-virtual-machines

 

No RepliesBe the first to reply

Resources