Dec 12 2017 01:13 PM
Hello,
I am trying to deploy the encrypted disk VM through template. VM deployment part was succeeded but when it is trying to encrypt the disk, it is failing with below error.
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'AzureDiskEncryption'. Error
message: \"Failed to configure bitlocker as expected. Exception: AADSTS70002: Error validating
credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID:
Any idea on this ?
Dec 13 2017 08:13 AM
What template are you using? Do you have a link to it?
The error says "Invalid client secret is provided" so it does have something to do with your keyvault secret.
Dec 13 2017 11:04 AM
i used the json template from
i am sure my secret are correct only. i have also tried with new secret without luck.
Pl help
Dec 13 2017 03:02 PM
Ok.
Did you give the AAD application right permissions to KeyVault?
Are you using KEK?
Dec 13 2017 03:12 PM
SolutionYou are in luck, just remember i created a video on using that template a while ago.
Enjoy.
Dec 13 2017 09:53 PM
Hello,
This template enables encryption on a running windows vm using AAD client secret. This template assumes that the VM is located in the same region as the resource group. If not, please edit the template to pass appropriate location for the VM sub-resources.
Prerequisites:
This template enables encryption on a running windows vm using AAD client secret. This template assumes that the VM is located in the same region as the resource group. If not, please edit the template to pass appropriate location for the VM sub-resources.
Prerequisites:
Azure Disk Encryption securely stores the encryption secrets in a specified Azure Key Vault. Use the below PS cmdlet for getting the "keyVaultSecretUrl" and "keyVaultResourceId" Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname
Your can refer this pages: https://azure.microsoft.com/en-us/documentation/articles/azure-security-disk-encryption/http://blogs.msdn.com/b/azuresecurity/archive/2015/11/16/explore-azure-disk-encryption-with-azure- p...http://blogs.msdn.com/b/azuresecurity/archive/2015/11/21/explore-azure-disk-encryption-with-azure-po...
Dec 14 2017 04:11 AM
Yes, it is having proper permission. Anyways, it is resolved after re-creating the secret with new version.
Thanks for your help.
Dec 14 2017 04:12 AM
Great, thanks a lot.
Thanks for your help. it is resolved after re-creating the secret. i was trying to apply key vault secret instead of AD app secret.
Dec 14 2017 04:13 AM
Thanks for sharing this details.
it is resolved after re-creating the secret. i was trying to apply key vault secret instead of AD app secret.
Dec 13 2017 03:12 PM
SolutionYou are in luck, just remember i created a video on using that template a while ago.
Enjoy.