cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

"VM has reported a failure when processing extension 'AzureDiskEncryption'.

Suhag Desai
Brass Contributor

‎Dec 12 2017 01:13 PM

‎Dec 12 2017 01:13 PM

"VM has reported a failure when processing extension 'AzureDiskEncryption'.

Hello,

 

I am trying to deploy the encrypted disk VM through template. VM deployment part was succeeded but when it is trying to encrypt the disk, it is failing with below error.

 

"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'AzureDiskEncryption'. Error
message: \"Failed to configure bitlocker as expected. Exception: AADSTS70002: Error validating
credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID:

 

Any idea on this ?

 

 

Labels:
25.5K Views
0 Likes
8 Replies
Reply
8 Replies
Hannel Hazeley

‎Dec 13 2017 08:13 AM

‎Dec 13 2017 08:13 AM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

What template are you using?  Do you have a link to it?

 

The error says "Invalid client secret is provided" so it does have something to do with your keyvault secret.

0 Likes
Reply
Suhag Desai

‎Dec 13 2017 11:04 AM

‎Dec 13 2017 11:04 AM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

i used the json template from 

https://github.com/Azure/azure-quickstart-templates/tree/master/201-encrypt-create-new-vm-gallery-im...

 

i am sure my secret are correct only. i have also tried with new secret without luck.

 

Pl help

0 Likes
Reply
Hannel Hazeley

‎Dec 13 2017 03:02 PM

‎Dec 13 2017 03:02 PM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

Ok.

 

Did you give the AAD application right permissions to KeyVault?

Are you using KEK? 

 

0 Likes
Reply
best response confirmed by Suhag Desai (Brass Contributor)
Hannel Hazeley

‎Dec 13 2017 03:12 PM

‎Dec 13 2017 03:12 PM

Solution

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

You are in luck, just remember i created a video on using that template a while ago.

 

https://youtu.be/k9byoc-_t7I

 

Enjoy.

Azure Disk Encryption - Setup (GUI)
Azure Disk Encryption - Setup (GUI)
youtu.be/k9byoc-_t7I
Step by Step guide to setting up Azure Disk Encryption using GUI Reference: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption Steps: http://hazelnest.com/blog/blog/2017/04/15/azure-disk-encryption-bitlocker/
1 Like
Reply
Gnana sekar

‎Dec 13 2017 09:53 PM

‎Dec 13 2017 09:53 PM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

Hello,

This template enables encryption on a running windows vm using AAD client secret. This template assumes that the VM is located in the same region as the resource group. If not, please edit the template to pass appropriate location for the VM sub-resources.

Prerequisites:

  1. Azure Disk Encryption securely stores the encryption secrets in a specified Azure Key Vault. Use the below PS cmdlet for getting the "keyVaultSecretUrl" and "keyVaultResourceId" Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname

This template enables encryption on a running windows vm using AAD client secret. This template assumes that the VM is located in the same region as the resource group. If not, please edit the template to pass appropriate location for the VM sub-resources.

Prerequisites:

Azure Disk Encryption securely stores the encryption secrets in a specified Azure Key Vault. Use the below PS cmdlet for getting the "keyVaultSecretUrl" and "keyVaultResourceId" Get-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $rgname

 

Your can refer this pages: https://azure.microsoft.com/en-us/documentation/articles/azure-security-disk-encryption/http://blogs.msdn.com/b/azuresecurity/archive/2015/11/16/explore-azure-disk-encryption-with-azure- p...http://blogs.msdn.com/b/azuresecurity/archive/2015/11/21/explore-azure-disk-encryption-with-azure-po...

1 Like
Reply
Suhag Desai

‎Dec 14 2017 04:11 AM

‎Dec 14 2017 04:11 AM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

Yes, it is having proper permission. Anyways, it is resolved after re-creating the secret with new version.

 

Thanks for your help.

0 Likes
Reply
Suhag Desai

‎Dec 14 2017 04:12 AM

‎Dec 14 2017 04:12 AM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

Great, thanks a lot.

 

Thanks for your help. it is resolved after re-creating the secret. i was trying to apply key vault secret instead of AD app secret.

0 Likes
Reply
Suhag Desai

‎Dec 14 2017 04:13 AM

‎Dec 14 2017 04:13 AM

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

Thanks for sharing this details.

it is resolved after re-creating the secret. i was trying to apply key vault secret instead of AD app secret.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Suhag Desai (Brass Contributor)
Hannel Hazeley

‎Dec 13 2017 03:12 PM

‎Dec 13 2017 03:12 PM

Solution

Re: "VM has reported a failure when processing extension 'AzureDiskEncryption'.

You are in luck, just remember i created a video on using that template a while ago.

 

https://youtu.be/k9byoc-_t7I

 

Enjoy.

View solution in original post

Azure Disk Encryption - Setup (GUI)
Azure Disk Encryption - Setup (GUI)
youtu.be/k9byoc-_t7I
Step by Step guide to setting up Azure Disk Encryption using GUI Reference: https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption Steps: http://hazelnest.com/blog/blog/2017/04/15/azure-disk-encryption-bitlocker/
1 Like
Reply