VM的加密失败，并显示了无效的密钥库机密URL“为比特机准备机器". [英] Encryption of VM fails with invalid key vault secret URL "Preparing machine for bitlocker"

问题描述

复制步骤

Steps to reproduce

1. 在加密后获取osDisk的快照.
2. 在同一RG中重新创建了具有相同名称的VM.

3. WindowsVMDiskEncryptionConfiguration config =
                   new WindowsVMDiskEncryptionConfiguration(
                           keyVault.id(),
                           applicationId,
                           applicationSecretEncrypted)
                   .withVolumeType(DiskVolumeType.DATA);
   DiskVolumeEncryptionMonitor monitor = vm.diskEncryption().enable(config);
   

   Azure抛出以下异常

   Azure throws the following exception

   com.microsoft.azure.CloudException:
   准备BitLocker的机器不是有效的版本化的密钥保管库密钥URL.格式应为 https://< vaultEndpoint>/secrets/< secretName>/< secretVersion>.

   com.microsoft.azure.CloudException:
   Preparing machine for bitlocker is not a valid versioned Key Vault Secret URL. It should be in the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>.: Preparing machine for bitlocker is not a valid versioned Key Vault Secret URL. It should be in the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>.

   但是一旦失败，请在几分钟后重试.

   But retrying it after few minutes once it fails works.

   我猜它正在尝试重新安装"AzureDiskEncryption"；扩展名，因为它是作为原始VM删除的一部分删除的.但不等待扩展的配置状态 成功(将状态消息正确地设置到秘密URL)并使用中间状态消息为比特机准备机器"来成功完成操作.作为秘密URL.

   I guess it's trying to re-install the "AzureDiskEncryption" extension since this was deleted as part of the original VM delete. But not waiting for extension's provisioning state to succeed (which will set the status message correctly to the secret URL) and using an intermediate status message "Preparing machine for bitlocker" as the secret URL.

   我在一个独立的系统中使用它，我必须在其中连续为许多VM执行此操作.因此，重试对我们来说不是有效的操作，因为它将导致429 Azure API限制.

   I am using this in a self contained system, where I have to do this for a lot of VMs continuously. So retrying is not a valid operation for us as it will cause 429 Azure API limit throttling.

   签入以查看是否可以从Azure方面进行处理.

   Checking in to see if this is something which can be handled from the Azure side.

   推荐答案

   @ashbondu，您的猜测可能没错，缺少Encryption扩展名可能会导致此问题，我的要求是尝试使用以下PS命令检查扩展名是否已安装:

   @ashbondu, your guess might be right, the lack of the Encryption extension may result in this issue, my ask would be to try checking if the extension is installed by using this PS command:

   Get-Command Set-AzureRM * Extension * -Module AzureRM.Compute，如果在激活加密后未安装，则有时需要重新启动.让我知道这是否有帮助，或者您是否希望为您启用支持案例.

   Get-Command Set-AzureRM*Extension* -Module AzureRM.Compute, if it is not installed after activating the encryption, sometimes a reboot is necessary for this.  Let me know if this helps, or if you would like to enable a support case for you.

   谢谢

   亚当

   
   

   这篇关于VM的加密失败，并显示了无效的密钥库机密URL“为比特机准备机器".的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！