1

Today I accessed my VM on Azure and it was very slow, so I decided to upgrade it. I went to Size, selected a level up in RAM memory and CPU and then I clicked on the button "Resize". After waiting a few minutes, I got a fail message saying: Failed to resize the virtual machine 'xxx' to size 'xxx'. Error: Unknown error encountered when retrieving secret from the Key Vault with URL: xxx. Since then I can't start my virtual machine, how can I solve this problem? Thanks.

[EDIT] Apparently, I just need to update the secretURL for a key vault that I've created, I just don't know-how. enter image description here

Natan Dutra
  • 65
  • 1
  • 9

1 Answers1

0

I would assume VM is having issues accessing the Key Vault. Can you try the following if possible?

  1. Deallocated the VM to full stop.
  2. Then start it back up
  3. Check that the Key Vault and secret are still the same and have not been deleted or changed.
  4. Check the access to the Key vault. The following documents may help with this. Creating and configuring a key vault for Azure Disk Encryption

https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview#networking-requirements

 In the meantime, please help me perform a quick check and log into the ‘serial console’ of this VM and confirm if you’re able to get into the ‘commandprompt’ from the ‘SAC’ mode: https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/serial-console-windows

Option2 Step 1: On portal select Key Vault à “Access Policy” and ensure that “Azure Disk Encryption for volume encryption” is enabled. If not, enable it, save changes and try to Start the VM again.

Step 2: If “Azure Disk Encryption for volume encryption” is already checked , make sure that “secret “ is present under the Key Vault and it has a “version” of in enabled state. If there is any expiration date set for the version, make sure that we are within the expiration period.

Repair a Windows VM by using the Azure Virtual Machine repair commands: https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/repair-windows-vm-using-azure-virtual-machine-repair-commands

Can you try redeploying the VM that this is happening on? This will place the VM on new hardware and rule out a platform issue if it stops happening after the redeploy. Try to remove the extension and add it back to the VM. Extension must have failed sometime. https://learn.microsoft.com/en-us/cli/azure/vm/extension?view=azure-cli-latest

Resize virtual machines

There is similar thread discussion in SO, you may also refer to the suggestion mentioned over-there which gives some idea on your query

SumanthMarigowda-MSFT
  • 1,920
  • 9
  • 14
  • I tried the steps but I had no success. I also created a new Key Vault which I've assigned to the VM using Azure CLI. I noticed that for some reason when trying to start the VM, I get an error saying that was not able to access a Key Vault that I don't recall creating or deleting it and this Key Vault mentioned in the error is not available on Deleted Key Vaults as well, I don't know how this value is over there and why is not taking the Key Vault that I've assigned to the VM. :/ – Natan Dutra Sep 15 '20 at 23:21
  • This address right here is what I believe I need to update, since the current one does not exist. I posted d the picture in the question. – Natan Dutra Sep 17 '20 at 23:02
  • I finally resolved this issue, to solve it I had to update the disk encryption directly through the CLI, here's the command line: az disk update --name MyDisk --resource-group MyResourceGroup --set encryptionSettingsCollection.encryptionSettings='[{"diskEncryptionKey": {"secretUrl": "https:///secrets//","sourceVault": {"id": "/subscriptions/MySubscription/resourceGroups/MyResourceGroup/providers/Microsoft.KeyVault/vaults/MyVault"}},"keyEncryptionKey": null}]' – Natan Dutra Sep 18 '20 at 23:47