Unable to do azure disk encryption

Omkar Urankar 20 Reputation points
2024-05-05T14:03:24.8566667+00:00

Hi ,

I am getting below error while doing azure disk encryption -

Can someone please guide me on this ?

{"code":"VMExtensionProvisioningError","message":"VM has reported a failure when processing extension 'AzureDiskEncryption' (publisher 'Microsoft.Azure.Security' and type 'AzureDiskEncryption'). Error message: '[2.4.0.21] Bitlocker preparation tool failed with -2147211916.\r\nAn unexpected error occurred while running BitLocker Setup. You may need to manually prepare your drive for BitLocker.

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
177 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Suraj Pujari 91 Reputation points Microsoft Employee
    2024-05-06T04:36:44.0633333+00:00

    Hi Omkar,

    It seems that there is an issue with the BitLocker preparation tool while running Azure Disk Encryption. The error message suggests that you may need to manually prepare your drive for BitLocker. Here are a few things you can try to resolve the issue:

    1. Check if the VM meets the prerequisites for Azure Disk Encryption. Ensure that the VM is running a supported operating system and is in a supported region. You can find the list of supported VMs and operating systems in the Azure documentation.
    2. Check if the VM has the latest updates installed. Ensure that the VM has the latest updates installed for the operating system and the Azure Disk Encryption extension.
    3. Check if the VM has the required permissions. Ensure that the VM has the required permissions to access the Key Vault and the storage account.
    4. Try manually preparing the drive for BitLocker. You can follow the steps mentioned in the Azure documentation to manually prepare the drive for BitLocker.

    https://learn.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-powershell-quickstart

    If none of the above steps work, you can try contacting Microsoft support for further assistance.

    0 comments No comments

  2. Anand Prakash Yadav 7,810 Reputation points Microsoft Vendor
    2024-05-07T11:15:34.84+00:00

    Hello Omkar Urankar,

    Thank you for posting your query here!

    The error you're encountering with Azure Disk Encryption seems to be related to the VM extension provisioning. This issue might be due to several factors, such as Key Vault access policies not being set correctly, custom group policy settings for BitLocker being incompatible, or issues with the VM's ability to establish outbound connections to Azure storage.

    Here are some steps you can take to troubleshoot the issue:

    · Please ensure that "Enable access to Azure Resource Manager for Template Deployment" is checked in your Key Vault access policies. https://stackoverflow.microsoft.com/questions/205616

    · Confirm that the VM has a running VM agent and that it can establish outbound connections to Azure storage. If the VM agent or extensions are not reporting status, this could lead to provisioning errors. https://learn.microsoft.com/en-us/answers/questions/884131/encrypt-azure-disks-failed-with-error-code-2147942

    · Also, confirm that the VM has a running VM agent and that it can establish outbound connections to Azure storage.

    Additional points to check:

    · Ensure that the disks attached to your VM are properly configured and meet the requirements for encryption. For example, if you're encrypting the OS disk, make sure it's a managed disk.

    · Verify that the Azure Key Vault you specified for storing encryption keys has the necessary permissions for the VM to access it.

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.