I came across a very unusual problem this week which I haven't seen before and even took Microsoft Support a few days to diagnose...
The issue was my Azure IaaS VM would not encrypt both OS and Data Disks when using the Set-AzVMDiskEncryptionExtension PowerShell command and was throwing the following message:
Set-AzVMDiskEncryptionExtension : Long running operation failed with status 'Failed'. Additional Info:'VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.2.0.36] Failed to configure bitlocker
as expected. Exception: Object reference not set to an instance of an object., InnerException: , stack trace: at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.SaveTemporaryStorageProtectorToBekVolume()
in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 814
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.EnableEncryption() in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1635
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1873
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1970"
More information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot '
ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension 'AzureDiskEncryption'. Error message: "[2.2.0.36] Failed to configure bitlocker as expected. Exception: Object reference not set to an instance of an object.,
InnerException: , stack trace: at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.SaveTemporaryStorageProtectorToBekVolume() in
X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 814
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.EnableEncryption() in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1635
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.HandleEncryptionOperations() in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1873
at Microsoft.Cis.Security.BitLocker.BitlockerIaasVMExtension.BitlockerExtension.OnEnable() in X:\bt\1132456\repo\src\BitLocker\BitlockerIaasVMExtension\BitlockerExtension.cs:line 1970"
More information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot
ErrorTarget:
StartTime: 26/02/2021 16:35:27
EndTime: 26/02/2021 16:36:05
OperationID: 590717d7-5fcf-4347-9fd4-bf54f452d20f
Status: Failed
At line:1 char:1
+ Set-AzVMDiskEncryptionExtension `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzVMDiskEncryptionExtension], ComputeCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.Extension.AzureDiskEncryption.SetAzureDiskEncryptionExtensionCommand
Great, ok, so that means I need to delete the VM and re-create it using a size that includes a temp disk? No drama. Although, it did take me a little while to dig out the script I had made previously to create VMs from existing managed disks, but once I found that and updated it to use the newer Az module, rather than AzureRM, I was able to recreate the VM with the required size (look out for my upcoming post which details that process).
Urgh....now what! Turns out the disks, which I previously attempted to encrypt but failed, had some remnants of BitLocker left over and the encryption process threw an error. I got around this by running the following command to remove all traces of encryption from the VM disks and configuration:
