Skip to main content

Azure VM - Failed to update virtual machine disks (Solved)

Sometimes while trying to add/remove a disk from Azure VM through the Azure portal we are getting error like "Failed to update virtual machine disks" as below



Here though we are only trying to add/remove the disk, we're not doing anything with Azure Disk Encryption (ADE), still, we're getting the error message related to ADE. 

Not while adding or updating the disk, if we try to add extensions or performing any activity required to do save operation to update the VM template, it show a similar failure message which is related to ADE. 

Now to resolve this if we disable the disk encryption through the Azure portal through it will disable the disk encryption and on portal, we can see there is no disk encryption and also the related Key vault field is coming up empty but still, when we try to add/remove the disk & do the save operation we are getting the similar message. This is because in the VM JSON template we can see it still maintain the disk encryption-related properties. So to rectify this error is we remove the disk encryption property from it's template JSON we'll be good. 

Let's see how to remove the ADE related properties from VM JSON template. 

Step-1. 
     Disable the disk encryption (either through the Azure portal or through PowerShell command) 
     POINT to poinder: After performing the disable ADE through the portal or the PowerShell script, we've to wait for some time to get the disk fully decrypted. 
How to verify if disks (all disk OS + data disks) got fully decrypted or not. 
  • Login to your VM
  • Open PowerShell in admin mode
  • Run the command "Get-BitLockerVolume"
This command will show you the encryption or decryption percentage. 
Sometimes you may observe C drive (or OS disk) is not getting decrypted after waiting for a long period it still shows 100% encrypted. (or 0% decrypted). In that case, you've to manually disable the bit locker for your OS disk. Open your "Manage BitLocker" [from control panel] => Expand OS (c:) => Turn Off BitLocker"

DON'T  PERFORM BELOW OPERATION IF VM DISK IS STILL ENCRYPTED OR DECRYPTION IS IN PROGRESS

Step-2: 
Once we are sure that the bit locker is disabled and all disks are fully decrypted (100%), now we've to remove the ADE all together. 

$resourceGroup = "<<your-resource-group>>"
$vmName = "<<your-vm-name>>"

First, let's stop the VM
##Stop-AzVM -ResourceGroupName $resourceGroup -Name $vmName   -NoWait

Wait for a few minutes to stop the VM. you can check from the portal, whether you're getting the "Start" button enabled or not. 
Now execute the powershell command to get the VM details
##$myVm = Get-AzVM -ResourceGroupName $resourceGroup -Name $vmName 

Here we'll update the encryption setting to NULL, False means encryption setting is there but not enabled right-now 
 
## $myVm.StorageProfile.OsDisk.EncryptionSettings.DiskEncryptionKey = $null
## $myVm.StorageProfile.OsDisk.EncryptionSettings.Enabled = $false
## $myVm.StorageProfile.OsDisk.EncryptionSettings.KeyEncryptionKey = $null
##Update-AzVM -ResourceGroupName $myVm.ResourceGroupName -VM $myVm

Let's start the VM now. Because just now we've executed the "update-AzVM" command, so start-AzVM will take some time, in some of the cases I've observed it took 20-25min. 
##Start-AzVM -ResourceGroupName $myVm.ResourceGroupName -Name $myVm.Name

After these operations, once your VM is up and running, try to add/remove the disk and you're good to go. 



Labels:

Comments

  1. Sampath10 June 2021 at 12:20

    This is really help full to complete the 2019 OS upgrade of an Azure VM. I got blocked with disk encryption a error like this "Azure Disk Encryption extension version '2.2 ' without AAD client/secret is not supported on VMs previously encrypted with AAD client/secret.". But with the solution provided above, I got unblocked easily. Appreciate the solution given.

    ReplyDelete

Post a Comment

Popular posts from this blog

EFCore - Collate function

Search in SQL server query is generally case insensitive (by default or based on database level collation). Suppose we have an employees table with a row having first-name column value as "My-First-Name", so if we want to do the case-sensitive search we have to explicitly use the related collate: In EF 5 (currently in Release Candidate version [RC.2.20475.6]) Collate function got introduced which helps us to use our specific collation based search.  C# with EF5 code sample: var employeeCaseSensitiveSearch = _dbContext.Employees .Where(x => EF.Functions.Collate(x.FirstName, "Latin1_General_CS_AS") == "my-first-name") .FirstOrDefault(); A related database query will be something like this: T-SQL: Case sensitive search (use specific collation e.g.: Latin1_General_CS_AS) SELECT * FROM dbo.Employees AS e WHERE e.FirstName Collate Latin1_General_CS_AS = 'my-first-name' Some of the useful CSharp function which g...
Post a Comment
Read more

EFCore - Parallel db call on same dbContext

Practically there are multiple instances when we want to do parallel DB call which will save us some time. Like if we want to get a few employees details as well as users detail and if both entities are independent of each other better to go with a parallel call to fetch the details.  With the growing ORM usage and enhanced & optimized framework of like EFCore, in most of the application (related to C# development), we generally prefer to use EFCore. With EFCore if we try to use the same DB context to do parallel db call we are getting an error (... different thread using the same DbContext....). Because dbContext call is not thread-safe Parallel DB call on the same dbContext:  Code snipped: which will throw an error private void DbCallWithParallelCallOnSameDbContext() { try { var employeesTask = _dbContext.Employees.ToListAsync(); var usersTask = _dbContext.Users.ToListAsync(); ...
Post a Comment
Read more

How to install Zen-coding plugin

As a web-developer, irrespective of the technologies (java, c-sharp, python, php e.t.c.…), we used to write CSS code to make our web-pages looks good if not at least we’re involved in write html codes. What if there is some tool to whom you give some instruction and that tool generates a good, well formatted html tags for you. These kind of coding is possible and known as “ Zen coding ” and there are lots of plug-in available from different vendors. We’re going to  discuss the steps to install this “zen-coding” plugin for “visual studio, eclipse, sublime-text & notepad++ in next few lines. Follow the below steps to install "zen-coding" plugin based on your editor.  Steps to install zen-coding plugin for (visual studio, eclipse, sublime-text,notepad++) -- -- For Visual Studio 1. Go to "Tools" -> "Extensions and Updates" 2. It'll open the "Extensions and Updates windows"    Select online form Left hand menu items ent...
Post a Comment
Read more