VM and recovery services vault with CMK, snapshot for backup fails

Oliver Schwarzwälder 0 Reputation points
2023-10-04T15:24:48.5+00:00

Hey Guys,

i'm facing the issue that my Azure backups are failing when using a cmk encrypted recovery services vault.
-> by turning back to a PMK rsv everything works fine.

-> the received error messages in azure are in the sub task

  • Take Snapshot: in progress -> failed

-> the backup Job runs along for hours till ending in failed

I viewed the eventlogs on the machine and saw that there are issues with the VSS Services permissions while handling the snapshot -> why does the Azure Backup Agent runs into trouble when my rsv is cmk encrypted?

I tried also to set permissions for the recovery services vault to access with administrative roles, still facing the same error

Screenshot 2023-10-04 at 17.13.13.png

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
1,142 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Oliver Schwarzwälder 0 Reputation points
    2023-10-25T06:58:58.2666667+00:00

    @SadiqhAhmed-MSFT , finally we could face the root of the issue

    -> it's the hardening combination of the CMK Key Vault with disable public access and the user assigned identity (also Access policies are not used -> RBAC is in use)

    -> somehow there's a problem with access the key Vault within the permission set of the user assigned identity

    • when it's defined with system assigned and the recovery services vault gets the permission set for the key vault with RBAC it works fine

    The request can be closed.
    Thank you very much for stay in touch and interested in the resolution of the issue.