Share via

How to remove VM reference to KeyVault

Paul Cowan 0 Reputation points
2023-10-17T20:53:58.53+00:00

I deleted an unused KeyVault resource, but my Azure Windows VM referenced it. The VM won't power on now because the KeyVault doesn't exist. How do I remove the reference to the KV from the VM?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,448 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. TP 124.7K Reputation points Volunteer Moderator
    2023-10-18T00:04:42.23+00:00

    Hi Paul,

    Are you saying the VM's disk(s) were encrypted using Customer Managed Key and you deleted the key vault that contains the key? Please correct me if that is not the case.

    What you can do is recover the deleted key vault by navigating to key vaults -- manage deleted vaults. Once you recovered the vault you can navigate to the VM's disks -- Encryption blade, switch to Platform Managed Key, Save, then test that you can start the VM.

    Note that if you deleted the key before deleting the vault you will need to recover the vault first, next recover the deleted key, then make changes to disk encryption.

    Please click Accept Answer if the above was useful.

    Thanks.

    -TP

  2. JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator
    2023-10-18T19:53:10.0433333+00:00

    @Paul Cowan

    Thank you for your post!

    To hopefully help point you in the right direction - if your VM is leveraging the Key Vault for an SSL Certificate, you should be able to remove the Key Vault reference from your VM by uninstalling the respective Extension (i.e. Key Vault or IIS).

    • Note: If you're having issues removing the VM through the Portal, you can also leverage the Azure Cloud Shell.

    For more info - Troubleshooting Azure Windows VM extension failures

    1. Open the Azure portal and navigate to the virtual machine that is referencing the Key Vault.
    2. Click on Extensions under the "Settings" section of the virtual machine.
    3. Find the respective extension used for your SSL certificate (i.e. Key Vault or IIS).
    4. Select Uninstall to remove the extension.

    Once you have removed the reference to the Key Vault from your VM, you should be able to delete the Key Vault without any issues.

    User's image

    • If you're still having issues and would like to work directly with our support team through a one-time free technical support request, please let me know.

    Additional Links:

    I hope this helps!

    Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.