ASR Replication Error 28040 & 539

Sam Nwangwu 20 Reputation points
2024-02-02T07:54:15.12+00:00

Receiving these errors on all 4 VMs I'm attempting to replicate with Terraform. I've added details for one VM so it's not drawn out.

I have previously successfully replicated VMs with this Terraform block, however I've recently added encryption sets for CMK encryption on managed disks for all VMs in primary region (success)..

& subsequently added target_disk_encryption_set_id for secondary region replication on each VM - post adding this is when the errors started to arise...

#SSRS VM ASR Replication
resource "azurerm_site_recovery_replicated_vm" "ssrs-replication" {
  name                                      = "ssrs-vm-replication"
  resource_group_name                       = azurerm_resource_group.secondary.name
  recovery_vault_name                       = azurerm_recovery_services_vault.vault.name
  source_recovery_fabric_name               = azurerm_site_recovery_fabric.primary.name
  source_vm_id                              = azurerm_windows_virtual_machine.ssrs-vm.id
  recovery_replication_policy_id            = azurerm_site_recovery_replication_policy.policy.id
  source_recovery_protection_container_name = azurerm_site_recovery_protection_container.primary.name

  target_resource_group_id                = azurerm_resource_group.secondary.id
  target_recovery_fabric_id               = azurerm_site_recovery_fabric.secondary.id
  target_recovery_protection_container_id = azurerm_site_recovery_protection_container.secondary.id

  managed_disk {
    disk_id = lower(data.azurerm_managed_disk.ssrs_osdisk.id)
    staging_storage_account_id = azurerm_storage_account.secondary.id
    target_resource_group_id = azurerm_resource_group.secondary.id
    target_disk_type = azurerm_windows_virtual_machine.ssrs-vm.os_disk[0].storage_account_type
    target_replica_disk_type = azurerm_windows_virtual_machine.ssrs-vm.os_disk[0].storage_account_type
    target_disk_encryption_set_id = azurerm_disk_encryption_set.ade_encryption_set_s.id
  }

  network_interface {
    source_network_interface_id   = azurerm_network_interface.ssrs-server-nic-s.id
    target_subnet_name            = azurerm_subnet.ssrs-secondary.name
    recovery_public_ip_address_id = azurerm_public_ip.ssrs-pip-s.id
  }

  depends_on = [
    azurerm_site_recovery_protection_container_mapping.container-mapping,
    azurerm_site_recovery_network_mapping.network-mapping,
  ]
}

There are 3 more "config identical" blocks for a total of 4 VMs I'm attempting to replicate. The first 3 produced error 28040 & the last one 539.

Fails whilst preparing target. I've checked on the VM & the mobility service agent is provisioned successfully which further suggest issue involves encryption set:

Preparing target failure

My initial thoughts were possibly it doesn't like that the secondary encryption set is different to the primary one initially used to encrypt the disks. However, my understanding is that new disks are created in Secondary region so doubt that matters...

Azure Site Recovery
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
636 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SadiqhAhmed-MSFT 38,081 Reputation points Microsoft Employee
    2024-02-06T14:39:24.7433333+00:00

    @Samuel Nwangwu Thank you for reaching out to the Microsoft Q&A platform and I apologize for the delayed response.

    I see that you are attempting to replicate 4 VMs with Terraform and it is failing on replication post the replication was set.

    From the error details, it appears there has been a change made for the "disk" on the VM while the replication was in progress. Due to which the replication is failing. In a situation like this, the best option is to disable the replication and re-enable the replication from scratch to make sure the DR disk are up to date.

    Note: It is recommended that there should be no changes done on the disks being replicated by ASR while replication is in progress.

    Please refer to the reference link here - https://learn.microsoft.com/en-us/azure/site-recovery/site-recovery-manage-registration-and-protection#disable-protection-for-a-azure-vm-azure-to-azure

    Hope this helps. Let us know how it goes!

    If the response helped, do "Accept Answer" and up-vote it

  2. Sam Nwangwu 20 Reputation points
    2024-02-09T11:52:07.6066667+00:00

    Thanks for your contribution @SadiqhAhmed-MSFT

    I decided to ditch the encryption sets & instead enable ADE on the VM disks & replication is now working fine.