Hot to fix Azure VM ERROR: Decryption failed: [WinError -2146893813] Key not valid for use in specified state.

Ankita Chaturvedi 0 Reputation points
2024-07-03T09:07:24.2133333+00:00

Getting transient error "ERROR: Decryption failed: [WinError -2146893813] Key not valid for use in specified state." on windows Azure VM. I have resolved it by deleting "C:\Users<username>.azure" but error came up again so it is kind of uncertain behavior. Please suggest permanent fix for this issue.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,263 questions
{count} votes

1 answer

Sort by: Most helpful
  1. deherman-MSFT 37,836 Reputation points Microsoft Employee
    2024-07-03T15:40:16.4133333+00:00

    The error "Decryption failed: [WinError -2146893813] Key not valid for use in specified state" on an Azure VM can be related to issues with the credentials or tokens stored in the .azure directory becoming corrupt or invalid. Deleting the .azure directory and re-authenticating can be a temporary fix, but for a more permanent solution, consider the following steps:

    1. Update Azure CLI: Ensure that you have the latest version of the Azure CLI installed. This can help avoid bugs that might be causing these issues.
      
          az upgrade
      
      
    2. Clear Azure CLI Cache: Manually clear the Azure CLI cache to remove any potentially corrupted tokens or credentials.
      
          az account clear
      
      
    3. Re-authenticate: Re-authenticate to Azure after clearing the cache.
      
          az login
      
      
    4. Use Service Principal: Instead of using personal credentials, consider using a Service Principal for authentication. This can provide more stability for automated tasks and scripts.
      • First, create a Service Principal:
        
              az ad sp create-for-rbac --name <your-app-name> --role Contributor --scopes /subscriptions/<your-subscription-id>
        
        
        Note down the appId, password, and tenant.
      • Then, use the Service Principal to login:
        
              az login --service-principal -u <appId> -p <password> --tenant <tenant>
        
        
    5. Check for Issues with the User Profile: Ensure that there are no issues with the user profile on the Azure VM. Sometimes, corrupt user profiles can cause issues with credential storage.
    6. Environment Variables: If you are running scripts or applications that use environment variables to store credentials, ensure these are correctly set and not causing conflicts.
    7. Regular Maintenance: Regularly clear the .azure directory and re-authenticate as part of a maintenance routine if the issue persists. You can automate this process using scripts.
    8. Check Event Logs: Look at the Windows Event Logs for any additional error messages or warnings that might provide more context about why the decryption is failing.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.