This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 34%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
I'm facing issues while enabling Azure Disk Encryption on a Windows Server 2012 R2 OS disk. I'm getting error as "[2.2.0.36]Failed to configure machine for Bitlocker encryption. Reboot the VM and retry the operation". I have gone through "Unsupported scenarios" in Azure Documentation, but it is not matching with any of those conditions.
Kindly help me with the troubleshooting steps to fix this issue.
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
@Sudheer Kumar Welcome to Microsoft Q&A, Thank you for posting your query!
Adding more information to the above answer! Run the below powershell script to encrypt the virtual machine. Let us know the result if the issue still persists
##encrypt the existing virtual machine using below script
connect-AzAccount
$rgName = "your resource group name"
$location = "location name"
Register-AzResourceProvider -ProviderNamespace "Microsoft.KeyVault"
Get-AzResourceGroup -Location $location -Name $rgName
#create a new keyvault
$keyVaultName = "your key vault name"
New-AzKeyVault -Location $location `
-ResourceGroupName $rgName `
-VaultName $keyVaultName `
-EnabledForDiskEncryption
Add-AzureKeyVaultKey -VaultName $keyVaultName -Name "myKey" -Destination "Software"
$keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName;
$diskEncryptionKeyVaultUrl = $keyVault.VaultUri;
$keyVaultResourceId = $keyVault.ResourceId;
$keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name myKey).Key.kid;
Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName `
-VMName "your vm name" `
-DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `
-DiskEncryptionKeyVaultId $keyVaultResourceId `
-KeyEncryptionKeyUrl $keyEncryptionKeyUrl `
-KeyEncryptionKeyVaultId $keyVaultResourceId
Get-AzVmDiskEncryptionstatus -ResourceGroupName $rgName -VMName "your Vm name"
Additional information: How to enable ADE & troubleshooting article
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
------------------------------------------------------------------------------------------------------
Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello @Sudheer Kumar ,
Thanks for your query. I just created win server 2012 R2 and tried encryption successfully.
Can you try this below troubleshooting details:
Let us know if those troubleshooting link helps out in resolving the issue , if yes "please accept the answer"