Azure Disk Encryption not working

Sudheer Kumar 1 Reputation point

I'm facing issues while enabling Azure Disk Encryption on a Windows Server 2012 R2 OS disk. I'm getting error as "[]Failed to configure machine for Bitlocker encryption. Reboot the VM and retry the operation". I have gone through "Unsupported scenarios" in Azure Documentation, but it is not matching with any of those conditions.

Kindly help me with the troubleshooting steps to fix this issue.

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
149 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. shiva patpi 12,321 Reputation points Microsoft Employee

    Hello @Sudheer Kumar ,
    Thanks for your query. I just created win server 2012 R2 and tried encryption successfully.

    Can you try this below troubleshooting details:

    Let us know if those troubleshooting link helps out in resolving the issue , if yes "please accept the answer"

    0 comments No comments

  2. Sumarigo-MSFT 40,716 Reputation points Microsoft Employee

    @Sudheer Kumar Welcome to Microsoft Q&A, Thank you for posting your query!

    Adding more information to the above answer! Run the below powershell script to encrypt the virtual machine. Let us know the result if the issue still persists

    ##encrypt the existing virtual machine using below script  
    $rgName = "your resource group name"  
    $location = "location name"  
    Register-AzResourceProvider -ProviderNamespace "Microsoft.KeyVault"  
    Get-AzResourceGroup -Location $location -Name $rgName  
    #create a new keyvault  
    $keyVaultName = "your key vault name"  
    New-AzKeyVault -Location $location `  
        -ResourceGroupName $rgName `  
        -VaultName $keyVaultName `  
    Add-AzureKeyVaultKey -VaultName $keyVaultName -Name "myKey" -Destination "Software"  
    $keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName;  
    $diskEncryptionKeyVaultUrl = $keyVault.VaultUri;  
    $keyVaultResourceId = $keyVault.ResourceId;  
    $keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name myKey).Key.kid;  
    Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName `  
        -VMName "your vm name" `  
        -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `  
        -DiskEncryptionKeyVaultId $keyVaultResourceId `  
        -KeyEncryptionKeyUrl $keyEncryptionKeyUrl `  
        -KeyEncryptionKeyVaultId $keyVaultResourceId  
    Get-AzVmDiskEncryptionstatus -ResourceGroupName $rgName -VMName "your Vm name"   

    Additional information: How to enable ADE & troubleshooting article

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments