azure-xplat-cli
azure-xplat-cli copied to clipboard
Azure
Install Succeeded is not a valid versioned Key Vault Secret Url
CLI Version: 0.10.12 OS Type: Windows 10 Installation via: npm
Mode: ARM
Environment: AzureCloud
Description:
azure vm enbale-disk-encryption errors after installing extension into vmName with 'Install Succeeded is not a valid versioned Key Vault Secret URL.".
Steps to reproduce:
- Login
azure login - Then run
azure vm enable-disk-encryption --volume-type All --skip-vm-backup --aad-client-id <your ad application client id> --disk-encryption-key-vault-url <your url to encryption key secret> --disk-encryption-key-vault-id <id of keyvault> --aad-client-secret <your ad application client secret>
Error stack trace:
2017-04-25T16:57:33.229Z:
{ Error: Install Succeeded is not a valid versioned Key Vault Secret URL. It should be in the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>.
<<< async stack >>>
at createOrUpdateVM__14 (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\commands\arm\vm\virtualMachine.js:208:82)
at setAzureDiskEncryption__46 (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\commands\arm\vm\vmClient.js:1966:27)
at __21 (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\commands\arm\vm\vm.js:473:16)
<<< raw stack >>>
at C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\azure-arm-compute\lib\operations\virtualMachines.js:2167:19
at retryCallback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\filters\systemErrorRetryPolicyFilter.js:85:9)
at retryCallback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\filters\exponentialRetryPolicyFilter.js:135:9)
at handleRedirect (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\filters\redirectFilter.js:36:9)
at C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\util\utils.js:608:7
at handleRedirect (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\util\utils.js:585:9)
at C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\util\logging.js:339:7
at Request._callback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\requestPipeline.js:126:16)
at Request.self.callback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\request\request.js:187:22)
at emitTwo (events.js:106:13)
stack: [Getter/Setter],
statusCode: 400,
request:
{ rawResponse: false,
queryString: {},
url: 'https://management.azure.com/subscriptions/xxxxxxxxxxxx/resourceGroups/xxxxxxxxxxxxx/providers/Microsoft.Compute/virtualMachines/stage?api-version=2016-04-30-preview',
method: 'PUT',
headers:
{ 'x-ms-client-request-id': '2b5b3663-aa14-4da7-9700-41434a458fa8',
'accept-language': 'en-US',
'Content-Type': 'application/json; charset=utf-8',
'x-ms-command-name': 'vm enable-disk-encryption',
'x-ms-parameter-set-name': '--volume-type *** --skip-vm-backup --aad-client-id ************************************ --disk-encryption-key-vault-url *** --disk-encryption-key-vault-id *** --aad-client-secret ***',
'user-agent': 'AzureXplatCLI/0.10.12;osType:Windows_NT;osVersion:10.0.14393;nodeVersion:v6.9.0;installationType:NPM;userId:ad8234e93a521feec1821a1ae6b3c6acc857b011febb071e62a5181f77ed37fe;subscriptionId:xxxxx;userType:user;macAddressHash:b9ea07559d3ac18b6f04dec9a163c4b2bbb69b0162c61103de75aaca6b50cb57;mode:arm' },
body: '{"location":"eastus","properties":{"hardwareProfile":{"vmSize":"Standard_DS2_v2"},"storageProfile":{"imageReference":{"publisher":"Canonical","offer":"UbuntuServer","sku":"16.04-LTS","version":"latest"},"osDisk":{"osType":"Linux","encryptionSettings":{"diskEncryptionKey":{"secretUrl":"Install Succeeded","sourceVault":{"id":"/subscriptions/xxxxxxxxxx/resourceGroups/xxxxxx/providers/Microsoft.KeyVault/vaults/KeyVault"}},"enabled":true},"name":"stage","caching":"ReadWrite","createOption":"FromImage","diskSizeGB":30,"managedDisk":{"id":"/subscriptions/xxxxxxxxx/resourceGroups/xxxxxxx/providers/Microsoft.Compute/disks/stage","storageAccountType":"Premium_LRS"}},"dataDisks":[{"lun":0,"name":"stage-data","caching":"ReadOnly","createOption":"Attach","diskSizeGB":250,"managedDisk":{"id":"/subscriptions/xxxxx/resourceGroups/xxxxx/providers/Microsoft.Compute/disks/stage-data","storageAccountType":"Standard_LRS"}}]},"osProfile":{"computerName":"stage","adminUsername":"user","linuxConfiguration":{"disablePasswordAuthentication":false},"secrets":[]},"networkProfile":{"networkInterfaces":[{"id":"/subscriptions/xxxxxxxxx/resourceGroups/xxxxx/providers/Microsoft.Network/networkInterfaces/stage654"}]}}}' },
response:
{ body: '{\r\n "error": {\r\n "code": "InvalidParameter",\r\n "target": "encryptionSettings.diskEncryptionKey.secretUrl",\r\n "message": "Install Succeeded is not a valid versioned Key Vault Secret URL. It should be in the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>."\r\n }\r\n}',
headers:
{ 'cache-control': 'no-cache',
pragma: 'no-cache',
'content-length': '293',
'content-type': 'application/json; charset=utf-8',
expires: '-1',
'strict-transport-security': 'max-age=31536000; includeSubDomains',
'x-ms-served-by': 'b86f52d5-02f2-4895-80f8-975d7c684b95_131375993212735307',
'x-ms-request-id': 'ebe76bd4-4ee3-4425-a56a-2301940a72ef',
server: 'Microsoft-HTTPAPI/2.0',
'x-ms-ratelimit-remaining-subscription-writes': '1197',
'x-ms-correlation-request-id': '93375903-f32f-487a-b5f0-99557b0445dc',
'x-ms-routing-request-id': 'EASTUS:20170425T165732Z:93375903-f32f-487a-b5f0-99557b0445dc',
date: 'Tue, 25 Apr 2017 16:57:31 GMT',
connection: 'close' },
statusCode: 400 },
code: 'InvalidParameter',
body:
{ code: 'InvalidParameter',
message: 'Install Succeeded is not a valid versioned Key Vault Secret URL. It should be in the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>.',
target: 'encryptionSettings.diskEncryptionKey.secretUrl' },
__frame:
{ name: 'createOrUpdateVM__14',
line: 190,
file: 'C:\\Users\\kylec\\AppData\\Roaming\\npm\\node_modules\\azure-cli\\lib\\commands\\arm\\vm\\virtualMachine.js',
prev:
{ name: 'setAzureDiskEncryption__46',
line: 1819,
file: 'C:\\Users\\kylec\\AppData\\Roaming\\npm\\node_modules\\azure-cli\\lib\\commands\\arm\\vm\\vmClient.js',
prev: [Object],
calls: 4,
active: false,
offset: 147,
col: 26 },
calls: 0,
active: false,
offset: 18,
col: 81 },
rawStack: [Getter] }
Error: Install Succeeded is not a valid versioned Key Vault Secret URL. It should be in the format https://<vaultEndpoint>/secrets/<secretName>/<secretVersion>.
<<< async stack >>>
at createOrUpdateVM__14 (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\commands\arm\vm\virtualMachine.js:208:82)
at setAzureDiskEncryption__46 (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\commands\arm\vm\vmClient.js:1966:27)
at __21 (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\commands\arm\vm\vm.js:473:16)
<<< raw stack >>>
at C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\azure-arm-compute\lib\operations\virtualMachines.js:2167:19
at retryCallback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\filters\systemErrorRetryPolicyFilter.js:85:9)
at retryCallback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\filters\exponentialRetryPolicyFilter.js:135:9)
at handleRedirect (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\filters\redirectFilter.js:36:9)
at C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\util\utils.js:608:7
at handleRedirect (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\util\utils.js:585:9)
at C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\lib\util\logging.js:339:7
at Request._callback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\ms-rest\lib\requestPipeline.js:126:16)
at Request.self.callback (C:\Users\kylec\AppData\Roaming\npm\node_modules\azure-cli\node_modules\request\request.js:187:22)
at emitTwo (events.js:106:13)
I haven't been able to reproduce this but here are some ideas on what might have caused this, and some possible ways to work around or avoid the error in the future:
- If any of the parameters were supplied incorrectly at the time of invoking the enable command (copy paste error, missing URL or wrong URL, line breaks or spaces in the wrong place, etc.) - I don't believe that was the case here, but in general it's a good thing to check first.
- If the key vault is in a different region than the VM, if the VM was initially in one region but migrated to another region, or if the key vault policies were not initially set with the enable disk encryption option.
- If a prior attempt to encrypt failed for some reason (eg., one of the reasons in the troubleshooting guide), then subsequent attempts on the same VM may fail with this message. Starting fresh with a new VM in a state that supports disk encryption would be the recommended option if this is the case. If the VM failed before encryption ever occurred, and the drive is not encrypted, then removing the extension, stopping/de-allocating the VM, clearing encryption settings on the VM (powershell example here), and then starting it again may help to bring the VM back into a suitable start state to workaround this error.
I have exactly the same issue when trying to encrypt Linux VM. At the same time . Windows VM is completely fine.
Hi @kmccmk9 the reason why it fails is a verbose message breaking the ARM Template. You need to work with Sequence Numbers in order to make it work again. Check out: https://pgroene.wordpress.com/2016/12/23/fixing-arm-deployment-errors-for-linux-disk-encryption/
