Set-AzureRmVMDiskEncryptionExtension : Long running operation - powershell

While trying to encrypt a VM, I am getting the below error:
Set-AzureRmVMDiskEncryptionExtension : Long running operation failed
with status 'Failed'. ErrorCode: VMExtensionProvisioningError
ErrorMessage: VM has reported a failure when processing extension
'AzureDiskEncryptionForLinux'. Error message: "Enable failed.".
StartTime: 11/15/2017 11:12:30 AM EndTime: 11/15/2017 11:14:38 AM
OperationID: 004051ca-bf73-4a37-a145-5e0ac30bc30a Status: Failed At
line:1 char:1
+ Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $resourceGrou ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmVMDiskEncryptionExtension], ComputeCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.Extension.AzureDiskEncryption.SetAzureDiskEncryptionExtensionCommand
Please help me to resolve this issue.

I was also having the same issue. The reason was i was not changing the access policy of the key vault.
use this command to change the access policy first and then execute the command for encryption.
Set-AzureRmKeyVaultAccessPolicy -VaultName $KeyVaultName -ResourceGroupName $rgName -EnabledForDiskEncryption
and then check the policy with the following command
(Get-AzureRmKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName).EnabledForDiskEncryption it should return true.

Related

Failed to start WinNAT service

How Resolved this problem ?
I try make switch using a nat network.
(from this link: https://www.thomasmaurer.ch/2016/05/set-up-a-hyper-v-virtual-switch-using-a-nat-network/ )
I made:
New-VMSwitch –SwitchName “NAT_vSwitch” –SwitchType Internal
New-NetIPAddress –IPAddress 172.100.100.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NAT_vSwitch)"
but when I make this line:
New-NetNat –Name NetworkNAT –InternalIPInterfaceAddressPrefix 172.100.100.0/24
My Output in PowerShell looks like:
New-NetNat : Failed to start WinNAT service
At line:1 char:1
+ New-NetNat –Name NetworkNAT –InternalIPInterfaceAddressPrefix 172.100 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: ObjectNotFound: (MSFT_NetNat:root/StandardCimv2/MSFT_NetNat) [New-NetNat], CimException
+ FullyQualifiedErrorId : Windows System Error 1168,New-NetNat
what I am doing wrong or where I should looking for error?
I had a similar issue.
Firstly, backup the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi
Then proceed to delete the items with the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}.
In powershell, then perform:
start-service WinNat
If it is able to start, then try your command again:
New-NetNat –Name NetworkNAT –InternalIPInterfaceAddressPrefix 172.100.100.0/24

Update-AzureRmVmss RDP password: Changing property 'zones' is not allowed

I'm trying to update RDP login/password on a Service Fabric VMSS. I use the default script proposed here :
https://blogs.technet.microsoft.com/mckittrick/how-to-reset-password-for-vmss-scale-set-instances/
However I have this issue when lauching the last Update-AzureRmVmss command (I don't try to change any zones parameter) :
Update-AzureRmVmss : Changing property 'zones' is not allowed.
ErrorCode: PropertyChangeNotAllowed
ErrorMessage: Changing property 'zones' is not allowed.
StatusCode: 409
ReasonPhrase: Conflict
OperationID : df197d60-0694-4d38-bad6-1de2163de550
At line:13 char:1
+ Update-AzureRmVmss -ResourceGroupName $vmssResourceGroup -Name $vmssN ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Update-AzureRmVmss], ComputeCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.Common.ComputeCloudException,Microsoft.Azure.Commands.Compute.Automation.UpdateAzureRmVmss
Any idea ?
thank you

Import-AzureRmRedisCache : Long running operation failed with status 'Conflict'

I'm getting a strange error with PowerShell AzureRM 4.4.0. When I run Import-AzureRmRedisCache -ResourceGroupName $rg -Name $rediscache -Files $sasKeyForBlob -Force It runs for about 1 minute and the throws up the below error. The files are only 35KiB! I've searched the web and I can't find any reference to Long running operation failed with status 'Conflict'.
The Error:
Import-AzureRmRedisCache : Long running operation failed with status 'Conflict'.
At line:1 char:1
+ Import-AzureRmRedisCache -ResourceGroupName $rg -Name $rediscache -F ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Import-AzureRmRedisCache], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.RedisCache.ImportAzureRedisCache

TrustFailure Error Thrown When Using AWS Powershell

I am trying to use AWS powershell to update metadata for items in my S3 bucket. I am using the script:
Set-AWSCredentials -ProfileName S3Test ;
write-S3Object -BucketName myS3bucket `
-Key Folder/Subfolder/Myfile.txt `
-Content "Myfile.txt `
-Metadata #{"x-amz-meta-custommetadata" = "TESTMEtadata"} `
-Headers #{"Content-Type" = "binary/octet-stream"} ;
I am able to run this script successfully from my own account on my computer but when I try to automate this script using a service account I am getting the error message:
write-S3Object : A WebException with status TrustFailure was thrown.
At line:1 char:1
+ write-S3Object -BucketName myS3Bucket `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation:
(Amazon.PowerShe...eS3ObjectCmdlet:WriteS3ObjectCmdlet) [Write-S3Obje
t], InvalidOperationException
+ FullyQualifiedErrorId :
Amazon.Runtime.AmazonServiceException,Amazon.PowerShell.Cmdlets.S3.WriteS3ObjectCmdlet
From what I have found on similar issues I tried to add this line to my script:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ;
However this results in a different error message:
write-S3Object : A WebException with status RecieveFailure was thrown.
At line:1 char:1
+ write-S3Object -BucketName myS3Bucket `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation:
(Amazon.PowerShe...eS3ObjectCmdlet:WriteS3ObjectCmdlet) [Write-S3Obje
t], InvalidOperationException
+ FullyQualifiedErrorId :
Amazon.Runtime.AmazonServiceException,Amazon.PowerShell.Cmdlets.S3.WriteS3ObjectCmdlet
Does anyone have any idea what may be causing these problems and how I would be able to resolve them?
It seems liken a callback is run using what is defined in:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
I'm not exactly sure what triggers it based off of what I read but the callback seems to be set on service accounts.
Try setting it to:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null
Reference:
https://forrestbrazeal.com/2015/06/15/adventures-in-aws-the-worlds-scariest-stack-trace/
Check your date on the server.
I had the same error accessing AWS endpoints, but the solution was a touch simpler... I was testing a process where I set the date on the server back a couple of months, which caused the AWS connection process to throw the request out.

Get-AzureResource failing

I am automating the creation of an Azure web site and want to set the pricing tier. I found a few good articles (https://azure.microsoft.com/en-us/documentation/articles/powershell-azure-resource-manager/, http://www.troyhunt.com/2015/01/automating-web-hosting-creation-in.html) that pointed me to Get-AzureResource but I cannot get it to work.
I originally had AuthenticationFailed errors with the Azure 0.8 Powershell module then upgraded to 0.9.3. I now am getting two different errors depending on the parameters I supply to Get-AzureResource. I tried different ApiVersion switches, found that I'm running 2014-04-01-preview which concerns me a bit, and confirmed that my subscription supports AzureResourceManager via Get-AzureSubscriptions. What am I missing?
PS > Switch-AzureMode AzureResourceManager
WARNING: The Switch-AzureMode cmdlet is deprecated and will be removed in a future release.
$DebugPreference="Continue"
PS > Get-AzureResource -OutputObjectFormat New
DEBUG: 3:21:09 PM - GetAzureResourceCmdlet begin processing with ParameterSet 'Lists the resources based on the
specified scope.'.
DEBUG: 3:21:09 PM - using account id '###'...
Get-AzureResource : One or more errors occurred.
At line:1 char:1
+ Get-AzureResource -OutputObjectFormat New
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureResource], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementatio
n.GetAzureResourceCmdlet
PS > Get-AzureResource -Name NNNNNNN -ResourceGroupName Default-Web-EastUS -ResourceType Microsoft.Web/sites -ApiVersion 2015-05-01 -OutputObjectFormat New
DEBUG: 3:31:55 PM - GetAzureResourceCmdlet begin processing with ParameterSet 'Lists the resources based on thespecified scope.'.
DEBUG: 3:31:55 PM - using account id '#####'...
Get-AzureResource : {
"Error": {
"Code": "AuthenticationFailed",
"Message": "Authentication failed. The 'Authorization' header is not present or provided in an invalid format.",
"Target": null,
"Details": null
}
}
At line:1 char:1
+ Get-AzureResource -Name NNNNNNN -ResourceGroupName Default-Web-EastUS -Res ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureResource], ErrorResponseMessageException
+ FullyQualifiedErrorId : AuthenticationFailed,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.Get
AzureResourceCmdlet
The normal flow for managing Azure resources would be something like:
Switch-AzureMode -Name AzureResourceManager
Add-AzureAccount # windows pops up to enter Microsoft account credentials
Select-AzureSubscription -SubscriptionId '<sub-id>' # switch to the correct subscription
Get-AzureResource -Name <site-name> -ResourceGroupName <rg-name> -ResourceType Microsoft.Web/sites
It's possible that you missed one of these steps.