Category: azure disk encryption
RobC_CTL on Thu, 22 Feb 2018 16:05:39
I've just expanded a couple of VMs data disks which is normally a quick process, the VM reboots and Linux automatically expands the partition to take advantage of the additional space. However this is not what I am seeing with encrypted data disks. The process of expanding the disk through the portal was the same. Once the VMs were back up I ran a df command and the data disk size hasn't changed, and one of the VMs the data disk is no longer mounted! However if I run sudo lshw -C disk I can see the data disks are present and showing the new size, to add to the fun the mount point have changed i.e. used to be /dev/sdc and is now /dev/sdd which means that FSTAB file is now out of date. However that can be fixed.
I suspect what is happening is the additional space is now being encrypted which has cause this odd behaviour, is that correct?
I notice that the disks are no longer showing as encrypted in the portal and running az vm encryption show from the cli the data disks are showing as NotEncrypted
If my suspicion is correct is there any way to monitor the progress of the encryption or is there process I can look for?
Adam Smith (Azure) on Mon, 26 Feb 2018 17:06:22
Monitoring Encryption Status:
You can monitor encryption status in different ways as mentioned in this article: Use the cmdlet and inspect the ProgressMessage field:
- Go to Azure Resource Explorer, and then expand this hierarchy in the selection panel on "margin-line-height:normal;background:whitesmoke;">Copy
In the InstanceView, scroll down to see the encryption status of your drives.
- Look at boot diagnostics. Messages from the ADE extension should be prefixed with .
- Sign in to the VM via SSH, and get the extension log from:
We recommend that you do not sign in to the VM while OS encryption is in progress. Copy the logs only when the other two methods have failed.
Have you followed the suggested steps mentioned here It advises to unmount the disk prior to expanding it, This should keep the same drive letter when it's already set in fstab.
Let me know if you have any other questions.
RobC_CTL on Mon, 26 Feb 2018 17:24:55
Thanks for the response, I have to admit I gave up trying to get the encrypted disks to expand, I tried the instructions from the link you sent, the issue was the resizepart command couldn't see the extra disk space. Anyway as they were data disks I removed them and re-created them.
Thanks for the info on visualising the process, one of the VMs is currently encrypting nicely. The other is reporting that encryption is complete....which I don't believe as both VMs were started at roughly the same time (same size data disks). The one that is still encrypting is at 7% (Premium storage) where the one that it's complete is on standard storage. The portal is suggesting that the disk is encrypted as you can see (VM1)
But if I look at the disks on VM1 it says it's not enabled
And just to add to the fun, this is the output of Get-AzureRmVMDiskEncryptionStatus:
Confused! which one is right?
Give me a Windows VM everyday of the week :)
Adam Smith (Azure) on Mon, 26 Feb 2018 18:38:55
Thanks for the detailed answer Rob! This could be related to a known issue that exists and which we are trying to fix, however, the Powershell command should reflect the correct status, meaning the Disks are not encrypted :( . Can you send me your Subscription ID to AzCommunity[AT]microsoft.com, add "ATTN:Adam", the forum post's link, and the name of the affected VMs so I can enable a free support ticket for you? This would enable the escalation team to thoroughly examine it the situation for you.
RobC_CTL on Tue, 27 Feb 2018 16:14:54
Thanks for the reply, I've tried to email the address provided but looks like it is a restricted group.
Adam Smith (Azure) on Tue, 27 Feb 2018 16:29:00
Hi Rob ,
I just replied to your email :)
RobC_CTL on Tue, 27 Feb 2018 16:34:49
Got it, thanks.