![]() ![]() Confirm that ADE is enabled on the disk.Take the following steps before attaching the failed OS disk to a repair VM: As a final step, you can replace the OS disk on the original VM with this newly repaired version. After the disk is unlocked, you can repair it. The procedures in this article describe methods you can use to attach an encrypted OS disk to a repair VM and then unlock that disk. ![]() This BEK (and, optionally, a key-encrypting key that encrypts or "wraps" the BEK) will be stored in an Azure key vault that's managed by your organization. To unlock the disk, you must use the same BitLocker encryption key (BEK) that was originally used to encrypt it. However, if the disk is encrypted by using ADE, the disk will remain locked and inaccessible while it's attached to the repair VM until you unlock the disk. For example, if a Windows VM is inaccessible, displays disk errors, or cannot start, you can run troubleshooting steps on the OS disk by attaching it to a separate repair VM (also called a recovery VM or rescue VM). Some troubleshooting scenarios require you to perform offline repair of a virtual disk in Azure. You'll be unable to do any mitigations on that disk from a repair VM until the disk is unlocked. In this case, Azure Disk Encryption (ADE) is enabled on the disk. If you are repairing the OS disk of a Windows VM offline, the disk might appear locked when it is attached to the repair VM, as shown below. This article describes how to unlock an encrypted OS disk on a separate virtual machine (called a repair VM) to enable offline remediation and troubleshooting on that disk. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |