Azure / avdaccelerator

AVD Accelerator deployment automation to simplify the setup of AVD (Azure Virtual Desktop) based on best practices
MIT License
338 stars 212 forks source link

managedDisk.securityProfile.securityEncryptionType' is missing (null) #686

Open gusdellazure opened 3 weeks ago

gusdellazure commented 3 weeks ago

What happened? Provide a clear and concise description of the bug, including deployment details.

Issue with deploying .GOV

"code": "DeploymentFailed", "target": "/subscriptions/cf4d6247-bf51-42e6-9dd5-XXXXXXX/resourceGroups/rg-avd-avd-prod-va-service-objects/providers/Microsoft.Resources/deployments/MGMT-VM-20241015T003002Z", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.", "details": [ { "code": "BadRequest", "message": "Required parameter for Confidential VMs 'managedDisk.securityProfile.securityEncryptionType' is missing (null)." } ] }

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

What was the expected outcome?

No response

Relevant log output

No response

danycontre commented 3 weeks ago

@gusdellazure thank you for your feedback, we are reviewing it.

chbragg commented 2 weeks ago

@gusdellazure What VM SKU are you using? It's my understanding that Azure Government only has one type of Confidential Compute VM SKU available and it is the Intel SGX style of Confidential compute (DCs_v2). The SGX Confidential VMs do the Confidential Computing differently and that type doesn't leverage the "Confidential" Security Type for your VM settings. To check if that setting is available in your SKU type, you can try to create a new VM in the portal with your SKU and try to select the Confidential option under Security Type. The other way is to run this Azure CLI command to see if it's listed as an attribute on the VM SKU. If the ConfidentialComputeType shows null, then you can only use TrustedLaunch or Standard for that VM SKU.

az vm list-skus --location usgovvirginia --resource-type virtualMachines --query "[?contains(name, 'DC') || contains(name, 'EC') || contains(name, 'NCC')].{Name:name, ConfidentialComputeType:capabilities[?name=='ConfidentialComputingType'].value | [0]}" --output json

Please reference this to learn more about the Confidential Compute options. https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-computing-deployment-models

chbragg commented 1 week ago

@gusdellazure , is your issue resolved when you deploy with the supported settings around Confidential Compute or Trusted Launch as described above?