ghost
commented
2 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jaspkaur28.
Issue Details
## Description I am getting a BadRequest error when trying to run Set-AzAutomationAccount to add customer managed keys to my automation account. When running with the -debug, I get the response below. ```Body: { "code": "BadRequest", "message": "'Soft Delete’ and 'Do Not Purge' feature is not enabled on the key vault. To use Azure Automation with customer managed keys , both of these features must be turned on to allow for recovery of keys in case of accidental deletion. For more details see aka.ms/AACMK " } ``` ## Steps to reproduce Login to Azure Government and run the command below. ```powershell Set-AzAutomationAccount ` -ResourceGroupName $resourceGroup ` -Name $automationAccount ` -AssignSystemIdentity ` -KeyName $keyName ` -KeyVaultUri $vaultURI ` -KeyVersion $keyVersion ` -KeyVaultEncryption ``` ## Environment data ``` Name Value ---- ----- PSVersion 5.1.19041.1237 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.19041.1237 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 ``` ## Module versions ```powershell Directory: C:\Users\Johnny C\Documents\WindowsPowerShell\Modules ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 1.4.7 PackageManagement {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...} Directory: C:\Program Files\WindowsPowerShell\Modules ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Script 2.5.3 Az.Accounts {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollectio... Script 1.9.3 Az.Accounts {Disable-AzDataCollection, Disable-AzContextAutosave, Enable-AzDataCollectio... Script 1.1.1 Az.Advisor {Get-AzAdvisorRecommendation, Enable-AzAdvisorRecommendation, Disable-AzAdvi... Script 1.2.0 Az.Aks {Get-AzAksCluster, New-AzAksCluster, Remove-AzAksCluster, Import-AzAksCreden... Script 1.1.4 Az.AnalysisServices {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServicesServer, Get-AzAn... Script 2.1.0 Az.ApiManagement {Add-AzApiManagementApiToGateway, Add-AzApiManagementApiToProduct, Add-AzApi... Script 1.1.0 Az.ApplicationInsights {Get-AzApplicationInsights, New-AzApplicationInsights, Remove-AzApplicationI... Script 1.7.1 Az.Automation {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHybridWorkerGroup, Ge... Script 1.4.0 Az.Automation {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHybridWorkerGroup, Ge... Script 3.1.0 Az.Batch {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAccountKey, New-AzBat... Script 1.0.3 Az.Billing {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollmentAccount, Get-AzC... Script 1.4.3 Az.Cdn {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfile, Remove-AzCdnPro... Script 1.5.1 Az.CognitiveServices {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAccountKey, Get-AzCo... Script 4.3.1 Az.Compute {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAvailabilitySet, Upd... Script 1.0.3 Az.ContainerInstance {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzContainerGroup, Get-Az... Script 1.1.1 Az.ContainerRegistry {New-AzContainerRegistry, Get-AzContainerRegistry, Update-AzContainerRegistr... Script 1.1.0 Az.DataBoxEdge {Get-AzDataBoxEdgeJob, Get-AzDataBoxEdgeDevice, Invoke-AzDataBoxEdgeDevice, ... Script 1.10.0 Az.DataFactory {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFactoryV2, Remove-Az... Script 1.0.2 Az.DataLakeAnalytics {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalyticsCatalogCredential... Script 1.2.8 Az.DataLakeStore {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeStoreTrustedIdProvid... Script 1.0.0 Az.DataShare {New-AzDataShareAccount, Get-AzDataShareAccount, Remove-AzDataShareAccount, ... Script 1.1.0 Az.DeploymentManager {Get-AzDeploymentManagerArtifactSource, New-AzDeploymentManagerArtifactSourc... Script 1.0.0 Az.DesktopVirtualization {Disconnect-AzWvdUserSession, Get-AzWvdApplication, Get-AzWvdApplicationGrou... Script 1.0.2 Az.DevTestLabs {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolicy, Get-AzDtlAutoSt... Script 1.1.2 Az.Dns {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRecordSet, Set-AzDns... Script 1.3.0 Az.EventGrid {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGridTopic, New-AzEve... Script 1.5.0 Az.EventHub {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzEventHubNamespace, ... Script 1.6.1 Az.FrontDoor {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove-AzFrontDoor...} Script 1.0.1 Az.Functions {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Get-AzFunctionAppPla... Script 3.5.0 Az.HDInsight {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wait-AzHDInsightJob,... Script 1.1.0 Az.HealthcareApis {New-AzHealthcareApisService, Remove-AzHealthcareApisService, Set-AzHealthca... Script 2.5.0 Az.IotHub {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-AzIotHubConnectionS... Script 2.1.0 Az.KeyVault {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, Stop-AzKeyVaultCer... Script 1.3.2 Az.LogicApp {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccountAssembly, Get-Az... Script 1.1.3 Az.MachineLearning {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssociation, Get-AzMlComm... Script 1.1.0 Az.Maintenance {Get-AzApplyUpdate, Get-AzConfigurationAssignment, Get-AzMaintenanceConfigur... Script 1.1.0 Az.ManagedServices {Get-AzManagedServicesAssignment, New-AzManagedServicesAssignment, Remove-Az... Script 1.0.2 Az.MarketplaceOrdering {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms} Script 1.1.1 Az.Media {Sync-AzMediaServiceStorageKey, Set-AzMediaServiceKey, Get-AzMediaServiceKey... Script 2.1.0 Az.Monitor {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile, Get-AzLogProfile... Script 3.3.0 Az.Network {Add-AzApplicationGatewayAuthenticationCertificate, Get-AzApplicationGateway... Script 1.1.1 Az.NotificationHubs {Get-AzNotificationHub, Get-AzNotificationHubAuthorizationRule, Get-AzNotifi... Script 2.3.0 Az.OperationalInsights {New-AzOperationalInsightsAzureActivityLogDataSource, New-AzOperationalInsig... Script 1.3.1 Az.PolicyInsights {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSummary, Get-AzPolic... Script 1.1.2 Az.PowerBIEmbedded {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspaceCollection, Get-... Script 1.0.3 Az.PrivateDns {Get-AzPrivateDnsZone, Remove-AzPrivateDnsZone, Set-AzPrivateDnsZone, New-Az... Script 2.11.1 Az.RecoveryServices {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServicesVault, Get-AzRe... Script 1.2.1 Az.RedisCache {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheScheduleEntry, Get-AzRedi... Script 1.0.3 Az.Relay {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNamespace, Remove-Az... Script 2.5.0 Az.Resources {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzRoleAssignment, New... Script 1.4.1 Az.ServiceBus {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set-AzServiceBusNames... Script 2.1.0 Az.ServiceFabric {Add-AzServiceFabricClientCertificate, Add-AzServiceFabricClusterCertificate... Script 1.2.0 Az.SignalR {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSignalRKey...} Script 2.9.1 Az.Sql {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlDatabaseTransparentDat... Script 1.1.0 Az.SqlVirtualMachine {New-AzSqlVM, Get-AzSqlVM, Update-AzSqlVM, Remove-AzSqlVM...} Script 2.5.0 Az.Storage {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStorageAccount, New-Az... Script 1.3.0 Az.StorageSync {Invoke-AzStorageSyncCompatibilityCheck, New-AzStorageSyncService, Get-AzSto... Script 1.0.1 Az.StreamAnalytics {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefaultFunctionDefiniti... Script 1.0.0 Az.Support {Get-AzSupportService, Get-AzSupportProblemClassification, Get-AzSupportTick... Script 1.0.4 Az.TrafficManager {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTrafficManagerCustomHe... Script 1.11.0 Az.Websites {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServicePlan, Remove-Az... Script 5.1.2 Azure {Get-AzureAutomationCertificate, Get-AzureAutomationConnection, New-AzureAut... Script 1.0.1 Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation} Binary 1.0.0.1 PackageManagement {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...} Script 3.4.0 Pester {Describe, Context, It, Should...} Script 1.0.0.1 PowerShellGet {Install-Module, Find-Module, Save-Module, Update-Module...} Script 2.0.0 PSReadline {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remove-PSReadLineKeyHan... Directory: C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules ModuleType Version Name ExportedCommands ---------- ------- ---- ---------------- Manifest 1.0.0.0 AppBackgroundTask {Disable-AppBackgroundTaskDiagnosticLog, Enable-AppBackgroundTaskDiagnosticL... Manifest 2.0.0.0 AppLocker {Get-AppLockerFileInformation, Get-AppLockerPolicy, New-AppLockerPolicy, Set... Manifest 1.0.0.0 AppvClient {Add-AppvClientConnectionGroup, Add-AppvClientPackage, Add-AppvPublishingSer... Manifest 2.0.1.0 Appx {Add-AppxPackage, Get-AppxPackage, Get-AppxPackageManifest, Remove-AppxPacka... Script 1.0.0.0 AssignedAccess {Clear-AssignedAccess, Get-AssignedAccess, Set-AssignedAccess} Manifest 1.0.0.0 BitLocker {Unlock-BitLocker, Suspend-BitLocker, Resume-BitLocker, Remove-BitLockerKeyP... Manifest 2.0.0.0 BitsTransfer {Add-BitsFile, Complete-BitsTransfer, Get-BitsTransfer, Remove-BitsTransfer...} Manifest 1.0.0.0 BranchCache {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disable-BCDowngrading...} Manifest 1.0.0.0 CimCmdlets {Get-CimAssociatedInstance, Get-CimClass, Get-CimInstance, Get-CimSession...} Manifest 1.0 ConfigCI {Get-SystemDriver, New-CIPolicyRule, New-CIPolicy, Get-CIPolicy...} Manifest 1.0 ConfigDefender {Get-MpPreference, Set-MpPreference, Add-MpPreference, Remove-MpPreference...} Manifest 1.0 Defender {Get-MpPreference, Set-MpPreference, Add-MpPreference, Remove-MpPreference...} Manifest 1.0.2.0 DeliveryOptimization {Delete-DeliveryOptimizationCache, Set-DeliveryOptimizationStatus, Get-Deliv... Manifest 1.0.0.0 DirectAccessClientComponents {Disable-DAManualEntryPointSelection, Enable-DAManualEntryPointSelection, Ge... Script 3.0 Dism {Add-AppxProvisionedPackage, Add-WindowsDriver, Add-WindowsCapability, Add-W... Manifest 1.0.0.0 DnsClient {Resolve-DnsName, Clear-DnsClientCache, Get-DnsClient, Get-DnsClientCache...} Manifest 1.0.0.0 EventTracingManagement {Start-EtwTraceSession, New-EtwTraceSession, Get-EtwTraceSession, Update-Etw... Manifest 2.0.0.0 International {Get-WinDefaultInputMethodOverride, Set-WinDefaultInputMethodOverride, Get-W... Manifest 1.0.0.0 iSCSI {Get-IscsiTargetPortal, New-IscsiTargetPortal, Remove-IscsiTargetPortal, Upd... Script 1.0.0.0 ISE {New-IseSnippet, Import-IseSnippet, Get-IseSnippet} Manifest 1.0.0.0 Kds {Add-KdsRootKey, Get-KdsRootKey, Test-KdsRootKey, Set-KdsConfiguration...} Manifest 1.0.1.0 Microsoft.PowerShell.Archive {Compress-Archive, Expand-Archive} Manifest 3.0.0.0 Microsoft.PowerShell.Diagnostics {Get-WinEvent, Get-Counter, Import-Counter, Export-Counter...} Manifest 3.0.0.0 Microsoft.PowerShell.Host {Start-Transcript, Stop-Transcript} Manifest 1.0.0.0 Microsoft.PowerShell.LocalAccounts {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser, Get-LocalGroup...} Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path...} Script 1.0 Microsoft.PowerShell.ODataUtils Export-ODataEndpointProxy Manifest 3.0.0.0 Microsoft.PowerShell.Security {Get-Acl, Set-Acl, Get-PfxCertificate, Get-Credential...} Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Format-List, Format-Custom, Format-Table, Format-Wide...} Manifest 3.0.0.0 Microsoft.WSMan.Management {Disable-WSManCredSSP, Enable-WSManCredSSP, Get-WSManCredSSP, Set-WSManQuick... Manifest 1.0 MMAgent {Disable-MMAgent, Enable-MMAgent, Set-MMAgent, Get-MMAgent...} Manifest 1.0.0.0 MsDtc {New-DtcDiagnosticTransaction, Complete-DtcDiagnosticTransaction, Join-DtcDi... Manifest 2.0.0.0 NetAdapter {Disable-NetAdapter, Disable-NetAdapterBinding, Disable-NetAdapterChecksumOf... Manifest 1.0.0.0 NetConnection {Get-NetConnectionProfile, Set-NetConnectionProfile} Manifest 1.0.0.0 NetDiagnostics Get-NetView Manifest 1.0.0.0 NetEventPacketCapture {New-NetEventSession, Remove-NetEventSession, Get-NetEventSession, Set-NetEv... Manifest 2.0.0.0 NetLbfo {Add-NetLbfoTeamMember, Add-NetLbfoTeamNic, Get-NetLbfoTeam, Get-NetLbfoTeam... Manifest 1.0.0.0 NetNat {Get-NetNat, Get-NetNatExternalAddress, Get-NetNatStaticMapping, Get-NetNatS... Manifest 2.0.0.0 NetQos {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, New-NetQosPolicy} Manifest 2.0.0.0 NetSecurity {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPsecMainModeCryptoPro... Manifest 1.0.0.0 NetSwitchTeam {New-NetSwitchTeam, Remove-NetSwitchTeam, Get-NetSwitchTeam, Rename-NetSwitc... Manifest 1.0.0.0 NetTCPIP {Get-NetIPAddress, Get-NetIPInterface, Get-NetIPv4Protocol, Get-NetIPv6Proto... Manifest 1.0.0.0 NetworkConnectivityStatus {Get-DAConnectionStatus, Get-NCSIPolicyConfiguration, Reset-NCSIPolicyConfig... Manifest 1.0.0.0 NetworkSwitchManager {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEthernetPort, Get-Ne... Manifest 1.0.0.0 NetworkTransition {Add-NetIPHttpsCertBinding, Disable-NetDnsTransitionConfiguration, Disable-N... Manifest 1.0.0.0 PcsvDevice {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restart-PcsvDevice...} Binary 1.0.0.0 PersistentMemory {Get-PmemDisk, Get-PmemPhysicalDevice, Get-PmemUnusedRegion, New-PmemDisk...} Manifest 1.0.0.0 PKI {Add-CertificateEnrollmentPolicyServer, Export-Certificate, Export-PfxCertif... Manifest 1.0.0.0 PnpDevice {Get-PnpDevice, Get-PnpDeviceProperty, Enable-PnpDevice, Disable-PnpDevice} Manifest 1.1 PrintManagement {Add-Printer, Add-PrinterDriver, Add-PrinterPort, Get-PrintConfiguration...} Binary 1.0.12 ProcessMitigations {Get-ProcessMitigation, Set-ProcessMitigation, ConvertTo-ProcessMitigationPo... Script 3.0 Provisioning {Install-ProvisioningPackage, Export-ProvisioningPackage, Install-TrustedPro... Manifest 1.1 PSDesiredStateConfiguration {Set-DscLocalConfigurationManager, Start-DscConfiguration, Test-DscConfigura... Script 1.0.0.0 PSDiagnostics {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WSManTrace, Enable-P... Binary 1.1.0.0 PSScheduledJob {New-JobTrigger, Add-JobTrigger, Remove-JobTrigger, Get-JobTrigger...} Manifest 2.0.0.0 PSWorkflow {New-PSWorkflowExecutionOption, New-PSWorkflowSession, nwsn} Manifest 1.0.0.0 PSWorkflowUtility Invoke-AsWorkflow Manifest 1.0.0.0 ScheduledTasks {Get-ScheduledTask, Set-ScheduledTask, Register-ScheduledTask, Unregister-Sc... Manifest 2.0.0.0 SecureBoot {Confirm-SecureBootUEFI, Set-SecureBootUEFI, Get-SecureBootUEFI, Format-Secu... Manifest 2.0.0.0 SmbShare {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbShareAccess...} Manifest 2.0.0.0 SmbWitness {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw...} Manifest 1.0.0.1 StartLayout {Export-StartLayout, Import-StartLayout, Export-StartLayoutEdgeAssets, Get-S... Manifest 2.0.0.0 Storage {Add-InitiatorIdToMaskingSet, Add-PartitionAccessPath, Add-PhysicalDisk, Add... Manifest 1.0.0.0 StorageBusCache {Clear-StorageBusDisk, Disable-StorageBusCache, Disable-StorageBusDisk, Enab... Manifest 2.0.0.0 TLS {New-TlsSessionTicketKey, Enable-TlsSessionTicketKey, Disable-TlsSessionTick... Manifest 1.0.0.0 TroubleshootingPack {Get-TroubleshootingPack, Invoke-TroubleshootingPack} Manifest 2.0.0.0 TrustedPlatformModule {Get-Tpm, Initialize-Tpm, Clear-Tpm, Unblock-Tpm...} Binary 2.1.639.0 UEV {Clear-UevConfiguration, Clear-UevAppxPackage, Restore-UevBackup, Set-UevTem... Manifest 2.0.0.0 VpnClient {Add-VpnConnection, Set-VpnConnection, Remove-VpnConnection, Get-VpnConnecti... Manifest 1.0.0.0 Wdac {Get-OdbcDriver, Set-OdbcDriver, Get-OdbcDsn, Add-OdbcDsn...} Manifest 2.0.0.0 Whea {Get-WheaMemoryPolicy, Set-WheaMemoryPolicy} Manifest 1.0.0.0 WindowsDeveloperLicense {Get-WindowsDeveloperLicense, Unregister-WindowsDeveloperLicense, Show-Windo... Script 1.0 WindowsErrorReporting {Enable-WindowsErrorReporting, Disable-WindowsErrorReporting, Get-WindowsErr... Manifest 1.0.0.0 WindowsSearch {Get-WindowsSearchSetting, Set-WindowsSearchSetting} Manifest 1.0.0.0 WindowsUpdate Get-WindowsUpdateLog Manifest 1.0.0.2 WindowsUpdateProvider {Get-WUAVersion, Get-WULastInstallationDate, Get-WULastScanSuccessDate, Get-... ``` ## Debug output ``` DEBUG: 4:52:49 PM - SetAzureAutomationAccount begin processing with ParameterSet 'KeyVaultEncryption'. DEBUG: 4:52:51 PM - using account id 'johnny.chapman.ph@a4.projecthosts.com'... DEBUG: [Common.Authentication]: Authenticating using Account: 'johnny.chapman.ph@a4.projecthosts.com', environment: 'AzureUSGovernment', t enant: '
| Author: | johnnycchapman |
|---|---|
| Assignees: | - |
| Labels: | `Automation`, `Service Attention`, `question`, `customer-reported`, `needs-triage` |
| Milestone: | - |
jaspkaur28
johnnycchapman
Description
I am getting a BadRequest error when trying to run Set-AzAutomationAccount to add customer managed keys to my automation account. When running with the -debug, I get the response below.
Steps to reproduce
Login to Azure Government and run the command below.
Environment data
Module versions
Debug output
Error output