azurerm_linux_virtual_machine Cannot update encryption properties

[mpjtaylor]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.3

AzureRM Provider Version

3.110.0

Affected Resource(s)/Data Source(s)

azurerm_linux_virtual_machine, azurerm_windows_virtual_machine

Terraform Configuration Files

resource "azurerm_windows_virtual_machine" "virtualmachine_windows" {
  name                          = local.virtual_machine_name
  computer_name                 = "hostname"
  resource_group_name           = data.azurerm_resource_group.virtualmachine.name
  location                      = var.location
  size                          = var.vm_size
  admin_username                = local.virtual_machine_username
  admin_password                = local.virtual_machine_password
  license_type                  = local.virtual_machine_license
  enable_automatic_updates = false
  network_interface_ids = [
    azurerm_network_interface.virtualmachine[0].id
  ]
  os_disk {
    name                      = "${local.virtual_machine_name}${coalesce(var.disk_profiles.new_machine.operating_system.disk_name, "_OSDisk")}"
    caching                   = var.disk_profiles.new_machine.operating_system.disk_caching
    storage_account_type      = var.disk_profiles.new_machine.operating_system.disk_storage_account_type
    disk_size_gb              = var.disk_profiles.new_machine.operating_system.disk_size
    write_accelerator_enabled = var.disk_profiles.new_machine.operating_system.disk_write_accelerator
    disk_encryption_set_id    = var.disk_profiles.disk_cmk_encryption ? azurerm_disk_encryption_set.encryption[0].id : null
  }
  source_image_id = local.management_gallery_image
  }
}

Debug Output/Panic Output

Error: updating encryption settings of OS Disk "_OSDisk" for Linux Virtual Machine "zagotlndpp01002_OSDisk" (Resource Group "zzzzz"): performing Update: unexpected status 400 (400 Bad Request) with error: BadRequest: Cannot update encryption properties for disk '_OSDisk' because it already has incremental snapshot(s). Please delete all existing incremental snapshots for source disk '_OSDisk' to update and create new incremental snapshots after updating the encryption properties.

Expected Behaviour

Apply works fine using azurerm version

Actual Behaviour

Create or Update Disk Failed

Cannot update encryption properties for disk '_OSDisk' because it already has incremental snapshot(s).

Steps to Reproduce

terraform apply

Important Factoids

Works on earlier provider version 3.103.1

References

No response

[harshavmb]

Hi @mpjtaylor ,

I couldn't replicate with the above configuration you shared. Have you setup any backup vaults on these VMs?

[mpjtaylor]

yes backup is configured.

[harshavmb]

Can you share that configuration here? It seems to be happening in tandem with that.

[mpjtaylor]

resource "azurerm_backup_protected_vm" "protected_intent_azurerm" { resource_group_name = data.azurerm_recovery_services_vault.vault[0].resource_group_name recovery_vault_name = data.azurerm_recovery_services_vault.vault[0].name source_vm_id = local.virtual_machine_id backup_policy_id = local.support_backup_policy_id }