Key Vault ID Does Not Match Key Vault's True Resource ID

0
votes

I'm trying to resize an Azure VM, but getting the error below. The key vault is enabled for deployment.

The VM is in ResourceGroupB but the Key Vault is in a different resource group. I'm not sure how the Key Vault was ever associated with ResourceGroupB, or why the VM has made it some dependency to make any change.

I've been working with Azure support, but my tech is either more lost than I am or this is an uncommon occurrence. I'm hoping it's the prior. It's just not clear how to dissociate the vault from the VM.

I tried disabling the secret version in question but that had no effect. On instructions by the tech, I stopped the machine and now it will not come back up so I'm a bit desperate. Thanks for any suggestions!

Provisioning failed. Key Vault https://[NameOfKeyVault].vault.azure.net/secrets/[NameOfSecret]/[VersionGuid] either has not been enabled for deployment or the vault id provided, /subscriptions/[SubscriptionId]/resourceGroups/[ResourceGroupB]/providers/Microsoft.KeyVault/vaults/[NameOfKeyVault], does not match the Key Vault's true resource id.KeyVaultAccessForbidden

1
azureazure-keyvault
how did you create KeyVault?Sajeetharan
@Sajeetharan I did not create it, someone no longer on my team did.clickatwill
What region is the VM and the Key Vault in and what kind of secret is it? There are some region limitations with Virtual Machines and Key Vaults being in different regions.DreadedFrost

1 Answers

0
votes

In general, the VM associates the azure keyvault with the MSI, try to disable the MSI of your VM(you can enable it anytime later).

Navigate to your VM in the portal-> Identity -> check System assigned, if it was On, turn it to Off -> check User assigned, if it was associated with a user-assigned MSI, remove it, then refresh the portal and try to resize your VM.