Open
Description
Description
Description:
I am trying to re-protect a VM that is part of a Virtual Machine Scale Set (VMSS) using Azure Site Recovery (ASR) between two regions (West-Europe as the source region and North-Europe as the target region).
Steps to reproduce
- I have VMs running in West-Europe within a VMSS. I want to protect these VMs using the Azure Recovery Services Vault, which is located in North-Europe.
- I define the target VMSS and target zone when initiating the replication via Terraform. These properties are then saved in the VM’s settings.
- When I perform a failover from West-Europe to North-Europe via RSV in the portal, the replication VM is successfully created in the VMSS in North-Europe.
- Now, I want to re-protect the VM through the Recovery Services Vault. When I do this via the portal, I cannot select a Virtual Machine Scale Set. The re-protect process runs, and I can see that after re-protecting, the zones in the properties of the VM are swapped (the original zone and the target zone are reversed).
- I can then successfully failover the VM from North-Europe back to West-Europe via RSV in the portal, and it works as expected.
- After the failback, I try to re-protect the VM again via the portal, but now I encounter an error. The error states that the source VM is in a scale set, so the target VM must also be in a scale set (see first error below). However, I cannot specify the scale set in that step in the portal.
- As a workaround, I wrote a PowerShell script as Azure Automation Runbook (see simplified script below) to add the scale set to the re-protect command 'Update-AzRecoveryServicesAsrProtectionDirection'. However, when I attempt to add the scale set, I now receive a different error stating that the zone of the VM is either not set or doesn’t match the scale set’s zone (see second error below).
- I then tried to set the correct zone via PowerShell command 'Set-AzRecoveryServicesAsrReplicationProtectedItem -InputObject $ReplicatedItem -RecoveryAvailabilityZone $Zone' but this will lead to the error stating that properties of replication VMs can only be changed in state "Protected" which I can only achieve by re-protecting the VM (see third error below).
My observation:
- It seems to me that the PowerShell command tries to set the Scale Set before swapping the zones of the replicated Item leading to the zone-error.
Expected Behavior:
I wanna be able to re-protect my VM in a VMSS after Failback. This fails via Portal so I want at least the
- PowerShell module to handle zone mismatches automatically or allow for manual adjustment of the zone during re-protection
Current Behavior:
- When I attempt to re-protect the VM, either the scale set or the zone configuration is incorrect, leading to a deadlock where I cannot proceed with the re-protection.
Any help or insights into resolving this would be greatly appreciated.
Issue script & Debug output
param (
[string[]]$VmNames = @("vm1"),
[string]$ResourceGroupSourceName = "rg-source",
[string]$ResourceGroupTargetName = "rg-target",
)
# Connect to Azure (Managed Identity assumed)
Connect-AzAccount -Identity
# Dummy Vault and Protection Values
$Vault = Get-AzRecoveryServicesVault -Name "vault-name" -ResourceGroupName "rg-backup"
Set-AzRecoveryServicesAsrVaultContext -Vault $Vault
$Fabric = Get-AzRecoveryServicesAsrFabric -Name "fabric-name"
$Container = Get-AzRecoveryServicesAsrProtectionContainer -Name "container-name" -Fabric $Fabric
$Mapping = Get-AzRecoveryServicesAsrProtectionContainerMapping -ProtectionContainer $Container | Where-Object { $_.Name -eq "mapping-name" }
# Dummy Target Info
$TargetRgId = (Get-AzResourceGroup -Name $ResourceGroupTargetName).ResourceId
$VmssId = (Get-AzVmss -ResourceGroupName $ResourceGroupTargetName | Where-Object { $_.Name -like "*vmss*" }).Id
foreach ($VmName in $VmNames) {
$Item = Get-AzRecoveryServicesAsrReplicationProtectedItem -FriendlyName $VmName -ProtectionContainer $Container
if ($Item.ProtectionStateDescription -eq "Failover committed") {
$Config = @()
foreach ($disk in $Item.ProviderSpecificDetails.A2ADiskDetails) {
$Config += New-AzRecoveryServicesAsrAzureToAzureDiskReplicationConfig -ManagedDisk -DiskId $disk.RecoveryTargetDiskId
}
Update-AzRecoveryServicesAsrProtectionDirection -AzureToAzure \
-ProtectionContainerMapping $Mapping \
-AzureToAzureDiskReplicationConfiguration $Config \
-ReplicationProtectedItem $Item \
-RecoveryResourceGroupId $TargetRgId \
-RecoveryVirtualMachineScaleSetId $VmssId
Write-Output "Re-protection initiated for $VmName"
} else {
Write-Output "VM $VmName not in correct state. Skipping."
}
}Environment data
Directory: C:\usr\src\PSModules
ModuleType Version PreRelease Name PSEdition ExportedCommands
---------- ------- ---------- ---- --------- ----------------
Binary 1.0 Automation.Sandbox.AssetManagement… Desk {Get-AutomationVariable, Set-AutomationV…Module versions
Version Name
------- ----
11.2.0 Az
3.0.4 Az.Accounts
2.0.0 Az.Advisor
6.0.0 Az.Aks
1.1.4 Az.AnalysisServices
4.0.2 Az.ApiManagement
1.0.0 Az.App
1.3.0 Az.AppConfiguration
2.2.3 Az.ApplicationInsights
1.0.0 Az.ArcResourceBridge
2.0.0 Az.Attestation
1.0.0 Az.Automanage
1.10.0 Az.Automation
3.5.0 Az.Batch
2.0.3 Az.Billing
3.1.1 Az.Cdn
2.0.0 Az.CloudService
1.14.1 Az.CognitiveServices
7.1.1 Az.Compute
1.0.0 Az.ConfidentialLedger
4.0.0 Az.ContainerInstance
4.1.3 Az.ContainerRegistry
1.14.0 Az.CosmosDB
1.1.0 Az.DataBoxEdge
1.7.1 Az.Databricks
1.18.0 Az.DataFactory
1.0.3 Az.DataLakeAnalytics
1.3.0 Az.DataLakeStore
2.2.0 Az.DataProtection
1.0.1 Az.DataShare
1.1.0 Az.DeploymentManager
4.3.0 Az.DesktopVirtualization
1.1.0 Az.DevCenter
1.0.2 Az.DevTestLabs
1.2.0 Az.Dns
1.6.0 Az.EventGrid
4.2.0 Az.EventHub
1.10.0 Az.FrontDoor
4.0.7 Az.Functions
6.1.0 Az.HDInsight
2.0.0 Az.HealthcareApis
2.7.5 Az.IotHub
5.1.0 Az.KeyVault
2.3.0 Az.Kusto
1.0.0 Az.LoadTesting
1.5.0 Az.LogicApp
1.1.3 Az.MachineLearning
1.0.0 Az.MachineLearningServices
1.4.1 Az.Maintenance
1.2.0 Az.ManagedServiceIdentity
3.0.0 Az.ManagedServices
2.0.0 Az.MarketplaceOrdering
1.1.2 Az.Media
2.2.0 Az.Migrate
5.0.0 Az.Monitor
1.1.1 Az.MySql
7.3.0 Az.Network
1.0.0 Az.NetworkCloud
1.1.2 Az.NotificationHubs
3.2.0 Az.OperationalInsights
1.6.4 Az.PolicyInsights
1.1.0 Az.PostgreSql
2.0.0 Az.PowerBIEmbedded
1.0.4 Az.PrivateDns
6.7.0 Az.RecoveryServices
1.8.1 Az.RedisCache
1.2.0 Az.RedisEnterpriseCache
2.0.0 Az.Relay
1.2.0 Az.ResourceMover
6.13.0 Az.Resources
1.5.1 Az.Security
3.1.1 Az.SecurityInsights
3.0.0 Az.ServiceBus
3.3.2 Az.ServiceFabric
2.0.0 Az.SignalR
4.13.0 Az.Sql
2.1.0 Az.SqlVirtualMachine
2.2.3 Az.StackHCI
6.1.0 Az.Storage
1.3.0 Az.StorageMover
2.1.1 Az.StorageSync
2.0.0 Az.StreamAnalytics
1.0.0 Az.Support
3.0.5 Az.Synapse
1.2.2 Az.TrafficManager
3.1.2 Az.WebsitesError output
Error ID
-------------
150405
Error Message
-------------
Enable replication failed for VM: 'xxxxx'
Possible causes
-------------
The source virtual machine is in a virtual machine scale set. Site Recovery requires the target virtual machine scale set to be provided for such VMs.
Recommendation
-------------
Please provide the value for target virtual machine scale set.
-----------------------------------------------------------------------------------------------------------
Error ID
-------------
28168
Error Message
-------------
Target virtual machine scale set: 'xxxxx' is zonal and target availability zone is not specified.
Possible causes
-------------
Target virtual machine scale set is zonal and target availability zone is not specified.
Recommendation
-------------
Make sure that target availability zone is same as the zone or present in one the zones of the target virtual machine scale set.
-----------------------------------------------------------------------------------------------------------
Error ID
-------------
150132
Error Message
-------------
Could not update the properties of the virtual machine 'xxxxx'.
Possible causes
-------------
The virtual machine is not in a state where its properties can be updated. Only protected VMs can have their properties updated, failed over VMs cannot.
Recommendation
-------------
Check the last executed operation on the virtual machine.