Sunday, September 17, 2017

A .NET update broke my Azure Backup

I am currently working at a client where we are making use of Azure Backup to keep one of our critical servers backed up.  As this is production, we have been fairly diligent about keeping our servers up to date.  It turns out that a .NET patch broke the Azure backup process.  This post talks a bit about this.

During a routine check of my provisioned Azure services, I noticed that my critical server was not being backed up.  Here is a sample error report that I got.



Umm... what?  I took a look at the troubleshooting steps and followed all the steps. 

1) My server is protected by NSGs, but we do not limit outbound communication, so that was fine. 

2) The agent seemed to be communicating (the portal was getting the correct information)

3)  I attempted rebooting ( no luck) and reinstalling the guest agent (also no luck)

The only thing I could tell was that it stopped (a) the last time we patched and (b) it errors out on the "take snapshot" step.

I ended up contacting support and the problem ended up being that a .NET update had happened, and a couple of registry keys has been blown away.  These registry keys have to do with the type of encryption used for TLS (by the .NET framework).  For reference, here they are:



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SchUseStrongCrypto"=dword:00000001

 Adding these allowed me to get past the "take snapshot" step, and I started to have successful backups.  Hope that helps!