Azure Recovery Services “Invalid Vault Credentials”

I was recently setting up Azure Recovery Services for a customer and was struggling to install the Azure Vault Credentials during the “Register Server” step.  Each time I would install I received the following error message:

2016-05-13_9-47-00

Invalid vault credentials provided. The file is either corrupted or does not have the latest credentials associated with recovery service. (ID: 34513)
We recommend you download a new vault credentials file from the portal and use it within 2 days.

I reviewed the Azure Recovery Services logs (C:\Program Files\Microsoft Azure Recovery Services Agent\Temp) and found some mostly generic .NET errors about being unable to communicate with the server.  I attempted to connect via the Azure Backup PowerShell cmdlets which returned the following error:

Login-AzureRmAccount : The browser based authentication dialog failed to complete. Reason: The request could not be processed by the server due to invalid syntax.

On a bit of a hunch, I looked into the Security Providers settings for the server to see if any client protocols and been adjusted and noticed that they had all been hardened and a lot of ciphers client ciphers were disabled beyond the defaults.
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

2016-05-13_14-41-43

I compared these settings against another server and then removed all of the additional entries back to the defaults (after backing up the changes):

2016-05-13_14-55-41

After that my Azure PowerShell connection worked perfectly:

2016-05-13_14-57-44

From there I had to remove all of the old machine certificates added through all of the failed attempts…

2016-05-13_15-04-06

Finally a re-install of the agent and a re-register of the server completed successfully.

2016-05-13_15-14-36

About AJ McKean

Based in sunny Tauranga, New Zealand, AJ McKean is a Senior Systems Engineer in Mt Maunganui. With over 15 years of professional IT experience working in both New Zealand and the United States, he holds several certifications including MCSE(2000-2003), MCITP:Enterprise(2008), MCSA(2012), VMware VCP-DCV5.5, CompTIA A+ & is an HP Storage Architect. He is passionate about all things IT, especially virtualization, automation & cloud technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *