Azure Recovery Services “Invalid Vault Credentials”
I was recently setting up Azure Recovery Services for a customer and was struggling to install the Azure Vault Credentials during the “Register Server” step. Each time I would install I received the following error message:
Invalid vault credentials provided. The file is either corrupted or does not have the latest credentials associated with recovery service. (ID: 34513)
We recommend you download a new vault credentials file from the portal and use it within 2 days.
I reviewed the Azure Recovery Services logs (C:\Program Files\Microsoft Azure Recovery Services Agent\Temp) and found some mostly generic .NET errors about being unable to communicate with the server. I attempted to connect via the Azure Backup PowerShell cmdlets which returned the following error:
Login-AzureRmAccount : The browser based authentication dialog failed to complete. Reason: The request could not be processed by the server due to invalid syntax.
On a bit of a hunch, I looked into the Security Providers settings for the server to see if any client protocols and been adjusted and noticed that they had all been hardened and a lot of ciphers client ciphers were disabled beyond the defaults.
I compared these settings against another server and then removed all of the additional entries back to the defaults (after backing up the changes):
After that my Azure PowerShell connection worked perfectly:
From there I had to remove all of the old machine certificates added through all of the failed attempts…
Finally a re-install of the agent and a re-register of the server completed successfully.