[Azure AI Search] Internal Server Error when creating CMK encrypted objects
![[Azure AI Search] Internal Server Error when creating CMK encrypted objects [Azure AI Search] Internal Server Error when creating CMK encrypted objects](https://cdn.techcommunity.microsoft.com/assets/Azure/BlogPreview_default-blue.png)
Scenario
Customers follow the Microsoft doc to create CMK encrypted objects (data source, index etc.), but get the 500 Internal Server Error:
{'error':{'code':'','message':'Could not use key vault key to wrap/unwrap the encryption key. {\\'Message\\':\\'An error has occurred.\\'}'}
Possible Causes
- The key vault host is incorrect, e.g. incorrect key vault domain.
- Action: check the keyVaultUri in the Json payload.
- The key vault host is inaccessible to search. For example, the key vault has public network access disabled but does not have a shared private link (SPL) configured from search.
- Action: check the SPL configurations or create a SPL.
Note that if the key vault Uri is correct or accessible, the error message due to a wrong key vault key name or version in the JSON payload is slightly different. The error message has the complete key vault key path.
{
"error": {
"code": "",
"message": "Could not use key vault key https://keyvaultname.vault.azure.net:443/keys/wrongkeyname to wrap/unwrap the encryption key. The key vault key cannot be found."
}
}
Published on:
Learn moreRelated posts
Creating an Agent with Actions in Azure AI Foundry
Azure AI Foundry is an Azure service where you can create agents using various LLMs (including your own). In this post we will look at how to ...
New Test Run Hub in Azure Test Plans
Delivering high-quality software is a necessity and that’s why Azure Test Plans has introduced the all-new Test Run Hub, an enabler for teams ...
Microsoft Teams: New SlimCore-based optimization for Microsoft Teams in VDI – support for MacOS on Citrix and Azure Virtual Desktops/Windows 365
This feature allows MAC endpoints to optimize Microsoft Teams in VDI environments with the new SlimCore-based media engine, providing an expan...
Microsoft Whiteboard: Azure to OneDrive migration progress update
Microsoft Whiteboard storage is migrating from Azure to OneDrive, starting February 2024 and completing by August 2025, with full deprecation ...
Copilot Studio: Azure AI Search Complete Setup Guide
Copilot Studio can use an Azure AI Search index as knowledge to answer Users questions ... The post Copilot Studio: Azure AI Search Complete S...
Microsoft Azure Fundamentals #1: Creating External Tenants in Entra ID: A Step-by-Step Guide
It is important to configure external tenants for different scenarios. In this post we can see how to create a tenant step by step so that it ...
Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025
Microsoft will enforce multifactor authentication (MFA) for all Azure resource management actions starting October 1, 2025, with a postponemen...
Azure Automation Custom Runtime Environments
A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Grap...
Dynamics 365 Customer Insights – Data – Export your data to Azure Data Lake Storage
We are announcing the general availability of the export to Azure Data Lake Storage (ADLS) feature in Dynamics 365 Customer Insights – Data on...
Dynamics 365 Business Central: Quickly find the Tenant ID, Azure AD Instance, and Tenant Scope from the domain (tenant) name without signing in
Hi, Readers.Today I would like to share another mini tip, how to quickly find the Tenant ID, Azure AD Instance, and Tenant Scope from the doma...