Loading...

[Azure AI Search] Internal Server Error when creating CMK encrypted objects

[Azure AI Search] Internal Server Error when creating CMK encrypted objects

Scenario

Customers follow the Microsoft doc to create CMK encrypted objects (data source, index etc.), but get the 500 Internal Server Error:

{'error':{'code':'','message':'Could not use key vault key to wrap/unwrap the encryption key. {\\'Message\\':\\'An error has occurred.\\'}'}


Possible Causes

  • The key vault host is incorrect, e.g. incorrect key vault domain.
    • Action: check the keyVaultUri in the Json payload.
  • The key vault host is inaccessible to search. For example, the key vault has public network access disabled but does not have a shared private link (SPL) configured from search. 
    • Action: check the SPL configurations or create a SPL. 

Note that if the key vault Uri is correct or accessible, the error message due to a wrong key vault key name or version in the JSON payload is slightly different. The error message has the complete key vault key path.

{
"error": {
"code": "",
"message": "Could not use key vault key https://keyvaultname.vault.azure.net:443/keys/wrongkeyname to wrap/unwrap the encryption key. The key vault key cannot be found."
}
}

Published on:

Learn more
Azure PaaS Blog articles
Azure PaaS Blog articles

Azure PaaS Blog articles

Share post:

Related posts

Creating an Agent with Actions in Azure AI Foundry

Azure AI Foundry is an Azure service where you can create agents using various LLMs (including your own). In this post we will look at how to ...

1 day ago

New Test Run Hub in Azure Test Plans

Delivering high-quality software is a necessity and that’s why Azure Test Plans has introduced the all-new Test Run Hub, an enabler for teams ...

3 days ago

Microsoft Teams: New SlimCore-based optimization for Microsoft Teams in VDI – support for MacOS on Citrix and Azure Virtual Desktops/Windows 365

This feature allows MAC endpoints to optimize Microsoft Teams in VDI environments with the new SlimCore-based media engine, providing an expan...

3 days ago

Microsoft Whiteboard: Azure to OneDrive migration progress update

Microsoft Whiteboard storage is migrating from Azure to OneDrive, starting February 2024 and completing by August 2025, with full deprecation ...

4 days ago

Copilot Studio: Azure AI Search Complete Setup Guide

Copilot Studio can use an Azure AI Search index as knowledge to answer Users questions ... The post Copilot Studio: Azure AI Search Complete S...

6 days ago

Microsoft Azure Fundamentals #1: Creating External Tenants in Entra ID: A Step-by-Step Guide

It is important to configure external tenants for different scenarios. In this post we can see how to create a tenant step by step so that it ...

6 days ago

Azure Information Protection: Enable multifactor authentication for your Azure tenant by October 1, 2025

Microsoft will enforce multifactor authentication (MFA) for all Azure resource management actions starting October 1, 2025, with a postponemen...

9 days ago

Azure Automation Custom Runtime Environments

A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Grap...

9 days ago

Dynamics 365 Customer Insights – Data – Export your data to Azure Data Lake Storage

We are announcing the general availability of the export to Azure Data Lake Storage (ADLS) feature in Dynamics 365 Customer Insights – Data on...

9 days ago

Dynamics 365 Business Central: Quickly find the Tenant ID, Azure AD Instance, and Tenant Scope from the domain (tenant) name without signing in

Hi, Readers.Today I would like to share another mini tip, how to quickly find the Tenant ID, Azure AD Instance, and Tenant Scope from the doma...

12 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy