Forum Widgets
Latest Discussions
RTT information not available
Hi, We are having issues collecting RTT information from users in Australia East DC, the data is not being collected at all. This includes the latest Windows App and tried the latest AVD Remote desktop client, its really important we get this data as we have stood up new AVD pools and need to deal with connection issues. We have tried RTT on UDP and TCP only connections but get the same result. Users are just getting the calculating message and never succeeds: When looking in AVD Insights the data is not collected at all and just comes through as -1ms: We think this may be having a detrimental effect on UDP negotiation connections. Has anyone else come across this, we see no issues with the AVD Session Hosts and gone over the firewall, nothing should be blocking the data. Thanks Kevin
Kiosk Mode with Azure Virtual Desktop
Hello All, Just want to check if anyone using Kiosk mode with Azure Virtual Desktop (Remote Desktop client or Windows app). The purpose is to enhance the user experience. User just login on endpoint (preferably Windows 11) with their Domain credentials and as soon they login, they can get the Remote Desktop Client APP open where they can click on their assigned AVD and starts using. Please do share your thoughts and experience. Thanks
Bulk Start/Stop of Azure Virtual Desktop Session Hosts in a Host Pool via Single Trigger
Hi Community, We manage an Azure Virtual Desktop (AVD) host pool with a large number of session hosts (e.g., around 100), and we’re looking for a way to start or stop all session hosts in bulk using a single trigger—preferably via PowerShell or an API. Currently, we use a scheduled script that loops through each VM individually to start or stop them, but this approach doesn't scale well. We’ve noticed that the Azure Portal provides a one-click option to start or stop all session hosts in a host pool, and we’re trying to replicate that behavior programmatically. What We’re Looking For: A PowerShell command or script that can start/stop all session hosts in a host pool without iterating through each VM. If PowerShell doesn’t support this directly, is there an ARM template, Azure CLI command, REST API, or any other method that can be triggered from PowerShell to perform this bulk action? Any official documentation, community guidance, or examples from someone who has achieved this would be greatly appreciated. Goal: To simplify and optimize our automation by using a single command or API call to manage all session hosts in a host pool, rather than looping through each machine individually. Thanks in advance for your help and suggestions!
Windows App, pasting files hangs OS
Hi all, We’re experiencing an intermittent but frustrating issue when using the Windows App to connect to our Azure Virtual Desktop environment. Issue: When users attempt to copy and paste certain files from their local machine to the remote session, the operating system on the remote side hangs. The mouse still moves, and the clock continues to tick, but: -Start menu becomes unresponsive -Taskbar icons stop registering clicks -Desktop icons are frozen -No error messages appear This occurs sporadically and seems to affect files of varying sizes and types — 100KB up to 20MB. What we've tried: -Updating the Windows App to the latest version -Verifying clipboard redirection is enabled -Using MSTSC, and the Remote Desktop Store App. These work but don't support Session Pools, Remote -Apps, or SSO. -Using RemoteDesktop_1.2.6228.0 (MSI Install) Has the same issue as Windows App Environment: -Remote app hosted in Azure Virtual Desktop (AVD) -Users connecting from Windows 10/11 clients -Windows App version: 2.0.419.0, 2.0.420.0, and 2.0.500.0 All ideas welcome - is a major disruption to our business processes.RDP published app via RDS as RemoteApp windows shortcuts (ALT+TAB)
This is not a question but rather feature request. I'm not sure how up to this point no users complained about lack of functionality. Currently if remote terminal server client is published using RDS it will not accept windows key shortcuts (Alt+Tab, Win+R etc). This is a major lack of functionality especially for people who are using remote connection as a primary means to do their work. Similar solution developed by Citrix called Citrix Workspace doesn't have this issue. I'm sure it would be greatly appreciated by windows users who use remote connections and have mastered keyboard shortcuts for this feature to be added.
Latest Remote Desktop client not starting on W10 LTSB 1607
Hello. We're using about 50 thin-clients to connect to our AVD systems. The HP t530 thin-clients are running Windows 10 Enterprise 2016 LTSB / ver 1607 / build 14393 / RS1 and have the Remote Desktop client for Windows (msi) installed, with auto update enabled. This all worked fine until the most recent releases of the Remote Desktop client. Starting with version 1.2.6186 the app simply doesn't start anymore. There's no gui, no errors, nothing. Just for a few seconds the spinning blue circle next to the cursor. It does create msrdcw_xxx.etl files in %temp%\DiagOutputDir\RdClientAutoTrace, however i couldn't locate any obvious errors in it. Upgrading to 1.2.6187 does fixes the problem temporary (but that's probably because it's actually based on the older 1.2.6081 version). Upgrading to the latest releases 1.2.6188, 1.2.6227 and 1.2.6228 reintroduces the problem. It's not something in the thin-client image, also did a fresh Win10 1607 install with latest Windows Updates, same problem. Is there anything i can do or try, except blocking all future updates and staying on 1.2.6187?
Azure Virtual Desktop authentication loop
Hello, I have created my first Azure Virtual Desktop deployment. When I try to connect to a session host using the Azure Virtual Desktop Preview client, I get in an authentication loop where I get prompted to select my Azure AD account. The problem is similar to what is documented here AzureAD SSO appears to break with the exception that my account is not member of the local Administrators group and that I am in a pure Azure AD environment (there is no onprem ADDS or Azure ADDS in my technological environment). Here are the details of my setup: In Azure AD web console: - Created UserGroup1 - Added User1 to UserGroup1 - Assigned "Virtual Machine User Login" role to UserGroup1 on Resource group where the below Azure Virtual Desktop resources are created. - Created a Hostpool (Personal desktop) - Added 2 Session host to Hostpool (Azure AD Joined, Intune enrolled, Automatic user assignment) - Created Application group - Assigned Application group to Hostpool - Assigned a UserGroup1 to Application group - Created a Workspace - Assigned Application group to Workspace - Selected "Connection will use Azure AD authentication to provide single sign-on" in Connection information tab of RDP Properties of Hostpool - Added targetisaadjoined:i:1 in Advanced tab of RDP Properties of Hostpool On client computer: - Installed Azure Virtual Desktop Preview app from Microsoft Store (version 1.2.4419.0) - Launched Azure Virtual Desktop Preview app (connected to Workspace automatically, Session host appears) - Tried to access Session host (At this point, I enter in an authentication loop where I have to select my Azure AD account.) - Launched Microsoft Edge (Azure AD account profile selected) - Accessed https://client.wvd.microsoft.com/arm/webclient/v2/index.html (connected to Workspace automatically, Session host appears) - Tried to access Session host (At this point, I get the "Sign in failed. Please check your username and password and try again." error message. I am unable to enter other credential information since SSO is enabled. Access to other web resources using Azure AD SSO are working proving that my credentials information are OK.) Things I have checked: - User1 get automatically assigned to the first Session host in the Host pool - I can log on using the local Virtual Machine administrator if I disable Azure SSO by selecting "Connection will not use Azure AD single sign-on" in Connection information tab of RDP Properties of Hostpool - Legacy per-user multi-factor authentication sign-in method is disabled - Azure Windows VM Sign-In (372140e0-b3b7-4226-8ef9-d57986796201) and Microsoft Remote Desktop (a4a365df-50f1-4397-bc59-1a1564b8bb9c) are excluded from MFA Conditional Access policy (logs do not show that the user authentication is blocked by MFA) - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\pku2u\AllowOnlineID=1 on Session host and client computer - Session host can reach the URL listed in the "Troubleshoot deployment problems" section of Log in to a Windows virtual machine in Azure by using Azure AD including passwordless - Client computer meets the requirements described in the "Access Azure AD-joined VMs" section of Deploy Azure AD-joined virtual machines in Azure Virtual Desktop - Intune does not apply any configuration on Session host (Session host shows as compliant in Intune console) I perused Microsoft documentation, and I cannot find why SSO connection to Session host is not working with the setup described above. Anyone knows which configuration might be missing? ThanksSingle-Sign On
After troubleshooting an issue for a customer, we determined that the prerequisites for enabling SSO at the AVD host pool level is not strictly enforced when a user goes to execute the SSO workflow from MSRDC or the Windows App. Meaning, that if an administrator does not enable the -IsRemoteDesktopEnabled flag on the Service Principals "Microsoft Remote Desktop" and "Windows Cloud Login" respectively. Setup: Deploy Entra ID Joined session hosts to a host pool and enable the "Microsoft Entra single sign-on" RDP property to "Connections will use Microsoft Entra authentication to provide single sign-on" or update the RDP connection string with 'enablerdsaadauth:i:1'. Result: User will not receive the 'Windows Security' dialog box to access the session host with their Entra ID credentials. Caveat: Be aware that to sign in with Entra ID credentials, minimally, the host pool RDP settings must contain 'targetisaddjoined:i:1'. Microsoft states this is going away and blending into 'enablerdsaadauth:i:1', which also enables SSO. It seems a bit odd of a move in my opinion and having two separate RDP properties makes sense if a company does not want SSO. But it is in alignment with Microsoft's push for passwordless authentication. For the Microsoft AVD team, why does this behavior exist and is it on the roadmap to be fixed if it's a known gap?
Need advice on the architecture of a setup
I need a bit of a sanity check on something as I have been reading through documentation and not entirely sure if this is possible. We have a Microsoft Azure/365 tenant and all of our identities are currently Cloud-only. We recently decommissioned the last of our domain controllers, which used to be hosted in Azure. There is now a requirement to provide a small AVD environment, 5 users to pilot initially, with the ability to be able to scale up if this is successful. We want to be able to use FSLogix to store user profiles. We want to avoid going back to having a DC in Azure if possible, so considered using Entra ID Domain Services instead. I have since: Deployed an instance of Entra DS - Standard SKU Configured Synchronisation and filtered its scope to a specific Security Group containing only a test account initially. Reset the password on the test account as a pre-requisite for PW Hash Sync. Created a pooled Host Pool, added a single SH (W11 24H2 Multisession) and joined it to Entra ID. Created a Premium storage account, provisioned a share, configured identity-based access with Microsoft Entra Domain Services, added the relevant IAM roles to the storage account using the relevant security group. Created a Private Endpoint and DNS zone for access to the storage account. Configured Entra ID SSO using Microsoft Graph explorer, added the correct RDP property. I got to a point where I can happily sign in to the Session host using either Web or Windows Client, haven't even started configuring FSLogix at this stage. Wanted to make sure I could access the storage account first, so browse to the UNC path e.g. storageaccountname.file.core.windows.net and get prompted for credentials. When I manually enter credentials (and these are the exact same as I'm using to sign in to the Session Host, e.g. email address removed for privacy reasons / password) I get the expected access, but obviously don't want to be entering these manually. So I guess my question is: is SSO to a storage account configured to authenticate with Entra DS possible from an Entra ID Joined VM possible, or would I be better off joining the VM to Entra DS instead? I think I'm either missing a simple step or designing this in a way that won't work. Any help would be greatly appreciated.
