Forum Discussion

jirimartinek's avatar
jirimartinek
Copper Contributor
Oct 01, 2024

Bug in Windows App? AVD/WVD/Private Link/Workspace

Hello, 

Situation is this:

Both Windows App and Azure Remote Desktop are in a private network.

The host pool communication has been switched to a private link, and public access is disabled (Both).

We are also trying to use a private endpoint for the workspace.

If workspace access is disabled, the Windows App stops working, but the older Remote Desktop client continues to work correctly.

It looks like the new Windows App uses an additional URL compared to Remote Desktop. And the URL remains public. (I am not sure if this is due to DNS, communication not being available inside the private endpoint, or both.)

 

Do you have similar experience? Is it known bug? Is there workaround?

I did not try switch the global feed discovery to private, because our other workspaces need to be reachable  from outside.

How is it with the additional security provided by moving feeds download to private network, does it make sense at all? or Is it over security?

5 Replies

  • leonjackee6's avatar
    leonjackee6
    Copper Contributor
    Feb 01, 2025

    It is like the Windows App might be trying to access public URLs for feed discovery, even with the private link in place. It could be a DNS issue or related to how the app resolves endpoints. Switching the global feed discovery to private might help with security, but it could impact external access for other workspaces. Worth testing in a controlled environment first!

  • jasveith's avatar
    jasveith
    Copper Contributor
    Oct 05, 2024

    jirimartinek 

    This 100% describes the issue I'm having as well.  Were you able to figure out how to make the Windows App work when you have (1) Workspace accessible to "public" and (1) Workspace accessible to "private"?

     

    - Jason

    • jirimartinek's avatar
      jirimartinek
      Copper Contributor
      Oct 06, 2024

      jasveith ,Unfortunately, no. In my opinion, we have only two options: either switch the host pool to a private network while keeping the workspace public or delay using the Windows app. We’ve decided to go with the second option, hoping Microsoft will resolve the issue soon

  • Kidd_Ip's avatar
    Kidd_Ip
    MVP
    Oct 02, 2024

    jirimartinek 

     

    Please refer below on some insights:

     

    1. Additional URL usage

    2. DNS and Private Endpoint

    3. Global Feed Discovery

     

    • michaeljipping's avatar
      michaeljipping
      Copper Contributor
      Jan 31, 2025

      We seem to be having this same issue.  Is there an updates on this Topic.

      - We have the Workspace dedicated for global-feed as mentioned in " https://learn.microsoft.com/en-us/azure/virtual-desktop/private-link-setup?tabs=azure%2Cportal%2Cportal-2"

      - Workspace with no public access and a private endpoint for initial feed.

      - session host has no public access with a private endpoint deployed

      Our AVD Client gives us this error.  although Onpremise Firewall shows the 443 and 3390 traffic being allowed.  

      Any help or guidance with this topic is greatly appreciated


Resources