Forum Discussion
Domain Join Error while deploying HostPool
Sometimes its working fine as i tried to deployed it yesterday and it got executed successfully, But again i am getting the same error related to domain join. Is there any restriction for the azure test account which is causing the issue.
Regards,
Pratik
Attaching error for you reference once again.
Error: Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'testext'. Error message: \"Exception(s) occured while joining Domain 'rupni.onmicrosoft.com'\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "
on virtual_machine_extensions.tf line 1, in resource "azurerm_virtual_machine_extension" "domainJoin":
1: resource "azurerm_virtual_machine_extension" "domainJoin" {
1. Did you deploy AADDS or did you create a VM to be your DC?
2. Are you specifying the domain name and/or OU in the host pool template? This is an optional step, but if the information entered is not correct, the domain join extension can fail even though you have confirmed the user account and password is correct.
3. Is the host pool VM on the same subnet as where the ADDS/DC is running?
3. Are you able to join a VM to the domain manually? (create a VM, RDP to VM, join to domain from system properties)
4. The link in the error message below has some good steps to follow, including a review of the domain join logs which are on the VM.
I would focus on making sure you can join a VM to the domain manually and consistently before trying to troubleshoot the domain join extension. This will confirm that there are no networking related issues between the VM and the DC as well as confirm we are entering the correct domain name, username/password.
wrt q1 . i deployed aadds
wrt q2. i'm specifying <domainname>.onmicrosoft.com should i just be specifying netbios<domainname> and not the fully qualified dns domain name?
wrt q3. i'm deploying hostpool to a separate vnet that has peer to peer network connection with aadds_vnet
wrt q4. i've successfully establishted a point to site vpn connection to vnet that wvd host pool vms are being deployed to and then successfully joined a localhost hyper-v hosted win10 install to that cloud aadds_vnet hosted azure ad domain services gc/dc pair using the sam mailto:vmjoiner@mydomain.onmicrosoft.com account i provided the wvd host pool template.
given all that not sure what i do differently next to get my first wvd host pool deployment to succeed past the vm domain join step.
Jeff_Bryant I don't have any VM in Azure at the moment and no VPN with the AD on-prem.
1) None of them. Can I deploy AADDS without having issue with my on prem AD and AAD Connect?
2)Yes I did
3)New Vnet and new subnet no
What do you suggest ? AADDS or replicate a DC into Azure on a new VM?
WVD requires both Azure AD (AAD) and Windows Active Directory (AD). This means you will need to either deploy the Domain Controller role on a VM running in Azure, or use an existing DC on-prem. Since you already have a DC on-prem with AAD connect, it would be ideal if you could connect your Azure VNET and your on-prem network together (S2S VPN, Express Route), that way, VM's in Azure could join your Windows AD domain on-prem. If you had the network setup between them, you could also extend Windows AD into Azure by creating a VM in Azure and adding another DC to the domain and that is the best recommendation.
Since you already have Windows AD and AAD connect on-prem, you dont need AADDS. AADDS is great for those who don't have any DC's running anywhere and are not familiar with setting up Windows AD because the VM's, the DC role and domain are deployed and managed for you as an Azure service.
Also, if you try setting up a new DC in Azure and create a new Windows AD domain and then try to sync to an existing AAD with AAD Connect, it is not supported. Different Windows AD forests must be synced through a single AAD connect sync server.
If you just want to test WVD in a lab environment and have zero impact with your on-prem environment, I would create a new Azure AD domain, then create a VM in Azure to become a DC for a new Windows AD domain, then deploy AAD connect and sync. From there, you should be able to manually domain join a VM to that Windows AD domain and if so, you should be able to proceed with WVD host pool creation.
-Jeff
Pratik_Mishra I have the same issue.
I'm running an hybrid environment with AAD Connect.
This is my first VM on my Azure subscription.
It seems to work randomly. I have deployed with the same settings the Host Pool last week and I haven't received any error.
Since, I'm testing it. I have delete the previous deployment and started again. I have done following the https://docs.microsoft.com/en-gb/azure/virtual-desktop/virtual-desktop-fall-2019/tenant-setup-azure-active-directory
My error at the moment is :
{ "code": "DeploymentFailed", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.", "details": [ { "code": "Conflict", "message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'joindomain'. Error message: \\\"Exception(s) occured while joining Domain 'cipd.onmicrosoft.com'\\\"\\r\\n\\r\\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot \"\r\n }\r\n ]\r\n }\r\n}" } ] }
