Forum Discussion
Domain Join Error while deploying HostPool
1. Did you deploy AADDS or did you create a VM to be your DC?
2. Are you specifying the domain name and/or OU in the host pool template? This is an optional step, but if the information entered is not correct, the domain join extension can fail even though you have confirmed the user account and password is correct.
3. Is the host pool VM on the same subnet as where the ADDS/DC is running?
3. Are you able to join a VM to the domain manually? (create a VM, RDP to VM, join to domain from system properties)
4. The link in the error message below has some good steps to follow, including a review of the domain join logs which are on the VM.
I would focus on making sure you can join a VM to the domain manually and consistently before trying to troubleshoot the domain join extension. This will confirm that there are no networking related issues between the VM and the DC as well as confirm we are entering the correct domain name, username/password.
Jeff_Bryant I don't have any VM in Azure at the moment and no VPN with the AD on-prem.
1) None of them. Can I deploy AADDS without having issue with my on prem AD and AAD Connect?
2)Yes I did
3)New Vnet and new subnet no
What do you suggest ? AADDS or replicate a DC into Azure on a new VM?
- Jeff_BryantMay 05, 2020Microsoft
WVD requires both Azure AD (AAD) and Windows Active Directory (AD). This means you will need to either deploy the Domain Controller role on a VM running in Azure, or use an existing DC on-prem. Since you already have a DC on-prem with AAD connect, it would be ideal if you could connect your Azure VNET and your on-prem network together (S2S VPN, Express Route), that way, VM's in Azure could join your Windows AD domain on-prem. If you had the network setup between them, you could also extend Windows AD into Azure by creating a VM in Azure and adding another DC to the domain and that is the best recommendation.
Since you already have Windows AD and AAD connect on-prem, you dont need AADDS. AADDS is great for those who don't have any DC's running anywhere and are not familiar with setting up Windows AD because the VM's, the DC role and domain are deployed and managed for you as an Azure service.
Also, if you try setting up a new DC in Azure and create a new Windows AD domain and then try to sync to an existing AAD with AAD Connect, it is not supported. Different Windows AD forests must be synced through a single AAD connect sync server.
If you just want to test WVD in a lab environment and have zero impact with your on-prem environment, I would create a new Azure AD domain, then create a VM in Azure to become a DC for a new Windows AD domain, then deploy AAD connect and sync. From there, you should be able to manually domain join a VM to that Windows AD domain and if so, you should be able to proceed with WVD host pool creation.
-Jeff
- myusrnJun 07, 2020Brass Contributor
Jeff_Bryant, Pratik_Mishra , GR_C1pD the fix in my case was to change the DNS setting in my virtual network that my wvd host pool was being deployed to from "Default" to Custom and in there i entered the aadds-vnet issued private ip addresses for the two serverless GC/DC setups. Those GC/DC setups are present because i'm trying to create a wvd host pool without the existence of an on-premises AD environment or an azure set of diy VM GC/DC configurations.
This issue and fix was detailed in the following . . .
VM has reported a failure when processing extension 'joindomain'. Error message ->
https://techcommunity.microsoft.com/t5/windows-virtual-desktop/joindomain-conflict/m-p/727866 ->
https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-issues%C2%A0 -> "Cause 3: Your virtual network (VNET) DNS configuration is set to Default." defined fix.
Now the wvd host pool template is failing at point with this message
"VM has reported a failure when processing extension 'dscextension'. Error message: "DSC Configuration 'CreateHostPoolAndRegisterSessionHost' completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Test-TargetResource functionality with error message: Windows Virtual Desktop Authentication Failed . . ."- Jeff_BryantJun 09, 2020Microsoft
myusrn What version of WVD are you trying to deploy? I would focus on the Spring Update because you don't need to deal with creating an SPN that is used by the DSC script to deploy the host pools and register the session hosts, which is likely why you are getting that error.
Go here to create a host pool
https://portal.azure.com/#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/overview
-Jeff
- GR_C1pDMay 20, 2020Copper ContributorI managed to create the VPN S2S On-prem - Azure.
I'm now going to create a VM in Azure and promote a DC as a new DC of my forest on-prem.
I believe this should allow me to join VM to the domain.- Jeff_BryantMay 20, 2020Microsoft
GR_C1pD Yes, you are on the right path for it to work! Dont forget to update the DNS server settings on the VNET once you promote the VM to a DC, if it will also contain the DNS role. If you are leaving DNS on-prem, then update VNET DNS to point to that DNS server on prem. Any other VM's you deploy on the VNET will get the DNS server settting automatically; you dont want to hardcode that into the IP properties of the VM.
-Jeff