Forum Discussion
Domain Join Error while deploying HostPool
Jeff_Bryant thanks for the followup.
The wvd host pool wizard i was stepping through did allow me to specify a user principal [ / account ] as alternative to a service principal [ / aad application object id ] name/guid and client secret that i might expect can create more room for errors.
The issue it turns out was addressed by the easy to follow steps covered in
azure has no TenantCreator role -> https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/tenant-setup-azure-active-directory ->
where it covers what appears to be the one time requirement of creating "Windows Virtual Desktop" and "Windows Virtual Desktop Client" 1st party apps in ones azure ad tenant and then establishing the user used to provision the host pool to the TenantCreator role of the "Windows Virtual Desktop" app. Once i followed those instructions the wvd host pool wizard succeeded giving me a host pool operating against a pure azure ad environment with no on-premises or vm based gc/dc setups, just the azure ad domain services serverless gc/dc pair and my vnet that the host pool wouild be provisioned in setup with peering to aadds-vnet and its dns settings configured to use the ip's of the serverless gc/dc pair.
Is the url you provided [ https://portal.azure.com/#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/overview ] going to step me through a different wvd hostpool creation wizard experience than the create a resource | windows virtual desktop - provision a host pool | create [ https://portal.azure.com/?microsoft_aad_iam=true#create/rds.wvd-provision-host-poolpreview ] wizard experience i used does?
myusrn I used the second link (old way) and I don't see my host pool, which is working, listed under Windows Virtual Desktop | Host Pools. So I'm now going to implement a new one using the Spring Update but it seems you don't need to specify the SPN anymore . I'll let you know my experience once completed.
- myusrnJun 12, 2020Brass Contributor
Jeff_Bryant thanks for the clarifications and additional details that helps.
I will watch the suggested videos and attempt another wvd host pool setup but this time from the context of the services | Windows Virtual Desktop (preview) | host pool | add UI wizard as this appears to be process that creates a spring 2020 preview deployment versus the <resource group> | add | Windows Virtual Desktop - Provision a host pool UI wizard that it seems creates a fall 2019 deployment.
It appears that using the noted UI wizard to create fall 2019 wvd host pool deployments provides the option to specify a user principal or service principal [ / spn ] for identity with TenantCreate permissions versus some other method for creating one of these deployments being implied in prior exchanges of this thread, perhaps powershell cmdlets approach, that only provides option to specific a service principal for identity with TenantCreate permissions.
q1. I'm noticing that the spring 2020 deployment wizard, i.e. services | Windows Virtual Desktop (preview) | host pool | add UI wizard doesn't have the fall 2019 deployment wizard's "Windows Virtual Desktop Information" tab that asked for default wvd tenant group and tenant name and rds owner upn [ user principal or service principal ] that has "Windows Virtual Desktop" 1st party app TenantCreate role permissions assigned. Is collection of that information gone because its no longer used in spring 2020 deployment or is it gone because now it gets automatically provisioned for you using some automatically create user or service principal identity?
q2. I'm noticing that the spring 2020 deployment wizard, i.e. services | Windows Virtual Desktop (preview) | host pool | add UI wizard you can specify a Network Security Group [ nsg ] of None | Basic | Advanced. The informational bubble suggests one should use None and assign a nsg to the subnet versus managing things using nsg defined in wizard that gets applied to each vm instances network interface. Is that a correct interpretation of the guidance on that aspect of the wvd host pool networking setup?
q3. When creating multiple spring 2002 preview wvd host pool setups do they have to be isolated in different virtual networks or different subnets of the same parent virtual network or is it fine to have multiple host pools sharing the same virtual network and subnet address space?
q4. My attempt to use spring 2020 wvd host ppol template to create a windows 7 enterprise based pool produced this `Cannot process argument transformation on parameter 'rdshIs1809OrLater'` error which this https://techcommunity.microsoft.com/t5/windows-virtual-desktop/unable-to-deploy-window-host-for-azure-wvd/m-p/1414609#M4175 search hit said is an issue with deployment of windows 7 discussed in this https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/deploy-windows-7-virtual-machine article. Are we awaiting a spring 2020 wvd host pool deployment template update to enable using windows 7 enterprise images in addition to windows 10 ones?
- Jeff_BryantJun 12, 2020
Microsoft
myusrn Ah, sorry for the confusion.. That screen shot is for creating a host pool (from the marketplace) for the fall release and the pool will not appear under Windows Virtual Desktops, which is only for the spring update and future releases. Personally, I would not deploy any fall release components and focus on the spring update release; it will go GA sometime in June so you can use it for production use hopefully very soon. I think there is some community scripts out there to migrate from FR19 to SU20, but I would just build out SU20 from scratch if you only have a single host pool at this time.
Of the videos, #1,2,7,14 would not be that relevant since they only apply to fall release, all others certainly are valuable. If you want, start with #20 to show you the new release and then go back through the others.
As for Win7, you call select it from all images and disk in the gallery since it's not part of the drop down list. See the screen shot below...
-Jeff
- myusrnJun 10, 2020Brass Contributor
Jeff_Bryant thanks for link to youtube series on this subject with more information. Since its dated April 2019 and in this thread we've been discussing different experiences depending on if administrators used the Fall 2019 deployment template wizard or are using the new Spring 2020 deployment template wizard i'm wondering how much of that video content is still reflective of the current state of wvd.
The step of the wvd host pool wizard that is showing me a choice between entering a user principal or service principal, which i believe is what you are referring to with SPN, is in the final "Windows Virtual Desktop Information" step of wizard as shown in screen grab image that i'm attaching. This is tab where its asking about Wvd Tenant name that has been configured using powershell cmdlets and what user principal or service principal has been granted TenantCreator role permissions on the "Windows Virtual Desktop" 1st party app settings in azure ad.
Other questions that have come to mind in this process are . . .
q1. When i open all services | "windows virtual desktop" | manage | host pools its not showing the host pool i have configured and up and running. Is that service specific mgmt blade meant for old fall 2019 wvd setups and not new spring 2020 setups?
q2. I read somewhere that wvd host pool image gallery has support for windows 7 eosl [ end of support life ] extended to 2023 images and license for groups that had that unique requirement. I'm not seeing that windows 7 option in the host pool wizard vm image gallery selection drop down list.
- Jeff_BryantJun 10, 2020
Microsoft
The Fall 2019 release of WVD will not appear in the Azure portal under the Windows Virtual Desktop, which is only for Spring Update 2020 release. For the Fall release, you will need to continue using PowerShell or the web based management tool from GitHub to manage it. There is some plans on a migration path, but most find it easier to just start over with Spring Update. As for a naming convention, I would keep things different between releases; even keep them in different resource groups in Azure. The VM's definitely need to have different prefixes since they all will be part of the same Windows AD.
As for an SPN, that is only needed for the Fall release; I'm curious where during the Spring update host pool creation you were prompted for one? A credential is only needed for the domain join on the VM (if you're creating VM's during Host Pool creation).
Also, I'd encourage you to check out the WVD series a co-worker of mine put together: https://www.youtube.com/watch?v=qtx3rippZJQ&list=PL-V4YVm6AmwXGvQ46W8mHkpvm6S5IIitK
Watch #1 and then #20 to learn how to deploy both versions with specific steps.
-Jeff
- myusrnJun 10, 2020Brass Contributor
GR_C1pD i used the second link and i also don't see my working wvd host pool shown under that wvd host pools blade [ https://portal.azure.com/?microsoft_aad_iam=true#blade/Microsoft_Azure_WVD/WvdManagerMenuBlade/hostpools ] so i'm thinking that blade is for legacy setups.
Also using the second link to create my wvd host pool i was provided the option to define a user principal [ e.g. wvdadmin@mydomain.onmicrosoft.com ] or a service principal [ / application object id ] name where the user principal has azure ad "Windows Virtual Desktop" 1st party app TenantCreator role assignment. So still not sure what the difference is between the two links being discussed for creating wvd host pools at this time.
- GR_C1pDJun 10, 2020Copper Contributor
GR_C1pD just tried a new deployment for WVD ( Spring Update) and it's failing with this error
{ "code": "DeploymentFailed", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.", "details": [ { "code": "Conflict", "message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"DeploymentFailed\",\r\n \"message\": \"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.\",\r\n \"details\": [\r\n {\r\n \"code\": \"Conflict\",\r\n \"message\": \"{\\r\\n \\\"error\\\": {\\r\\n \\\"code\\\": \\\"PropertyChangeNotAllowed\\\",\\r\\n \\\"message\\\": \\\"Changing property 'availabilitySet.id' is not allowed.\\\",\\r\\n \\\"target\\\": \\\"availabilitySet.id\\\"\\r\\n }\\r\\n}\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}" } ] }
Investigating now but I believe it's because I already have the VM Prefix assigned to the old pool and, since my host pool is not visible in the new WVD , it is trying to create a machine with the same name.