Forum Discussion

StevenR's avatar
StevenR
Brass Contributor
Dec 27, 2024

Health state unavailable DomainTrustCheck failed

H, we are building an AVD environment (not for the first time) and sporadically VM's will show Health state in Host pool as unavailable, iv you click on the effected VM it will say DomainTruestCheck ...
Kidd_Ip's avatar
Kidd_Ip
MVP
Dec 28, 2024

Try on below:

 

  • Check Event Logs: Look at the event logs on both the VM and the domain controller for any errors related to domain trust or authentication. Sometimes, specific error codes can give more insight into what's going wrong.
  • Update Domain Controllers: Ensure that your domain controllers are fully updated and that there are no known issues with the latest updates. Sometimes, updates can introduce bugs that affect domain trust.
  • Verify Synchronization: Make sure that your Azure AD and on-premises AD are properly synchronized. You can use the nltest /sc_verify:<domain_name> command to verify the trust relationship.
  • Registry Settings: There might be a known issue with registry settings on the domain controllers. You can try setting the ApplyDefaultDomainPolicy registry key to 0 as a workaround.
  • StevenR's avatar
    StevenR
    Brass Contributor
    Dec 30, 2024

    Hi thanks for your reply, ive checked all of that and find no issues, ive looked on the event logs of one of the AVD's and in remote desktop services i get an error "CheckSessionHostTrustToDomainAsync - SessionHost unhealthy: SessionHost lost trust relationship with the domain mydomain" however if i run domain checks it comes back as no issue, then follows straight up with a warning "Op='DomainTrustHealthCheck' already set. Ignoring resultType=Success" which reads like its saying its ignoring the fact it came back with success but i could be misinterpreting that. theres a fairly useless log in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RDInfraAgent\HealthCheckReport which keeps returning failed if i do checks clear log then restart rdagent.

    • StevenR's avatar
      StevenR
      Brass Contributor
      Dec 31, 2024

      Potentially this was either a duff DC or a duplicate SPN, due to the intermittent effect its hard to know which it was but after some 30+ reboots/start shutdown/start's they all come back online as healthy/available every time. 

       

      Other DC's all server 2019, removed one was 2025, all the checks came back as healthy but i had noticed DNS was not replicating and network location needed alot of work to be domain, so as it was a New VM i decided to get rid before it became more important rather than spend many more hours trying to resolve the DC issue. will likely use 2022 instead

Resources