Forum Discussion
Unable to connect to Azure Remote Deskop after updates
After KB5020435 is applied to the AVD session hosts, and after updating the remote client's Remote Desktop app version beyond 1.2.3213, clients are unable to connect to the session hosts. After authe...
After a lot of troubleshooting, we found that removing the enablerdsaadauth:i:1 setting from the RDP settings of the host pool, users are able to connect again. This parameter was set to enable a more seamless Azure Active Directory authentication experience, but we did not realize this was a preview feature. We have a ticket open with Microsoft support and we are awaiting further information on how we can reenable this functionality.
fmagic We are facing the issue. Is there any feedback or update from Microsoft? I knew remove enablerdsaadauth:i:1 or set enablerdsaadauth:i:0 can be a workaround. But it means Azure AD authentication (SSO) not enabled. Don't know why it works for Mac or iPhone/iPad but can't work for Windows.
Paul_Wang It seems that we were able to solve this problem by setting up a KDC Proxy, which is as simple as publishing a Remote Desktop Gateway server, with a valid SSL certificate. On the same screen where you enable Azure Active Directory authentication in the host pool, there is an option to enter the KDC Proxy (the RD Gateway). You don't have to do much configuration on the RD Gateway server other than setting up the SSL certificate. This is the link that Microsoft support provided to us:
Set up Kerberos Key Distribution Center proxy Azure Virtual Desktop - Azure | Microsoft Learn
Thanks fmagic ! You gave me the troubleshooting direction. But I don't know if we have Remote Desktop Gateway server setup in our environment. Can you guide me how to validate/setup it? Is it an on-premised server or an Azure cloud server? Can it be setup on any Windows Server? Or, must be configured on some specific server?
Paul_Wang The link in the previous message has everything I know about it. The server can be on-premises or in the Azure cloud, as long as it has connectivity to your AD Domain Services domain (it needs to be domain-joined.) We deployed our RDG in our Azure cloud, and then published port 443 on it via the Network Security Group attached to the Azure VM NIC.