Forum Discussion

Copper Contributor

Mar 28, 2019

Solved

Windows Virtual Desktop - Your computer can't connect to Remote Desktop Gateway server

I have successfully deployed WVD to my MSDN tenant following the steps 1 and 2 in https://docs.microsoft.com/en-gb/azure/virtual-desktop/tenant-setup-azure-active-directory and https://docs.microsoft...

ray077
Mar 28, 2019
anthonyschneider365
I think I may have worked out my problem, I have been testing with a user account I setup in Azure AD. I have only just setup the tenant and AD domain to test WVD. I have just tested with an account I had created on the AD Server (Still in Azure but with AD Connect installed to sync to AAD) and this has worked fine. I have also created another AAD account and tried to connect to the desktop but this failed with the same error.

Interestingly I am getting prompted to enter my credentials again upon connection, not sure if I have missed something with the SSO settings?

whitelines

Copper Contributor

Aug 08, 2019

GuyPaddock Did you get anywhere with this? I have setup a host pool and when i try to connect to the remote desktop i see "opening remote port" then "We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help."

I see the same error as you did

ActivityId : 893b0a57-6f19-4e15-90b4-1950fabb0000
ActivityType : Connection
StartTime : 08/08/2019 14:31:50
EndTime : 08/08/2019 14:31:54
RoleInstances : rdwebclient;mrs-eus2r1c002-rdgateway-prod-staging::RD0003FF459018;mrs-eus2r1c002-rdbroker-prod-staging::RD0003FF45E902;≤dtwvd-0.DTWVD.local≥
Outcome : Failure
Status : Completed
Details : {[ClientOS, Win32 Chrome 75.0.3770.142], [ClientVersion, 1.0.18.5], [ClientType, HTML], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 08/08/2019 14:31:55
Checkpoints : {LoadBalancedNewConnection, TransportConnecting, TransportConnected}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}

Joakim Westin

Copper Contributor

Sep 18, 2019

whitelines I have the same issue. A user account source from on-premises AD synchronised to Azure AD can not connect. The account can login to the VM locally. But if we try via the Web Client the "Open connection" fails. This is a sample error:

PS C:\Users\joakim.westin> Get-RdsDiagnosticActivities -ActivityId 221789b4-3a84-4384-a25d-7040583f0000


ActivityId        : 221789b4-3a84-4384-a25d-7040583f0000
ActivityType      : Connection
StartTime         : 2019-09-18 09:24:17
EndTime           : 2019-09-18 09:24:23
UserName          : joakim.westin@x5music.com
RoleInstances     : rdwebclient;mrs-eus2r1c002-rdgateway-prod::RD0003FFF895CE;mrs-eus2r1c002-rdbroker-prod::RD0003FF45DB51;≤xsh-0.x5music.com≥
Outcome           : Failure
Status            : Completed
Details           :
LastHeartbeatTime : 2019-09-18 09:25:54
Checkpoints       :
Errors            :

what I see in the detailed logs is that the users SID is not the same as expected.

PS C:\Users\joakim.westin> (Get-RdsDiagnosticActivities -ActivityId 221789b4-3a84-4384-a25d-7040583f0000 -Detailed).Errors


ErrorSource       : RDBroker
ErrorOperation    : OrchestrateSessionHost
ErrorCode         : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage      : User joakim.westin@x5music.com: SID information in the database 'S-1-5-21-266129286-189420813-3044514089-5660' does not match S
                    ID information returned by agent 'S-1-5-21-1829173068-3133025792-290102247-1262' in the orchestration reply.. This scenario is
                    not supported - we will not be able to redirect the user session.
ErrorInternal     : False
ReportedBy        : RDGateway
Time              : 2019-09-18 09:24:22

So the question then becomes: What could be causing this? We have a local AD that is synchronizing to Azure AD. And we also have Azure AD Domain Services.... Anyone have any ideas?

TravisRoberts
Iron Contributor
Nov 15, 2019
Joakim Westin I spent some time on this a couple weeks ago and wrote a blog post about it. Basically, per MS documentation, only Azure AD sourced users are supported if the Session Host is Azure AD Domain Services joined. If users are sourced from Windows AD, the Session Host must be Windows AD joined.

https://www.ciraltos.com/windows-virtual-server-and-active-directory-requirements-and-azure-files-while-im-at-it/
- Christian_Montoya
  Microsoft
  Nov 15, 2019
  TravisRoberts Joakim Westin : As an update, we now support Azure AD Domain Services with users sourced from either Windows Server AD (hybrid) or Azure Active Directory (cloud).
  - sarahpotrick2573
    Copper Contributor
    Jan 16, 2020
    I have deployed my WVD environment usind domain controller . My deployment is successfull but I am unable to get inside my hostpool. I also checked if my users are synced properly and that is also working fine . I checked the diaognostics activities also through the powershell, it is stating that it is unable to sync the users and i.e the users do not exists in my directory, but everything is working fine and there is no problem with my domain controller.Christian_Montoya Following is the screenshots attached: