AAD joined AVD - SessionHost is not joined to a domain

%3CLINGO-SUB%20id%3D%22lingo-sub-2590221%22%20slang%3D%22en-US%22%3EAAD%20joined%20AVD%20-%20SessionHost%20is%20not%20joined%20to%20a%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2590221%22%20slang%3D%22en-US%22%3E%3CP%3ESo%2C%20ive%20been%20testing%20the%20ability%20to%20using%20AAD%20to%20'domain%20join'%20AVD%20Hosts.%20Its%20not%20working%20for%20me.%20I%20get%20%22Status%20-%20Unavailable%22%20shown%20against%20the%20host.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20view%20the%20JSON%20I%20see%20-%3C%2FP%3E%3CP%3E%22healthCheckName%22%3A%20%22DomainJoinedCheck%22%2C%3CBR%20%2F%3E%22healthCheckResult%22%3A%20%22HealthCheckFailed%22%2C%3CBR%20%2F%3E%22additionalFailureDetails%22%3A%20%7B%3CBR%20%2F%3E%22message%22%3A%20%22SessionHost%20unhealthy%3A%20SessionHost%20is%20not%20joined%20to%20a%20domain%22%2C%3CBR%20%2F%3E%22errorCode%22%3A%20-2147467259%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDuring%20the%20deployment%20of%20the%20Host%20Pool%20the%20option%20is%20selected%20to%20join%20to%20AAD%20and%20also%20to%20enrol%20into%20Intune%20too.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIve%20gone%20through%20the%20deployment%20guide%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Fvirtual-desktop%2Fdeploy-azure-ad-joined-vm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Fvirtual-desktop%2Fdeploy-azure-ad-joined-vm%3C%2FA%3E%20%2C%20and%20also%20reviewed%20other%20guides%20from%20the%20community%20and%20cant%20see%20im%20missing%20anything%20in%20the%20step.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20need%20AADDS%20for%20this%20to%20work%3F%20This%20is%20the%20key%2C%20and%20the%20big%20hype%20is%20that%20it%20will%20deploy%20to%20AAD%2C%20but%20some%20guides%20stating%20AZURE%20Virtual%20Desktop%20(so%20the%20new%20branding%20and%20I%20would%20assume%20the%20new%20features)%20mention%20AADDS%20too%3F!%3F!%3F!%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3EPhil%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2590221%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Virtual%20Desktop%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2590635%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20joined%20AVD%20-%20SessionHost%20is%20not%20joined%20to%20a%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2590635%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F65609%22%20target%3D%22_blank%22%3E%40Philip%20Luke%3C%2FA%3E%2C%3CBR%20%2F%3EThe%20AAD%20Join%20feature%20doesn't%20need%20AADDS.%3CBR%20%2F%3EFor%20the%20session%20hosts%2C%20is%20the%20extension%20installed%20on%20the%20vm's%3F%3CBR%20%2F%3EWhat%20do%20you%20see%20when%20you%20run%20dsregcmd%20%2Fstatus%20in%20cmd%20on%20the%20session%20host%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2590871%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20joined%20AVD%20-%20SessionHost%20is%20not%20joined%20to%20a%20domain%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2590871%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F211527%22%20target%3D%22_blank%22%3E%40Johan%20Vanneuville%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20confirm%20the%26nbsp%3BMicrosoft.Azure.ActiveDirectory.AADLoginForWindows%20extension%20is%20enabled.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20results%20of%20the%20command%20show%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PhilipLuke_0-1627390712700.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298656i7ECA04EFECD3D867%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22PhilipLuke_0-1627390712700.png%22%20alt%3D%22PhilipLuke_0-1627390712700.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EWhich%20is%20odd%20indeed.%3C%2FP%3E%3CP%3EThe%20status%20of%20the%20Host%20in%20AVD%20is%20still%20-%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PhilipLuke_1-1627390818159.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298661i543E516E87408DD4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22PhilipLuke_1-1627390818159.png%22%20alt%3D%22PhilipLuke_1-1627390818159.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20the%20reason%20for%20it%20being%20'Unavailable'%20is%20still%20-%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PhilipLuke_2-1627390904742.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F298663iFB26841694DD3E7A%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22PhilipLuke_2-1627390904742.png%22%20alt%3D%22PhilipLuke_2-1627390904742.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20help%20on%20this.%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EPhil%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

So, ive been testing the ability to using AAD to 'domain join' AVD Hosts. Its not working for me. I get "Status - Unavailable" shown against the host.

 

When I view the JSON I see -

"healthCheckName": "DomainJoinedCheck",
"healthCheckResult": "HealthCheckFailed",
"additionalFailureDetails": {
"message": "SessionHost unhealthy: SessionHost is not joined to a domain",
"errorCode": -2147467259,

 

During the deployment of the Host Pool the option is selected to join to AAD and also to enrol into Intune too.

 

Ive gone through the deployment guide https://docs.microsoft.com/en-gb/azure/virtual-desktop/deploy-azure-ad-joined-vm , and also reviewed other guides from the community and cant see im missing anything in the step.

 

Do you need AADDS for this to work? This is the key, and the big hype is that it will deploy to AAD, but some guides stating AZURE Virtual Desktop (so the new branding and I would assume the new features) mention AADDS too?!?!?!?

 

Thank you

Phil

5 Replies
Hi @Philip Luke,
The AAD Join feature doesn't need AADDS.
For the session hosts, is the extension installed on the vm's?
What do you see when you run dsregcmd /status in cmd on the session host?

Hi @Johan Vanneuville 

I can confirm the Microsoft.Azure.ActiveDirectory.AADLoginForWindows extension is enabled.

 

The results of the command show the following:

 

PhilipLuke_0-1627390712700.png

Which is odd indeed.

The status of the Host in AVD is still -

PhilipLuke_1-1627390818159.png

 

And the reason for it being 'Unavailable' is still - 

PhilipLuke_2-1627390904742.png

Thank you for your help on this.

Regards

Phil

Is the hostpool set as a validation environment?
What is the OS version you are using for the session host?
I have this same issue. I am trying to create a new host pool with default config.
As an update - there isnt one really. Ive continued to see issues around this. It seems the issue is down to some latency during deployment (maybe) - in that the same deployment config will work once and then fail next. If you deploy a Host Group of, say, five machines maybe one will fail, and then next type all will fail - same spec as its part of the same group build. Im sure MS will find the issue, but in the interim its a case of remove 'dead' hosts and re-add with the same spec... and around we go....