Forum Discussion
Azure AD joined and DomainJoinedCheck faild
Hey Johan Vanneuville,
this are the results:
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : NO
Device Name : VDI-0
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : remove ID
Thumbprint : remove Thumbpring
DeviceCertificateValidity : remove Certificate
KeyContainerId : remove ContainerID
KeyProvider : Microsoft Software Key Storage Provider
TpmProtected : NO
DeviceAuthStatus : SUCCESS
+----------------------------------------------------------------------+
| Tenant Details |
+----------------------------------------------------------------------+
TenantName :
TenantId : remove TenantID
Idp : login.windows.net
AuthCodeUrl : https://login.microsoftonline.com/"TenantID"/oauth2/authorize
AccessTokenUrl : https://login.microsoftonline.com/"TenantID"/oauth2/token
MdmUrl :
MdmTouUrl :
MdmComplianceUrl :
SettingsUrl :
JoinSrvVersion : 2.0
JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
KeySrvVersion : 1.0
KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
WebAuthNSrvVersion : 1.0
WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/"TenantID"/
WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
DeviceManagementSrvVer : 1.0
DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/"TenantID"/
DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority :
EnterprisePrt : NO
EnterprisePrtAuthority :
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : VDI-0\VDI
KeySignTest : PASSED
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : NO
SessionIsNotRemote : NO
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
I can login only with local administration account. I can not log in with my Azure AD account.
Stefan Kießig hi, may I ask how you solved the problem? I have the same problems with Azure Virtual Desktop as you.
- DavidBelanger
Microsoft
Stefan Kießig What error are you seeing when connecting?
- Thank you David. But there is still the login Problem. I can only login with local admin credentials but not with AAD credentials.
- DavidBelanger
Stefan Kießig Note that we noticed an issue where it can take up to 40 minutes after VMs are deployed for them to be marked as Available. We are investigating.
What error are you seeing when trying to connect? Definitely have a look at: https://docs.microsoft.com/azure/virtual-desktop/troubleshoot-azure-ad-connections
Thanks for your help.
I can not login to the Sessionhost with my Azure Credentials.
I see the maschien in my Azure Virtual enviroment. But I can only log in with localadmin credentials.- Those groups are AAD groups indeed.
for the PKU2U:
Local on the session host:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\pku2u -> confirm AllowOnlineID is set to 1
Via GPO:
GPO path: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options
Policy: Network security: Allow PKU2U authentication requests to this computer to use online identities
State: Enabled In your blog you use two security principals (WVD HostPool and WVD Users). This are Azure AD Groups?
After going through the blog article, I had the problem for a few minutes. Nahc about 5 minutes the machine was available.
Thank you very much for your help.
Where I find the ""Network security: Allow PKU2U authentication requests to this computer to use online identities" " settings?
- Thank you for the blog post.
I will delete the environment again today and recreate it based on your environment.
I will then report here.
With my creation, I have created the VM with the same. - Sure, I've written it down on my blog. https://johanvanneuville.com/avd/avd-and-aad-join-public-preview/
- Can you please explain this to steps?
The rdp advanced property was in the rdp setings inside the maschien?
