Azure Windows Virtual Desktop - Provision Host Pool _ JoinDomain Conflict Error

Copper Contributor

Summary :

Error details

The resource operation completed with terminal provisioning 'Failed'. (Code : ResourceDeploymentFailure)

-VM has reported a failure when processing extension 'joindomain'. Error message:  "Exception(s) occured while joining domain 'magickwoods.onmicrosoft.com'". (Code : VMExtensionProvisioningError)

 

Raw Error :

{

"code": "DeploymentFailed",

"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.",

"details": [

{

"code": "Conflict",

"message": "{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'joindomain'. Error message: \\\"Exception(s) occured while joining Domain 'magickwoods.onmicrosoft.com'\\\".\"\r\n }\r\n ]\r\n }\r\n}"

}

]

}

5 Replies

Hi @sankarnarayanan1101 ,

 

Looks like the VMs are unable to join your Domain during deployment.

A few questions to solve this:

  • In the VNET that you selected, is there a VM with AD installed or are you using Azure AD DS?
  • In that VNET, did you correctly setup the DNS-servers in the properties of the VNET? Otherwise, your new VMs will not be able to resolve the DNS of the Domain.
  • Are there NSGs that could block the AD traffic?

I have the exact same issue and have been stranded trying to resolve this issue for over a week now.

 

My join user is a Global Admin + Tenant Created + AAD Administrator Group local to AAD and I made sure to reset his password.

 

AADDS has been setup with DNS and IPRange 10.42.0.0/16 Space - 10.42.0.0/24 IP Range...

 

No matter what, I end up with the exact same message and this guy and ontop of that MS is unwilling to help troubleshoot their own product due to it being in Preview.

 

What is there to preview if it can't run to begin with..... not much of a preview.

 

Hi @EricSP ,

 

If you connect to the WVD session host, and you manually try to join the VM to the domain with that specific user-account, does that work?

@michawets I would love to have the ability to do so!


However, when I check the VM it only has an internal IP and no public IP so I cannot RDP to it plus it's not joined so I probably couldn't login to it to begin with...

Hi @EricSP ,

 

There are several options:

  • you attach a VIP manually to the VM
    Please attach a NSG to the Subnet or NIC to block all traffic, except your own external IP and only allow 3389 from your external IP
  • you connect from another VM in the VNET (if applicable)
  • you could use the Azure Bastion service which is in Public Preview at the moment.

 

For the credentials: you should use your credentials (without domain) you used in your deployment, or you could reset the password through the Azure Portal.

 

Kind regards