Domain Join Error while deploying HostPool

Copper Contributor

Hi Team,

 

We are getting error while deploying HostPool for Windows Azure Virtual Desktop.

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'joindomain'. Error message: \\\"Exception(s) occured while joining Domain 'pratikmishra4739gmail.onmicrosoft.com'\\\"\\r\\n\\r\\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot \"\r\n }\r\n ]\r\n }\r\n}"}]}

 

Trouble all the possibilities but none where helpful. 

26 Replies

@Rob Ob @GR_C1pD 

 

The Fall 2019 release of WVD will not appear in the Azure portal under the Windows Virtual Desktop, which is only for Spring Update 2020 release.  For the Fall release, you will need to continue using PowerShell or the web based management tool from GitHub to manage it.  There is some plans on a migration path, but most find it easier to just start over with Spring Update.  As for a naming convention, I would keep things different between releases; even keep them in different resource groups in Azure.  The VM's definitely need to have different prefixes since they all will be part of the same Windows AD.  

 

As for an SPN, that is only needed for the Fall release; I'm curious where during the Spring update host pool creation you were prompted for one?  A credential is only needed for the domain join on the VM (if you're creating VM's during Host Pool creation).

 

Also, I'd encourage you to check out the WVD series a co-worker of mine put together: https://www.youtube.com/watch?v=qtx3rippZJQ&list=PL-V4YVm6AmwXGvQ46W8mHkpvm6S5IIitK

 

Watch #1 and then #20 to learn how to deploy both versions with specific steps.

 

-Jeff

 

 

 

 

@Jeff_Bryant thanks for link to youtube series on this subject with more information.  Since its dated April 2019 and in this thread we've been discussing different experiences depending on if administrators used the Fall 2019 deployment template wizard or are using the new Spring 2020 deployment template wizard i'm wondering how much of that video content is still reflective of the current state of wvd. 

 

The step of the wvd host pool wizard that is showing me a choice between entering a user principal or service principal, which i believe is what you are referring to with SPN, is in the final "Windows Virtual Desktop Information" step of wizard as shown in screen grab image that i'm attaching.  This is tab where its asking about Wvd Tenant name that has been configured using powershell cmdlets and what user principal or service principal has been granted TenantCreator role permissions on the "Windows Virtual Desktop" 1st party app settings in azure ad.  

 

Other questions that have come to mind in this process are . . .

 

q1. When i open all services | "windows virtual desktop" | manage | host pools its not showing the host pool i have configured and up and running.  Is that service specific mgmt blade meant for old fall 2019 wvd setups and not new spring 2020 setups?

 

q2.  I read somewhere that wvd host pool image gallery has support for windows 7 eosl [ end of support life ] extended to 2023 images and license for groups that had that unique requirement.  I'm not seeing that windows 7 option in the host pool wizard vm image gallery selection drop down list.

 

wvd-hostpool-info-tenantgroup.png

@Rob Ob  Ah, sorry for the confusion..  That screen shot is for creating a host pool (from the marketplace) for the fall release and the pool will not appear under Windows Virtual Desktops, which is only for the spring update and future releases.  Personally, I would not deploy any fall release components and focus on the spring update release; it will go GA sometime in June so you can use it for production use hopefully very soon.  I think there is some community scripts out there to migrate from FR19 to SU20, but I would just build out SU20 from scratch if you only have a single host pool at this time.

 

Of the videos, #1,2,7,14 would not be that relevant since they only apply to fall release, all others certainly are valuable.  If you want, start with #20 to show you the new release and then go back through the others.

 

As for Win7, you call select it from all images and disk in the gallery since it's not part of the drop down list.  See the screen shot below...

 

Jeff_Bryant_0-1591987057856.png

 

-Jeff

@Jeff_Bryant thanks for the clarifications and additional details that helps. 

 

I will watch the suggested videos and attempt another wvd host pool setup but this time from the context of the services | Windows Virtual Desktop (preview) | host pool | add UI wizard as this appears to be process that creates a spring 2020 preview deployment versus the <resource group> | add | Windows Virtual Desktop - Provision a host pool UI wizard that it seems creates a fall 2019 deployment.

 

It appears that using the noted UI wizard to create fall 2019 wvd host pool deployments provides the option to specify a user principal or service principal [ / spn ] for identity with TenantCreate permissions versus some other method for creating one of these deployments being implied in prior exchanges of this thread, perhaps powershell cmdlets approach, that only provides option to specific a service principal for identity with TenantCreate permissions.

 

q1.  I'm noticing that the spring 2020 deployment wizard, i.e. services | Windows Virtual Desktop (preview) | host pool | add UI wizard doesn't have the fall 2019 deployment wizard's "Windows Virtual Desktop Information" tab that asked for default wvd tenant group and tenant name and rds owner upn [ user principal or service principal ] that has "Windows Virtual Desktop" 1st party app TenantCreate role permissions assigned.  Is collection of that information gone because its no longer used in spring 2020 deployment or is it gone because now it gets automatically provisioned for you using some automatically create user or service principal identity?

 

q2.  I'm noticing that the spring 2020 deployment wizard, i.e. services | Windows Virtual Desktop (preview) | host pool | add UI wizard you can specify a Network Security Group [ nsg ] of None | Basic | Advanced.  The informational bubble suggests one should use None and assign a nsg to the subnet versus managing things using nsg defined in wizard that gets applied to each vm instances network interface.  Is that a correct interpretation of the guidance on that aspect of the wvd host pool networking setup?

 

q3. When creating multiple spring 2002 preview wvd host pool setups do they have to be isolated in different virtual networks or different subnets of the same parent virtual network or is it fine to have multiple host pools sharing the same virtual network and subnet address space?   

 

q4.  My attempt to use spring 2020 wvd host ppol template to create a windows 7 enterprise based pool produced this `Cannot process argument transformation on parameter 'rdshIs1809OrLater'` error which this https://techcommunity.microsoft.com/t5/windows-virtual-desktop/unable-to-deploy-window-host-for-azur... search hit said is an issue with deployment of windows 7 discussed in this https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/deploy-windows-7-vi... article.  Are we awaiting a spring 2020 wvd host pool deployment template update to enable using windows 7 enterprise images in addition to windows 10 ones?

For me, it worked after adding Microsoft.AzureActiveDirectory to Service Endpoint in AADDS VNet:

 

 

WVD.png

 

 

Hi @Pratik_Mishra 

I was deploying a simple standalone cloud-only model and I the host pool deployment kept on failing for me with the same error. I had a session with partner consultants as well to double-check my configuration and all looked correct. I was able to deploy a host pool the first time, when I was using free trial subscription; but then failed on every subsequent attempts, following the same steps.

 

Anyway, the alternative worked for me. I created and deployed a virtual machine (VM) and selected different subnet of the same virtual network, did standard domain join of VM, created and deployed a host pool without creating VM and then registered VM to that host pool.

 

The following were the (workaround) steps that worked for me:

 

  1. Created and deployed virtual network with two subnets - one dedicated to Azure Active Directory Domain Services (AD DS) and the other for a virtual machine (VM). Refer to Tutorial: Configure virtual networking for an Azure Active Directory Domain Services managed domain for details.
  2. Created and deployed Azure AD DS with the selection of first subnet of a virtual network (created in step 1). Refer to Tutorial: Create and configure an Azure Active Directory Domain Services managed domain for details.
  3. Created and deployed a VM with the selection of second subnet of the same virtual network (created in step 1).
    Connected to VM using the 'Connect > RDP' option in Azure portal. Refer to How to connect and sign on to an Azure virtual machine running Windows for details.
  4. After signing in to VM, did standard domain join of VM, by selecting 'Domain' and entering domain name under 'Computer Name' tab in 'System Properties' dialog.
  5. Created and deployed a host pool without adding a VM to host pool at this point (select 'No' option under 'Virtual machines' tab when filling the information required for creating a host pool.
  6. Registered the VM (created and deployed in step 3) to the host pool (created and deployed in step 6). Follow the instructions for registering a VM to a host pool mentioned in Register the virtual machines to the Windows Virtual Desktop host pool . Note that, add the " | Select-Object -ExpandProperty Token" at the end of the command "New-AzWvdRegistrationInfo" to retrieve the registration token value so that, it can be copied to a text file.

I hope this helps.

 

Kind regards,

Misbah

I had a similar issue. I had a DC set up on an Azure VM in the same subnet as the session hosts for pool I was creating. What did the trick for me was changing DNS settings on the V-Net to custom (I added the DC IP address).