Domian jonin failed when add VM

Copper Contributor
Hi, I'm new to azure, I try create virtual desktop on azure. I create a new AD domain servcie and network, when I create host pool and new new VM, I get error with joindomain failed. Can someone help me here?
 
[
    {
        "code""ComponentStatus/JoinDomainException for Option 3 meaning 'User Specified'/failed/1",
        "level""Error",
        "displayStatus""Provisioning failed",
        "message""ERROR - Failed to join domain='xxxx.onmicrosoft.com', ou='', user='xxxx@xx.com', option='NetSetupJoinDomain, NetSetupAcctCreate' (#3 meaning 'User Specified'). Error code 1909"
    },
    {
        "code""ComponentStatus/JoinDomainException for Option 1 meaning 'User Specified without NetSetupAcctCreate'/failed/1",
        "level""Error",
        "displayStatus""Provisioning failed",
        "message""ERROR - Failed to join domain='xxx.onmicrosoft.com', ou='', user='xxxx@xxxxx.com', option='NetSetupJoinDomain' (#1 meaning 'User Specified without NetSetupAcctCreate'). Error code 1909"
    }
]
5 Replies

When creating the host pool, you must specify your domain from your "local" Active Directory. For example, contoso.pri. Important you must also specify an account that has sufficient rights to perform the join

@xuzhang3 

When you create a host pool, you must specify the name of the domain that you use with your "local" Active Directory. For example: contoso.pri
Important, you must also specify an account which has sufficient rights to perform the join.

Regards, Tom Wechsler

@xuzhang3 

When you create a host pool, you must specify the name of the domain that you use with your "local" Active Directory. For example: contoso.priImportant, you must also specify an account which has sufficient rights to perform the join. Regards Tom Wechsler@xuzhang3 

@xuzhang3 Is it possible the account you are using is locked? The error 1909 usually means

"The referenced account is currently locked out and may not be logged on to" https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--1700-3999-

 

@xuzhang3 Are you using a traditional domain controller in Azure AD?  If so, did you modify the VNET DNS settings to point to your domain controller.

 

If you are trying to join Azure AD Domain Services with accounts synced from on premise you need to apply the DNS settings to the VNET for Azure ad Domain services (so that VNET is servicing that vnet) although its recommended that you do not deploy WVD directly to the same VNET that is hosting Azure AD DS.  But rather create another peered network and use that.


If you are using Azure AD DS, then you need to make sure you have legacy password has synchronisation or you will get the account is locked message.

 

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-...

 

You will likely need to change the password for the specific account you want to use to join the domain first after the step above.

 

I find its easier to deploy a windows 10 VM and just try and join the domain first, fix that and your WVD deployment should work