Oct 18 2019 06:09 AM
Hi guys
When I'm trying to deploy a Windows Virtual Desktop environment, I get this error message below:
{ "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/WVDResourceGroup/providers/Microsoft.Resources/deployments/rds.wvd-provision-host-pool-20191018100922/operations/F7935445F31FE2F2", "operationId": "xxxxxxxxxxxxxxxx", "properties": { "provisioningOperation": "Create", "provisioningState": "Failed", "timestamp": "2019-10-18T08:15:24.3354336Z", "duration": "PT3M11.2589953S", "trackingId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "statusCode": "Conflict", "statusMessage": { "status": "Failed", "error": { "code": "ResourceDeploymentFailure", "message": "The resource operation completed with terminal provisioning state 'Failed'.", "details": [ { "code": "VMExtensionProvisioningError", "message": "VM has reported a failure when processing extension 'joindomain'. Error message: \"Exception(s) occured while joining Domain 'orbid365.be'\"." } ] } }, "targetResource": { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/WVDResourceGroup/providers/Microsoft.Compute/virtualMachines/wvdtest-0/extensions/joindomain", "resourceType": "Microsoft.Compute/virtualMachines/extensions", "resourceName": "wvdtest-0/joindomain" } }}
It seems like my VM isn't able to join my domain which is configured with Azure Active Directory Domain Services.
The setup I'm using to get this working is:
When trying to deploy, I also tried to use UPN and Service principal but both don't work either.
When deployment fails, the VM has been created but I'm not able to connect with it.
Does anyone know the solution for this? Have been looking through the other posts but they all don't seem to help for my setup.
Thanks in advance
Oct 21 2019 03:15 PM
@Luis_Farinango : By default, we do not create a Public IP address for the VM since we want it to remain locked down. However, you can manually add a Public IP address to the VM, then connect to it that way. Then, you should be able to follow the various troubleshooting steps here to see what the error was: https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration#vms-are-not-joi... .
Oct 22 2019 01:36 AM
SolutionThank you for the reply.
I had another error when trying to do this again and eventually I was adviced to deploy the host pool manually with the virtual machines. This workaround can be found under this post: https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Validation-failed-upon-creating-the-h...
Mar 16 2020 02:46 AM
Hi @Christian_Montoya ,
When I used an external email account with activated azure benefit by my MS FTE account to sign in Azure, and it will generate a domain like this:
However, when I create a AAD Domain Service, the DNS domain name can't be set as the same above, since it told the "yangjiajia325gmail" is too long, it should be 15 char or less. So I create the ADD DS with a different DNS domain name.
Then I want to create a WVD hostpopl, it failed in deployment with domain join conflict like this:
Do you have any idea how can I solve this problem?
Mar 16 2020 08:25 AM
@Ashley_Yang : You would need to use the user's UPN for the actual domain. What was the name of the Azure AD DS that got stood up? Make sure to use user@<aadds-domain> .
Mar 16 2020 07:00 PM
The name of the Azure AD DS is "yangjiajiagmail.onmicrosoft.com", the automatically generated "domain" name is "yangjiajia325gmail.onmicrosoft.com". Do you mean I should use the UPN like user@yangjiajiagmail.onmicrosoft.com?
If yes, a little concern is the user account I created in AAD is use@yangjiajia325gmail.onmicrosoft.com. Why do I should do like that?
Mar 18 2020 09:00 AM
@Ashley_Yang : You would need to put in a user that the Azure AD DS domain recognizes, so you would need to put in user@yangjiajiagmail.onmicrosoft.com .
May 12 2020 03:30 AM - edited May 12 2020 03:30 AM
@Luis_Farinango Try to create a new user as GA and add the user to AADDC group and try again it will work
May 14 2020 08:16 AM
@Luis_Farinango Try to create a new global admin user and add the user to AADDC group, reset the password and provide these credentials for domain join only (As it need to sync with ADDS)
Nov 16 2020 05:23 AM
@Luis_Farinango"occured while joining Domain 'orbid365.be'"
1. First thing to validate is does the vnet that has your WVD have access to the vnet that has your ADDS?, you'll need to ensure that peering and the subsequent DNS change is completed so that vnetA (wvd vnet) can resolve names on vnetB (ADDS vnet).
2. Secondly validate if the domain admin account that you are using has the necessary permissions required to carry out a domainJoin task, typically the domain admin or any priviledge user should be able to. Remember the name should be username@localDomain.ext (IE' domainJoinerAdmin@dummyDomain.local)
3. As others have mentioned, keep in mind the character limit on the domain name on Azure.
4. Also what you can do, setup a testVm, place it on the same vnet as the WVD, try to do a standalone domainJoin, this will assisting testing the domain account permissions, vnet-vnet communication and help troubleshoot anything before deploying WVD, at least by then you will have tested the minor hurdles.
Refer to these articles:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domai...
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Oct 22 2019 01:36 AM
SolutionThank you for the reply.
I had another error when trying to do this again and eventually I was adviced to deploy the host pool manually with the virtual machines. This workaround can be found under this post: https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Validation-failed-upon-creating-the-h...