Pool provisioning DSC Extension error ... again

Brass Contributor

Hi -

 

Is anyone seeing the dreaded DSC Extension error upon provisioning new pools today?  I have one pool working fine - and have run into this three times in a row with a brand new pool deployment attempt.  Error on last step:

 

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'dscextension'. Error message: \\\"The DSC Extension failed to execute: Error downloading https://catalogartifact.azureedge.net/publicartifacts/rds.wvd-provision-host-pool-8f893fe9-5016-43c6... after 29 attempts: Unable to connect to the remote server.\\nMore information about the failure can be found in the logs located under 'C:\\\\WindowsAzure\\\\Logs\\\\Plugins\\\\Microsoft.Powershell.DSC\\\\2.77.0.0' on the VM.\\\".\"\r\n }\r\n ]\r\n }\r\n}"}]}

10 Replies

@Christian_Montoya 

 

Any users reporting this again?  I'm kind of back to square one.  Last step - DSC Extension piece - provisioning attempts to download a zip file from catalogartifacts.azureedge.net 29 times and then finally fails.

 

The sad thing is I can literally take the full URL path to the zip that's reported in the error, open a new browser tab, enter the URL and display the contents of the zip.....what is going on with this?

@Christian_Montoya 

 

One more comment here.  I just tried a new pool, in a different subscription (bound to a different geographical region).

 

This pool succeeded on first attempt (UK South).  I immediately tried another pool in a subscription that is bound to US East - it fails with the DSCExtension (all my other attempts in the last two days have been in that US East sub....).

@jaycrumpgp : Are you using a custom image or just a default image from the Azure Gallery? We've had customers report intermittent failures, but not something as consistent as what you're shared.

@Christian_Montoya 

Hey Christian - sorry, I've been on different project work all week.

 

I finally figured this one out.....it was the vnet and subnet I was trying to bind to the East US WVD pool.  I had no default route set, so..no internet...so...the session host couldn't ever download that zip file from the azureedge.net URL that it kept failing on.

 

Live and learn - thanks for following up!

This is happening to me in two different tenants using ARM with Windows 10 Multi user with Office 365. 

 

Prod Tenant: I have an Express route and we use South Central Us. This keeps failing every time even when I follow well known steps from my lab.

 

Lab Tenant:t: South Central US was causing the Error and East US was not (same steps). This has been happening since Friday... until about an hour ago. Now I can create in South Central US in the lab.

I am still unable to do so in my Prod tenant. Something is going on seemingly with the Azure backed.

 

 

{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'dscextension'. Error message: \"DSC Configuration 'CreateHostPoolAndRegisterSessionHost' completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Test-TargetResource functionality with error message: Windows Virtual Desktop Authentication Failed, Error:\n\r\n\r\nException : System.AggregateException: One or more errors occurred. ---> System.InvalidOperationException: \r\n Showing a modal dialog box or form when the application is not running in UserInteractive mode \r\n is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to \r\n display a notification from a service application.\r\n at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.WebUI.<AcquireAuthorizat\r\n ionAsync>d__16.MoveNext()\r\n --- End of stack trace from previous location where exception was thrown ---\r\n

@jaycrumpgp Good evening Christian, I appreciate your collaboration, but do I have to do something on the virtual network to have internet access?

Hi @wilsonosorio -

 

I can't remember my exact scenario now, but this is what it boiled down to for me.

 

As I was deploying the HostPool, it needs to access the 'azurexxx.net' FQDN that shows up during that DSC extension step.  If there's no name resolution in the subscription, that step will fail.

 

If you have anything other than an empty subscription (as in, you've been messing with networking settings), then you could have problems as well.  I'm almost positive this is what happened in my original post.  I had a subscription with multiple systems in it:

 

- couple of networks

- application network gateway

- static IPs on other VMs already in the subscription

- tunneling between this sub and another (before I learned about vnet peering)

 

I just didn't have a default route defined for the subnet I was using for WVD hostpools.

 

I've set up multiple hostpools since this time, and it's always worked just fine (with no extra configuration in the subscription for routing/etc).

This worked for me. Just needed to have internet access on VNET. Added 8.8.8.8 to the list of DNS servers and worked great. Thanks!

Thanks Rob ,In my case, I have deploy hostpool in a VNET managed by firewall, then Firewall block all traffic to internet, I have allowed internet then it worked

 

I had pretty similar errors during deployment- VMExtensionProvisioningError
The DSC Extension failed to execute: Error downloading https://wvdportalstorageblob.blob.core.windows.net......... after 17 attempts: Unable to connect .... I fixed the Network rules of our FW policy by opening outgoing ports for the entire subnet, not just a few specific ones.
Thanks a lot for the idea!