Azure Hybrid Join Server 2022

Copper Contributor

Hello MS Community,

 

I stumbled upon following question making a software work on an local infrastructure:

Is it possible to RDP to a hybrid joined server (Server 2022) using Azure Credentials?

The local server is member of an AD. The AD is connected to Azure via AADC. Each server is seemingly succesful hybrid joined into AAD.

 

I try to use the default rdp client on windows with the option "use web credentials" enabled. After using my Azure AD Credentials, I get an authorization error. On the machine the security event log shows events 5058, 5061, 5059 and 4625. The details of event 4625 do not contain the name of my Azure AD user and the security ID is NULL SID.


What are the requirements to do this? Do I have to sync the Azure Users to the local forest? Is it even possible to do this?

 

I hope someone has an answer to this. I really would appreciate any help. 

 

Greetings 🙂

 

 

 

 

2 Replies
Hi there, it is possible to RDP to a hybrid joined server (Server 2022) using Azure Credentials. To do this, you need to add the custom RDP property "targetisaadjoined:i:1" to the host pool. This property allows connections to Azure AD-joined session hosts using username and password credentials.


However, to access the session host, your local PC must meet one of the following conditions:
1. The local PC is Azure AD-joined to the same Azure AD tenant as the session host
2. The local PC is hybrid Azure AD-joined to the same Azure AD tenant as the session host
3. The local PC is running Windows 11 or Windows 10, version 2004 or later, and is Azure AD registered to the same Azure AD tenant as the session host

If your local PC doesn't meet one of these conditions, you can still connect to the session host by entering your username and password credentials.

Regarding the security event log events 5058, 5061, 5059, and 4625, these events indicate that the authentication process failed. The details of event 4625 do not contain the name of your Azure AD user and the security ID is NULL SID.


To troubleshoot this issue, you can check the following:
1. Ensure that your local PC meets one of the conditions mentioned above
2. Ensure that your Azure AD user account has the necessary permissions to access the session host
3. Check the event logs on the session host for any errors or warnings related to authentication
4. Check the Azure AD Connect logs for any errors or warnings related to synchronization

If you are still unable to resolve the issue, you can contact Microsoft support for further assistance.

KR, Oscar
Thank you very much!
I will try that and get back to you as soon as I can.

So I need to create a host pool in Azure and add the hybrid joined server (which is in the local AD) to this host pool, set the parameter you described above and meet the conditions you listed?
Then it will let me connect to the server via the default windows RDP Client (using the server FQDN or IP from local network and AAD credentials)? Sorry for these questions, I never setup a host pool like this...

Greetings and thank you in advance