Windows IT Pro Blog

6 MIN READ

Deploying Windows Virtual Desktop host pools with Terraform

Microsoft

Mar 12, 2020

Terraform is a tool that enables you to completely automate infrastructure builds through configuration files. It provides versioning for configurations, which makes it easy to deploy and maintain your existing Windows Virtual Desktop deployments on Microsoft Azure.

The following guide below describes how to deploy a new host pool or modify an existing host pool within Windows Virtual Desktop using Terraform.

Note: Terraform is an open source tool hosted in GitHub. As such, it is published "as is" with no implied support from Microsoft or any other organization. However, we would like to welcome you to open issues using GitHub issues to collaborate toward future improvements to the tool. Special thanks to Matt Betts for his major contribution.

Overview and requirements

The steps listed below must be completed in order to deploy a Windows Virtual Desktop host pool with Terraform.

Ensure that you meet the requirements for Windows Virtual Desktop.
1. DC/AAD DS
2. WVD tenant must be created
3. TenantCreator role must be assigned
4. VNET configured with Layer 3 access to DC/AAD DS
Terraform must be installed and configured as outlined here.
Terraform code from GitHub repository is downloaded to a local folder.
Terraform files variables.tf and variables_tags.tf are update.
Terraform deployment is started. A sample process for deploying available here.
1. terraform init
2. terraform plan
3. terraform apply
Validate session host VMs are deployed and heart beating via Get-RdsSessionHost.

Setting up Terraform

When you are new to Terraform. Please have a look at this article outlines the steps needed to get started with Visual Studio Code, Terraform and Azure.

Preparing Azure subscription and WVD for Terraform

Preparing the Azure subscription mean that we need to make sure that the account we are going to be used has the necessary permission to deploy new resources. Additionally, prior to updating the Terraform scripts create a resource group that will be tied to the Terraform deployment.

When it comes to WVD the preparation steps cover:

Granting TenantCreator to the user account we are going to be using
Creating a WVD tenant

Getting access to Terraform templates

To start all files that are listed in the folder must be downloaded to a local folder. All Terraform files needed for deployment are available at this repository.

Below is a brief description for each file and its purpose.

Availability_set.tf

This file contains the setting needed to set the availability set of VMs. In most basic deployments this file does not require changes.

Outputs.tf

This file displays certain variables that should be captured at the end of the execution. A detailed description of outputs in Terraforms can be found here. In most basic deployments this file does not require changes.

Variables.tf

This file contains all the modifiable input variables that define the behavior and outcome of running terraforms.

Variables_tags.tf

This file contains can be used to define custom tags as they are used throughout Terraforms. In most basic deployments this file does not require changes. This document outlines the benefits of using tags.

Virtual_machine.tf

This file contains code needed for setting up the individual VMs and their configuration. In most basic deployments this file does not require changes.

Virtual_machine_extensions.tf

This file contains code needed for running the customer script extensions that perform:

Domain join
Registration of the VM with the WVD service.

Configuring Terraform

Prior to running the Terraform variables.tf must be modified to reflect your environment. The table that follows outlines each input parameter and what is to be set to when deploying Windows Virtual Desktop.

Name	Description	Type	Default	Required
subnet_id	ID of the Subnet in which the machines will exist.	String	-	Yes
tenant_app_password	The password of the tenant app.	String	-	Yes
tenant_app_id	UPN for the user with permissions in WVD allowing for creation of a host pool (RD Contributor and/or RD Owner).	String	-	Yes
aad_tenant_id	Azure tenant ID.	String	-	Yes
ou_path	OU path to use when domain joining.	String	-	Yes
log_analytics_workspace_id	Workspace ID of the Log Analytics Workspace to associate the session host VMs to.	String	-	Yes
vm_timezone	Defines the time zone which a VM is going to use. List of time zone names available here.	String	-	Yes
log_analytics_workspace_primary_shared_key	Primary Shared Key of the Log Analytics Workspace to associate the VMs with.	String	-	Yes
resource_group_name	Name of the resource group in which Terraform will deploy resources. This group must be created manually before deploying.	String	-	Yes
region	The region in which to deploy the resources. The region must be such that the newly provisioned VM can communicate with the domain controller.	String	-	Yes
host_pool_name	Name of the session host pool.	String	-	Yes
vm_prefix	Prefix to be added to each VM as host name.	String	-	Yes
tenant_name	Name of WVD tenant.	String	-	Yes
rdsh_count	Number of session host VM to be deployed.	Int	1	Only if deploying more than 1
managed_disk_type	The type of managed disk(s) to attach.	String	Standard_LRS	No
tenantLocation	The region in which the RDS tenant exists.	String	eastus	No
vm_size	VM size. Full list of SKUs available here.	String	Standard_F2s	No
nsg_id	The ID of the NSG to associate the network interface.	String	-	No
existing_tenant_group_name	(deprecated) Name of the WVD tenant group.	String	Default Tenant Group	No
base_url	The URL in which the RDS components exists. This will need to be modified if the Github repo is forked.	String	https://raw.githubusercontent.com/Azure/RDS-Templates/master/wvd-templates	No
managed_disk_sizes	The sizes of the optional managed data disks.	List (String)	-	No
host_pool_description	Description of the session host pool.	String	Created through Terraform template	No
is_service_principal	Is a service principal being used for configuring WVD.	String	true	No
RDBrokerURL	URL of the RD Broker.	String	https://rdbroker.wvd.microsoft.com	No
as_platform_fault_domain_count	https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/managed-disks-common-fault-domain-region-list.md	Int	3	No
as_platform_update_domain_count	https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/managed-disks-common-fault-domain-region-list.md	Int	5	No
extension_bginfo	Should BGInfo be attached to all servers.	String	true	No
extension_loganalytics	Should Log Analytics agent be attached to all servers.	String	true	No
extension_custom_script	Should a custom script extension be run on all servers.	String	false	No
local_admin_username	Name of the local admin account that will be created on each of the VM.	String	rdshadm	No
domain_joined	Defines if a domain join is to be performed.	String (Bool)	true	No
registration_expiration_hours	The registration token expiration window (in hours).	String	48	No
vm_storage_os_disk_size	The size of the OS disk.	String	128	No
vm_version	Version of the VM image.	String	-	If vm_image_id is not set
vm_sku	The SKU of the VM image.	String	-	If vm_image_id is not set
vm_offer	Offer of the VM image.	String	-	If vm_image_id is not set
vm_publisher	Publisher of the base image to be used for provisioning the session host VMs.	String	-	If vm_image_id is not set
extensions_custom_script_fileuris	File URIs to be consumed by the custom script extension	List (String)	-	If extension_custom_script is set to true
extensions_custom_command	Command for the custom script extension to run	String	-	If extension_custom_script is set to true
domain_name	Domain name of the domain to which the session host VMs are to be joined.	String	-	If domain_joined is set to true
domain_user_upn	UPN of domain account that has permissions to perform domain join.	String	-	If domain_joined is set to true
domain_password	Password of the domain account that will perform the domain join.	String	-	If domain_joined is set to true
vm_image_id	ID of the custom image to use.	String	-	If no vm image attributes are set

Deploying with Terraform

This is the main section of this document as it covers the core steps needed to deploy WVD host pool with Terraform:

Download or “fork” all Terraform scripts in a local directory.
Open Visual Studio Code (VSC) and select File > Open Folder, and then point to the local folder where Terraform scripts have been downloaded.
Update variables.tf.
In VSC press Ctrl + Shift + P and select Azure Terraform: Init
Once this completes Ctrl + Shift + P and select Azure Terraform: Init
Press Ctrl + Shift + P and select Azure Terraform: Plan
Review the generated plan
Press Ctrl + Shift + P and select
Azure Terraform: Apply

Troubleshooting Terraform deployment

Terraform deployment can fail in two main categories:

Issues with Terraform code
Issues with Desired State Configuration (DSC)

Issues with Terraform code

While it is rare to have issues with the Terraform code it is still possible, however most often errors are due to bad input in variables.tf.

If there are errors in the Terraform code, please file a GitHub issue.
If there are warning in the Terraform code feel free to ignore or address for your own instance of that code.
Using Terraform error messages it's a good starting point towards identifying issues with input variables

Issues with DSC

To troubleshoot this type of issue, navigate to the Azure portal and if needed reset the password on the VM that failed DSC. Once you are able to log in to the VM review the log files in the following two folders:

Note: XXX, YY, and ZZ are version numbers that will change based.

C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\XXX\Downloads\YY
C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\ZZZ

To walk you through the processes outlined in this post, please watch my video tutorial:

Updated Feb 02, 2023

Version 10.0

deployment

Stefan Georgiev

Microsoft

Joined September 17, 2018

View Profile

Windows IT Pro Blog

Follow this blog board to get notified when there's new activity

\n Name \n	\n Description \n	\n Type \n	\n Default \n	\n Required \n
\n subnet_id \n	\n ID of the Subnet in which the machines will exist. \n	\n String \n	\n - \n	\n Yes \n
\n tenant_app_password \n	\n The password of the tenant app. \n	\n String \n	\n - \n	\n Yes \n
\n tenant_app_id \n	\n UPN for the user with permissions in WVD allowing for creation of a host pool (RD Contributor and/or RD Owner). \n	\n String \n	\n - \n	\n Yes \n
\n aad_tenant_id \n	\n Azure tenant ID. \n	\n String \n	\n - \n	\n Yes \n
\n ou_path \n	\n OU path to use when domain joining. \n	\n String \n	\n - \n	\n Yes \n
\n log_analytics_workspace_id \n	\n Workspace ID of the Log Analytics Workspace to associate the session host VMs to. \n	\n String \n	\n - \n	\n Yes \n
\n vm_timezone \n	\n Defines the time zone which a VM is going to use. List of time zone names available here. \n	\n String \n	\n - \n	\n Yes \n
\n log_analytics_workspace_primary_shared_key \n	\n Primary Shared Key of the Log Analytics Workspace to associate the VMs with. \n	\n String \n	\n - \n	\n Yes \n
\n resource_group_name \n	\n Name of the resource group in which Terraform will deploy resources. This group must be created manually before deploying. \n	\n String \n	\n - \n	\n Yes \n
\n region \n	\n The region in which to deploy the resources. The region must be such that the newly provisioned VM can communicate with the domain controller. \n	\n String \n	\n - \n	\n Yes \n
\n host_pool_name \n	\n Name of the session host pool. \n	\n String \n	\n - \n	\n Yes \n
\n vm_prefix \n	\n Prefix to be added to each VM as host name. \n	\n String \n	\n - \n	\n Yes \n
\n tenant_name \n	\n Name of WVD tenant. \n	\n String \n	\n - \n	\n Yes \n
\n rdsh_count \n	\n Number of session host VM to be deployed. \n	\n Int \n	\n 1 \n	\n Only if deploying more than 1 \n
\n managed_disk_type \n	\n The type of managed disk(s) to attach. \n	\n String \n	\n Standard_LRS \n	\n No \n
\n tenantLocation \n	\n The region in which the RDS tenant exists. \n	\n String \n	\n eastus \n	\n No \n
\n vm_size \n	\n VM size. Full list of SKUs available here. \n	\n String \n	\n Standard_F2s \n	\n No \n
\n nsg_id \n	\n The ID of the NSG to associate the network interface. \n	\n String \n	\n - \n	\n No \n
\n existing_tenant_group_name \n	\n (deprecated) Name of the WVD tenant group. \n	\n String \n	\n Default Tenant Group \n	\n No \n
\n base_url \n	\n The URL in which the RDS components exists. This will need to be modified if the Github repo is forked. \n	\n String \n	\n https://raw.githubusercontent.com/Azure/RDS-Templates/master/wvd-templates \n	\n No \n
\n managed_disk_sizes \n	\n The sizes of the optional managed data disks. \n	\n List (String) \n	\n - \n	\n No \n
\n host_pool_description \n	\n Description of the session host pool. \n	\n String \n	\n Created through Terraform template \n	\n No \n
\n is_service_principal \n	\n Is a service principal being used for configuring WVD. \n	\n String \n	\n true \n	\n No \n
\n RDBrokerURL \n	\n URL of the RD Broker. \n	\n String \n	\n https://rdbroker.wvd.microsoft.com \n	\n No \n
\n as_platform_fault_domain_count \n	\n https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/managed-disks-common-fault-domain-region-list.md \n	\n Int \n	\n 3 \n	\n No \n
\n as_platform_update_domain_count \n	\n https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/managed-disks-common-fault-domain-region-list.md \n	\n Int \n	\n 5 \n	\n No \n
\n extension_bginfo \n	\n Should BGInfo be attached to all servers. \n	\n String \n	\n true \n	\n No \n
\n extension_loganalytics \n	\n Should Log Analytics agent be attached to all servers. \n	\n String \n	\n true \n	\n No \n
\n extension_custom_script \n	\n Should a custom script extension be run on all servers. \n	\n String \n	\n false \n	\n No \n
\n local_admin_username \n	\n Name of the local admin account that will be created on each of the VM. \n	\n String \n	\n rdshadm \n	\n No \n
\n domain_joined \n	\n Defines if a domain join is to be performed. \n	\n String (Bool) \n	\n true \n	\n No \n
\n registration_expiration_hours \n	\n The registration token expiration window (in hours). \n	\n String \n	\n 48 \n	\n No \n
\n vm_storage_os_disk_size \n	\n The size of the OS disk. \n	\n String \n	\n 128 \n	\n No \n
\n vm_version \n	\n Version of the VM image. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n vm_sku \n	\n The SKU of the VM image. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n vm_offer \n	\n Offer of the VM image. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n vm_publisher \n	\n Publisher of the base image to be used for provisioning the session host VMs. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n extensions_custom_script_fileuris \n	\n File URIs to be consumed by the custom script extension \n	\n List (String) \n	\n - \n	\n If extension_custom_script is set to true \n
\n extensions_custom_command \n	\n Command for the custom script extension to run \n	\n String \n	\n - \n	\n If extension_custom_script is set to true \n
\n domain_name \n	\n Domain name of the domain to which the session host VMs are to be joined. \n	\n String \n	\n - \n	\n If domain_joined is set to true \n
\n domain_user_upn \n	\n UPN of domain account that has permissions to perform domain join. \n	\n String \n	\n - \n	\n If domain_joined is set to true \n
\n domain_password \n	\n Password of the domain account that will perform the domain join. \n	\n String \n	\n - \n	\n If domain_joined is set to true \n
\n vm_image_id \n	\n ID of the custom image to use. \n	\n String \n	\n - \n	\n If no vm image attributes are set \n

\n Name \n	\n Description \n	\n Type \n	\n Default \n	\n Required \n
\n subnet_id \n	\n ID of the Subnet in which the machines will exist. \n	\n String \n	\n - \n	\n Yes \n
\n tenant_app_password \n	\n The password of the tenant app. \n	\n String \n	\n - \n	\n Yes \n
\n tenant_app_id \n	\n UPN for the user with permissions in WVD allowing for creation of a host pool (RD Contributor and/or RD Owner). \n	\n String \n	\n - \n	\n Yes \n
\n aad_tenant_id \n	\n Azure tenant ID. \n	\n String \n	\n - \n	\n Yes \n
\n ou_path \n	\n OU path to use when domain joining. \n	\n String \n	\n - \n	\n Yes \n
\n log_analytics_workspace_id \n	\n Workspace ID of the Log Analytics Workspace to associate the session host VMs to. \n	\n String \n	\n - \n	\n Yes \n
\n vm_timezone \n	\n Defines the time zone which a VM is going to use. List of time zone names available here. \n	\n String \n	\n - \n	\n Yes \n
\n log_analytics_workspace_primary_shared_key \n	\n Primary Shared Key of the Log Analytics Workspace to associate the VMs with. \n	\n String \n	\n - \n	\n Yes \n
\n resource_group_name \n	\n Name of the resource group in which Terraform will deploy resources. This group must be created manually before deploying. \n	\n String \n	\n - \n	\n Yes \n
\n region \n	\n The region in which to deploy the resources. The region must be such that the newly provisioned VM can communicate with the domain controller. \n	\n String \n	\n - \n	\n Yes \n
\n host_pool_name \n	\n Name of the session host pool. \n	\n String \n	\n - \n	\n Yes \n
\n vm_prefix \n	\n Prefix to be added to each VM as host name. \n	\n String \n	\n - \n	\n Yes \n
\n tenant_name \n	\n Name of WVD tenant. \n	\n String \n	\n - \n	\n Yes \n
\n rdsh_count \n	\n Number of session host VM to be deployed. \n	\n Int \n	\n 1 \n	\n Only if deploying more than 1 \n
\n managed_disk_type \n	\n The type of managed disk(s) to attach. \n	\n String \n	\n Standard_LRS \n	\n No \n
\n tenantLocation \n	\n The region in which the RDS tenant exists. \n	\n String \n	\n eastus \n	\n No \n
\n vm_size \n	\n VM size. Full list of SKUs available here. \n	\n String \n	\n Standard_F2s \n	\n No \n
\n nsg_id \n	\n The ID of the NSG to associate the network interface. \n	\n String \n	\n - \n	\n No \n
\n existing_tenant_group_name \n	\n (deprecated) Name of the WVD tenant group. \n	\n String \n	\n Default Tenant Group \n	\n No \n
\n base_url \n	\n The URL in which the RDS components exists. This will need to be modified if the Github repo is forked. \n	\n String \n	\n https://raw.githubusercontent.com/Azure/RDS-Templates/master/wvd-templates \n	\n No \n
\n managed_disk_sizes \n	\n The sizes of the optional managed data disks. \n	\n List (String) \n	\n - \n	\n No \n
\n host_pool_description \n	\n Description of the session host pool. \n	\n String \n	\n Created through Terraform template \n	\n No \n
\n is_service_principal \n	\n Is a service principal being used for configuring WVD. \n	\n String \n	\n true \n	\n No \n
\n RDBrokerURL \n	\n URL of the RD Broker. \n	\n String \n	\n https://rdbroker.wvd.microsoft.com \n	\n No \n
\n as_platform_fault_domain_count \n	\n https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/managed-disks-common-fault-domain-region-list.md \n	\n Int \n	\n 3 \n	\n No \n
\n as_platform_update_domain_count \n	\n https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/managed-disks-common-fault-domain-region-list.md \n	\n Int \n	\n 5 \n	\n No \n
\n extension_bginfo \n	\n Should BGInfo be attached to all servers. \n	\n String \n	\n true \n	\n No \n
\n extension_loganalytics \n	\n Should Log Analytics agent be attached to all servers. \n	\n String \n	\n true \n	\n No \n
\n extension_custom_script \n	\n Should a custom script extension be run on all servers. \n	\n String \n	\n false \n	\n No \n
\n local_admin_username \n	\n Name of the local admin account that will be created on each of the VM. \n	\n String \n	\n rdshadm \n	\n No \n
\n domain_joined \n	\n Defines if a domain join is to be performed. \n	\n String (Bool) \n	\n true \n	\n No \n
\n registration_expiration_hours \n	\n The registration token expiration window (in hours). \n	\n String \n	\n 48 \n	\n No \n
\n vm_storage_os_disk_size \n	\n The size of the OS disk. \n	\n String \n	\n 128 \n	\n No \n
\n vm_version \n	\n Version of the VM image. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n vm_sku \n	\n The SKU of the VM image. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n vm_offer \n	\n Offer of the VM image. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n vm_publisher \n	\n Publisher of the base image to be used for provisioning the session host VMs. \n	\n String \n	\n - \n	\n If vm_image_id is not set \n
\n extensions_custom_script_fileuris \n	\n File URIs to be consumed by the custom script extension \n	\n List (String) \n	\n - \n	\n If extension_custom_script is set to true \n
\n extensions_custom_command \n	\n Command for the custom script extension to run \n	\n String \n	\n - \n	\n If extension_custom_script is set to true \n
\n domain_name \n	\n Domain name of the domain to which the session host VMs are to be joined. \n	\n String \n	\n - \n	\n If domain_joined is set to true \n
\n domain_user_upn \n	\n UPN of domain account that has permissions to perform domain join. \n	\n String \n	\n - \n	\n If domain_joined is set to true \n
\n domain_password \n	\n Password of the domain account that will perform the domain join. \n	\n String \n	\n - \n	\n If domain_joined is set to true \n
\n vm_image_id \n	\n ID of the custom image to use. \n	\n String \n	\n - \n	\n If no vm image attributes are set \n

Blog Post

Deploying Windows Virtual Desktop host pools with Terraform

Overview and requirements

Setting up Terraform

Preparing Azure subscription and WVD for Terraform

Getting access to Terraform templates

Configuring Terraform

Deploying with Terraform

Troubleshooting Terraform deployment

Issues with Terraform code

Issues with DSC

Overview and requirements

Setting up Terraform

Preparing Azure subscription and WVD for Terraform

Getting access to Terraform templates

Configuring Terraform

Deploying with Terraform

Troubleshooting Terraform deployment

Issues with Terraform code

Issues with DSC

Overview and requirements

Setting up Terraform

Preparing Azure subscription and WVD for Terraform

Getting access to Terraform templates

Configuring Terraform

Deploying with Terraform

Troubleshooting Terraform deployment

Issues with Terraform code

Issues with DSC