Getting started with Windows Virtual Desktop
Published Mar 29 2019 01:38 PM 367K Views
Microsoft

Updated 12/20/2019

With the Windows Virtual Desktop now General Available (GA), we wanted to provide a quick overview of the steps required to get your environment up and running.

Before I begin; however, I’d like to take a few moments to explain what Windows Virtual Desktop is and how it can help you deploy and scale Windows and Office on Azure in minutes, with built-in security and compliance.

Windows Virtual Desktop is a comprehensive desktop and app virtualization service that runs in the cloud. Here is a quick list of some of the key features and functionality:

  • Infrastructure services like gateway, brokering, licensing, diagnostics are provided as a service in Azure. There’s no need to deploy and maintain any on-premises infrastructure.
  • Windows Virtual Desktop can leverage Azure Active Directory (Azure AD) as the identity provider, allowing you to leverage additional security controls like multi-factor authentication (MFA) or conditional access.
  • Once a user is connected to Windows Virtual Desktop service, access to Active Directory joined virtual machines (VMs) will be provided using Azure AD identities. In environments where Active Directory Federation Services (AD FS) is implemented for single sign-on (SSO), the user won’t be prompted for credentials when connecting to the VM, providing a seamless sign-on experience.
  • Reverse connect technology means your destination VM doesn’t need any inbound ports to be opened. Even the default RDP port, TCP/3389, doesn’t have to be open. Instead, an agent creates an outbound connection using TCP/443 into the Windows Virtual Desktop management plane. Azure is your reverse proxy for RDP traffic.
  • Virtual machines in Windows Virtual Desktop are not exposed to the Internet directly. They can run using a private IP address and run isolated from other workloads or even the Internet. (The reverse connect technology allows the VMs to be accessed.)
  • Windows Virtual Desktop introduces Windows 10 multi-session, allowing you to offer a Windows 10 Enterprise experience where multiple users can log into the same Windows client VM simultaneously via RDP. (multi-session was historically only possible on Windows Server operating systems.)
  • Access to FSLogix technology, making your Office experience in a non-persistent environment feel like you are using a traditional PC.
  • Windows Virtual Desktop supports full desktop, RemoteApp, and persistent or non-persistent, dedicated or multi-session experiences.
  • Organizations with “Windows 10 Enterprise E3 Per User” licenses or better (e.g. Windows 10 Enterprise E5 or Microsoft 365 E3, E5, F1, or Business) or RDS CALs can use Windows Virtual Desktop for no additional charge apart from Azure compute/storage and network usage billing. Reserved instances can be used to reduce Azure costs up to 80%.

Now let’s move on to the steps you need to take to get started.

Windows Virtual Desktop prerequisites

To set up Windows Virtual Desktop, you will need a few resources and to complete a few initial setup steps:

  • An Azure subscription with sufficient credit (needed to host resources).
  • Download and install the Windows Virtual Desktop cmdlets for Windows PowerShell on a device.
  • Make sure your virtual network in Azure is configured in such a way that new VMs have your Domain Controller or Azure AD Domain Services (Azure AD DS) set as the DNS (otherwise the domain join step will likely fail). For guidance on how to configure DNS when using Azure AD DS, see Enable Azure Active Director Domain Services. For guidance for using a Domain Controller, see Name resolution for resources in Azure virtual networks.
  • Make sure all Azure resources are in the same region.
  • If you require seamless SSO (HTML5 client excluded), you will need AD FS or users will have to authenticate when gaining access to the VM. (Steps on how to enable this with AD FS will follow at a later stage.)
  • An Active Directory to which you can join your VMs. For this, you have three options:

    Option

    Pros

    Cons

    Use Azure AD DS.

    Great for test or isolated environments that do not need connectivity to on-premises resources.

    Azure AD will be your leading source for identities.

    AD DS will always be running, resulting in a fixed charge per month.

    Spin up a DC in your Azure subscription.

    Can sync with on-premises DCs if VPN or ExpressRoute is configured.

    All familiar AD Group Policies can be used.

    Virtual machines can be paused or stopped when needed to reduce costs.

    Adds additional management of a VM and Active Directory in Azure.

    Use VPN or ExpressRoute and make sure your on-premises DCs can be found in Azure.

    No AD DS or Domain Controller required in Azure.

    Latency could be increased adding delays during user authentication to VMs.

    This assumes you have an on-premises environment, not suitable for cloud only tests.

In our test environment, we decided to spin up a new VM with Windows Server 2019 for our domain controller and install Azure AD Connect to sync identities to Azure AD.

Finally, you’ll also need to make sure you have the right credentials. Here’s an overview of the accounts being used throughout the deployment process:

1_accounts-used.png

Once the prerequisites have been met, you can move on to the initial setup of Windows Virtual Desktop. Once these steps have been completed, you will be ready to deploy your initial VMs:

  1. Allow the Windows Virtual Desktop service to access Azure AD.
  2. Assign the “TenantCreator” role to a user account.
  3. Create a Windows Virtual Desktop tenant.
  4. Deploy your first Windows Virtual Desktop host pool.
  5. Test if a user can access a full desktop session.

Allow the Windows Virtual Desktop service to access Azure AD

Before you can create a Windows Virtual Desktop tenant, you must allow Windows Virtual Desktop services to access your Azure AD tenant. The way Windows Virtual Desktop is designed requires explicit Azure AD consent. The process is much like how Azure requires you to enable non-standard resource providers before being able to use them.

  1. Navigate to https://rdweb.wvd.microsoft.com.
  2. Add your Azure AD tenant ID, also referred to as the Directory ID, and hit Submit. (Your Azure AD tenant ID can be found by visiting the Microsoft Azure Portal and navigating to Azure Active Directory > Properties > Directory ID, or by using whatismytenantid.com.)

    2_azure-ad-tenant-id.png

    3_wvd-consent-page.png
  1. Wait a moment for the consent options to refresh, then change Consent Option to Client App and enter the same Azure AD tenant ID to the field for AAD Tenant GUID or Name. Click Submit to continue.

Assign the “TenantCreator” role to a user account

Once you have granted access to Azure AD, you will need to grant permissions for a user to create a Windows Virtual Desktop tenant as follows:

  1. Log in to the Microsoft Azure Portal.
  2. Navigate to Azure Active Directory from the left menu.
  3. Under Manage, click on Enterprise applications.
  4. Search for and select Windows Virtual Desktop.
  5. Under Manage, select Users and groups.
  6. Select Add user, select Users and groups, and search for the user to whom you want to grant permissions to perform the Windows Virtual Desktop tenant creation.
  7. Select the user and hit Select, followed by Assign.

Your user should now have the role of “TenantCreator.”

5_tenantcreator.png

Create a Windows Virtual Desktop tenant

Now that you have a user with the right permissions to create a Windows Virtual Desktop tenant, let’s go ahead and create it. During this step, you will need two IDs:

  • Your Azure AD tenant ID (again).
  • Your Azure subscription ID, which can be found by visiting the Microsoft Azure Portal and doing a keyword search for “Subscriptions.” Select Subscriptions from the search results and your subscription ID, assuming you have an active subscription, will be displayed below.

    6_subscription-id.png

Once you have these two IDs, you can create the Windows Virtual Desktop tenant.

Note: Before proceeding, make sure you import the Windows Virtual Desktop cmdlets for Windows PowerShell as described in the prerequisites section above. If you haven’t completed this step yet, see these instructions.

Create a new PowerShell script, modifying the bold variables to reflect your tenant ID and subscription ID, and execute the following commands. When prompted, sign in using the admin account that was assigned to the TenantCreator role.

#Install PowerShell modules
Install-Module -Name Microsoft.RDInfra.RDPowerShell
Import-Module -Name Microsoft.RDInfra.RDPowerShell
 
# Setting Deployment context
$brokerurl = "https://rdbroker.wvd.microsoft.com"
$aadTenantId = "<value from #1 above>"
$azureSubscriptionId = "<value from #2 above>"
Add-RdsAccount -DeploymentUrl $brokerurl

Next, use the following command to create the Windows Virtual Desktop tenant. Make sure to change the bold variable to a name of your choosing.

New-RdsTenant -Name Contoso -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId

For our example, these were the commands I used:

# Setting Deployment context
$brokerurl = "https://rdbroker.wvd.microsoft.com"
$aadTenantId = “f59f09fb-51fe-4e7f-a510-984671d28231”
$azureSubscriptionId = “d4092f2e-5cd5-4d7d-ae58-9c328523828b”
Add-RdsAccount -DeploymentUrl $brokerurl

New-RdsTenant -Name CSPieter -AadTenantId $aadTenantId -AzureSubscriptionId $azureSubscriptionId


7_powershell-example.png

Deploy your first Windows Virtual Desktop host pool

A host pool is a collection of VMs that offer a similar service, such as a full desktop experience. When users connect, they can access a virtual desktop session on any of the hosts in the pool.

Step 1: Configure basic settings

To get started, visit the Microsoft Azure Portal, select Create a Resource and search for Windows Virtual Desktop. Select Windows Virtual Desktop – Provision a host pool.

8_provision-a-host-pool.png

Select Windows Virtual Desktop – Provision a host pool and click Create. Enter details as follows:

  • Host Pool name - Choose something descriptive for the pool of hosts, e.g. “FullDesktop”
  • Desktop type: Pooled or Personal - Choose Pooled unless you are deploying a virtual desktop infrastructure (VDI) configuration wherein every user has their own dedicated VM.
  • Default desktop users - Add a comma separated list of users. (group support will follow later.) You can also use PowerShell to add users to this host pool at a later point.
  • Subscription – Select Microsoft Azure.
  • Resource group - Use an empty Resource Group or enter a name to create a new one.
  • Location - Enter the location where the resources, such as the VMs. will be created. This can be any existing Azure region of your choice.

9_host-pool-settings.png

Step 2: Configure the virtual machines

Next, you’ll enter the VM size details:

  • Select a Usage Profile that matches your environment: Light, Medium, Heavy, or Custom.
  • Enter the number of Total users that will be using this host pool.
  • If desired, change the Virtual machine size. For your test environment, which will likely have very few users, you could opt for a smaller size. You can use the Azure Calculator to get an idea on costs, find "compute" and select "windows virtual desktop".
  • Add a prefix for the VMs. Note: make sure your prefix is unique; don’t reuse your prefixes. Also, don't use underscores.

MarketPlaceStep2.png

Step 3: Configure VM settings

To configure the VMs for Azure, you will need to:

  • Select a custom image from Blob storage, a Managed image in Azure, or one from the Gallery. Our recommendation would be to test “Windows 10 Enterprise multi-session with Office 365 ProPlus” from the Azure Gallery. Office 365 ProPlus has been preconfigured for the ideal state of Windows 10 multi-session.
  • Select the Image OS
  • Select the Disk Type. SSD is recommended.
  • Enter credentials that have permissions to join a VM to Active Directory.
    • Important: check out the username requirements, some usernames are not allowed (like administrator/admin and more) 
  • (Optional) Specify the domain and/or OU.
  • (Optional) Use managed disks.
  • Configure the virtual network and subnet. Pay close attention to this step as this wizard will spin up virtual machines and join them to AD. This means the virtual machine must be able to locate the Domain Controller. Consequently, we recommend opening a separate tab in your browser and validate that:
    • The DNS server IP address that is assigned to the VM points to the DC or AD DS; this can be configured in multiple locations including on your virtual network.
    • The DC, VM, and network resources are in the same Azure region. (Otherwise, your deployment is likely to fail.)

      11_dns-servers.png

Here an example of what step 3 of the wizard could look like:
12_wizard-example.png

The main reasons a deployment fails is due to: 

  • The VM is unable to locate the DC due to networking configuration
    • Troubleshoot this by connecting to your DC via RDP and then RDP to one of the hosts, see if you can manually domain join the VM. 
  • A blacklisted username is used to domain join the VM, see details here
  • Wrong credentials are supplied 

Step 4: Enter authentication details

Once you have configured your VM settings, you will need to enter details about your Windows Virtual Desktop tenant and Azure AD tenant. Unless otherwise directed, leave the Windows Virtual Desktop tenant group name as “Default Tenant Group.” For the Windows Virtual Desktop tenant name, enter the name of the tenant you created earlier in this process.

Note: If you are unsure what your Windows Virtual Desktop tenant name is, use the PowerShell command “Get-RdsTenant” to obtain it.

Enter valid credentials for your Azure AD environment (UPN and password).

13_authenticate.png

Step 5: Check the summary

Check the summary windows to see your setup passed validation, then click OK.
MarketPlaceStep5.png

Step 6: Finalize the creation of your host pool

Hit Create, sit back, and relax. Wait for the deployment to finish. The process takes roughly 20 minutes.

15_create-host-pool.png

Test if a user can access a full desktop session

Once you have created your Windows Virtual Desktop host pool, you can download the client for Android or Windows, or use the HTML5 client. Here’s how to test with Windows or the HTML5 client.

Test with the Windows client

Download the latest Windows Remote Desktop client and subscribe to the feed using the following URL: https://rdweb.wvd.microsoft.com. Once subscribed, you will find the virtualized apps and desktops in the Start menu. You’ll also notice that it’s possible to enable conditional access and/or MFA for users when subscribing to a feed.

16_remote-desktop-client.png

Test with the HTML5 client

Launch a browser InPrivate or incognito mode and visit http://aka.ms/wvdweb to access the HTML5 client. Authenticate using the login information to which you assigned a full desktop session.

17_html5-client.png

If you are successful, you should be able to view the desktop:

18_successful-vm-launch.png

What’s next?

Once you have completed your setup of Windows Virtual Desktop, you can assign other users to your host pool using the following PowerShell command, replacing <WVDTENANTNAME> with the name of your tenant, <HOSTPOOLNAME> with the name of your host pool, and leveraging the appropriate user principal name:

Add-RdsAppGroupUser <WVDTENANTNAME> <HOSTPOOLNAME> "Desktop Application Group" -UserPrincipalName USER@TENANT.onmicrosoft.com

In our environment, this is what the command looks like:

Add-RdsAppGroupUser CSPieter FullDesktop "Desktop Application Group" -UserPrincipalName user2@cspieter.onmicrosoft.com

You can also move on to more advanced tasks, such as:

  • Setting up a host pool dedicated for RemoteApps instead of full desktops.
  • Installing FSLogix profile containers so that you can benefit from the profile solution that makes Office365 ProPlus work, just like on a local PC and/or laptop.

To explore other scenarios and learn more about Windows Virtual Desktop, please see the Windows Virtual Desktop documentation on Docs and watch What is Windows Virtual Desktop? on Microsoft Mechanics. I also encourage you to join the Windows Virtual Desktop community on Tech Community to connect with the Windows Virtual Desktop team and your fellow public preview participants.

108 Comments
Copper Contributor

Great article!

Are you sure M365 F1 covers WVD usage though? I thought the Windows E3 entitlement in M365 F1 specifically excluded virtualisation rights?

Copper Contributor
I wonder if there’s a possibility of integrating with my in-prem exchange for outlook services and also if it caters for archived mails (enterprise vault).
Microsoft
@wonderdog: Microsoft 365 F1 offer will include rights for Windows Virtual Desktop. This is an exception and means that firstline users who are licensed with Microsoft 365 F1 will be able to have access to Windows Virtual Desktop from all of their devices.
Microsoft
@JoelJuma: If your exchange environment supports mobile workers with Office 365 ProPlus today, it will work with Windows Virtual Desktop. If that's not the case and users have to be connected to the office network to access exchange, you couuld consider extending your on-premises network to Azure using use site to site VPN or ExpressRoute.
Copper Contributor

That's excellent news! The official docs.microsoft page doesnt flag F1 at valid at present- and it'd be a HUGE deal if planning large low cost-per-seat deployments using low cost thin clients as endpoints - for use in callcentres and the like.

Copper Contributor
@Pieter Wigleven - my environment is a highly sensitive place and although I have an integrated AAD connection which I’m currently using for AIP, I would love to know more about the competitiveness with Citrix as I currently have a huge VDI environment at present. Furthermore do I have this in my normal Azure subscription or it comes with a different subscription.
Copper Contributor

Took me a while to get the first pool spun up in my lab tenant - your guide for the PowerShell bits was hugely helpful (and the pointers on making sure the DNS/DC was reachable), but then I kept getting stuck at the domain activation step - I eventually spotted that while I'd peered my WVD vnet to the vnet containing my domain controller, I hadn't setup the reverse peer! Doh!

Copper Contributor

Logged in and working now - but the experience is pretty poor from the UK - I suspect everything is hairpinning via the managed RDP gateway in a US or something, even though my test desktop and I are in the UK.

The beta client also has no options to control the RDP stream - forcing the remote desktop to maximum screen resolution etc. I'm hoping we get some configurability back soon.

Huge potential though - looking forward to trying out a RemoteApp pool next!

Copper Contributor

If we have Microsoft e3 or e5 what exactly is the added cost of the "Azure compute/storage and network usage billing". I would like to determine if this is more cost effective than our current set up. Any info would be helpful 

Copper Contributor

@sxc7886 Just use the Azure cost calculator to price up appropriately specced guest VM's (plus appropriate storage) based on your requirements. Add in an amount of "out of Azure" network bandwidth if you want, though I reckon it wont be more than about ~5% percent on top of your VM costs under most normal circumstances. You can also power the machines down/up on a timed schedule when not in use (or user reserved instances if they are utilised 24/7) to reduce cost.

The management tooling is free. No need to pay for gateways etc. You will need access to a domain controller somewhere though (might be worth spinning a B2 one up on Azure IAAS in the same region as your pool for about £30 a month?)

If you are using W10 as the OS for your VM's  you aren't paying any extra over the cost of the base VM hardware (as these WVD W10 licenses are covered by your M365 e3/e5 entitlement). If you are using Windows Server for your pools you'll still pay a little bit for that licence.

Remember you'll need RDS CAL's per user if you are using Windows Server. M365 e3/e5 don't include this. So consider using W10 multi-session if you are doing session based desktops,

Copper Contributor

Are there any thin clients that are validated to work with this service?

Copper Contributor

Once you create a host pool is there a way to just delete it? Or is it as simple as just deleting the resources it created under the resource group? I want to start over because I did this before I saw this guide and made some mistakes.

Copper Contributor

Hi Pieter, 

Windows virtual desktop was successfully created in Azure, but when I try to connect to it, I get the below error.

"We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help".

 

Any idea why?

BTW I'm doing this on MSDN subscription, hope thats not an issue.

Copper Contributor

@RobCMC just deleting all the resources seems to work. I did this quite a few times in my test setup (see blog https://www.itwriting.com/blog/11456-hands-on-with-windows-virtual-desktop.html).

 

Tim

Microsoft

@RobCMC Once a host pool has been created it really depends how far along you got aka do you want to delete the VMs / session host pools

 

Options

1) Pool was created via New-RDSHostPool - remove via running Remove-RDSHostPool host. Make sure to delete all app groups and users assignments.

2) Pool was created (either via ARM or manually) and VMs were registered - remove each host via Remove-RDSSessionHost and then do the same as in option #1

Copper Contributor

Hi 

1. There are a lot of documents that explain how to deploy WVD, I want to explain this to many customers, Is there any presentation that can help me?

2. I see that many steps should be done via PS commands, Will it possible through the portal soon?

3. It is in the preview stage. When it will be launched commercially?

 

 

Microsoft

@Jafar1970 1) There are no official deck for public use, you will need to build your own. There were some Ignite materials that you can reuses

2) Yes but soon is defined as post GA.

3) Ga is later this year

 

Microsoft

@Jafar1970 About two weeks ago we recorded the "What’s new in virtualizing Windows 10 and Office" session at Ignite the Tour in Amsterdam. The recording is available now and includes the presentation. After GA we will integrate into the Azure portal and many of the steps described here won't be necesarry anymore. Also - you won't have to use PowerShell for the vast majority of management actions. In terms of GA date, we have specific quality gates that we have to meet and therefore an exact date is difficult to give, the official statement is "second half of this calendar year".

Copper Contributor

Is it IaaS ?

Copper Contributor

@Jafar1970 The management tooling / gateways etc are all SAAS, but the hosts you provision are IAAS.

Copper Contributor

Hi  Pieter

How can I get the records next week?

Copper Contributor

I cannot get WVD to work. The deployment completes successfully in Azure (from Marketplace), but I cannot connect to Remote Desktop, neither via web-client or the new Remote Desktop client. The latter says "currently no resources available".

I only have Office 365 E3 licenses (and EMS E3), but no Windows 10 Enterprise E3 licenses in my tenant. Could that be why?

Microsoft

@Jafar1970 Good news, just discovered the recording is online

Copper Contributor

@ullerdkyou will find that your deployment actually failed. It gets right to the end and the VM fails with an extension error.

 

I get this error:

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'dscextension'. Error message: \\\"DSC Configuration 'FirstSessionHost' completed with error(s). Following are the first few: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: \\\"winrm quickconfig\\\".\\\".\"\r\n }\r\n ]\r\n }\r\n}"}]}

I haven't had a chance to research this but I was going to try doing this via powershell instead. See if that works better.

Copper Contributor

@RobCMCI have got it to work now.

My deployment was actually completing successfully (using Azure AD Domain Services), but there was 2 root causes why it was not working:

 

1. Get-RdsSessionHost reported status as "unavailable". Turned out, that when re-deploying you must use another prefix for the rds hosts according to this

2. Only 1 of 2 Azure AD account can login to the Win10 virtual desktop. The second user needs to reset password in Azure AD, so the password hash can sync back to Azure AD Domain services, which is required due to hash format according to this.

 

Copper Contributor

@PieterWigleven 

 

Excellent Article , i did it  in my labs all works fine . the only issue that  i had with the installation is when it asked you to put your admin account in the section Client App didn't works it gave me  an error Tenant ID error so i add the tenant name instead then it works fine with client permissions .

so in  my setup i choose ADDS with Password Synced then i synced with PowerShell the Hash password from AD azure to ADDS , i configured windows 2019 server joined to ADDS just for test,   follow the guide all works fine i can remote to VM  very easily ,

 

Now the next step is to published and manage Apps !!! i tried but it give me error :

 

Published items cannot be retried from AppGroupName: 'Desktop Application Group'. The AppGroup has
an AppGroupResource of type Desktop

 

Thanks

Copper Contributor

@Jafar1970  Hi , yes if you follow those steps you should be ok, i did it on my lab environments all works fine. for more help let me know thanks

 

Copper Contributor

Hi  Fadi

 

to Allow the Windows Virtual Desktop service to access Azure AD
I did the below steps:
1- Navigate to https://rdweb.wvd.microsoft.com.
Add your Azure AD tenant ID, also referred to as the Directory ID, and hit Submit.

It was done successfully

2- change Consent Option to Client App and enter an administrative account address

I have got the below error:

Consent Error
The following error occurred during the consent process:

Error: Invalid Tenant ID
Error sub-code: <No sub-code provided>
Error description: Tenant ID is not valid

Copper Contributor

@Jafar1970   yes i got the same error,  but you should enter in the client App the name of your tenant or the ID of tenant not the admin account it should works

 

please let me know  ;)

Copper Contributor

Hi Fadi

 

But I have already the tenant ID in the server App, Should I enter it in client App also? 

 

Regards

Copper Contributor

Hi,

 

when deploying using the described steps I got an error that the Computer name is to long.

 

"DeploymentFailed", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.", "details": [ { "code": "BadRequest", "message": "{\r\n \"error\": {\r\n \"code\": \"InvalidParameter\",\r\n \"message\": \"Windows computer name cannot be more than 15 characters long, be entirely numeric, or contain the following characters: ` ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \\\\ | ; : . ' \\\" , < > / ?.\",\r\n \"target\": \"computerName\"\r\n }\r\n}" } ] } } } }}

 

Regards

Copper Contributor

@Jafar1970   yes exactly enter the name of the tenant in client apps that's what i did with my admin account didn't work 

Copper Contributor

@mbruurs1964 Make sure the base naming convention you're setting for your VM's isn't longer than 11-12 characters though, as -01, -02, -03 etc are appended to the end automatically!


Copper Contributor

Hi All,

 

I have followed the above step, but i am unable to login to the Windows Virtual Desktop, i get the following error:

 

WVD Error.png

 

Am i missing something obvious?

 

Regards,

 

 

Copper Contributor

Check in your azure portal that you have at least one Session Desktop Virtual machine available and turned on? If they are 1:1 you might have another connection open to all machines in the pool already as well.

 

Copper Contributor

@wonderdogThanks for getting back to me. The Virtual machine is definitely on and available. I can remote into it if I RDP via my DC in Azure.

 

Regards,

Copper Contributor

Tried rebooting it to make sure there are no lingering RDP sessions blocking your gateways efforts to connect?

Copper Contributor

@wonderdogRebooted, and tried again, same error. annoyingly looks like no one else has come across this issue...

 

We have a DC hosted in Azure - which is syncing with out Office 365/Azure AD - could there be an issue with our setup?

 

Regards

Copper Contributor

@wonderdog 

 

Hi ,

did you use the Windows Virtual Desktop from marketplace ?

Make sure that your DC in Azure or ADDS  is on the same DNS , subnet of you Hosted Pool VM's.

Also you should see you VM that is joined to domain in the OU  :

VM joined.png

another think to check if you account that you signed in to access the Host Pool is member of :

  • TenantName
  • HostPoolName
  • AppGroupName

you can check it with PowerShell of course you need to connect first to your tenant Pool with this command :

$myTenantName = <tenantname>
$hostpoolname = <hostpoolname>
$appgroupname = <appgroupname>

$brokerurl = "https://rdbroker.wvd.microsoft.com"
$aadTenantId = <Tenant ID>
$azureSubscriptionId = <your subscriptionID>
Add-RdsAccount -DeploymentUrl $brokerurl

 

after connecting just validate if your account is member of  :

$myTenantName = <tenantname>
$hostpoolname = <hostpoolname>
$appgroupname = <appgroupname>

 

with this command :

 

To validate :  

Get-RdsAppGroupUser -TenantName <tenantname> -HostPoolName <hostpoolname> -AppGroupName <appgroupname> -UserPrincipalName <your upn name>

 

To add as member :

Add-RdsAppGroupUser -TenantName <tenantname> -HostPoolName <hostpoolname> -AppGroupName <appgroupname> -UserPrincipalName <your upn name>

 

On my labs i'm using ADDS as DC I have AD connect that synced from AD-On premises to AD azure with Sync password options  , also you need to make sure that the  Password Hash is Synced from AD azure to ADDS with this command :

$adConnector = <damainname>

$azureadConnector = <tenant name> - AAD"

Import-Module adsync

$c = Get-ADSyncConnector -Name $adConnector

$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null

$p.Value = 1

$c.GlobalParameters.Remove($p.Name)

$c.GlobalParameters.Add($p)

$c = Add-ADSyncConnector -Connector $c

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $false

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $true

 

for more info please let me know  ;)

Brass Contributor

The accounts that I am specifying in "defaultDesktopUsers" are accounts that are synced between AD and AAD.
I can successfully connect to the Windows Virtual desktop tenant from the URL: https://rdweb.wvd.microsoft.com/webclient/index.html. using the accounts specified in defaultDesktopUsers ,However, when i connect to the remote session, it throws the error:

ErrorError

Copper Contributor

@ShehzadUIT Hi ,

 

can you type the error message ?   because i can't see it it's too small 

 

Thanks

Microsoft

@ShehzadUIT Please share the output

 

Get-RdsDiagnosticActivities -TenantName <yourtenant> -username <user having the error>

(Get-RdsDiagnosticActivities -TenantName <yourtenant> -username <user having the error> -ActivityId <most recent activity id from previos command> -detailed).Errors

(Get-RdsDiagnosticActivities -TenantName <yourtenant> -username <user having the error> -detailed).Errors

Copper Contributor

Hi Fadi

 

Should the TenantCreator user has global administrator or which directory role should user has? In the document, the administrator account is mentioned, but there is not a directory role called administrator account.

 

Please advise. 

 

Regards

Copper Contributor

Hi 

 

What is the meaning of the below command ?:

Add-RdsAccount -DeploymentUrl $brokerurl

 

Thanks

Copper Contributor

Hi

What is the meaning of the below command:

 

Add-RdsAccount -DeploymentUrl $brokerurl
Microsoft

This allows you to connect to the WVD service and start configuring it https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory

Brass Contributor

@Fadi Matni: here is the error:

Oops, we couldn't connect to "Session Desktop"
We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.

Brass Contributor

@Stefan Georgiev: Please find the results:

Get-RdsDiagnosticActivities -TenantName <yourtenant> -username <user having the error>

C1.png

(Get-RdsDiagnosticActivities -TenantName <yourtenant> -username <user having the error> -ActivityId <most recent activity id from previos command> -detailed).Errors

C2.png

(Get-RdsDiagnosticActivities -TenantName <yourtenant> -username <user having the error> -detailed).Errors

C3.png

Brass Contributor

repost. sorry

Version history
Last update:
‎Mar 18 2020 04:30 AM
Updated by: