Apr 05 2019 02:27 AM
Hi together,
I was trying to create a Windows Virtual Desktop hostpool in oour Azure Environment by using the following Guidelines:
https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory
While creating the Service, the deployment failed by setting up the dcsextension for the new created VM after the machine was domainjoined.
I got his error message in the Azure Portal:
{'code':'DeploymentFailed','message':'At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.','details':[{'code':'Conflict','message':'{\\r\\n \\'status\\': \\'Failed\\',\\r\\n \\'error\\': {\\r\\n \\'code\\': \\'ResourceDeploymentFailure\\',\\r\\n \\'message\\': \\'The resource operation completed with terminal provisioning state 'Failed'.\\',\\r\\n \\'details\\': [\\r\\n {\\r\\n \\'code\\': \\'VMExtensionProvisioningTimeout\\',\\r\\n \\'message\\': \\'Provisioning of VM extension 'dscextension' has timed out. Extension installation may be taking too long, or extension status could not be obtained.\\'\\r\\n }\\r\\n ]\\r\\n }\\r\\n}'}]}
Did everyone know, what I can do to torubleshoot this issue?
Thanks and regards
Henry
Apr 05 2019 04:00 AM
Apr 06 2019 05:11 AM - edited Apr 06 2019 05:16 AM
@HenryM Hi Henry ,
i follow the same link :
but for me the error was joined failed with the VM , so i configured AADS with Sync Password force the Sync with powershell from AD azure to ADDS , if you don't want to sync the password just create a cloud account and the change the password from this link : https://myapps.microsoft.com it will trigger the update password in ADDS ( ADDS need to be enable)
my error was in this section in the link is confusing because it asked you to put your admin in client app :
so when it asked you to configure Windows virtual consent page for Server App and client APP
for server App it asked you to put the tenant name, this part is ok
now for client App it asked you to configure the admin account this one didn't work for me always error "no tenant ID" . so instead of the admin account i put the tenant name again , it works with client apps nor more tenant error ID and the permission applied for client apps, then i follow the rest of the guide all works fine if you want more info let me know
NB: i didn't choose the service principal name only UPN name with permission to joined ADDS
Thanks
Apr 08 2019 11:37 PM - edited Apr 08 2019 11:37 PM
Hi,
I've figured the problem out. In our case, Azure wasn't able to setup the dcs-extensions on the VM, because we had the powershell execution policy set on "Allsigned".
Now we switched the execution policy for the target OU the "Allow local scripts and remote signed" and Azure was able to setup the dcs-extension successful.
Oct 08 2019 04:16 PM
Oct 08 2019 10:33 PM
@Myron_Coward You can set these Settings by using a Group Policy in Active Directory.
If you browse to Computer configuration -> policies -> admninistrative templates -> Windows components -> Windows Powershell
There you've to activate "Turn on script execution" and set this to "Allow local scripts and remote signed"
Regards
Henry