Windows Virtual Desktop Sping 2020 release - CAA20004 error
Hi, I've configured Windows Virtual desktop using the new release but having issues login into Remote Desktop app after clicking on 'Subscribe'. I get an Error CAA20004 and 'we couldn't authenticate you. However I can access everything via the Web portal (e.g. full desktop or published apps). My setup is: 1x WVD session host joined Azure AD domain services, M365 E5 licenses. I happens to all user accounts. Any ideas? Thank you.
Solutions for WVD client not connecting
I, and it seems many others, have had issues connecting to windows virtual desktop after provisioning seemed successful. This manifests with the web client giving errors after opening port, or with the desktop client saying something went wrong and a vague explanation. Turns out there are a few rules that must be followed that aren’t mentioned anywhere I looked. 1) the user you are logging in with must be from the local AD or from the AADDS ... NOT an AzureAD user. It must be synced but it must originate from local AD. It must be a domain user. You won’t see what the issue it, but it will fail. Your domain controller does the sign in Authentication, but it’s initiated through azure, so it must be synced and visible in azure but actually created in domain. AzureAD users won’t sync back to the domain so that’s why it needs to be created in domain. Remember to add the domain user to the app group via add-rdsappgroupuser as well. 2) you can’t be logged into windows with a different Microsoft account for the desktop client. The new client apparently looks at the windows accounts, and you will see there is no way to change accounts from the desktop client. This is very annoying. Since it’s tied together if you are logged into a personal Microsoft account or one not from your local AD that’s not been added to the appgroup, it will fail. I was testing accounts but I was logged into windows with my personal Microsoft account and it always gave errors. I logged out, and into the local computer account , and the desktop client worked fine. I figured this out because after I removed the additional testing accounts from windows users I got a Login screen but then it still failed with the same “something went wrong” error. This led me to think it might be getting confused because I could have multiple work accounts on computer and the client never asked which to use. Instead of a VM issue it’s just the client isn’t smart enough to ask which account you want to use even after login. Item 3 also led to to realize that it’s getting confused with accounts. 3) use incognito to test web client. Even though I logged out of azure portal, out of my own Microsoft account, etc, the web client kept failing to connect. BUT if I ran incognito it connected. This told me the app isn’t able to distinguish the account I needed to use. Again, my personal account still had a trace somewhere in the browser and this kept causing issues. WVD kept trying to use an account that’s not part of my WVD setup, hence failure. Try incognito. I hope these items help you out. None of these were made clear and I beat my head for 3 days re-launching WVD VMs and tenants. Turns out the setup was fine the whole time. It’s the WVD clients that suck. The desktop client must have a way to login a user and NOT pull from windows. Or at least give the user a clear error that explain what account it’s trying to log in with. Just telling me what account it tried to used on either the desktop client or webclient would have identified this in an instant. The diagnostics log weren’t clear enough either. Ultimately Please just separated the sign ins. Not everyone wants to use SSO, especially a remote worked on their personal laptop that’s not domain joined, or joined to a different domain. Hope this helped some people out.WVD + FSLogix (Azure Files) with 8 x D8S-v3 for 340 users - Major performance issues
Hello, We have this week gone live with a 340 user WVD with FSLogix deployment in Azure on 8 x D8S-v3 size servers. We are having performance issues which we're not able to get to the bottom of. Server performance looks like it is OK via Azure Portal. Only thing that does look slightly high is Network, however, I'm not certain this this is the issue. Behaviour Users are logging in for the first - waiting a long time for the FSLogix profile to be created and hang on the Windows start until it is completed. Users who do have a profile are having sluggish behaviour, i.e. clicking on start the menu takes some time to open and opening an app seems to hang for a while then the app opens Users greeted by a black screen upon first creation of their profile, nothing changes, we need to delete the virtual Disk from the FSLogix storage pool. So they can signin again for it to create the profile. Outlook and OneDrive are taking a awful long time to set up. During testing about 2 weeks ago, we didn't have a single issue. However, I am not sure with Microsoft's networks being hammered is this perhaps related to performance of the servers (network any way) Or, it being +/- 280-300 users logging in causing the issues. Or, network throughput some how needs to be increased. We've raised a Critical support case as the project engineers and service desk are being hammered. However, our 2 hour SLA has not been met and still 5 hours later, nothing. I assume due to the increase in demand given the current situation of home isolation. Thank you for reading through this and welcome any feedback/guidance. Adam
Mac RD Client 10.3.12 Broken for WVD - no workspaces found for email address
Hi all, I've deployed several WVD using Powershell in different tenants. I have a few mac users and the latest Mac RD client does not work - it broke after an update a few months back and hasn't been fixed. If you go to workspaces, add workspace, type in the user's email address, it throws an error: No workspace is associated with this email address. The Windows client still works, as does the web client. I can't find any info online - I guess there aren't many mac users logging in to Azure hosted WVDs! Has anybody else out there experienced the same? I wonder whether this coincides with the new GUI tools in Azure which don't appear to work with WVD hostpools previously deployed via Powershell. Original post: https://docs.microsoft.com/en-us/answers/questions/55329/index.html
Problem - Default file association with Remote app in WVD
We are experiencing an issue with WVD Remote apps where default file associations are not working, even though if we configure via GPO using a .xml file. Note that we are only using remote apps and not the full desktop. Any advice on how to resolve this problem? or if not would like to know if it's in the road map to address this problem. Thank You! BR, Romero SilvaProblem - Access Desktop and the remoteapps simultaneously in WVD
Hi We have published a desktop and multiple applications using the same host pool but when we try to access published app and the desktop simultaneously follow error occurs. Sequence: 1st opened up the published app and then try to open the desktop. Other question is, what is the recommend method to publish apps and desktop? Can we do it using one single host pool or do we have use two different host pools with different FSLogix profile shares. Thanks, RomeroError deploy Windows Virtual Desktop
I'm trying to deploy Windows Virtual Desktop I have a Free Subscription. I made sure complete all steps to deploy correctly; my steps were: Create a Resource Group and Virtual Network called DomainService-net Created an Azure AD Domain Service. Created a VMs with Windows Server 2019 and deploy an Active Directory also install Azure AD Connect. 4.The domain was Synchronized successfully with Azure AD. I granted access to my ID AD on https://rdweb.wvd.microsoft.com/ with Server app and Client App Into the Azure AD Domain > Enterprise Application> Windows Virtual Desktop and Windows Virtual Desktop Client I added roles like owner and tenant creator Created a VMs with Windows 10 Enterprise multi-session Office 365, in that machine I wrote the followings cmdls in PowerShell ISE <Install-module -name Microsoft.RDInfra.RDPowershell> <Import-module -name Microsoft.RDInfra.RDPowershell> <New-RdsTenant -AadTenantId <MyADID> -AzureSubscriptionId <MyIDSubs> -Name MiguelORG> Next I go to azure portal into marketplace select Window Virtual Desktop Pool and proceed to fill the requeriments. * Hostpool Name = DesktopPool * Location = EastUS * Desktop type = pool * Usage Profile = Medium * Image OS Version = Windows 10 Enterprise multi-session Office 365. * Disk Type = Premium SSD * AD Domain Join UPN = My on-promise user with Global Administrator and User Administrator roles. * Virtual Network = The same virtual network and subnet where is my domain server. * Windows Virtual Desktop tenant group name = Default tenant group * Windows Virtual Desktop tenant name = MiguelORG * Windows Virtual Desktop tenant RDS Owner = UPN * UPN = My on-promise user with Global Administrator and User Administrator roles. At the end I received this message. The template deployment 'rds.wvd-provision-host-pool-20191101234128' is not valid according to the validation procedure. The tracking id is 'ea249dd8-371b-4495-a78e-50deb4628612'. See inner errors for details. I did this process 3 time and each one that give me the same error, If I doing something wrong please help me to resolve this problem. Regards Miguel GuevaraPS scripts to run against WVD environment for health check
Hi fellow members. I have joined a new company and have inherited a 500+ WVD environment. I am going to be working with Microsoft and /or MS partner to help troubleshooting a number of issues on our WVD environment. Its possible we may pass the support for our WVD to an external party. I would like to run a health check against our WVD environment and was wondering if there is a number of PowerShell scripts I can run against our environment to start gather the underlying configuration and also just be able to run a health check to determine what issues need addressing. Is there anything out there that I could run against the environment that could assist me and the future partner we work with, ideally I like to be in a position to understand the current setup fairly well so can have those conversations with Microsoft and/or a partner. Many ThanksHow can I configure conditional access every time in a client app?
Hello. Even if close the client app, Azure AD credential will remain. Therefore, Azure AD authentication will not occur unless explicitly sign out of the client app. With this specification, conditional access will not useful in most scenarios. Are there any updates planned that accordingly require Azure AD authentication? I also found that I can reset Azure AD authentication by deleting the following registry value: === Registry Key : HKEY_CURRENT_USER\Software\Microsoft\RdClientRadc\https://mrs-prod.ame.gbl/mrs-RDInfra-prod Name : WebAccountIdStore === I will try to avoid this by scheduling a task to reset this value accordingly. What do you think about this? Is there another good way?
