User Profile
edsonfagundes
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Re: AVD Virtual Machines "Domain to join"
Since users must be discoverable through Azure Active Directory (Azure AD) to access the Azure Virtual Desktop, user identities that exist only in Active Directory Domain Services (AD DS) aren't supported. This includes standalone Active Directory deployments with Active Directory Federation Services (AD FS). https://learn.microsoft.com/en-us/azure/virtual-desktop/authentication3.3KViews0likes0CommentsRe: AVD Virtual Machines "Domain to join"
"You can quickly deploy Azure Virtual Desktop with the getting started feature in the Azure portal. This can be used in smaller scenarios with a few users and apps, or you can use it to evaluate Azure Virtual Desktop in larger enterprise scenarios. It works with existing Active Directory Domain Services (AD DS) or Azure Active Directory Domain Services (Azure AD DS) deployments, or it can deploy Azure AD DS for you. Once you've finished, a user will be able to sign in to a full virtual desktop session, consisting of one host pool (with one or more session hosts), one application group, and one user. To learn about the terminology used in Azure Virtual Desktop, see Azure Virtual Desktop terminology. Joining session hosts to Azure Active Directory with the getting started feature is not supported. If you want to want to join session hosts to Azure Active Directory, follow the tutorial to create a host pool." https://learn.microsoft.com/en-us/azure/virtual-desktop/getting-started-feature?tabs=new-aadds Azure AD Join Device https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join3.5KViews0likes0CommentsRe: PIN authentication error after hybrid join
https://social.technet.microsoft.com/Forums/sharepoint/en-US/19759374-c928-450a-96a0-39a7a6003e74/kdc-event-id-29-the-kdc-cannot-find-a-suitable-certificate-to-use-for-smart-card-logons#:~:text=The%20Key%20Distribution%20Center%20%28KDC%29%20cannot%20find%20a,certutil.exe%20or%20enroll%20for%20a%20new%20KDC%20certificate.hannessyZv hannessyZv Thank you for your efforts in working closely with us. We were able to repro this event ourselves by taking a CA offline. We noticed that when starting the KDC service, an attempt to validate the DC cert is made and that attempt fails with KDC_ERR_KDC_NOT_TRUSTED since the revocation server was offline along with the CA. This is likely what is happening with you as well. To confirm the same, please create the following registry value on your Windows Server 2008 servers and restart the KDC to see if the warning event goes away. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kdc] "UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors"=dword:00000001 After you set this DWORD value to 1, the Kerberos clients will ignore "Revocation unknown" errors that are caused by an expired CRL. After you perform the test, please revert the registry value back and let us know the result: 1. Does the warning go away after you configure the above registry value? 2. Where do you put the CRL to? Please feel free to let us know if anything is unclear.3.5KViews0likes0Comments
Recent Blog Articles
No content to show