Virtual machine joined to Azure Active Directory + FSLogic = problem

Alexander Zhyzhnevskyi 11 Reputation points
2021-10-24T14:41:06.963+00:00

Hello.

Could you help me with my problem?

I created an Azure Virtual Desktop added a virtual machine joined to Azure Active Directory.
For the resource group in which the virtual machine is located, the role for the administrator is "Virtual Machine Administrator Login" and the user's role is set to
"Virtual Machine User Login".

Then I created a Storage Account with a file share. I navigate to Access Control (IAM) set role for "Storage File Data SMB Share Elevated Contributor" for the admin
and "Storage File Data SMB Share Contributor" users.
"Default to Azure Active Directory authorization in the Azure portal" is enabled.

Next, I install FSlogix and set the desired options in the registry.

If I try to log in as a user, I see the next error in the FSLogic log:

"FindFile failed for path: \ storageaccountname.file.core.windows.net \ share \ S-1-12-1-1532581436-1118641155-2452011939-1584453038_UserName \ Profile * .VHD (The user name or password is incorrect.)"

The user should get access to the Stostorage account without a username and password, but how to do it?

I tried to change the access rights to the mapped store account. as you showed in this video but I couldn't do this.
I navigate the mapped drive, click properties - security - edit - add and see the following message:

"The program cannot open required dialog box because it cannot determine whether the computer named "storageaccountname.file.core.windows.net" is joined to the domain."

Thank you for your help!

Please don't ignore my problem!

Alex.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,158 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,367 questions
FSLogix
FSLogix
A set of solutions that enhance, enable, and simplify non-persistent Windows computing environments and may also be used to create more portable computing sessions when using physical devices.
463 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,566 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-10-25T10:07:21.237+00:00

    @Alexander Zhyzhnevskyi Thanks for reaching out.

    The scenario you are describing is a known limitation for AVD and FS logix wont work in this scenario.
    This is mentioned at : https://learn.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm#known-limitations

    143415-image.png

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.