question

khsarvaiya-6096 avatar image
0 Votes"
khsarvaiya-6096 asked JamesTran-MSFT commented

azuread login issues with azure virtual desktop

Hi All,

I am trying to explore the azure virtual desktop with azuread joined in it (not azure AD DS).
here are the steps I have followed
1. created virtual desktop pool with one windows 10 vm in it.
2. granted virtual machine user login , desktop virtualization user role assigned to the workspace and application group.
3. I have also assigned this vm to my user in hostpool assig option.
4. from bastion host, I can see from about pc This vm is joined to AzureAD.
5. when I try to login from following link, (cred passed are Username- AzureAD\username@domain.com password-working password) I am getting this error "Oops, we couldn't connect to "SessionDesktop"
Sign in failed. Please check your username and password and try again."
https://rdweb.wvd.microsoft.com/arm/webclient/index.html
6. we have conditional access MFA is enabled.

I have gone through multiple documents, various troubleshooting forums , but still not getting any solution. can you please advise what I should check to make this work.

thanks in advance.

azure-active-directoryazure-virtual-desktop
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

khsarvaiya-6096
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·

1 Answer

AlanKinane avatar image
0 Votes"
AlanKinane answered JamesTran-MSFT commented

Have you completed all of the steps outlined here: https://docs.microsoft.com/en-us/azure/virtual-desktop/deploy-azure-ad-joined-vm#assign-user-access-to-host-pools

152847-capture.png


Also, this section is very important. Make sure you have everything in place as below:

152901-capture.png



capture.png (47.3 KiB)
capture.png (61.0 KiB)
· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks @AlanKinane for reply. appreciate it.

yes I have gone though this link as well.
1. yes I have assigned "Virtual Machine User Login" role to that VM and resource group both.
2. in host-pool ->RDP properties-> advance I have also added targetisaadjoined:i:1
3. in host-pool I have assigned username@domain.com to this VM.

then I tried with "azuread\username@domain.com" , "AzureAD\username@domain.com" , "username@domain.com"
but it is not working and shows same error.




0 Votes 0 ·

Sorry for asking, but you mentioned you have MFA enabled. So have you performed these steps also?

152947-capture.png


If possible, maybe temporarily disable MFA for this account so MFA can be ruled out as an issue.

Also, have you rebooted the session host(s) since adding the RDP property: targetisaadjoined:i:1


0 Votes 0 ·
capture.png (19.9 KiB)

thanks @AlanKinane for the immediate response on this, really appreciate it.

yes I have rebooted that vm.

for MFA, I understood that we can use MFA in this setup, so we dint disturb that for this setup.
But for disabling the MFA, I would need to check with our org admin. as this is applied to all org users and to check its impact.

I will check and update.

thanks.

0 Votes 0 ·
Show more comments