This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 96%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
feeddiscovery fails with a 500 error in the new web client (windows.cloud.microsoft) when the Workspace resource is configured for private access.
This issue does not reproduce in the old web client (client.wvd.microsoft.com/arm/webclient/index.html).
unknown_feed_discovery_error: Unknown error occurred while attempting feed discovery
I figured out it is the Workspace network configuration that is causing this, not the hostpool network config, because it does actually work when I set the Workspace to allow Public connections.
This issue is 100% reproducible.
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
Hi Alex,
Thanks for your response.
Our first guess was a connectivity problem as well, but given the 500 Internal Server error we get back, this seems more of an implementation bug.
I have included the HAR file for the failing request: 500_avd.txt (it is JSON, but it won't let me upload json files). The request that is failing is to rdweb.wvd.microsoft.com.
This corresponds to step 1 & 2 of the client connection sequence . We do not use a private link for the initial feed discovery, so this domain resolves to a public IP. This request returns a 500 error, indicating there is an implementation bug in that service.
We use only two private links:
@Alex Burlachenko any suggestions how this bug could be reported?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 96%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAY%3C/text%3E%3C/svg%3E)
Thank you for the detailed question along with the logs, kindly help us with below queries too to understand the scenario better.
1.Could you please share us the output of the below commands from the users that are affected with this?
nslookup rdweb.wvd.microsoft.com :- should resolve to private IP via privatelink‑global.wvd.microsoft.com.nslookup <workspaceId>.privatelink.wvd.microsoft.com:-should resolve to the private IP of the workspace feed private endpoint.
1.Could you please share us the output of the below commands from the users that are affected with this?
nslookup rdweb.wvd.microsoft.com :- nslookup <workspaceId>.privatelink.wvd.microsoft.com:- should resolve to the private IP of the workspace feed private endpoint.
Hi @Ankit Yadav ,
Sorry, I missed your message.
Hey Laurens Bremers,
I working on the issue with the engineering team and I'll get back to you shortly on this one.
Hey @Laurens Bremers,
Just checking in if you got a chance to review my previous reply.
Let me know if this answered your question!
Hello @Laurens Bremers
I'd highly appreciate if you could please take a moment to accept answers and upvote it 👍 to make it helpful.
Thank you for helping to improve Microsoft Q&A!
Answer recommended by moderator
Hello @Laurens Bremers
I worked with the engineering team, and it turns out that it's already listed out as the product limitation here:
Additionally, please refer it here as well for web-browser support:
Hi @Ankit Yadav ,Thanks for getting back to me.
I'm a bit surprised that the web client is listed as not supporting Private Link, because it has worked for years...but oke that is not the same as having active support.
A few follow up questions:
Hello @Laurens Bremers
Please find the answers to your latest queries:
Where is the best place to plead the business case of adding support for Private Link in the web client? The fact that it already worked for years, makes it seem like it is more business decision to not support it.
The best place would be to share your feedback with the service over here: https://feedback.azure.com/
We encourage you to share your feedback on the Azure feedback link provided below. This will alert the product team, who will then prioritize the feature request as per the requirements.
The URL of the failing endpoint does not seem to be web client specific (https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery/tenants/xxx/app/xxx). Perhaps we found it failing in an unsupported use-case, but it seems like this would also fail in the local app. Can you confirm this 500-error is specific to the web client?
No this 500 error is not specific to the web client, it'll throw error on the local app too.
Hello @Laurens Bremers
Just checking in to see if you still have any query from the case or if my previous reply answered your queries.
Laurens hi,
the error happens after the initial feed discovery but before the session starts. this suggests the new client is making an additional api call to a service that the old client did not use, and that service is not reachable over your private network.
first, look at the network traffic from the endpoint device. use the browser's developer tools, f12, and go to the network tab. reproduce the error and look for any http call that fails with a 500 status code. the url of that failed request will tell you which specific service is unreachable. it is likely a new metadata or diagnostics service that the new client depends on.
microsoft is constantly adding new features to avd, and sometimes the required backend services for a new client are not all covered by the original private endpoint configuration for the workspace. you might need to open a support ticket with microsoft to ask for the complete list of fully qualified domain names that the new web client requires for private link scenarios. their documentation might not have caught up yet.
as a temporary workaround, while you investigate, you could create a specific dns rule. if you can identify the failing endpoint from the browser logs, you can create a conditional forwarder in your internal dns to resolve that specific hostname to its private ip address, if it has one.
this kind of issue is not unique to azure. any time a platform rolls out a new client, it can have new dependencies that break in locked down environments. it is always a game of catch up for network security.
so, to summarize. use the browser's f12 developer tools to find the exact url that is failing with a 500 error. that is your smoking gun. then, you can either adjust your private endpoint to include it or provide that information to microsoft support so they can fix their documentation or service.
rgds,
Alex