How to access azure virtual Desktop over browser with joined domain ?

Leonard Schwenk 5 Reputation points
2023-02-02T20:15:40.8966667+00:00

Im trying to connect to azure virtual Desktop over the browser via client.wvd.microsoft.com.

worked already with aad

It worked already I used just Azure active directory and could easily join via a user with the azure role "virtual machine user".

wont work with azure active directory domain services

Now I deployed active directory domain services joined my vm in my host pool to my domain. But this time I cant join to the VM via browser anymore.

I added targetisaadjoined:i:1; to my host pool rdp properties.

After the prompt I just get the generic message.

Sign in failed. Please check your username and password and try again.

And just god knows how ofter I reseted that pw and tried another user.

When I try the vm admin login.

I see the VM login but then it says again the login is incorrect.

enter image description here

I can easily rdp into the machine if I open the RDP port and add a public ip which I DONT WANT. In the machine everything seems fine ...

What else have I checked.

  • networking networking config
  • user privileges -> till global admin role
  • user credentials for sure !

Really running out of ideas here any help is appreciated.

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,314 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,136 questions
Microsoft Entra
{count} vote

1 answer

Sort by: Most helpful
  1. Alan Kinane 16,676 Reputation points MVP
    2023-02-02T20:32:39.62+00:00

    The targetisaadjoined:i:1; is for Azure AD joined hosts this is not the used for Azure AD Domain Services joined VMs so remove this.

    Your existing Azure AD accounts need to sync to the AAD DS service and first you will need need to reset your user password (once off job) in order to get the password hash created in the correct format.

    https://learn.microsoft.com/en-us/azure/active-directory-domain-services/synchronization#synchronization-from-azure-ad-to-azure-ad-ds

    User's image

    0 comments No comments