Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,586 questions
Azure VD Based Connection - Failed to Connect - "A Certificate authority could not be contacted for authentication" while using Windows Hello for Business
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 88%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Veera Ragavan
21
Reputation points
Hello Experts,
I could not find the Limitations of Azure Virtual Desktop Based scenario's.
Environment:
- Windows 11 - as Azure AD Domain Joined
- On Premise AD, CA Environment
- On Premise CA Environment, Integrated and Deployment Using SCEP/NDES Model with help of Intune
- Windows Hello for Business - Using the Internal CA Certificates
- Latest Updates with Client OS, and Remote Desktop Application is also Up to Date
- Windows Hello for Business Activated, Working Well as expected - PIN, Face Recognization...
We have Successful usage of AVD Based work Stations and Applications using MS Edge / Chrome Browser. The following error appears while we try to access the Remote Desktop Based
Added Information:
- Remote Desktop Application helps to connect to the AVD Environment - with Regular Credential Based authentication.
- Remote Desktop Application failed to connect - With any other except credential based (Example : PIN, Fingerprint, Face Recognization...) - For any Applications which is Hosted in Azure VD (Example : Outlook, PowerPoint, Hosted Servers..)
- The Same error message appears if we take the RDP Session using MSTSCS Based Session
- All Azure VD Hosted Devices, Applications are accessible with out any issues using Browser. In General the browser based authentication will not ask for the Windows Hello For Busines based logins
Any Idea, if we have any Limitations with AVD + Windows Hello for Business.
Certificate Details:
The following type of Certificate's are in Place and it is use for authentication - Other Purpose (Accessing the In House Applications, etc.,)
Device Based Certificate's
User Based Certificate
Any Suggestion:
- Usage of additional certificate/types - If no Restrictions
2.Reference Materials if any Restrictions..
Thank you for your time in Advance!
{count} votes
-
Prrudram-MSFT 23,211 Reputation points2023-07-18T06:40:43.9633333+00:00 Hello @Veera Ragavan
I have checked with internal teams to confirm if my response is correct. and yes, this won’t work as the AVD VM is Azure AD Domain Services joined. It would require that the VM is AAD joined, or Hybrid Azure AD Joined.
-
Veera Ragavan 21 Reputation points
2023-07-18T09:03:20.4166667+00:00 Thank you @Prrudram-MSFT
For your time and support on this topic.
Do we have any reference material about the Limitations and Restrictions from Microsoft Site... Can be helpful -
Prrudram-MSFT 23,211 Reputation points
2023-07-20T11:39:49.6866667+00:00 It's likely missing the line-of-sight to the domain controller to do the authentication. It might be worth testing out the upcoming Single Sign-On functionality as that will support WHfB. Configure single sign-on for Azure Virtual Desktop using Azure AD Authentication - Azure | Microsoft Learn
Sign in to comment