Domain Join Fail on AVD Provisioning Using Image

EDWARD REYESARROYO 25 Reputation points
2024-09-25T19:39:11.83+00:00

Hello Community,

-Only signed in with local user/admin no entra id was used.

-Using customized generalized Image.
-Followed the link Create an Azure Virtual Desktop golden image | Microsoft Learn and the link to sysprep. Thus, sysprep on the vm, wait for full stop, and generalized via CLI and successfull.
-Image was created on the same vnet and the hosts reside.
-Once VM is provisioned I get this error (first during provisioning and second well the VM join the hostpool, just does not join the domain) User's image I manually went to the VM with the local user and was able to join it to the domain and is green...

Is there a setting I am missing or have someone seen this typer of error? Do I need to figure out a custom script as part of the process?

Thank you.

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,541 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sai Krishna Katakam 365 Reputation points Microsoft Vendor
    2024-09-25T23:40:21.3666667+00:00

    Hi EDWARD REYESARROYO,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    It looks like you’ve successfully joined the VM to the domain manually, which is a good sign. This indicates that the network and domain settings are likely correct. The issue seems to be with the automated domain join process during provisioning. Here are some steps to troubleshoot and resolve this:

    • Check the VM can communicate with the domain controller. Use ping or nslookup commands from the VM to verify.
    • Make sure that the NSG (Network Security Group) and firewall rules allow traffic to the domain controller, especially over ports required for domain join (e.g., ports 88, 389, 445, etc.).
    • The domain join extension is correctly configured in your Azure template. Verify the domain name, OU path, and credentials used in the extension settings.
    • If the built-in domain join extension is failing, you might need to use a custom script to join the domain. Here’s a basic example of a PowerShell script to join a domain:
        $domain = "yourdomain.com"
        $username = "domain\username"
        $password = "password"
        $secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
        $credential = New-Object System.Management.Automation.PSCredential($username, $secpasswd)
        Add-Computer -DomainName $domain -Credential $credential -Restart
      
    • Add this script to the custom script extension in your ARM template or Azure portal.
    • Sometimes, the domain join process might fail due to timing issues, such as the VM not being fully ready or network services not being available. Adding a delay before the domain join script runs can help mitigate this.
    • Check the logs for the domain join extension and custom script extension for any specific errors. These logs can provide more detailed information on why the domain join is failing.

    For more details, you can refer to the below documents:

    Troubleshoot Azure Virtual Desktop session host
    Troubleshoot Windows VM extension provisioning errors

    If you have any further queries, do let us know. If the comment is helpful, please click "Upvote".


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.