Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,750 questions
AVD - Sign in failed. Please check your username and password and try again. Despite vm joined to entra ad, rbacs assigned, double checked password
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 86%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUZ%3C/text%3E%3C/svg%3E)
Uri Zafrir
0
Reputation points
Hello
I've set up AVD using terraform, something like the example here in this link :
(I also tried creating the VM in the host pool manually)
I've also added the role "Virtual Machine Administrator Login" to my user.
I can see the VM in the host pool is available
I can see the AAD join extension is ok
Inside the VM, I can see it's joined to the entra AD.
But I still get this error:
this is the output of dsregcmd /status:
PowerShellCopy
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : NO
Device Name : VmAvd-0
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : d56544b4-5ad5-42ff-a144-dd4d7ee4f23f
Thumbprint : 80D2D280EF236A993BB94896B61672246C3F07EE
DeviceCertificateValidity : [ 2025-03-24 11:35:38.000 UTC -- 2035-03-24 12:05:38.000 UTC ]
KeyContainerId : 1c8da503-8a45-4b72-9e50-51b3aa3e6283
KeyProvider : Microsoft Software Key Storage Provider
TpmProtected : NO
DeviceAuthStatus : SUCCESS
|
+----------------------------------------------------------------------+
TenantName : <redacted>
TenantId : a775278c-ce63-45e6-9667-524bec91ab1b
eregistration.windows.n
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority :
EnterprisePrt : NO
EnterprisePrtAuthority :
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : VmAvd-0\adminuser
KeySignTest : PASSED
DisplayNameUpdated : YES
OsVersionUpdated : YES
HostNameUpdated : YES
Last HostName Update : NONE
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : NO
SessionIsNotRemote : NO
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
I've tried logging in with my user to test local entra ad connectivity , but i get the same error:
Please help!
{count} votes
-
Marten Theunissen 676 Reputation points2025-03-24T13:11:17.5866667+00:00 Good Day,
Please confirm steps below.
Verify Credentials:
Ensure that the username and password you are using are correct. Double-check for any typos or incorrect characters.
Check Role Assignments:
Ensure that the user has the necessary role assignments:
Virtual Machine User Login: Assign this role to the AVD users.
Virtual Machine Administrator Login: Assign this role to the AVD admins1.
Review Conditional Access Policies:
Check if any Conditional Access policies are affecting the sign-in process. Ensure that the Azure Windows VM sign-in cloud application is excluded from MFA requirements2.
Update RDP Properties:
If you are using the web client, update the RDP properties of the host pool:
Go to the host pool settings.
Select "RDP Properties" > "Advanced."
Add the property targetisaadjoined:i:11.
Check Azure Virtual Desktop Agent:
Ensure that the Azure Virtual Desktop Agent is running correctly:
Open Event Viewer and navigate to Windows Logs > Application.
Look for events with sources like WVD-Agent, WVD-Agent-Updater, RDAgentBootLoader, and MsiInstaller3.
Restart the Remote Desktop Agent Loader service if needed
Check Device State in Azure Portal:
Sign in to the Azure Portal.
Navigate to "Azure Active Directory" > "Devices" > "All devices."
Ensure that the device is listed and its status is "Registered
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Nikhil Duserla 6,550 Reputation points Microsoft External Staff2025-03-24T13:41:20.4033333+00:00 -
Uri Zafrir 0 Reputation points
2025-03-24T14:12:45.64+00:00 Hi Nikhil, since Marten commented here I would like to continue here. Hope that's ok.
As per the previous post, I've verified the credentials.
As per the picture in the previous post, i've verified the RBAC,
I don't have any conditional access policies,
I already have the RDP setting applied,
Showing here some pictures from event viewer,
didn't find any WVD-Agent-Updater logs
Enclosed a picture from device:
All seems ok, What should I do then?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 9%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Vamsi Ram Annepu 480 Reputation points Microsoft External Staff2025-03-26T18:03:35.65+00:00 Hi Uri Zafrir,
Could you give us the further details in private messaging.
Sign in to comment
Sign in to answer