Cannot connect to azure AVD, it is resolving AKAMAI domain name and IP when ping client.wvd.microsoft.com

Question

Cannot connect to azure AVD, it is resolving AKAMAI domain name and IP when ping client.wvd.microsoft.com

Jorge Garza 5

There is a single user cannot access to AVD (no matter if web or app method), when trying using

Web access, we have next error

"the connection for this site is not secure" ,"ERR_SSL_PROTOCOL_ERROR"

User's image

Using windows app: "Something went wrong" ,"we failed to fetch the subscription information..."

User's image

However, this only happens when user travel to another country and using home network (user resides in US but travel to another country sometimes).

When user travel to another country in that home network, we pinged client.wvd.microsoft.com, and it is resolving / routing a different name "e86303.dcxs.akamaiedge.net [23.50.115.145]".

User's image

When user is back home in US or even at the office, it is getting a different resolution and everything is working fine .

User's image

Even the rest of us, we are getting azurewebsites.windows.net instead akamaiedge.net

Can someone guide what can we do in this matter , because it was working 2 weeks ago and suddenly last week started to fail.

We have done a workaround meanwhile t-shooting, and in which is to add both urls in windows localhost and use any of the correct IPs and after that at least is able to work with web client, for app client, it open the session but nothing happens, any click is not working.

Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-28T00:36:56.9466667+00:00

Hi Jorge Garza,

The client.wvd.microsoft.com resolves to an Akamai domain when the user is overseas could indicate that local DNS settings or routing are affecting the name resolution. Typically, it should resolve to an Azure endpoint.

Try flushing the DNS cache on the user’s local machine using ipconfig /flushdns. This can help in case there are any stale DNS records causing issues.

The "ERR_SSL_PROTOCOL_ERROR" suggests there may be an issue with SSL handshakes. This can happen if the VPN, firewall, or antivirus settings are interfering with the connections.

Ensure that SSL inspection is turned off for the URLs associated with AVD in any firewall or network appliance.

Usually caused by:

Improper SSL/TLS handshake

Incompatible client/server cipher suites

Corrupt/misconfigured CDN SSL certificate

Check the user’s home network settings. Sometimes, personal routers (especially if they're using non-standard configurations) may cause connectivity issues with services like AVD.

Consider testing the connection on a different Wi-Fi network or even on a mobile hotspot to rule out router issues.

Successful ping but failed HTTPS ping only checks ICMP reachability, not service availability or security and also indicates network connectivity exists, but SSL negotiation fails.

As you mentioned you’ve done some workarounds, it could help to completely uninstall and then reinstall the Remote Desktop client, ensuring that you’re on the latest version.

You've been using a workaround by modifying the hosts file. Make sure to revert this once you've resolved the DNS resolution issue, as maintaining these changes can lead to further complications later.

https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-desktop/troubleshoot-agent

https://learn.microsoft.com/en-us/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure

If you found information helpful, please click "Upvote" on the post to let us know.

If the issue still persist feel free to reach out us we are happy to assist you.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-28T18:27:14.7333333+00:00

Hi Jorge Garza,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know.

Thank You.
Jorge Garza 5 Reputation points

2025-05-28T18:47:45.9766667+00:00

Hello,

About your comments....

Try flushing the DNS cache on the user’s local machine using ipconfig /flushdns. This can help in case there are any stale DNS records causing issues.

This has been done, we ran below commands and same issue: ipconfig /flushdns ipconfig /registerdns nbtstat /R nbtstat /RR Added a manual DNS in NIC: 8.8.4.4 (google dns)

The "ERR_SSL_PROTOCOL_ERROR" suggests there may be an issue with SSL handshakes. This can happen if the VPN, firewall, or antivirus settings are interfering with the connections.

zscaler disabled , local firewall disabled, not using any vpn, using windows defender, but also not impacting

Ensure that SSL inspection is turned off for the URLs associated with AVD in any firewall or network appliance.

Usually caused by:

Improper SSL/TLS handshake

Incompatible client/server cipher suites

Corrupt/misconfigured CDN SSL certificate

What is this?, how can review that?

Check the user’s home network settings. Sometimes, personal routers (especially if they're using non-standard configurations) may cause connectivity issues with services like AVD.

This was working 3 weeks ago and suddenly failed , nothing changed at local router

Consider testing the connection on a different Wi-Fi network or even on a mobile hotspot to rule out router issues.

We did that, and user mentioned not working even with hotspot

Successful ping but failed HTTPS ping only checks ICMP reachability, not service availability or security and also indicates network connectivity exists, but SSL negotiation fails.

As you mentioned you’ve done some workarounds, it could help to completely uninstall and then reinstall the Remote Desktop client, ensuring that you’re on the latest version.

But re-installing the agent what will be helping if also issue is using web access?

Thank you...
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-28T23:36:03.2266667+00:00

Hi Jorge Garza,

Test the SSL handshake with OpenSSL or SSL Labs use SSL Labs to inspect a failing endpoint:

https://www.ssllabs.com/ssltest/analyze.html?d=client.wvd.microsoft.com

This will show if the SSL cert is valid, what ciphers are supported, etc.

Look at whether it shows red flags like "Chain issues" or "certificate expired".

Use Browser Developer Tools

Open browser Dev Tools (F12)

Go to the Security tab

See the certificate presented — is it from Microsoft or from a local firewall/proxy?

If it’s from your firewall or an unknown source, SSL inspection is likely happening.

Reinstalling can help only if the issue is with:

• A corrupted Remote Desktop app installation

• Outdated or incompatible version of the client

• Misconfigured cached settings (e.g., stale token/auth info)

• Corrupted local certificates

In those cases, reinstalling resets all cached settings, potentially resolving silent auth or session-related failures.

If you found information helpful, please click "Upvote" on the post to let us know.

If the issue still persist feel free to reach out us we are happy to assist you.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-29T17:19:20.66+00:00

Hi Jorge Garza,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-30T17:01:40.5733333+00:00

Hi Jorge Garza,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know.

Thank You.
Jorge Garza 5 Reputation points

2025-06-03T01:33:06.9133333+00:00

The website is working fine when testing SSL cert, etc...

Issue only happens in certain country, in U.S.A. is working fine.

Vendor says it is working fine, however, we cannot get any evidence from them that is working fine
Siva Pavuluri 490 Reputation points Microsoft External Staff Moderator

2025-06-03T16:38:16.7233333+00:00

hi Jorge Garza,
Just checking in to see if you have got a chance to review the comment provided by "Alex Burlachenko" response to your question in resolving the issue.

If it was helpful, please click "Upvote" on this post to let us know.

Thank You.
Siva Pavuluri 490 Reputation points Microsoft External Staff Moderator

2025-06-04T00:59:55.72+00:00

hi Jorge Garza, Just checking in to see if you have got a chance to review the comment provided by "Alex Burlachenko" response to your question in resolving the issue.

If it was helpful, please click "Upvote" on this post to let us know.

Thank You.
Arko 4,150 Reputation points Microsoft External Staff Moderator

2025-06-05T09:17:30.8433333+00:00

Hello Jorge Garza,

From the behavior you’ve described, especially the DNS resolution differences when the user is abroad, the issue appears to be related to how the domain client.wvd.microsoft.com is being resolved by the user’s local ISP when outside the United States.

The root cause is that in certain locations, particularly when the user is using a home or regional ISP abroad, the DNS resolution for client.wvd.microsoft.com is returning an Akamai edge node such as e86303.dcxs.akamaiedge.net with an IP like 23.50.115.145. This endpoint is not intended to serve Azure Virtual Desktop traffic and as a result, the SSL handshake fails, leading to errors like "ERR_SSL_PROTOCOL_ERROR" in the browser or non-functional sessions in the native AVD client. This type of DNS redirection is typically caused by ISP-level transparent DNS proxies or aggressive CDN optimization and although not malicious, it interferes with the expected Azure DNS resolution flow.

To resolve this issue, the user needs to fully bypass the ISP’s DNS resolver. The most reliable way to do this is by configuring the system to use encrypted DNS, specifically DNS-over-HTTPS. This can be done by opening the Windows network settings, selecting the active network interface (either Ethernet or Wi-Fi), and editing the DNS server settings to use a trusted resolver like Cloudflare. The user should set the preferred DNS server to 1.1.1.1 and the alternate to 1.0.0.1, and ensure that DNS-over-HTTPS is enabled for both entries. After applying these settings and rebooting the system, all DNS traffic will be securely encrypted and resolved directly through Cloudflare, bypassing any manipulation by the local ISP.

If configuring DNS-over-HTTPS manually does not resolve the issue, another effective method is to install the Cloudflare WARP client. This is a lightweight networking tool that not only enforces secure DNS but also routes all outbound traffic through a trusted network path. Once installed and enabled, it ensures that both DNS and TLS connections are shielded from ISP-level interference.

After applying one of these fixes, the user should remove any previously cached Azure Virtual Desktop feed from the Remote Desktop client. This can be done by opening the Remote Desktop client, going to the Workspaces section, removing the current feed, and then re-adding it using the URL https://rdweb.wvd.microsoft.com. This step ensures that the client reinitializes all metadata and service endpoints using the corrected DNS resolution.

To confirm that the DNS is resolving correctly after making these changes, you can use the PowerShell command Resolve-DnsName client.wvd.microsoft.com and verify that the domain now resolves to a CNAME ending in azurewebsites.windows.net, which confirms that the endpoint is part of the legitimate Azure infrastructure.

Please checkout below references which aligns with the root cause identified (DNS-level redirection or interference) and support the use of secure, trusted DNS services like Cloudflare or Google DNS to avoid regional DNS anomalies.

https://learn.microsoft.com/en-us/azure/virtual-desktop/required-fqdn-endpoint?tabs=azure

https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-desktop/troubleshoot-agent

https://learn.microsoft.com/en-us/azure/virtual-desktop/network-connectivity?tabs=azure
Arko 4,150 Reputation points Microsoft External Staff Moderator

2025-06-09T04:37:40.45+00:00

Hello Jorge Garza, following up on this. Did you get a chance to review the above comment? Hope I was able to clear your query here. Thanks
Jorge Garza 5 Reputation points

2025-06-10T18:51:36.5366667+00:00

Hi, right now user is not in the country with issues, perhaps next week will be there and we will try to implement this bypass. let you know any results
Arko 4,150 Reputation points Microsoft External Staff Moderator

2025-06-11T06:18:38.1033333+00:00

Okay sure.

1 answer

Your answer

Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-28T18:27:14.7333333+00:00

Hi Jorge Garza,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know.

Thank You.
Jorge Garza 5 Reputation points

2025-05-28T18:47:45.9766667+00:00

Hello,

About your comments....

Try flushing the DNS cache on the user’s local machine using ipconfig /flushdns. This can help in case there are any stale DNS records causing issues.

This has been done, we ran below commands and same issue: ipconfig /flushdns ipconfig /registerdns nbtstat /R nbtstat /RR Added a manual DNS in NIC: 8.8.4.4 (google dns)

The "ERR_SSL_PROTOCOL_ERROR" suggests there may be an issue with SSL handshakes. This can happen if the VPN, firewall, or antivirus settings are interfering with the connections.

zscaler disabled , local firewall disabled, not using any vpn, using windows defender, but also not impacting

Ensure that SSL inspection is turned off for the URLs associated with AVD in any firewall or network appliance.

Usually caused by:

Improper SSL/TLS handshake

Incompatible client/server cipher suites

Corrupt/misconfigured CDN SSL certificate

What is this?, how can review that?

Check the user’s home network settings. Sometimes, personal routers (especially if they're using non-standard configurations) may cause connectivity issues with services like AVD.

This was working 3 weeks ago and suddenly failed , nothing changed at local router

Consider testing the connection on a different Wi-Fi network or even on a mobile hotspot to rule out router issues.

We did that, and user mentioned not working even with hotspot

Successful ping but failed HTTPS ping only checks ICMP reachability, not service availability or security and also indicates network connectivity exists, but SSL negotiation fails.

As you mentioned you’ve done some workarounds, it could help to completely uninstall and then reinstall the Remote Desktop client, ensuring that you’re on the latest version.

But re-installing the agent what will be helping if also issue is using web access?

Thank you...
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-28T23:36:03.2266667+00:00

Hi Jorge Garza,

Test the SSL handshake with OpenSSL or SSL Labs use SSL Labs to inspect a failing endpoint:

https://www.ssllabs.com/ssltest/analyze.html?d=client.wvd.microsoft.com

This will show if the SSL cert is valid, what ciphers are supported, etc.

Look at whether it shows red flags like "Chain issues" or "certificate expired".

Use Browser Developer Tools

Open browser Dev Tools (F12)

Go to the Security tab

See the certificate presented — is it from Microsoft or from a local firewall/proxy?

If it’s from your firewall or an unknown source, SSL inspection is likely happening.

Reinstalling can help only if the issue is with:

• A corrupted Remote Desktop app installation

• Outdated or incompatible version of the client

• Misconfigured cached settings (e.g., stale token/auth info)

• Corrupted local certificates

In those cases, reinstalling resets all cached settings, potentially resolving silent auth or session-related failures.

If you found information helpful, please click "Upvote" on the post to let us know.

If the issue still persist feel free to reach out us we are happy to assist you.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-29T17:19:20.66+00:00

Hi Jorge Garza,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know.

Thank You.
Pramidha Yathipathi 1,135 Reputation points Microsoft External Staff Moderator

2025-05-30T17:01:40.5733333+00:00

Hi Jorge Garza,

Just checking in to see if you had a chance to review the comment on your question. Feel free to reach out if you have any further queries.

If you found the information helpful, please click "Upvote" on the post to let us know.

Thank You.
Jorge Garza 5 Reputation points

2025-06-03T01:33:06.9133333+00:00

The website is working fine when testing SSL cert, etc...

Issue only happens in certain country, in U.S.A. is working fine.

Vendor says it is working fine, however, we cannot get any evidence from them that is working fine
Siva Pavuluri 490 Reputation points Microsoft External Staff Moderator

2025-06-03T16:38:16.7233333+00:00

hi Jorge Garza,
Just checking in to see if you have got a chance to review the comment provided by "Alex Burlachenko" response to your question in resolving the issue.

If it was helpful, please click "Upvote" on this post to let us know.

Thank You.
Siva Pavuluri 490 Reputation points Microsoft External Staff Moderator

2025-06-04T00:59:55.72+00:00

hi Jorge Garza, Just checking in to see if you have got a chance to review the comment provided by "Alex Burlachenko" response to your question in resolving the issue.

If it was helpful, please click "Upvote" on this post to let us know.

Thank You.
Arko 4,150 Reputation points Microsoft External Staff Moderator

2025-06-09T04:37:40.45+00:00

Hello Jorge Garza, following up on this. Did you get a chance to review the above comment? Hope I was able to clear your query here. Thanks
Jorge Garza 5 Reputation points

2025-06-10T18:51:36.5366667+00:00

Hi, right now user is not in the country with issues, perhaps next week will be there and we will try to implement this bypass. let you know any results
Arko 4,150 Reputation points Microsoft External Staff Moderator

2025-06-11T06:18:38.1033333+00:00

Okay sure.

Answer 1

hi Jorge Garza, thanks a ton for dropping this in q&a, this one really helps uncover a weird case that hits when stuff works fine in one country and goes poof in another.

hmmm... that ERR_SSL_PROTOCOL_ERROR from client.wvd.microsoft.com? yeah that's a classic handshake fail. but not because microsoft messed something up (they rarely do, i mean come on, azure infra is a beast *-) it’s almost always something messing with the TLS chain. and aha, urs screenshots totally gave it away )

see, when users in the US or at office, client.wvd.microsoft.com resolves correctly to an azure-owned ip, something like *.azurewebsites.windows.net. all smooth, handshake happy, cert matches, session starts.

but when user's abroad ups dns flips and now it’s resolving to an akamai edge node e86303.dcxs.akamaiedge.net (ip 23.50.115.145). that ain't the right endpoint. and since that akamai endpoint isn’t meant to serve the avd web client traffic directly, ssl goes. basically wrong server answering the call, hence the error.

so what’s likely happening? some local dns or isp level transparent proxying / redirecting / cdn optimization (yep, some providers try to outsmart azure) is hijacking the dns for that client.wvd.microsoft.com domain. it’s not malicious, just annoying af.

solution time? yes it is :)

u can try set a clean dns. grab cloudflare 1.1.1.1 or google dns 8.8.8.8 in the network adapter and reboot the box. just open network & internet > change adapter > ipv4 settings > use custom dns. this avoids that shady local isp resolver.

if that doesn’t fix it, u can do a temporary workaround like u said (editing hosts file to hardcode the correct ip for client.wvd.microsoft.com) that’s decent but not ideal long-term coz azure endpoints can rotate ips. not static.

for a more 'like a pro' fix install azure network watcher in that region or check if u have a peered vpn and run connection troubleshoot tool from the azure portal to check how dns is being resolved in that location. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-overview

alsoooo, for completeness check if the user has some local antivirus or vpn active that’s doing ssl inspection (cough cough, kaspersky and nordvpn i’m looking at u lol )). those can also break tls or route through odd cdn nodes. u can temporarily disable and retry.

and for the app itself ( the native windows avd client) if session opens but nothing works after that, it’s prob getting session tokens from the wrong region and then failing to sync with the correct feed. try signing out fully and readding the feed after dns is cleaned up.

if it was working 2 weeks ago and then just broke suddenly... odds are some isp level change or dns optimization is happening behind the scenes. keep a log of resolved ip and cname when it fails next time just in case u need to show support what changed ))

let me know how it goes or if u want a script to auto-detect correct ip and write to hosts)))
peace

Alex

and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer

PPS That is my Answer and not a Comment

Jorge Garza 5 Reputation points

2025-06-04T16:41:12.4533333+00:00

Hi Alex,

we did try to change dns in network adapter (we used google's) and result was the same.

We stopped AV (it is using defender), as well firewall turned off

We got ISP provided update and they said it is working fine, but never provided us evidence about what is working fine or even if they were able to get the rd website.

In the localhost, for RDWeb works fine, we also added another IP we found for windowa app and we were able to login and open AVD, however, when clicking nothing happens , it is not slow or lagging, just nothing happens.
Alex Burlachenko 9,780 Reputation points

2025-06-08T12:00:02.15+00:00

Jorge Garza hi ) how its going , how is urs workarround of urs issue?

rgds,

Alex
Alex Burlachenko 9,780 Reputation points

2025-06-09T09:24:34.8833333+00:00

Jorge Garza hi there, how its going , u did not reply is all fine? does that works?

rgds,

Alex
Jorge Garza 5 Reputation points

2025-06-10T18:52:44.7933333+00:00

hi,

right now user is not in the country with issues, we might expect to get back probably next week, as soon it is back, we will try this and let you know...thx!!!

Share via

Cannot connect to azure AVD, it is resolving AKAMAI domain name and IP when ping client.wvd.microsoft.com

1 answer

Your answer