AVD RDAgent Stops Sending Heartbeats

Question

<Personal data >

## Problem Summary

All 3 session hosts in an AVD pooled host pool stop sending heartbeats to the AVD broker after initial boot. The RDAgent service shows as "Running" (Status=Running, StartType=Automatic) but produces no new log entries after startup. Users receive error **0x204** ("We couldn't connect to the remote PC") because the broker cannot route connections to unresponsive agents.

**Workaround**: Restarting `RDAgentBootLoader` service restores heartbeats temporarily. The agent silently stops again after an unspecified period (observed: 3+ days of silence before detection).

## Reproduction Steps

1. Deploy VMs from gold image to StageHP host pool
2. VMs register successfully, heartbeats flow initially
3. After indeterminate time (observed: hours to days), heartbeats stop
4. `Get-Service RDAgent` still shows "Running"
5. No new entries in Application event log from RDAgent provider
6. User connections fail with 0x204
7. `Restart-Service RDAgentBootLoader -Force` restores heartbeats

## Requested Actions

1. Investigate RDAgent internal state during the silent period (ETL traces, memory dumps)
2. Fix broker status reporting — "Available" should not persist without heartbeats
3. Clarify interaction between NETLOGON 5719 / Entra DS and RDAgent heartbeat mechanism
4. Provide guidance on monitoring/alerting for this failure mode

Answer 1

Hello Sergey Shapoval

Based on our review, the issue is related to the Azure Virtual Desktop (AVD) agent on the session hosts entering a degraded state, where it stops sending heartbeats to the AVD service even though the Windows service itself continues to show as Running.

The AVD agent (RDAgent) stops reporting heartbeats to the broker, which results in user connections failing with error 0x204.

Despite no heartbeat being received for an extended period, the broker continues to show the session hosts as “Available”, which can be misleading from a monitoring perspective.

There are no crash events or agent error logs during this period, indicating a silent agent communication failure rather than a service crash.

We see recurring NETLOGON Event ID 5719, which indicates the VM is unable to establish a secure channel with the domain controller (Microsoft Entra Domain Services). This can impact agent initialization and ongoing communication.

Repeated “Unexpected last recorded state” warnings are logged every ~30 seconds. This is a known behavior when the agent’s internal state becomes inconsistent and is generally symptomatic, not the root cause.

On affected hosts, the SxSStackVersion registry value is empty, even though the SxS Network Stack package is installed. Similar inconsistencies have been observed in known AVD agent/SxS stack issues.

The AVD broker relies on the agent‑reported heartbeats to determine host health.

When the agent enters this degraded state: The VM remains powered on and services appear healthy. However, the broker does not receive updates, so users cannot establish new sessions. Because the agent does not explicitly fail or stop, automated alerts may not trigger.

Temporary mitigation

1. A manual restart of the RDAgentBootLoader service or a VM reboot restores heartbeats and allows user connections to resume.
2. This is a mitigation step only and does not address the underlying condition.

Silent agent heartbeat failures while the service remains running.

Dependency on domain secure channel establishment (NETLOGON 5719) during agent startup.

SxS stack and registry state inconsistencies.

Broker behavior when heartbeats are missed for an extended duration.

In the meantime, if the issue reoccurs, please capture: (share details via private messages)

1. The last heartbeat timestamp from the Azure portal
2. System and RemoteDesktopServices event logs
3. Confirmation whether restarting the agent restores connectivity

Please let us know and share additional details via private messages