This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 17%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi
I set up a site-to-site vpn between Azure and our Meraki network. Also I have Azure AD connection to our on-prem AD. When I create an Azure Virtual Desktop it cannot connect to the on-prem domain. However, if I instead create an Azure Virtual Desktop using the Azure AD it completes fine - without connecting to the on-prem domain. However, from this Azure Virtual Desktop I can ping the IP of the on-prem DC.
This is the error I get:
Deployment failed
{
"status": "Failed",
"error": {
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'joindomain'. Error message: \"Exception(s) occured while joining Domain 'domain.com'\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "
}
}
Can you helP?
Kind regards,
Kristian
Further investigation shows:
"ERROR - Failed to join domain='domain.com', ou='', user='admin@keyman .com', option='NetSetupJoinDomain, NetSetupAcctCreate' (#3 meaning 'User Specified'). Error code 1355"
And I forgot to say that I have set up the on-prem DC in the Azure DNS zone to no avail.
Kind regards,
Kristian
This still looks like a DNS error to me. It is unable to resolve your domain name. I presume your domain is not actually called 'domain.com' and you have entered the correct on-premises domain name and domain admin credentials? Can you confirm the VNET DNS Servers are pointing to the on-premises DC and can you ping this and also ping the domain name, e.g. domain.com
Dear AlanKinane
Correct the domain.com was just for the question; I have entered the domain correctly. The DNS pointing is most likely the issue. I have setup the Azure DNS zone and added the IP of the on-prem DNS. However, I have not configured the VNET DNS server to point to the on-prem DC. That worked like a charm - thanks!
Kind regards,
Kristian
If you want to use your on-premises DNS servers then you can just set custom DNS servers on the virtual network. All VMs on the network will inherit these DNS server settings - https://learn.microsoft.com/en-us/azure/virtual-network/manage-virtual-network#change-dns-servers
It looks like the domain join process is failing. Are your DNS setting configured correctly in Azure? Make sure to set the on-premises DC as the primary DNS server in your Azure virtual network so that the DC can be resolved for the domain join process.
Hi @LangeMuller ,
beside the ping is working from Azure VMs to the on-prem DCs: Are there any Network Security Groups (NSG) maybe blocking the communication between the computers?
Are you able to ping the domain name, not he DC name, from the AVD VM?
If you deploy a "normal" Windows VM in Azure in the same subnet with the AVD computers, are you able to join the VM in the on-premises domain manually?
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten