Edit

Share via


Troubleshoot Cloud PC connection errors

The following errors can occur when connecting to a Cloud PC.

Errors when connecting to a Microsoft Entra joined Cloud PC

The logon attempt failed

Potential cause 1

Either the Cloud PC or the user's physical device denied PKU2U protocol requests. The PKU2U protocol is only triggered in the following cases:

  • The Cloud PC is Microsoft Entra joined.
  • The user is connecting from the Windows desktop client.
  • The user's physical device is Microsoft Entra registered, Microsoft Entra joined, or Microsoft Entra hybrid joined to the same organization as the Cloud PC.

Possible solution

Turn on PKU2U protocol requests on both the Cloud PC and the user's physical device:

  1. Create a filter for all Cloud PCs.

  2. Create a device configuration policy using the settings catalog.

  3. On the Configuration settings page, search for and select Network Security Allow PKU2U Authentication Requests > Allow.

    Screenshot showing the Network Security Allow PKU2U Authentication Requests option set to Allow.

  4. On the Assignments page, select Add all devices > Edit filter > Include filtered devices in assignment, and then select the filter you created for all Cloud PCs.

  5. On the Assignments page, also select a Microsoft Entra group containing the user or the user's physical device.

  6. Complete the creation of the device configuration policy.

If you only manage the user's physical device through Group Policy or you don't manage the user's physical device, you (or the user) can manage this setting through the Allow PKU2U authentication requests to this computer to use online identities policy.

Potential cause 2

Per-user multifactor authentication is turned on for the user account. Because it blocks sign-in, per-user multifactor authentication isn't supported for users connecting to Microsoft Entra joined Cloud PCs.

Possible solution

Remove per-user multifactor authentication for all users connecting to Cloud PCs. Then, set a Microsoft Entra Conditional Access policy and assign it to the appropriate users.

Specific connection errors

We couldn't connect because there are currently no available resources

Potential cause

There might be a resource issue on your Cloud PC.

Possible solution

Sign in to Windows 365, select the cog icon next to the Cloud PC, and then select Restart.

We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.

Potential cause

This error can be caused by network configuration settings, like:

  • Custom DNS settings
  • Network Virtual Appliance blocking
  • Network security group configuration
  • Resource locks
  • Blocks on required endpoints

Possible solution

Review the settings and confirm that they aren't interfering with connections.

The remote PC ended your session. If this keeps happening, contact your network administrator for assistance. Error code: 0x3

Potential cause

This error can occur when the Cloud PC's processor is over-utilized.

Possible solution

If the issue persists, sign in to Windows 365, select the cog icon next to the Cloud PC, and then select Restart.

Connection Attempt timed out, Please try again, or An error occurred while accessing this resource

If you encounter these errors, make sure that you don't have a configured Cloud Service Provider (CSP) or Group Policy Object (GPO) that blocks remote desktop connections.

Intune CSP policy:

Settings catalog: Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections

Allow users to connect remotely by using Remote Desktop Services

GPO configuration path:

Computer Configuration\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections

Allow users to connect remotely by using Remote Desktop Services

If you continue to experience issues, run the Inspect Connection option within the Windows App or the Troubleshoot option under Manage my Cloud PC located under the three dots.

Other connection error causes

Some other possible causes for Cloud PC connection failures include:

Out-of-date third-party VPN client versions

Possible solution

Update VPN clients to the most up-to-date versions.

Signing in to the Cloud PC with Microsoft Entra ID-only user accounts

Possible solution

Windows 365 is currently a Microsoft Entra hybrid join device, requiring users to sign in with their on-premises Active Directory account.

Using a client PC with Remote Credential Guard enabled

Possible solution

Remote Credential Guard requires connectivity to the on-premises Active Directory Domain Controller on the client PC used to access the Cloud PC. This connection is only possible using a VPN solution. Using a KDC proxy isn't currently available for Windows 365.

Azure WireServer may be blocked

Windows 365 Cloud PCs require access to Azure communication channels.

Make sure that IP address 168.63.129.16 is reachable through any security software installed on the Cloud PC or gateway devices used in the virtual network connected to your Azure network connection (ANC).

For more information, see What is IP Address 168.63.129.16.

Other troubleshooting steps

Move the Cloud PC to a new organizational unit (OU) with no group policies

Connection problems might be caused by settings delivered by group policies. To test this possible cause, you can move the Cloud PC to a separate OU that's blocked from receiving group policies.

On-premises GPO may affect a Cloud PC's provisioning or behavior

Settings delivered by group policies might cause connection problems. To test this problem, you can move the Cloud PC to a separate OU that's blocked from receiving group policies.

Intermittent disconnections

If users encounter intermittent connection issues, consider the following:

Possible solution

Next steps

Review other troubleshooting steps