Troubleshoot hosted machines in Power Automate for desktop
This article provides suggestions about how to troubleshoot issues that affect hosted machines in Power Automate for desktop.
For information on errors related to a VM image or network connection, see:
- Errors related to a VM image that's used in a hosted machine.
- Errors related to network connection that's used in a hosted machine.
The following table provides information about hosted machine provisioning errors and the steps to mitigate such errors.
| Error code | Short summary | Description | Learn more |
|---|---|---|---|
| intuneEnrollFailed | We can’t complete MEM enrollment of this Cloud PC. Check MEM policy settings and retry. If that doesn’t work, contact Customer support. | Intune MDM enrollment has failed. During %brandName% provisioning, an Intune MDM enrollment occurs. This action has failed. Possible causes for this issue include: Windows enrollment is blocked in Intune, the Intune endpoints can’t be reached on your vNet, or your Intune tenant isn’t in a healthy state. Ensure the Intune MDM enrollment will be successful and retry provisioning. | Troubleshooting Windows enrollment errors |
| intuneEnroll_BlockedByEnrollmentRestriction | An Intune enrollment restriction exists for this user/tenant, causing MDM enrollment to fail. Ensure Windows enrollment is allowed in your Intune tenant. | Intune enrollment restriction blocking enrollment. An Intune enrollment restriction exists for this user/tenant, causing MDM enrollment to fail. Ensure Windows enrollment is allowed in your Intune tenant. | Intune enrollment failed |
| intuneEnroll_BlockedByGroupPolicyOrConfigMgr | A group policy or ConfigMgr is blocking Intune enrollment. This issue could be caused by the ConfigMgr client installing on the Cloud PC before provisioning is complete. Ensure the device can successfully perform an MDM enrollment into Intune by delaying the ConfigMgr client installation until provisioning completes. | Intune enrollment has been blocked. A group policy or ConfigMgr is blocking Intune enrollment. This issue could be caused by the ConfigMgr client installing on the %brandName% before provisioning is complete. Ensure the device can successfully perform an MDM enrollment into Intune by delaying the ConfigMgr client installation until provisioning completes. | Configure automatic MDM enrollment |
| intuneEnroll_InvalidIntuneSubscriptionOrLicense | Enrollment failed due to the user/device being unlicensed or using an expired license. Ensure the Intune tenant is healthy and the subscription and licenses are valid. | Intune enrollment failed due to Intune licensing error. Enrollment failed due to the user/device being unlicensed or using an expired license. Ensure the Intune tenant is healthy and the subscription and licenses are valid. | Microsoft Intune licensing |
| intuneEnroll_NetworkConnectivityIssue | Intune enrollment failed due to DNS or network connectivity issues. | Intune enrollment failed due to DNS or network connectivity failures. The Intune enrollment endpoints couldn't be resolved correctly, causing enrollment to fail. Ensure your Cloud PCs can use your on-premises DNS servers to resolve Intune domain names and that connectivity isn't restricted to these endpoints. | Network requirements |
| intuneEnroll_MdmDiscoveryUrlMisconfigured | Intune enrollment is required for Cloud PC provisioning. Ensure the MDM discovery URLs are configured correctly. | Intune enrollment failed due to an incorrect MDM discovery URL. Intune enrollment is required for %brandName% provisioning. Ensure the MDM discovery URLs are configured correctly. | Configure automatic MDM enrollment |
| intuneEnroll_DelayedEffectivenessOfIntuneLicense | Intune license isn't available | Intune enrollment failed as the license isn't available. A valid Intune license is required for MDM enrollment. Ensure the license is assigned correctly and available for Intune enrollment and retry provisioning. | Assign licenses to users so they can enroll devices in Intune |
| intuneEnroll_TenantUnderAccountMove | Intune tenant maintenance | Intune tenant maintenance. Your Intune tenant is being moved between scale units. Provisioning can't occur until the maintenance is complete. Contact support for more information. | |
| noEnoughIpAddress | The specified Subnet doesn’t have adequate IP addresses available. Update or adjust the network settings and retry. | The specified subnet doesn’t have adequate IP addresses available. An IP address couldn’t be allocated during %brandName% provisioning. Ensure the selected subnet has sufficient available IP addresses and retry provisioning. | Add, change, or delete a virtual network subnet |
| userNotFound | The user doesn’t exist. We can’t provision this cloud PC. | The user %userName% doesn’t exist. The user account %userName% didn’t exist at the time of provisioning. This issue was likely caused by deleting the user. Ensure the user exists and is assigned a valid provisioning policy, then retry. | Add or delete users using Microsoft Entra ID |
| licenseNotFound | The user no longer has the required license for Deschutes. Contact your licensing Administrator and retry after a license has been assigned. | The user %userName% doesn’t have a valid license. Ensure the user has a valid %brandName% license assigned and retry provisioning. | Assign or remove licenses in the Microsoft Entra portal |
| requestDisallowedByPolicy | Workspace creation wasn't allowed by a policy. | Azure policy has blocked provisioning. An Azure policy has blocked %brandName% from provisioning into your Azure subscription. Ensure that there's no Azure policy blocking %brandName% from creating resources in the subscription/resource group defined. | What is Azure Policy? |
| canaryCheckUnpass | Canary check didn’t pass. Check the canary validation status, and ensure all settings match provision criteria. | The on-premises network connection isn't healthy. The on-premises network connection associated with the provisioning policy isn’t healthy. Browse to the on-premises network connection tab, resolve the failed check, and retry provisioning. | Troubleshoot provisioning errors |
| imageDiskSizeOverMatch | The selected image size is larger than the cloud PC disk size being provisioned. | The selected image size is larger than the %brandName% disk being provisioned. The provided custom image must be the same size or smaller than the disk size being provisioned. Users may have more than one size %brandName% assigned, so be sure the uploaded custom image is small enough to be used for all %brandName%'s being provisioned using this provisioning policy. | Device images overview |
| internalError | We encountered a service error. Contact Customer support for a resolution. | An unknown error occurred. We encountered a service error. Retry provisioning, and contact support if the problem persists. | Access Help and support |
| userNotAvailableInLocalAD | The user doesn't exist in the on-premises Active Directory. We can't provision this Cloud PC. | Cloud PC assigned user doesn't exist in the on-premises Active Directory. Ensure the user is assigned to the cloud PC, has an on-premises Active Directory and cloud Microsoft Entra user account, and the UPN matches. | Microsoft Entra Connect sync: Understanding Users, Groups, and Contacts |
| CpuOrRamNotFitImageOS | Cloud PC hardware specification doesn't meet the minimum Windows 11 requirements. | The selected Cloud PC hardware specification doesn't meet the minimum requirements for Windows 11. Assign a license with hardware that meets the Windows 11 requirements, or update the provisioning policy with a supported Windows 10 image. | |
| imageNotSupportTPM | The selected image isn't ready to be used on UEFI-enabled Cloud PCs. | Custom images must be configured as Gen 2 images that are configured to support UEFI. Update your custom image and retry provisioning. | |
| imageNotSupportedWarning | The selected image is out of Windows support lifecycle and may not receive updates. | Windows image out of support. The selected Windows image is out of the Windows support lifecycle. This issue may result in no Windows updates being provided. Provisioning for this image will be complete, but in the future will be blocked. Update your provisioning policy with a Windows image within its supported lifecycle. | |
| imageNotSupportedFail | The selected image is out of Windows support lifecycle and can't be used. | Windows image out of support. The selected Windows image is out of the Windows support lifecycle and can't be used. Provisioning using this image will fail. Update your provisioning policy with a Windows image within its supported lifecycle, and retry provisioning. | |
| endpointCheckFailed | During provisioning, a required URL/s couldn't be contacted. Ensure all of the required URLs are allowed through your firewalls and proxies. | A Windows 365 required URL(s) couldn't be contacted during provisioning. Ensure all of the required URLs are allowed through your firewalls and proxies. For a definitive list of required URLs, refer to the appropriate documentation. | Network requirements |
| scriptDownloadFailed | During provisioning, a required URL(s) couldn't be contacted. | A required URL/s couldn't be contacted during provisioning. Ensure all of the required URLs are allowed through your firewalls and proxies. For a definitive list of required URLs, refer to the appropriate documentation. | Network requirements |
| cmdAgentMSIDownloadFailed | During provisioning, a required URL(s) couldn't be contacted. | A required URL/s couldn't be contacted during provisioning. Ensure all of the required URLs are allowed through your firewalls and proxies. For a definitive list of required URLs, refer to the appropriate documentation. | Network requirements |
| rdAgentPackageDownloadFailed | During provisioning, a required WVD URL(s) couldn't be contacted. | A required WVD URL/s couldn't be contacted during provisioning. Ensure all of the required URLs are allowed through your firewalls and proxies. For a definitive list of required URLs, refer to the appropriate documentation. | Network requirements |
| AzureADUser_ResourceNotFound | Microsoft Entra D user account not found. | The user %userName% doesn’t exist in Microsoft Entra ID. The user account %userName% didn’t exist at the time of provisioning. This issue was likely caused by deleting the user. Ensure the user exists and is assigned a valid provisioning policy and retry. | Add or delete users using Microsoft Entra ID |
| CreateNic_ReadOnlyDisabledSubscription | The Azure subscription provided is disabled. | The provided Azure subscription is disabled. Ensure the Azure subscription is enabled and available for provisioning. | Reactivate a disabled Azure subscription |
| CreateNic_ResourceGroupNotFound | The selected Azure resource group is invalid or not found. | The selected Azure resource group is invalid or not found. Ensure the selected Azure resource group is available to provision resources. Alternatively, update the Azure network connection with another resource group. | Tutorial: Grant a user access to Azure resources using the Azure portal |
| CreateNic_ArmAuthorizationFailed | Windows 365 doesn't have sufficient Azure permissions. | Windows 365 doesn't have sufficient Azure permissions. The Windows 365 service isn't authorized to perform actions on the Azure subscription. | Assign a user as an administrator of an Azure subscription |
Flow run failures
Network Level Authentication (NLA) not disabled
You might see the following error details if an unattended flow run is triggered against a VM that's NLA-enabled:
Could not create unattended session with these credentials. Please make sure you have Network Level Authentication (NLA) disabled in your remote settings if you’re using Microsoft Entra credentials.
To resolve the issue, disable Network Level Authentication (NLA) for unattended runs.
Active session exists
You might see the following error details if an unattended flow run is triggered against a VM that has an active user session:
No machine able to run the desktop flow has been found. Aborting execution. Error encountered when connecting to machines: There is a user session on the target machine. Cannot execute unattended desktop flow.
If the "reuse session" option is disabled, no active user session should be running on the target VM. To resolve this issue, open Task Manager, select the Users tab, terminate all other user sessions except the current session, and then sign out from the VM.
