VMs in avd deployment in azure not connecting to the session host

Hello friends and experts. I am deploying an AVD environment in azure using terraform and following code inspired by azure portal and terraform registry references.

  • The deployment is successful but VMs are not connecting to the session host getting adjoin error.
  • I have added three extensions based on people past experience to add the aadjoin, PowerShell dcs and the private key functions to the vms.
  • VM size is based on azure advice for avd vms
  • windows sku is win10 enterprise which is tested manually and works fine for avd
    Thoughts on what could still be the problem?

Host Pool

resource “azurerm_virtual_desktop_host_pool” “avd” {
name = “{var.global_prefix}-hp-{var.hp_type}”
location = var.avd_location
resource_group_name = azurerm_resource_group.avd.name
type = “Pooled”
load_balancer_type = “BreadthFirst”
friendly_name = “AVD Host Pool”
custom_rdp_properties = “audiocapturemode:i:1;audiomode:i:0;targetisaadjoined:i:1;”
maximum_sessions_allowed = 5
validate_environment = true
start_vm_on_connect = true
}

resource “time_rotating” “avd_registration_expiration” {

Must be between 1 hour and 30 days

rotation_days = 28
}

resource “azurerm_virtual_desktop_host_pool_registration_info” “avd” {
hostpool_id = azurerm_virtual_desktop_host_pool.avd.id
expiration_date = time_rotating.avd_registration_expiration.rotation_rfc3339
}

Workspace and App Group

resource “azurerm_virtual_desktop_workspace” “avd” {
name = “${var.global_prefix}-ws”
location = var.avd_location
resource_group_name = azurerm_resource_group.avd.name
}

resource “azurerm_virtual_desktop_workspace_application_group_association” “avd” {
workspace_id = azurerm_virtual_desktop_workspace.avd.id
application_group_id = azurerm_virtual_desktop_application_group.avd.id
}

VMs Resources

resource “azurerm_network_interface” “avd” {
count = var.avd_host_pool_size
name = “{var.global_prefix}-nic-{count.index}”
location = azurerm_resource_group.avd.location
resource_group_name = azurerm_resource_group.avd.name

ip_configuration {
name = “internal”
subnet_id = azurerm_subnet.avd.id
private_ip_address_allocation = “Dynamic”
}
}

resource “random_password” “avd_local_admin” {
length = 64
}

resource “random_id” “avd” {
count = var.avd_host_pool_size
byte_length = 2
}

resource “azurerm_windows_virtual_machine” “avd” {
depends_on = [
azurerm_network_interface.avd
]
count = var.avd_host_pool_size
name = “sh-${count.index}”
location = azurerm_resource_group.avd.location
resource_group_name = azurerm_resource_group.avd.name
provision_vm_agent = true
size = var.vm_size

license_type = “Windows_Client” # https://docs.microsoft.com/en-us/azure/virtual-machines/windows/windows-desktop-multitenant-hosting-deployment#verify-your-vm-is-utilizing-the-licensing-benefit

admin_username = “avd-local-admin”
admin_password = random_password.avd_local_admin.result
network_interface_ids = [azurerm_network_interface.avd[count.index].id]
os_disk {
caching = “ReadWrite”
storage_account_type = “Premium_LRS”
}

Official Microsoft Default Image

source_image_reference {
publisher = “MicrosoftWindowsDesktop”
offer = “windows-10”
sku = var.vm_sku
version = “latest”
}

identity {
type = “SystemAssigned”
}
}

locals {
registration_token = azurerm_virtual_desktop_host_pool_registration_info.avd.token
shutdown_command = “shutdown -r -t 10”
exit_code_hack = “exit 0”
commandtorun = “New-Item -Path HKLM:/SOFTWARE/Microsoft/RDInfraAgent/AADJPrivate”
powershell_command = “{local.commandtorun}; {local.shutdown_command}; ${local.exit_code_hack}”
}

resource “azurerm_virtual_machine_extension” “vmext_dsc” {
depends_on = [
azurerm_windows_virtual_machine.avd
]
count = var.avd_host_pool_size
name = “Microsoft.PowerShell.DSC”
virtual_machine_id = azurerm_windows_virtual_machine.avd.*.id[count.index]
publisher = “Microsoft.Powershell”
type = “DSC”
type_handler_version = “2.73”
auto_upgrade_minor_version = true

settings = <<-SETTINGS
{
“modulesUrl”: “https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_09-08-2022.zip”,
“configurationFunction”: “Configuration.ps1\AddSessionHost”,
“properties”: {
“HostPoolName”:“${azurerm_virtual_desktop_host_pool.avd.name}”,
“aadJoin”: true
}
}
SETTINGS

protected_settings = <<PROTECTED_SETTINGS
{
“properties”: {
“registrationInfoToken”: “${local.registration_token}”
}
}
PROTECTED_SETTINGS

}

resource “azurerm_virtual_machine_extension” “AADLoginForWindows” {
depends_on = [
azurerm_windows_virtual_machine.avd,
azurerm_virtual_machine_extension.vmext_dsc
]
count = var.avd_host_pool_size
name = “domainJoin”
virtual_machine_id = azurerm_windows_virtual_machine.avd.*.id[count.index]
publisher = “Microsoft.Azure.ActiveDirectory”
type = “AADLoginForWindows”
type_handler_version = “2.0”
auto_upgrade_minor_version = true
}

resource “azurerm_virtual_machine_extension” “addaadjprivate” {
depends_on = [
azurerm_virtual_machine_extension.AADLoginForWindows
]
count = var.avd_host_pool_size
name = “AADJPRIVATE”
virtual_machine_id = azurerm_windows_virtual_machine.avd.*.id[count.index]
publisher = “Microsoft.Compute”
type = “CustomScriptExtension”
type_handler_version = “1.9”

settings = <<SETTINGS
{
“commandToExecute”: “powershell.exe -Command "${local.powershell_command}"”
}
SETTINGS
}

1 Like

The Azure documentation on Add session hosts to a host pool - Azure Virtual Desktop | Microsoft Learn displays this:

image

OTOH, AADLoginForWindows should be deployable via Terraform as well as the JsonADDomainExtension for classic domain controllers. The Azure documentation is nto very informative clearly.