It has been about two weeks since the Azure Windows Virtual Desktop preview was announced. I have had several people ask about a specific issue when adding Windows Virtual Desktops to a domain during the provisioning process. The error is related to adding the new hosts to the Active Directory Domain and the message looks like below, indicating the “VM has reported a failure when processing extension ‘joindomain’’
The resource operation completed with terminal provisioning state 'Failed'
VM has reported a failure when processing extension 'joindomain'
Error message: "Exception(s) occured while joining Domain 'domain.com'"
First and foremost is the need for an Active Directory. Some have asked if Active Directory is a requirement and I can say unequivocally, yes it is. Not only is Active Directory required, but the Virtual Network WVD hosts are also deployed to needs access to the Domain Controller in that domain prior to provisioning the hosts. Let me repeat that for those skimming the article.
The VNet used for the deployment needs access to a Domain Controller prior to provisioning the hosts.
Need proof? Take a look that the warning Microsoft put in step 3 of the deployment:
Here is the issue that I believe some people are running into,. The default for the network step is to create a new VNet and Subnet. By default, a VNet cannot communicate with other VNets. For that, you would need a VPN or VNet Peering and there are no options to implement those (although, that could be configured as part of a template deployment). So, if the deployment creates and attaches to a new VNet, it will not communicate with a DC and joining a domain will fail.
Also, if you do not specify a domain or OU, WVD will use the domain associated with the Domain join UPN supplied in this step. This needs to be an Active Directory account. An Azure AD account won’t have the rights to add users to the domain.
Lastly, if you select the option to Specify a domain or OU, the domain field is populated with “contoso.com” by default. Yours truly left that the first time I deployed and no surprise, it didn’t work.
The advice I have for troubleshooting is to create a Windows VM on the same subnet that WVD is deployed to. Once deployed, add it to your domain manually with the same account you specified when provisioning the host pool. If that fail, then WVD will fail to join the domain as well. This rule out WVD specific issues and allows you to use standard troubleshooting tasks such as verifying network connectivity to the DC, verifying the account has rights to add computers to the domain and the password is correct.
I hope that helps anyone running into this issue!