How to find out why session host configuration fails to join new hosts to the domain

Justin Montgomery 31

We are trying to use the session host configuration for a new AVD host pool. We have confirmed that it can join computer to the specified OU without difficulty when we do it manually, and that the key vault access is intact since the local admin is created without issue.

But any new session hosts fail to join to the domain. They're created with all other specifications.

If we try to add them manually it seems to create some kind of instability in the FSLogix where it will then permanently hang for users when they try to log off.

It would be good if we had insight to the domain join failures so we can resolve the problem and don't have to manually join them.

In the deployment I can see the network, the VM, and a DSC, but that DSC is only for joining to the AVD Host pool. I don't see anything in it to join using the key vault credentials.

anashetty 2,295 Reputation points Microsoft Vendor

2025-02-06T02:04:17.5333333+00:00

Hi Justin Montgomery,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Could you please provide below details, so that we can assist you in detail.
Check Azure Deployment Logs in the Azure Portal → Resource Group → Deployments → Look for domain join step failures and also check logs in Event Viewer.
Check the logs on the session host VM, check Domain Join Extension Logs on the VM.
Verify that the domain join credentials stored in Azure Key Vault are correct.

Thank you.
Justin Montgomery 31 Reputation points

2025-02-06T04:35:05.28+00:00

I've tested the credentials in a manual join by copying and pasting them out of the vault, so those are correct.

I don't see any domain join in deployment, what kind of resource would be attempting it?

The Event Viewer shows no attempts to join the domain, either on the host or on the domain controller.

There is no domain join extension, the only extensions automatically installed were MDE.Windows and Microsoft.Powershell.SDC.
Justin Montgomery 31 Reputation points

2025-02-06T15:15:38.7833333+00:00

Comment eaten.
Justin Montgomery 31 Reputation points

2025-02-06T15:21:10.14+00:00

You can configure Domain Join in the Host Pool: Navigate to the AVD Host Pool in the Azure portal. Under Properties, configure the domain join settings as in specify the domain name, give the correct OU path, reference the credentials stored in Azure Key Vault then redeploy the session hosts.

The domain join properties are required in the session host configuration to begin using it. This suggestion does not follow.

As you mentioned, you are already using DSC, you can extend it to include domain joining.

I am not using DSC, the SHC is using is to join the host to the host pool.

I'm not really looking for a workaround--if the feature isn't working I want to let the team who owns it know that so they can fix it. Who do I contact for that?
anashetty 2,295 Reputation points Microsoft Vendor

2025-02-07T01:17:56.1066667+00:00

Hi Justin Montgomery,

Could you please provide documents which you are following, I will try to reproduce the scenario in my environment and let you know the results.

Thank you.
Justin Montgomery 31 Reputation points

2025-02-07T14:34:31.24+00:00

https://learn.microsoft.com/en-us/azure/virtual-desktop/session-host-update-configure?tabs=portal
anashetty 2,295 Reputation points Microsoft Vendor

2025-02-10T15:40:20.0233333+00:00

Hi Justin Montgomery,

Instead of given above document, I would recommend trying with this Add session hosts to a host pool. While joining domain, could you please tell us which directory you are selecting.

Please refer to this troubleshooting documents which might help you: Troubleshoot session host configuration and session host update in Azure Virtual Desktop
Troubleshoot domain-join problems with a Microsoft Entra Domain Services managed domain

If you have any further queries, please do let us know.
Justin Montgomery 31 Reputation points

2025-02-10T16:11:43.73+00:00
None of that is relevant.

That document only touches on incrementing the numbers of host in a SHC deployment. It has no information on how to configure a SHC.

The problem is not with the host pool or the host itself, this has no bearing on my issue.

We are not using an Entra Domain Services, and further, only Active Directory is supported for SHC at this time.
Akshay kumar Mandha 2,665 Reputation points Microsoft Vendor

2025-02-10T22:26:46.24+00:00

Hi Justin Montgomery,
Thank you for sharing your feedback.
We noticed that the answer was downvoted, and I understand that it might not have been as helpful as expected. Based on the query you referred to that below documentation.
Update session hosts using session host update in Azure Virtual Desktop (preview) this is still in preview
Since it's in preview, it doesn't come with the usual guarantees or support that generally available features have

For above points was mentioned in official documentation I elaborated little bit for clarity since the feature is currently in preview, we can't guarantee its product until it's fully supported and officially released. Microsoft mentions that preview features might have various faults and limitations until they reach general availability also mention screenshot about this in previous comment some of the features might not work until get into fully released version

If you still have doubts or need further clarification, please let me know. I'm happy to help you as needed!
If you found this informative, could you please click an upvote
Justin Montgomery 31 Reputation points

2025-02-10T22:29:52.46+00:00

I understand it is in preview. So who do we need to contact, and how, to let them know that it's not working and get it to a functional state?
Akshay kumar Mandha 2,665 Reputation points Microsoft Vendor

2025-02-10T22:49:13.9433333+00:00

Hi Justin Montgomery,
Thank you, being actively giving response on my comment
On the current limitation to get your session host configuration in Azure Virtual Desktop fully functional, we recommend use with the older manual approach for domain joining new session hosts. This method has been working well for you and will provide stability until the feature is fully supported and officially released.

We understand that this might not be the most convenient option, but it will help keep your system running smoothly in the meantime.

If your query is different, please let me know. If you have any further questions, feel free to ask
Akshay kumar Mandha 2,665 Reputation points Microsoft Vendor

2025-02-12T22:26:39.9133333+00:00

Hi Justin Montgomery,

I just wanted to follow up on my previous response as we navigate the current limitations with the Azure Virtual Desktop session host configuration. We understand how important a seamless experience is for you, and we truly appreciate your understanding during this preview phase.

As of now, the feature is still in development and has not been fully released. Therefore, we kindly ask that you continue using the manual approach we have previously discussed. Rest assured, our team is working diligently to ensure that this feature will be robust and reliable upon its official release.

Your cooperation and understanding mean a great deal to us. We are committed to providing you with the best possible support and will keep you informed of any updates.

You can share your experience or provide feedback to help improve the feature, Microsoft offers a feedback form. This can help the product team better understand the issue and work towards a resolution. Here is the link to submit your feedback: Feedback form

You can also follow this and features and status, in the Tech Community Hub for any updates. Also, following blogs is a better way to stay informed about any issues. Azure Virtual Desktop Blog

If you have any further questions or need additional help, please don't hesitate to reach out to us. We will prioritize informing you once the feature is fully supported and officially released.

If this information has been helpful, please could please click an "Accept" an answer on post.
for other community by accepting the answer, it will reach the top, making it easier for others facing the same issue to find a conclusion before taking action on this service.

Thank you once again for your patience and understanding. Your support means a great deal to us.
Justin Montgomery 31 Reputation points

2025-02-12T22:31:11.84+00:00

Yes my query is different, as per the title of this thread.

I already have a workaround--I want to either find a way to fix it, or let Microsoft know so they can fix it.
kobulloc-MSFT 26,421 Reputation points Microsoft Employee

2025-02-14T21:52:40.71+00:00

Hello, @Justin Montgomery !

I reached out to the Azure Virtual Desktop team and they would like some additional information from you. I'll send a direct request for that shortly.

Domain join with a session host configuration is done with the RDAgent so no domain join extension is expected. The session host health details which you can find in the portal should provide information on why domain join failed.

Accepted answer

kobulloc-MSFT 26,421 Reputation points Microsoft Employee

2025-02-24T18:58:30.44+00:00

Hello, @Justin Montgomery !

Thank you again for following up. In this instance it appears that the root cause was additional configuration that was needed for Key Vault access (specifically ensuring that all AVD resources have the required access).

In speaking with the Azure Virtual Desktop team, there is a plan in the future to allow you to restrict Key Vault to private networks while still allowing Azure Virtual Desktop service access.

I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
Please sign in to rate this answer.

1 person found this answer helpful.
Justin Montgomery 31 Reputation points

2025-02-25T15:09:59.8333333+00:00

Thank you.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

1 additional answer

anashetty 2,295 Reputation points Microsoft Vendor

2025-02-06T07:13:42.7066667+00:00

Hi Justin Montgomery,

Thank you for getting back, based on your description, it seems that the domain join process is not being triggered during the deployment of the Azure Virtual Desktop (AVD) session hosts.

The extensions you mentioned are not related to domain joined. As there is no domain joined extension (JsonADDomainExtension or CustomScriptExtension) in your deployment confirms that domain joined process has not been initiated.

You can configure Domain Join in the Host Pool: Navigate to the AVD Host Pool in the Azure portal. Under Properties, configure the domain join settings as in specify the domain name, give the correct OU path, reference the credentials stored in Azure Key Vault then redeploy the session hosts.
As you mentioned, you are already using DSC, you can extend it to include domain joining. Modify your DSC configuration to include the domain join step. Ensure the xActiveDirectory DSC resource module is available. You can install from here This guide explains how to use the DSC extension to apply configurations to Azure VMs: Azure Desired State Configuration extension handler

You can try using a Custom Script Extension to join the session host to the domain. Create a PowerShell script to join the domain, store the script in an Azure Storage Account or GitHub. Add the Custom Script Extension to your deployment template or ARM template.

If you have any further queries, please do let us know. If this helps, please click Upvote.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

How to find out why session host configuration fails to join new hosts to the domain

1 additional answer

Your answer