Unable to login to Azure Virtual Desktop session host

If you have newly setup Azure Virtual Desktop Environment and you are trying to login to a session host via Windows Desktop Client application or via web client.You may see below error messages. There are two ways users can connect to AVD, one method is via a web client and second method is to install a Windows desktop Client on your Windows or if you have Mac OS you can use this link to download the client. In this blog post, we will see the error messages and also how to fix these errors.

Error 1:

When you try to connect to Azure Virtual Destop system via a web browser.

Oops, we couldn’t connect to “SessionDesktop” We couldn’t connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.

couldn't connect to SessionDesktop

Error 2:

When you try to connect to Azure Virtual Destop system via a web browser

Oops, we couldn’t connect to “SessionDesktop”. Sign in failed. Please check your username and password and try again.

couldn't connect to SessionDesktop

Error 3:

You may get below error message when trying to connect to your session desktop via Windows desktop client installed on your PC. After you enter your username and password, it tries to authenticate your session and fails with below error code.

An error occured while accessing this resource. Retry the connection or contact your system administrator.

Error Code: 0x3000047

Extended error code: 0x0

Error Code: 0x3000047

Solution

I have tried to resolve the issues by using the recommendations provided by microsoft. To access the session host, your local PC must meet one of the following requirements:

  • The local PC is Azure AD-joined to the same Azure AD tenant as the session host
  • The local PC is hybrid Azure AD-joined to the same Azure AD tenant as the session host
  • The local PC is running Windows 11 or Windows 10, version 2004 or later, and is Azure AD registered to the same Azure AD tenant as the session host

To enable access from Windows devices not joined to Azure AD. You need to add targetisaadjoined:i:1 as a custom RDP Property to the host pool.

targetisaadjoined:i:1

Follow below steps to add targetisaadjoined:i:1 RDP property to the host pool:

  • Login on Microsoft Azure portal using link https://portal.azure.com.
  • Browse to Azure Virtual Desktop and then Find the Host pool.
  • On the Left hand side, you will see RDP Properties.
  • RDP Properties -> Then Find Advanced tab.
  • In the RDP Properties box you need to enter a semicolon (;) and then type targetisaadjoined:i:1.

You can refer to below screenshot which shows targetisaadjoined:i:1 RDP property in a host pool.

targetisaadjoined:i:1

Virtual Machine User Login for Azure AD join AVD

Please make sure that the user is added to Virtual Machine User login role for each Virtual Machine. Follow below steps to add a user to Virtual Machine user role.

  • Login on Azure Portal.
  • Browse to Virtual Machines blade and then find the Virtual Machine.
  • On the Left hand side find Access Control (IAM).
Virtual Machine User Login Role
  • Search for Virtual Machine User Login role and then click on Members.
Virtual Machine User Login Role

Add a user to this Role or you can add a group as well which will provide all the users in that group Virtual Machine User Login rights. Click on Review + assign to complete role assignment.

Virtual Machine User Login Role