If you have newly setup Azure Virtual Desktop Environment and you are trying to login to a session host via Windows Desktop Client application or via web client.You may see below error messages. There are two ways users can connect to AVD, one method is via a web client and second method is to install a Windows desktop Client on your Windows or if you have Mac OS you can use this link to download the client. In this blog post, we will see the error messages and also how to fix these errors.
Error 1:
When you try to connect to Azure Virtual Destop system via a web browser.
Oops, we couldn’t connect to “SessionDesktop” We couldn’t connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.
Error 2:
When you try to connect to Azure Virtual Destop system via a web browser
Oops, we couldn’t connect to “SessionDesktop”. Sign in failed. Please check your username and password and try again.
Error 3:
You may get below error message when trying to connect to your session desktop via Windows desktop client installed on your PC. After you enter your username and password, it tries to authenticate your session and fails with below error code.
An error occured while accessing this resource. Retry the connection or contact your system administrator.
Error Code: 0x3000047
Extended error code: 0x0
Solution
I have tried to resolve the issues by using the recommendations provided by microsoft. To access the session host, your local PC must meet one of the following requirements:
- The local PC is Azure AD-joined to the same Azure AD tenant as the session host
- The local PC is hybrid Azure AD-joined to the same Azure AD tenant as the session host
- The local PC is running Windows 11 or Windows 10, version 2004 or later, and is Azure AD registered to the same Azure AD tenant as the session host
To enable access from Windows devices not joined to Azure AD. You need to add targetisaadjoined:i:1 as a custom RDP Property to the host pool.
targetisaadjoined:i:1
Follow below steps to add targetisaadjoined:i:1 RDP property to the host pool:
- Login on Microsoft Azure portal using link https://portal.azure.com
- Browse to Azure Virtual Desktop and then Find the Host pool
- On the Left hand side, you will see RDP Properties
- RDP Properties -> Then Find Advanced tab
- In the RDP Properties box you need to enter a semicolon (;) and then type targetisaadjoined:i:1
You can refer to below screenshot which shows targetisaadjoined:i:1 RDP property in a host pool.
Virtual Machine User Login for Azure AD join AVD
Please make sure that the user is added to Virtual Machine User login role for each Virtual Machine. Follow below steps to add a user to Virtual Machine user role.
- Login on Azure Portal
- Browse to Virtual Machines blade and then find the Virtual Machine
- On the Left hand side find Access Control (IAM)
- Search for Virtual Machine User Login role and then click on Members.
Add a user to this Role or you can add a group as well which will provide all the users in that group Virtual Machine User Login rights. Click on Review + assign to complete role assignment.
Conclusion
In this blog post, we have seen how to fix different errors you may get while connecting to Azure virtual desktop. Hopefully you would be able to fix the it by the solutions provided. In case you are still unable to fix it then its best to log a ticket with Microsoft for further Investigation.