The Problem
It has been about two weeks since the Azure Windows Virtual Desktop preview was announced. I have had several people ask about a specific issue when adding Windows Virtual Desktops to a domain during the provisioning process. The error is related to adding the new hosts to the Active Directory Domain and the message looks like below, indicating the “VM has reported a failure when processing extension ‘joindomain’’
The resource operation completed with terminal provisioning state 'Failed'
VM has reported a failure when processing extension 'joindomain'
Error message: "Exception(s) occured while joining Domain 'domain.com'"
First and foremost is the need for an Active Directory. Some have asked if Active Directory is a requirement and I can say unequivocally, yes it is. Not only is Active Directory required, but the Virtual Network WVD hosts are also deployed to needs access to the Domain Controller in that domain prior to provisioning the hosts. Let me repeat that for those skimming the article.
The VNet used for the deployment needs access to a Domain Controller prior to provisioning the hosts.
Need proof? Take a look that the warning Microsoft put in step 3 of the deployment:
Here is the issue that I believe some people are running into,. The default for the network step is to create a new VNet and Subnet. By default, a VNet cannot communicate with other VNets. For that, you would need a VPN or VNet Peering and there are no options to implement those (although, that could be configured as part of a template deployment). So, if the deployment creates and attaches to a new VNet, it will not communicate with a DC and joining a domain will fail.
Also, if you do not specify a domain or OU, WVD will use the domain associated with the Domain join UPN supplied in this step. This needs to be an Active Directory account. An Azure AD account won’t have the rights to add users to the domain.
Lastly, if you select the option to Specify a domain or OU, the domain field is populated with “contoso.com” by default. Yours truly left that the first time I deployed and no surprise, it didn’t work.
Troubleshooting
The advice I have for troubleshooting is to create a Windows VM on the same subnet that WVD is deployed to. Once deployed, add it to your domain manually with the same account you specified when provisioning the host pool. If that fail, then WVD will fail to join the domain as well. This rule out WVD specific issues and allows you to use standard troubleshooting tasks such as verifying network connectivity to the DC, verifying the account has rights to add computers to the domain and the password is correct.
I hope that helps anyone running into this issue!
11 thoughts on “VM has reported a failure when processing extension ‘joindomain’”
Thanks for the explanation. Can you confirm one thing for me.
If we have only AAD setup , won’t we be able to use Windows Virtual Desktop
WVD does require domain services. I have heard from the MS team that Azure Active Directory Domain Services can be used although I have not tried it.
Hah, Just spent 3h on all this bul***t , it is truly Microsoft style Total , inadequate cr**p!
I follow the documentation to the letter, and I am getting these errors exactly.. ..
I have only O365 Subscription.
I only use Azure Active Directory Domain Service, as a service, no where in the document it says I can’t .
I created the role, the tenant, the permissions, the service account god knows what else. 3h of tedious work just to arrive to the point where you can’t connect , the VM can’t provision despite “validation templates successfull” etc.
I have to learn it because some customer wants azure over AWS , but Microsoft is so bad and yet there are people who figuring this out and work with it.
Im proud of you people. Truly am
I have a walk through on setting this up posted on my YouTube channel, maybe that will help? One other thing to note, the VM’s need internet access during deployment to get DSC configuration.
Mine keeps failing and I’m not sure why. If I create a fresh VM in Azure tied to the same VNET, well first of all it doesn’t give me subnet like WVD requires you to have. It gives me an IP of the VNET’s IP address space. So it’s already not the same. I can join VM to domain, but not WVD.
The error is just “fail” nothing helpful at all.
Hi,
Although you have mentioned in this post the exact components required but could you let me know the steps to actually get this Virtual desktop running. Like below:
Vnet->Subnet->Custom Domain->AD Domain Services->Domain controller VM->Windows Virtual Desktop.
Do let me know if there are any additional components that should be present here or if these should be reorders in a specific sequence.
All the help is appreciated.
Thanks
I did a few video walk through when WVD came out in public preview. There has been some changed now that it’s GA, but may still have the information your looking for. https://www.youtube.com/playlist?list=PLnWpsLZNgHzXMtKjaQJf4Rn64W86nUDv1
Also, make sure you have went into your ADDS in Azure and configured the DNS service for the domain. This step isn’t documented anywhere for people to complete but must be done.
Great tip!
Thant really helped, amazing!
That’s the point, thank you