Comments (3)
Hello Jean-Loup,
Which machine or machines did not get domain joined? The session hosts should be getting joined by the managed identity, as they are created. If they don't, the deployment will fail at that point. If it's the management VM, that domain join is performed by the account '[email protected]'. And of course, if that account is not added to the right group, that operation will fail, as well as most other operations after that.
I have gotten to this point and have some success with deleting any objects in your resource group with the text 'mgmtvm' in them. There should be a VM, a NIC, a PIP, and a disk. After those get deleted you could try re-running the deployment without changing any parameters. The thing I worry about as of yet is the key vault name you and I were testing before.
I am testing a method suggested by a peer, which is to name the key vault the same way we name the storage account used for the FSLogix profiles. It uses a concatenation of resource prefix + a uniquestring based on your subscription ID. The reason is that this unique string is a hash of whatever you feed into it. Since your subscription is the same each time, and if the resource prefix is the same, then you will get a value for key vault name that is unique to your deployment and subscription, but should be the same if you re-deploy using the same resource group name.
In my case for a deployment I am doing right now, I have an 8 character resource prefix and have a 12 character unique string concatenated to that. I believe this will help resolve the issue of possible duplicate key vault names, while at the same time setting the key vault name to be the same for a redeploy with the same prefix name.
I hope that helps.
Thanks,
Robert Smith
from avdblueprint.
Hi Robert,
All the session hosts were no joined to the managed domain.
Did the script add the managed identity to the AAD DC Administrators group ?
Thanks,
Jean-Loup
from avdblueprint.
Hello Jean-Loup,
I have seen problems before with timing of adding members to AAD DC Administrators group. We put a lot of work in to address the timing. But if you check that group and you don't see any members, you can pretty much write that one off as a failed deployment. If you cleanup and try again and is succeeds, it was an ephemeral issue. If you keep having that same issue, check to make sure the account created by the Blueprint for administering tasks (domainadmin) gets created. If it doesn't get created, you might check the log files to see if there is some issue with that account getting created.
Thanks,
Robert M. Smith
from avdblueprint.
Related Issues (20)
- Need to specify a different SKU of the management VM OS HOT 1
- Log Analytics artifact fails with incorrect API message in AzGov HOT 2
- Do not create Azure DDoS plan by default HOT 3
- Deconstruct script references "WVD" HOT 2
- Deconstruct script needs a method to purge key vault (not just soft delete) HOT 2
- The log retention period should be a Blueprint level parameter, not individual parameter in multiple artifacts HOT 1
- ScriptURI parameter has different values for the name within the project HOT 2
- User-assigned Managed Identity authorization issue 'Microsoft.Resources/subscriptions/resourcegroups/write HOT 9
- Keyvault error : The vault name 'AVDBP01-sharedsvcs-kv' is already in use HOT 6
- Use Active Directory Domain controllers. HOT 1
- Maybe a short sleep between creation of the User Managed identity and Global Admin assignment. HOT 6
- Error in Azure China HOT 2
- Pre-existing Active Directory - error HOT 1
- VM extension CreateProfileStoreAndFSLogixPolicy timeout HOT 3
- Support Key Vault RBAC instead of access policies HOT 1
- Provide an architecture diagram of the solution HOT 1
- AD join for Azure Files profile storage deployment when using existing AD HOT 1
- New-AzBlueprintAssignment : Required properties must be provided: reference. HOT 3
- Problem with CreateAADDSFileShare_ConfigureGP.ps1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from avdblueprint.