OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Cannot authenticate Azure Virtual Desktop Host with FSLogix Storage Accounts Entra ID

  • Thread starter Thread starter authorized_bot
  • Start date Start date
A

authorized_bot

Guest
My main problem is I have an Entra ID Authentication inside the host pool on AVD, so I can log into the VMs using my Entra ID.

The next thing I wanted to set up was FSLogix to create a simple profile container, I created a storage account that only has access from the network where my host pool is located and created a File Share.

I followed the FSLogix docs and ran into a problem, I cannot mount the new file share onto my PC using my Entra ID credentials. I can however mount it using the access key of my storage account.

I also set the registry up with the ones from the documentation

Going into the Event Viewer on one of my VMs I get this

StatusDetailsEvent ID
Error 6/27/2024 11:23:55 AM:LoadProfile failed. Version: 2.9.8884.27471 User: <<USERNAME>>. SID: <<SID>>. SessionId: 2. FrxStatus: 31 (The user name or password is incorrect.)26
Information 6/27/2024 11:23:55 AM:Profile load: Status: 27 Reason: 5 Error: 1326 Username: <<USERNAME>> SID: <<SID>>25
Error 6/27/2024 11:23:55 AM:Operation: FSLogixFindFile, SessionId: 2, ErrorCode: 132638
Error 6/27/2024 11:23:55 AM:FindFile failed for path: \\<<STORAGE NAME>>.file.core.windows.net\<<SHARE>\<<USERNAME-SID>>\Profile*.VHDX (The user name or password is incorrect.)26
Information 6/27/2024 11:23:55 AM:Removed the local profile for user with SID <<SID>>.59
Error 6/27/2024 11:23:08 AM:Failed to get computer's group SIDs26
Error 6/27/2024 11:23:07 AM:Querying computer's fully qualified distinguished name failed. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.)26
Information 6/27/2024 11:23:01 AM:The FSLogix service (frxsvc) has loaded successfully.8

I've given myself the roles: Storage File Data Privileged Contributor Storage File Data SMB Share Contributor

The storage account inherits them from the resource group

The output of

Code:
dsregcmd /status

Code:
+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

             AzureAdJoined : YES
          EnterpriseJoined : NO
              DomainJoined : NO
           Virtual Desktop : NOT SET
               Device Name : avd-host-vm-0

Thanks.
<p>My main problem is I have an Entra ID Authentication inside the host pool on AVD, so I can log into the VMs using my Entra ID.</p>
<p>The next thing I wanted to set up was FSLogix to create a simple profile container, I created a storage account that only has access from the network where my host pool is located and created a File Share.</p>
<p>I followed the <a href="https://learn.microsoft.com/en-us/fslogix/" rel="nofollow noreferrer">FSLogix</a> docs and ran into a problem, I cannot mount the new file share onto my PC using my Entra ID credentials.
I can however mount it using the access key of my storage account.</p>
<p>I also set the registry up with the ones from the <a href="https://learn.microsoft.com/en-us/f...le-containers#profile-container-configuration" rel="nofollow noreferrer">documentation</a></p>
<p>Going into the Event Viewer on one of my VMs I get this</p>
<div class="s-table-container"><table class="s-table">
<thead>
<tr>
<th>Status</th>
<th>Details</th>
<th>Event ID</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Error</strong> 6/27/2024 11:23:55 AM:</td>
<td><code>LoadProfile failed. Version: 2.9.8884.27471 User: <<USERNAME>>. SID: <<SID>>. SessionId: 2. FrxStatus: 31 (The user name or password is incorrect.)</code></td>
<td>26</td>
</tr>
<tr>
<td><strong>Information</strong> 6/27/2024 11:23:55 AM:</td>
<td><code>Profile load: Status: 27 Reason: 5 Error: 1326 Username: <<USERNAME>> SID: <<SID>></code></td>
<td>25</td>
</tr>
<tr>
<td><strong>Error</strong> 6/27/2024 11:23:55 AM:</td>
<td><code>Operation: FSLogixFindFile, SessionId: 2, ErrorCode: 1326</code></td>
<td>38</td>
</tr>
<tr>
<td><strong>Error</strong> 6/27/2024 11:23:55 AM:</td>
<td><code>FindFile failed for path: \\<<STORAGE NAME>>.file.core.windows.net\<<SHARE>\<<USERNAME-SID>>\Profile*.VHDX (The user name or password is incorrect.)</code></td>
<td>26</td>
</tr>
<tr>
<td><strong>Information</strong> 6/27/2024 11:23:55 AM:</td>
<td><code>Removed the local profile for user with SID <<SID>>.</code></td>
<td>59</td>
</tr>
<tr>
<td><strong>Error</strong> 6/27/2024 11:23:08 AM:</td>
<td><code>Failed to get computer's group SIDs</code></td>
<td>26</td>
</tr>
<tr>
<td><strong>Error</strong> 6/27/2024 11:23:07 AM:</td>
<td><code>Querying computer's fully qualified distinguished name failed. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.)</code></td>
<td>26</td>
</tr>
<tr>
<td><strong>Information</strong> 6/27/2024 11:23:01 AM:</td>
<td><code>The FSLogix service (frxsvc) has loaded successfully.</code></td>
<td>8</td>
</tr>
</tbody>
</table></div>
<p>I've given myself the roles:
Storage File Data Privileged Contributor
Storage File Data SMB Share Contributor</p>
<p>The storage account inherits them from the resource group</p>
<p>The output of</p>
<pre><code>dsregcmd /status
</code></pre>
<pre><code>+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+

AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : NO
Virtual Desktop : NOT SET
Device Name : avd-host-vm-0

</code></pre>
<p>Thanks.</p>
Continue reading...
 
Top