Azure-docs: Fails to join domain

@tannersatch Thanks for your feedback! We will investigate and update as appropriate.

Got the same error, using a Service Principal and and AAD Domain Services.

Got the same error as well, using an all-round administrator user account for testing with AAD Domain Services.

I got this error also, turned out to be a silly mistake on my part. When the option to specify a domain or OU is selected in step 3 of deployment, the domain is pre-populated with contoso.com. I overlooked that and left it as default. As you can imagine, that didn't work.

I've changed the domain and specified an OU with no luck. Failing on joindomain. Documentation is terribly lacking,

I have the same issue:

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VMExtensionProvisioningError\",\r\n \"message\": \"VM has reported a failure when processing extension 'joindomain'. Error message: \\"Exception(s) occured while joining Domain '*.onmicrosoft.com'\\".\"\r\n }\r\n ]\r\n }\r\n}"}]}

{ "status": "Failed",
"error":
{ "code": "ResourceDeploymentFailure", "message":
"The resource operation completed with terminal provisioning state 'Failed'.",
"details":
[ {"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'joindomain'.
Error message: \"Exception(s) occured while joining Domain '*.onmicrosoft.com'\"." } ] } }

I'm also stuck on this. the vm is created, but the deployment fails on the join domain step.

Same here, can we fix this afterward or do I need to recreate the pool?

Used this: https://azure.microsoft.com/fr-fr/resources/templates/201-vm-domain-join-existing/
Seemed to work

Same here...

I'm also struggeling with this. I've tried several times. Does the default vnet have access to the AD domain by default? Do I have to set some domainservices stuff to get this working? It should not be necessary join manually after failure. The template is designed to set it all up.

@Joergenlie makes a good point. The VNet you deploy to needs access to a Domain Controller during the deployment for domain join and after for login services. If you use a new VNet created at the time of deployment, it won’t have the access needed to the DC. I deployed to an existing VNet on the same subnet as the rest of my VM’s. Deploying to a new subnet in the same VNet should work as well unless there were security settings blocking connectivity between the subnets.

I posted a walk through of setting this up at www.ciraltos.com yesterday if anyone is interested.

I signed up for the azure trial, and didn't realize that you needed to have either a domain controller, or azure ad domain services set up already before deploying this template.

There are other issues with this template. for example, if you're on the azure trial, you're limited to 4 core machines, but the default template uses 8 core vms. you have to manually pick another machine type. D4s_v3 seems to be a good choice.

I suspect a lot of trial users are signing up specifically to look at the windows virtual desktop preview and will hit the same pitfalls.

It worked: the issue was related to the DC VM. Make sure once you deployed the DC on an Azure VM, you update the DNS entry for the virtual network to reflect the internal IP of the DC VM. Restart the DC VM.

I was having the same the same issue until I realised it wanted to join to the local AD Domain
Our AD Domain is (for example) CONTOSO.LOCAL aka CONTOSO\ this syncs to our Azure AD as CONTOSO.COM

So I changed the AD Domain join UPN to [email protected] and bingo it now works.

@tannersatch are you still having issues ?

Nope, deployment succeeded finally. Seems like I had quite the combination of all the issues mentioned above. Thanks to all who commented your solutions!

I got everything working :

• Realized i was missing some post-install on a freshly deployed AAD Domain Services (Vnet DNS, using another subnet for VM, etc..)
• I had pwd hash sync already running from AADConnect but it seems pwd sync from AAD to AAD Domain Services does not happen until pwd change (or full sync ?) from AADConnect. After changing pwd on local AD i was able to authenticate to AAD Domain Services.

I recommend anyone having trouble with a freshly deployed AAD Domain Services to deploy a standalone VM first a get it to join AAD Domain Services, will be faster to troubleshoot than redeploy the whole template each time.

@tannersatch Great to hear that you are able to resolve this. Thank you all who helped providing the solution over here as this would help any future readers.
We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.

Im new to Azure and Windows Virtual Desktop, but Im having the problem described above and I cant figure out how to solve it, english is my second languare so maybee Im missing something. The errorcode I get it.

The resource operation completed with terminal provisioning state 'Failed'.", "details": [ { "code": "VMExtensionProvisioningError", "message": "VM has reported a failure when processing extension 'joindomain'. Error message: \"Exception(s) occured while joining Domain

And then my domain.

Same issue. I tried deploying Windows Virtual Desktop and had the same issue with joining domain.

Hi all,
i have tried to deploy a Windows Virtual Desktop, with a managed image.
But during the deployment phase go to failure for the following reason:
VM has reported a failure when processing extension 'joindomain'

before this deployment I had already created a WVD, with a marketplace image, and the deployment created all the infrastructure.

Can you give me helps or point of attention?
Thanks in advantage.

I had the same issue and figured it out. I had set the custom DNS servers on my DC only, so any new servers could not resolve the domain. Changed the custom DNS servers to the VNet and all ok now.
Easy to figure out when you have a VM to log into and test from.
Cheers

I created an "Azure AD Domain Services" deployment to use for my Wvd setup. I enabled peering between its vnet aadds-vnet/aads-subnet and the vnet to be used for wvd host pool vms vnet-0/vmSubnet. Both subnets are enabled with Microsoft.AzureActiveDirectory service endpoint access, i enabled all 10 service endpoint options.

With all this in place when i use the wvd hosted pool deployment wizard i'm no longer getting failure discussed at start of this issue but instead am now getting what is shown below. I'm getting no search hits on this, is there some additional step necessary to enable wvd hosted pool deployment wizard to succeed?

Error: Failed to retrieve the blade definition for 'ArmErrorsBlade' from the server. message:Manual require of the following modules failed; 
["HubsExtension/Store/StoreClientStrings" : {Error: Couldn't load "HubsExtension/Store/StoreClientStrings" at "https://portal.azure.com/AzureHubs/Content/Dynamic/1z0jK4SZdMi_.js?retryAttempt=1.0044450955080833"
unexpected error TypeError: Failed to fetch}]; 

Not sure what next steps to take to get Wvd hosted pool template to succeed at this point.

For me, it worked after adding Microsoft.AzureActiveDirectory to Service Endpoint in AADDS VNet: