Azure Virtual Desktop, Windows Server 2022 and Microsoft Entra ID Only

Introduction

The customer needs Windows Server 2022 as a session host. I explained that he needed RDS User CALs for this (I always used User CALs). The customer then ordered 2000 User CALs on my recommendation. The customer’s IT department then created a Windows Server 2022 RDS license server and added the existing domain. However, the session hosts themselves are only members of Microsoft Entra ID; in other words, a cloud-only scenario. When a user logged in, they did not receive a CAL.

The way to the goal

While troubleshooting, I came across the article “Best practices for setting up RDS licensing across Active Directory domains/forests or work groups“. In this article our scenario is not described exactly, I quickly suspected that we should have license server and session host in the same “domain”. The license server was then recreated and also only added to the Microsoft Entra ID. The user was still not assigned a CAL.

Then I remembered that the workgroup is still displayed with a Microsoft Entra ID join. So, I came up with the idea of using the workgroup scenario from the article. But now we have another problem. This scenario explicitly mentions that no User CALs can be used, but ONLY per Device CALs! We then added a few Device CALs to the license server.

After the next login, a temporary Device CAL was issued. I then logged in as a local admin and got the following error message:

To be sure that the environment will still work after the rollout of the new configuration, we created a case at Microsoft and checked the setup.

Using the commands from the article “RDS Licensing troubleshooting guidance“, we were able to check that the session host was configured correctly. Since a Device CAL was also assigned after logging in again and was also available to the client, Microsoft was able to confirm that everything was configured correctly.

The error message is completely wrong. A local admin does not need a license, it is not a Windows Server 2019 license, nor has the Remote Desktop Service been stopped in any way.

Conclusion

The use of Windows Server OS as a session host with Azure Virtual Desktop is no longer common. Nevertheless, I hope to have removed two stumbling blocks, especially when used without Active Directory or Microsoft Entra Domain Service:

Using Device CALs
If licenses for devices are provided by users, ignore error message as local admin

Latest Tweets

In the last days we had some connection problems with #AVD at a customer. Together with Microsoft they found out th… https://t.co/JYt0j4epr6

12 months ago

RT @MaiteOrtegaCSO: Implementing a Zero Trust Architecture Source: NIST & NCCOE Download Link: https://t.co/mRa1QKF7CG Is Zero Trust a… https://t.co/6y3iMp8gGI

12 months ago

RT @wpninjasummit: First speakers to be announced soon! Space is limited, so register now at https://t.co/cJktqGC2Y1 to secure your s… https://t.co/0o8YDG8rM1

12 months ago

Introduction

The way to the goal

Conclusion

1 thought on “Azure Virtual Desktop, Windows Server 2022 and Microsoft Entra ID Only”