search

Azure / avdaccelerator

AVD Accelerator deployment automation to simplify the setup of AVD (Azure Virtual Desktop) based on best practices
MIT License
308 stars 201 forks source link

Missing functionality and/or documentation for Private DNS and ADDS integration #540

Closed wcneumann0219 closed 8 months ago

wcneumann0219 commented 8 months ago

What happened? Provide a clear and concise description of the bug, including deployment details.

Solution did not work once successfully deployed for two reasons.

  1. The accelerator and its documentation does not configure or tell you that you need to configure DNS resolution for the Private DNS zones in Windows AD--for example using forward lookup zones.
  2. The accelerator and its documentation do not configure or tell you that you need to integrate the FSLogix storage container with Windows AD and ensure that the authorized users can read/write profile data to the FSLogix container.

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

What was the expected outcome?

The AVD Landing Zone Accelerator when successfully deployed should leave the user with a successful deployment. It does not do this when you use either Private Networking or when you integrate with Windows AD for the cited reasons.

The documentations leads one to believe that both will work once the accelerator successfully completes because the accelerator allows the user to specify those two types of deployments AND there are no post-deployment steps for those two scenarios.

I recommend you either enhance the tool to complete the missing steps for those two scenarios or provide additional documentation explaining that additional steps are required and provide details on what they are.

Relevant log output

No response

moisesjgomez commented 8 months ago

@wcneumann0219 Thank you for your feedback, we are reviewing it. It is valid to configure DNS resolution in AD for some scenarios. Tagging @danycontre in case you have any further feedback on this point. To #2, the accelerator will complete end to end setup of FSLogix, along with user permissions for their folder. Did FSLogix setup fail in a deployment for you?

danycontre commented 8 months ago

@wcneumann0219 thanks for your feedback.

1) Steps to configure DNS conditional forwarders are not done by the automation because we have no access to these resources on the customer side (DCs, DNSs, etc.) and we don't have the intent to modify configurations out of the scope of AVD LZA resources.

We just updated the getting started guide with a DNS resolution section for private endpoints: https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started-baseline.md#private-endpoints-dns-requirements-and-considerations

image

Please let us know your feedback on the changes in the getting started guide, happy to adjust.

danycontre commented 8 months ago

@wcneumann0219 thanks for your feedback.

2) Agree with @moisesjgomez comments, the AVD LZA deployment does configure FSLogix container and integrates it with ADDS, AADDS or AAD authentication (including setting NTFS permissions).

If the FSLogix wasn't configured on your deployment, please check the logs on the management VM at C:\Windows\temp\ManualDscStorageScriptsLog.log

Happy to help you troubleshoot.