FSLogix storage account not being domain joined

[michael-novak-80]

Hello @danycontre & team,

I am experiencing a problem during fslogix storage account deployment. It is not being domain joined. The Storage account fslogix file share has AD integration as not configured and the object is not created in the AD. The DomainJoin step in the "Add-fslogix-Storage-Setup" completes sucesfully:

• I have deployed ALZ through Bicep accelerator.
• I am using hub and spoke network, with custom DNS servers configured on Hub and AVD spoke vnet.
• For AVD deployment I am using a dedicated subscription with existing dedicated spoke vnet along with existing private DNS zones and Custom servers (Scenario 4 I suppose).
• I have thouroughly followed the documentation guidelines regarding DNS resolution configuration for private zones and have linked the vnet containing azure DC VM to both private zones (residing in hub subscription) in addition to a hub network link.
• I have an on-prem domain controller and a secondary azure domain controller VM setup as a forwarder to Azure DNS.

Private endpoint resolution works fine from both domain controllers:

Non-authoritative answer:
Name:    safslatcpkpb.privatelink.file.core.windows.net
Address:  10.50.1.6
Aliases:  safslatcpkpb.file.core.windows.net

There is no corresponding log file in management VM C:\Windows\Temp folder I could reference to.

Also, the DSCStorageScripts directory is empty, so the script that is supposed to domain join the storage account is not being run at all?

I have absolutely no idea what I might be doing wrong.

What was the expected outcome?

Storage account joining the domain

[danycontre]

@michael-novak-80 this was a bug in the DSC package file naming, we just pushed a fix for it.

Also check if your VM has access to https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts/1.0.1/DSCStorageScripts.zip

PS: you can manually remove the VM extension and then trigger a redeployment of Add-fslogix-Storage-Setup, or you can run a full deployment of the baseline.

@swathibhat1

Please try again.

[michael-novak-80]

Hi @danycontre Thanks for the answer and a quick fix. DSC package is now downloaded and executed correctly.

HOWEVER, The script Script-DomainJoinStorage.ps1 has a depreciated argument -EncryptionType 'AES256' for the Join-AzStorageAccount defined:

Join-AzStorageAccount -ResourceGroupName $StorageAccountRG -StorageAccountName $StorageAccountName -OrganizationalUnitDistinguishedName $OUName -DomainAccountType 'ComputerAccount' -EncryptionType 'AES256' -OverwriteExistingADObject #-SamAccountName $SamAccountName

This argument was removed in v 0.2.9 of AzFilesHybrid on Jan 16, 2024:

Removal of an unused parameter in the Join cmdlet, no longer needed because we are using AES256 as the default encryption type. https://github.com/Azure-Samples/azure-files-samples/releases

Therefore, the script fails with:

10-11-24 17:29:15 - MSFT_ScriptResource:25 - [ERROR] 

Exception             : System.Management.Automation.ParameterBindingException: A parameter cannot be found that 
                        matches parameter name 'EncryptionType'.
                           at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext 
                        funcContext, Exception exception)
                           at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame 
                        frame)
                           at 
                        System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                        frame)
                           at 
                        System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame 
                        frame)
                           at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
                           at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
                           at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, Object 
                        dollarUnderbar, Object inputToProcess)
                           at System.Management.Automation.PSScriptCmdlet.DoEndProcessing()
                           at System.Management.Automation.CommandProcessorBase.Complete()
TargetObject          : 
CategoryInfo          : InvalidArgument: (:) [Script-DomainJoinStorage.ps1], ParameterBindingException
FullyQualifiedErrorId : NamedParameterNotFound,Script-DomainJoinStorage.ps1
ErrorDetails          : 
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at <ScriptBlock>, C:\Packages\DSCStorageScripts-fslogix\Script-DomainJoinStorage.ps1: line 121
                        at <ScriptBlock>, <No file>: line 19
                        at ScriptExecutionHelper, C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfi
                        guration\DscResources\MSFT_ScriptResource\MSFT_ScriptResource.psm1: line 317
                        at Set-TargetResource, C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfigur
                        ation\DscResources\MSFT_ScriptResource\MSFT_ScriptResource.psm1: line 153
PipelineIterationInfo : {}
PSMessageDetails      : 

Could you please edit the

/avdaccelerator/blob/main/workload/scripts/DSCStorageScripts/1.0.1/DSCStorageScripts.zip
/avdaccelerator/blob/main/workload/scripts/DSCStorageScripts/1.0.1/Script-DomainJoinStorage.ps1

and remove this parameter?

Thank you!

[danycontre]

@michael-novak-80 package updated, please try again and let us know the outcome.

[michael-novak-80]

Hi @danycontre

Confirming it works fine now. Many thanks for your support.

@michael-novak-80 package updated, please try again and let us know the outcome.