Azure VD Based Connection - Failed to Connect - "A Certificate authority could not be contacted for authentication" while using Windows Hello for Business

Veera Ragavan 26 Reputation points
2023-07-17T10:47:38.52+00:00

Hello Experts,

I could not find the Limitations of Azure Virtual Desktop Based scenario's.

Environment:

  1. Windows 11 - as Azure AD Domain Joined
  2. On Premise AD, CA Environment
  3. On Premise CA Environment, Integrated and Deployment Using SCEP/NDES Model with help of Intune
  4. Windows Hello for Business - Using the Internal CA Certificates
  5. Latest Updates with Client OS, and Remote Desktop Application is also Up to Date
  6. Windows Hello for Business Activated, Working Well as expected - PIN, Face Recognization...

User's image

We have Successful usage of AVD Based work Stations and Applications using MS Edge / Chrome Browser. The following error appears while we try to access the Remote Desktop Based

User's image

Added Information:

  1. Remote Desktop Application helps to connect to the AVD Environment - with Regular Credential Based authentication.
  2. Remote Desktop Application failed to connect - With any other except credential based (Example : PIN, Fingerprint, Face Recognization...) - For any Applications which is Hosted in Azure VD (Example : Outlook, PowerPoint, Hosted Servers..)
  3. The Same error message appears if we take the RDP Session using MSTSCS Based Session
  4. All Azure VD Hosted Devices, Applications are accessible with out any issues using Browser. In General the browser based authentication will not ask for the Windows Hello For Busines based logins

Any Idea, if we have any Limitations with AVD + Windows Hello for Business.

Certificate Details:

The following type of Certificate's are in Place and it is use for authentication - Other Purpose (Accessing the In House Applications, etc.,)

Device Based Certificate's
User's image

User's image

User Based Certificate

User's image

Any Suggestion:

  1. Usage of additional certificate/types - If no Restrictions

2.Reference Materials if any Restrictions..

Thank you for your time in Advance!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,836 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,529 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,535 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,549 questions
Microsoft Entra

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kalagara, Raj 0 Reputation points
    2024-09-26T18:08:13.8833333+00:00

    Hello @Prrudram-MSFT - I have the same situation. We have a Phyiscal laptop that is Azure AD joined and use WHFB. In that laptop we have Azure Virtual Desktop client that i connect using hybrid credentials. When i try to login to AVD using smartcard or Yubikey "i get certification authority could not be contacted for authentication".Any Ideas ?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.