Can’t connect to Windows 365 - Browser - AVD Private Link

Joachim Løe 85 Reputation points
2024-07-17T12:24:43.6833333+00:00

Hi,

We have an Azure Virtual Desktop environment setup where we have enabled private link/Private Endpoint for the initial feed. When trying the browser client for Windows 365 on internal network, we get this error.

User's image

When inspecting the logs for the web request, I see that its pointing to the Private Link address of the initial feed. We get 403 forbidden on GET request of the .rdp file.

User's image

 

If I connect my computer on an external network where DNS lookup points to the Public IP of the Initial Feed. Then it works and I get an 200 OK message on the same request. The Initial feed private endpoint is linked to a AVD Workspace that is only used for the initial feed service.

Firewalls and others is verified OK for the connection to the Private Endpoint IP and AVD Workspace. All other web clients/desktop apps work. Its only this W365 browser client that struggles.

Anyone experienced the same or is this a "bug" with the W365 Browser client when having a Private Link setup?

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
514 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,566 questions
Windows 365 Enterprise
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 2,235 Reputation points
    2024-07-17T13:27:57.26+00:00

    Hello Joachim

    It sounds like you've set up a Private Link for your Azure Virtual Desktop (AVD) initial feed, and the W365 browser client is having trouble connecting to it when using the Private Link address. However, when you access the same endpoint from an external network using the public IP, it works fine.

    This behavior is not a known issue with the W365 browser client, and it's likely related to the way the client handles private links or DNS resolution. Here are a few potential explanations and troubleshooting steps:

    1. DNS resolution: Ensure that the internal network can resolve the Private Link domain name correctly. You can try pinging the Private Link domain name from a machine within the internal network to verify DNS resolution.
    2. Private Link configuration: Double-check that the Private Link is properly configured and linked to your AVD workspace. Make sure that the Private Link is enabled and configured correctly for both the initial feed and your AVD workspace.
    3. W365 browser client configuration: Check the W365 browser client configuration to ensure that it's using the correct DNS resolver or proxy settings. You can try setting a custom DNS resolver or disabling any proxy settings to see if it resolves the issue.
    4. CORS configuration: Verify that the CORS (Cross-Origin Resource Sharing) settings are configured correctly on your AVD workspace's initial feed. Some browsers may block requests due to CORS issues, even if they're coming from the same origin.
    5. Fiddler or proxy tool: Try using a tool like Fiddler or Burp Suite to inspect and manipulate the HTTP requests made by the W365 browser client. This might help you identify if there are any issues with the request headers, URL rewriting, or other factors that could be causing the 403 error.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.