Today, I’ll be covering troubleshooting Azure Virtual Desktop (AVD) issues. I’ll cover the common causes of problems beyond logon and how you can monitor and troubleshoot to identify the root-causes of issues and how to resolve them resolve them.

For information on troubleshooting logon problems and slow logons, please see my previous article: Troubleshoot Slow Azure Virtual Desktop (AVD) Logons.

Azure Virtual Desktop (AVD) is a robust Cloud platform that enables organizations to deliver virtual desktops and applications to their users. Users can access the applications and desktops from anywhere and any device. While AVD is designed to provide a seamless user experience, issues can arise beyond the logon process that can affect user experience and impact their productivity.

This blog post will guide you through some common AVD issues beyond logon and provide solutions to help troubleshoot them. For eG Enterprise users, many of the troubleshooting techniques I discuss will be handled automatically by our proactive monitoring features and AIOps automated root-cause diagnostics engine. However, most of the information will also be useful to those reliant on Azure native tools or other third-party tools.

What are the most common AVD issues likely to need troubleshooting?

The most common AVD user experience issues beyond logon that you are likely to encounter include:

  1. Graphics Performance / RemoteFX Protocol issues
  2. Application Input Latency Issues
  3. Session Host Configuration Issues
  4. AVD Connection Issues
  5. AVD Client Issues
  6. Azure Activity Directory (AAD) Connection Issues
  7. Azure AD Connect Configuration Issues
  8. User Profile Issues
  9. AVD Agent Issues
  10. Performance Problems on AVD Session Hosts
  11. Authentication and Authorization Issues

Issue 1: Troubleshooting AVD Graphical Performance and RemoteFX Protocol issues

Microsoft’s RemoteFX protocol significantly impacts Azure Virtual Desktop (AVD) user experience by enabling the delivery of a full Windows user experience to a range of client devices, including rich clients, thin clients, and ultra-thin clients. Graphics related performance issues generally fall into four categories.

  • Low frame rate
  • Random stalls
  • High input latency
  • Poor frame quality

RemoteFX exposed various performance objects and counters. One of the objects is “RemoteFx Graphics” that has interesting counters for troubleshooting graphics performance issues. To address the low frame rate and random stall issues, please follow below suggestions. Monitor the following counters:

  • Output Frames/second
  • Input Frames/second
  • Frames Skipped/Second (Insufficient Server Resources)
  • Frames Skipped/Second (Insufficient Network Resources)
  • Frames Skipped/Second (Insufficient Client Resources)
  • Average Encoding Time

First check the Output Frames/Second counter. It measures the number of frames made available to the client. If this value is less than the Input Frames/Second counter, it means the frames are being skipped. To identify the bottleneck, you need to monitor all Frames Skipped counters. A high value for any of the Frames Skipped/Second counters implies that the problem is related to the resource the counter tracks. For example, if the client doesn’t decode and present frames at the same rate the server provides the frames, the Frames Skipped/Second (Insufficient Client Resources) counter will be high.

If the Output Frames/Second counter matches the Input Frames/Second counter, yet you still notice unusual lag or stalling, then Average Encoding Time may be the culprit. Encoding is a synchronous process that occurs on the session host. Average Encoding Time should be under 33 milliseconds.

Poor frame quality issues can occur if the server having lack of network or server resources to send higher fidelity content to the AVD users.

You can follow this Microsoft blog to mitigate the graphics performance issues, see: Diagnose graphics performance issues Remote Desktop – Azure | Microsoft Learn.

More information on the key RemoteFX and Graphics related metrics to monitor and set thresholds / alerts on is covered in my previous blog, see: Troubleshooting Azure Virtual Desktop (AVD) Sessions – Key User Experience and Graphics Metrics to Monitor.

Issue 2: Troubleshooting Application Input Latency issues

You may have noticed that when you drag something on your screen, it will often lag your mouse or finger, as if attached by a rubber band. This is input latency and in simple terms “a delay in the computer’s response to your actions”. A low frame rate is often the cause of input latency, however you should remember low frame rates alone are not necessarily a problem e.g., when a user is reading a document, and the frame is not changing.

Why a low frame rate can lead to users perceiving input latency

The human eye is generally considered to find 30 fps pleasing (film content is typically recorded at 24 fps), and the incremental visual benefits between 30-60 fps are minimal; but perception is a strange thing and many users find 60 fps more pleasant although visually the differences are mathematically minimal. A lot of this for users such as gamers is associated with the responsiveness (when they “pull the trigger”). At 30 fps, there is 0.03333 secs between frames at 15 fps it is 0.0666 sec so if a mouse click just misses a frame you pick up an extra 0.033s (33ms) of “latency” in the user feel – this is why gamers are obsessed with 60 fps (it’s not necessarily the visuals above 30ms but it can certainly “feel” different. Gaming and the responsiveness of the experience on a local device have set the standards for VDI and DaaS users using application interactively.

If Average Encoding Time is under 33 milliseconds but you still have performance issues, there may be an issue with the application or operating system you are using. To diagnose application related high latency issues, you need to “User Input Delay Per Session” performance object. This counter measures how long any user input, such as mouse or keyboard usage, stays in the queue before a process picks it up. Microsoft has a detailed blog on User Input Delay metrics, see: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdsh-performance-counters.

I’ve covered leveraging specific metrics such as the “User Input Delay” counters for troubleshooting in a previous blog, Troubleshooting Azure Virtual Desktop (AVD) Sessions – Key User Experience and Graphics Metrics to Monitor.

Note: Citrix users familiar with the HDX / EDT / ICA metric RTT (Round Trip Time) should be aware that whilst User Input Delay is a similar metric to RTT, the sampling and how it is collected within the stack is different and so you should not expect these two metrics to be the same although both reflect the latency the end user will perceive.

Figure 1: Individual AVD user experience dashboards designed for L1/L2 frontline helpdesk operators and AVD administrators include key metrics, alerts, end-client information, logon breakdowns, FSLogix details, application usage and more.

Issue 3: Troubleshooting AVD Session Host Configuration Issues

Some common AVD session host configuration issues that can impact user experience include:

  • Insufficient resource sizing or inappropriate VM Types: Inadequate sizing of CPU, memory, or disk resources on session hosts can lead to resource bottlenecks and degrade user experience. Ensure that session hosts are properly provisioned with sufficient resources to handle the workloads consumed by the users.
  • Sometimes, issues can arise when configuring the AVD session host virtual machines. Please refer this Microsoft blog https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration and understand how to troubleshoot and fix it before it affects your users.

Microsoft’s own advice directs users to use F-series, D-series or NV-series VMs dependent on their workloads and budget constraints. There is also some community advice and benchmarking available, links to some community members engaged in assessing VM instance types for AVD and Citrix are included at the bottom of this article, see: Choosing Azure Instances for Microsoft AVD (eginnovations.com).

Burstable B-series VMs are not advised to run VDI apps or desktops.

Issue 4: Troubleshooting AVD Connection Issues

Connection issues can occur dues to a wide range of factors such as:

  • Network connectivity: Make sure that the user’s device is connected to the internet and that there are no network issues that could be causing the problem. In AVD, if the round-trip time (RTT) between the user and the session host is under 150 milliseconds, the connection’s network latency should not impact the user experience even if the workloads involve rendering or video. If RTT is between 150 milliseconds and 200 milliseconds, the connection should be fine for text processing, but more graphical and interactive user workflows may suffer some degradation (spinning 3D CAD models). If the RTT is above 200 milliseconds, it may well impact user experience and trigger helpdesk tickets from users. It is generally best practice to ensure that your end-users connect to session hosts in the Azure region closest to them to minimize network latency.
  • Errors in Azure Resource Manager (ARM) deployment: Deployment issues can occur during the setup of AVD environment. The advice in this Microsoft link https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-overview for troubleshooting deployment failures is very useful.
  • Problems in AVD infrastructure: AVD infrastructure has lot of moving elements and each one of them must work. Monitoring Azure Storage, Networking and similar services is always advisable and can identify issues before real AVD users are impacted.
  • Subscription limits and Allocation failures: Ensure that you have not reached your Azure subscription limits. Allocation failures can occur when creating or resizing virtual machines (VMs) in Azure. These failures can be caused by Affinity Group-related issues, subscription limits, or errors in the VM configuration.
  • Invalid logon credentials: If users enter incorrect login credentials, they will not be able to connect to the AVD environment.

Figure 2: The top of a “Connection Failure” report allows the administrator to quickly identify the most problematic areas of their AVD deployment to target effort where most effective. Instant visibility on whether particular Host Pools, Session Hosts, Users or Session Desktops are experience connection problems.

I’ve put together a detailed troubleshooting guide on AVD connection issues, please see: Troubleshooting AVD (Azure Virtual Desktop) Connection Failures: A Comprehensive Guide.

Figure 3: eG Enterprise automatically monitors and raises alerts on Azure infrastructure issues in Azure AVD dependencies such as networking, storage and other key services that can cause connection problems. This means admins can avert issues before users are affected. eG Enterprise will also keep track of the billing, costs and subscription limits on these resources.

When working with AVD it is advisable to have a good understanding of the Reverse Connect and RDP Shortpath technologies used by Microsoft to implement AVD connections, see Reverse Connect for Azure Virtual Desktops and RDP Shortpath Monitoring in Azure.

Issue 5: Troubleshooting AVD Client Issues

Users may experience issues in connecting to the Session host through the Remote Desktop Connection client software. RDP connection issues can occur due to various factors, such as network connectivity, firewall settings, and problems with the RDP client. You can open the client side logs at %temp%\DiagOutputDir\RdClientAutoTrace folder and convert to xml file as mentioned in this Microsoft have a decent blog for troubleshooting common client-side issues, see: https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-client-windows.

Issue 6: Authentication and Authorization Issues

  • Invalid logon credentials: If users enter incorrect login credentials, they will not be able to connect to the AVD environment.
  • Problems with AVD infrastructure: Sometimes, Issues with the AVD infrastructure, such as problems with the AVD broker or the AVD agent, can cause authentication and authorization failures.
  • Missing Azure RBAC policies: If Azure RBAC policies for the VM are not configured correctly, users may not be able to log in to the AVD environment.
  • MFA Sign-in method required: If a Conditional Access policy requires MFA or legacy per-user MFA is enabled, users may not be able to log in to the AVD environment.

Information on proactively monitoring Azure AD (Entra ID) Sign In Logs is provided in, Azure AD Monitoring – Sign In Logs & Attack Detection (eginnovations.com).

Advice on monitoring the AVD Broker is covered in, Monitor and investigate AVD Broker issues | eG Innovations.

Figure 4: eG Enterprise provides out-of-the-box dashboards providing user friendly overviews of Sign-in log data associated with Azure AD

Figure 5: Steep and sudden spikes in sign-in failures often indicate a service failure and such failures often impact users in specific locations. Daily working patterns e.g., the 9 am morning logon or 1pm back from lunch surge become very clear. Anomalous behavior such as users logging on at 3am from unusual locations should trigger red flags.

To learn more about Azure compliance monitoring and detecting attacks by monitoring sign-in logs, check out this article, How to Monitor Azure AD Sign-ins logs and Detect Attacks Proactively. Broader advice on monitoring Azure AD (Entra ID) including audit logs and so on is provided, here: How to monitor Azure AD Step by Step.

Issue 7: Troubleshooting User Profile Issues

Common user profile issues include the user profile failing to attach to the session or the FSLogix profile container not being correctly configured. To troubleshoot FSLogix failures in AVD environment, you can follow these steps.

  • Review FSLogix Logs: You can review the logs by navigating to %ProgramData%\FSLogix\Logs or C:\ProgramData\FSLogix\Logs.
  • Check the drive space for FSLogix disks on the file server or the Azure Storage account.
  • Make sure RBAC Roles are configured correctly. Make sure each user who is going to be using FSLogix needs to have the role of Storage File Data SMB Share Contributor assigned to them.
  • Azure Files: In some cases, Azure Files can play a role in FSLogix failures. Review any potential issues related to Azure Files and ensure that it is properly configured for your AVD environment. You can follow this blog https://shehanperera.com/2021/09/20/fslogix-loading-failed/ for more information.

More information on monitoring and troubleshooting FSLogix is covered in: What is FSLogix and how to monitor FSLogix?

Figure 6: Here an FSLogix container has failed to attach in an AVD (Azure Virtual Desktop) environment triggering an alarm to the eG Enterprise system. The detailed diagnostic icon (the magnifying glass) can be clicked on to investigate deeper.

Issue 8: AVD Agent Issues

The Azure Virtual Desktop (AVD) agent plays a significant role in the user experience as it facilitates the connection between the user’s device and the Azure Virtual Desktop environment. If there are issues with the AVD agent, it can lead to a variety of connection issues. For troubleshooting issues related to session connectivity and the Azure Virtual Desktop agent, I recommend you to review the event logs on your session host virtual machines (VMs) by going to Event Viewer > Windows Logs > Application. Look for events that have one of the following sources to identify your issue:

  • WVD-Agent
  • WVD-Agent-Updater
  • RDAgentBootLoader
  • MsiInstaller

Please refer this Microsoft blog https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-agent for more information on AVD agent side issues and how to fix them.

eG Enterprise is capable of automatically and proactively monitoring Windows Log files, for details on this functionality, see: What is Windows Event Log? | eG Innovations for details on how to ensure full observability on Windows event logs.

Issue 9: Troubleshooting Performance Problems on AVD Session Hosts

Resource bottlenecks can significantly impact AVD user experience. Here are some examples of resource bottlenecks that can affect AVD user experience:

  • CPU bottlenecks: AVD session hosts are often CPU-bound, meaning that CPU capacity can be exhausted before running out of RAM capacity.
  • RAM bottlenecks: Insufficient RAM can cause disk bottlenecks and impact user experience. Ensure that session hosts are properly provisioned with sufficient RAM to handle the workload.
  • Disk bottlenecks: Slow disk response and long disk queues can significantly impact end-user experience. Ensure that the local disk on session host VMs and the FSLogix profile container are properly configured to optimize disk performance.

I’ve covered some details on the best way to proactively monitor and alert on user CPU and RAM metrics in, Troubleshooting Azure Virtual Desktop (AVD) Sessions – Key User Experience and Graphics Metrics to Monitor (some metrics are more helpful to set alerts on than others).

Issue 10: Azure Active Directory (AAD) Connection Issues

Azure Active Directory (AAD) connection issues can significantly impact the Azure Virtual Desktop (AVD) user experience. Some of the common failures such as

  • Authentication failures: AAD is responsible for authenticating users when they log into AVD. If there are AAD connection issues, users may not be able to authenticate and log in to their virtual desktops, preventing them from accessing their applications and data.
  • Access control issues: AAD also manages access controls for AVD. If there are connection issues, it can prevent users from accessing certain resources or applications that they need for their work, impacting their productivity.
  • MFA Issues: Many organizations use AAD to implement multi-factor authentication (MFA) for added security. If there are AAD connection issues, users may not be able to complete the MFA process, preventing them from logging into AVD.
  • Users may encounter error messages stating, “Your account is configured to prevent you from using this device”. it’s crucial to ensure the user account was given the Virtual Machine User Login role on the session hosts.

My guide on troubleshooting and monitoring Azure AD (now Entra ID), may be of interest, see: How to monitor Azure AD Step by Step.

Issue 11: Azure AD (Entra ID) Connect Configuration Issues

You must first authenticate to the AVD service by signing in with an Azure AD (in the process of being renamed to Entra ID) account to access desktop and applications. If user accounts are stored in On-Premises Active Directory, then Azure AD Connect service (DirSync) is required.

Any issues in AD Connect service can severely impact the user experience. One of the common issues is the “Passwords are in not sync” and users cannot authenticate to the AVD service. Please read the detailed Microsoft blog https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/tshoot-connect-password-hash-synchronization here and how to resolve many Azure AD (Entra ID) connect issues.

Figure 7: eG Enterprise captures, reports and alerts on the above metrics and data for Azure AD Connect including synchronization details.

Microsoft have a useful explanation and guide to troubleshooting Azure AD Connect configuration issues, see: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sync-errors.

There are more details about how to monitor Azure AD Connector under the section “What is Azure AD Connector” within the article, What is Azure Active Directory.

eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.

Free Trial  See the platform

Final Thoughts

AVD Logon Simulator dashboard

Figure 12: The eG Enterprise Logon Simulator can be used to detect for logon issues 24×7. A free version is available.

I hope you found this blog useful, beyond the troubleshooting strategies I have described there are a few other tricks that can help you manage and optimize AVD deployments to proactively avoid troubleshooting by pre-empting issues:

eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.

Free Trial  See the platform

About the Author

Babu is Head of Product Engineering at eG Innovations, having joined the company back in 2001 as one of our first software developers following undergraduate and masters degrees in Computer Science, he knows the product inside and out. Based within our Singapore R&D Management team, Babu has undertaken various roles in engineering and product management becoming a certified PMP along the way.