Today, I’ll be covering troubleshooting Azure Virtual Desktop (AVD) issues. I’ll cover the common causes of problems beyond logon and how you can monitor and troubleshoot to identify the root-causes of issues and how to resolve them resolve them.
For information on troubleshooting logon problems and slow logons, please see my previous article: Troubleshoot Slow Azure Virtual Desktop (AVD) Logons.
Azure Virtual Desktop (AVD) is a robust Cloud platform that enables organizations to deliver virtual desktops and applications to their users. Users can access the applications and desktops from anywhere and any device. While AVD is designed to provide a seamless user experience, issues can arise beyond the logon process that can affect user experience and impact their productivity.
This blog post will guide you through some common AVD issues beyond logon and provide solutions to help troubleshoot them. For eG Enterprise users, many of the troubleshooting techniques I discuss will be handled automatically by our proactive monitoring features and AIOps automated root-cause diagnostics engine. However, most of the information will also be useful to those reliant on Azure native tools or other third-party tools.
What are the most common AVD issues likely to need troubleshooting?
The most common AVD user experience issues beyond logon that you are likely to encounter include:
- Graphics Performance / RemoteFX Protocol issues
- Application Input Latency Issues
- Session Host Configuration Issues
- AVD Connection Issues
- AVD Client Issues
- Azure Activity Directory (AAD) Connection Issues
- Azure AD Connect Configuration Issues
- User Profile Issues
- AVD Agent Issues
- Performance Problems on AVD Session Hosts
- Authentication and Authorization Issues
Issue 1: Troubleshooting AVD Graphical Performance and RemoteFX Protocol issues
Microsoft’s RemoteFX protocol significantly impacts Azure Virtual Desktop (AVD) user experience by enabling the delivery of a full Windows user experience to a range of client devices, including rich clients, thin clients, and ultra-thin clients. Graphics related performance issues generally fall into four categories.
- Low frame rate
- Random stalls
- High input latency
- Poor frame quality
RemoteFX exposed various performance objects and counters. One of the objects is “RemoteFx Graphics” that has interesting counters for troubleshooting graphics performance issues. To address the low frame rate and random stall issues, please follow below suggestions. Monitor the following counters:
- Output Frames/second
- Input Frames/second
- Frames Skipped/Second (Insufficient Server Resources)
- Frames Skipped/Second (Insufficient Network Resources)
- Frames Skipped/Second (Insufficient Client Resources)
- Average Encoding Time
First check the Output Frames/Second counter. It measures the number of frames made available to the client. If this value is less than the Input Frames/Second counter, it means the frames are being skipped. To identify the bottleneck, you need to monitor all Frames Skipped counters. A high value for any of the Frames Skipped/Second counters implies that the problem is related to the resource the counter tracks. For example, if the client doesn’t decode and present frames at the same rate the server provides the frames, the Frames Skipped/Second (Insufficient Client Resources) counter will be high.
If the Output Frames/Second counter matches the Input Frames/Second counter, yet you still notice unusual lag or stalling, then Average Encoding Time may be the culprit. Encoding is a synchronous process that occurs on the session host. Average Encoding Time should be under 33 milliseconds.
Poor frame quality issues can occur if the server having lack of network or server resources to send higher fidelity content to the AVD users.
You can follow this Microsoft blog to mitigate the graphics performance issues, see: Diagnose graphics performance issues Remote Desktop – Azure | Microsoft Learn.
More information on the key RemoteFX and Graphics related metrics to monitor and set thresholds / alerts on is covered in my previous blog, see: Troubleshooting Azure Virtual Desktop (AVD) Sessions – Key User Experience and Graphics Metrics to Monitor.
Issue 2: Troubleshooting Application Input Latency issues
You may have noticed that when you drag something on your screen, it will often lag your mouse or finger, as if attached by a rubber band. This is input latency and in simple terms “a delay in the computer’s response to your actions”. A low frame rate is often the cause of input latency, however you should remember low frame rates alone are not necessarily a problem e.g., when a user is reading a document, and the frame is not changing.
If Average Encoding Time is under 33 milliseconds but you still have performance issues, there may be an issue with the application or operating system you are using. To diagnose application related high latency issues, you need to “User Input Delay Per Session” performance object. This counter measures how long any user input, such as mouse or keyboard usage, stays in the queue before a process picks it up. Microsoft has a detailed blog on User Input Delay metrics, see: https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdsh-performance-counters.
I’ve covered leveraging specific metrics such as the “User Input Delay” counters for troubleshooting in a previous blog, Troubleshooting Azure Virtual Desktop (AVD) Sessions – Key User Experience and Graphics Metrics to Monitor.
Issue 3: Troubleshooting AVD Session Host Configuration Issues
Some common AVD session host configuration issues that can impact user experience include:
- Insufficient resource sizing or inappropriate VM Types: Inadequate sizing of CPU, memory, or disk resources on session hosts can lead to resource bottlenecks and degrade user experience. Ensure that session hosts are properly provisioned with sufficient resources to handle the workloads consumed by the users.
- Sometimes, issues can arise when configuring the AVD session host virtual machines. Please refer this Microsoft blog https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-vm-configuration and understand how to troubleshoot and fix it before it affects your users.
Microsoft’s own advice directs users to use F-series, D-series or NV-series VMs dependent on their workloads and budget constraints. There is also some community advice and benchmarking available, links to some community members engaged in assessing VM instance types for AVD and Citrix are included at the bottom of this article, see: Choosing Azure Instances for Microsoft AVD (eginnovations.com).
Burstable B-series VMs are not advised to run VDI apps or desktops.
Issue 4: Troubleshooting AVD Connection Issues
Connection issues can occur dues to a wide range of factors such as:
- Network connectivity: Make sure that the user’s device is connected to the internet and that there are no network issues that could be causing the problem. In AVD, if the round-trip time (RTT) between the user and the session host is under 150 milliseconds, the connection’s network latency should not impact the user experience even if the workloads involve rendering or video. If RTT is between 150 milliseconds and 200 milliseconds, the connection should be fine for text processing, but more graphical and interactive user workflows may suffer some degradation (spinning 3D CAD models). If the RTT is above 200 milliseconds, it may well impact user experience and trigger helpdesk tickets from users. It is generally best practice to ensure that your end-users connect to session hosts in the Azure region closest to them to minimize network latency.
- Errors in Azure Resource Manager (ARM) deployment: Deployment issues can occur during the setup of AVD environment. The advice in this Microsoft link https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-overview for troubleshooting deployment failures is very useful.
- Problems in AVD infrastructure: AVD infrastructure has lot of moving elements and each one of them must work. Monitoring Azure Storage, Networking and similar services is always advisable and can identify issues before real AVD users are impacted.
- Subscription limits and Allocation failures: Ensure that you have not reached your Azure subscription limits. Allocation failures can occur when creating or resizing virtual machines (VMs) in Azure. These failures can be caused by Affinity Group-related issues, subscription limits, or errors in the VM configuration.
- Invalid logon credentials: If users enter incorrect login credentials, they will not be able to connect to the AVD environment.
I’ve put together a detailed troubleshooting guide on AVD connection issues, please see: Troubleshooting AVD (Azure Virtual Desktop) Connection Failures: A Comprehensive Guide.
When working with AVD it is advisable to have a good understanding of the Reverse Connect and RDP Shortpath technologies used by Microsoft to implement AVD connections, see Reverse Connect for Azure Virtual Desktops and RDP Shortpath Monitoring in Azure.
Issue 5: Troubleshooting AVD Client Issues
Users may experience issues in connecting to the Session host through the Remote Desktop Connection client software. RDP connection issues can occur due to various factors, such as network connectivity, firewall settings, and problems with the RDP client. You can open the client side logs at %temp%\DiagOutputDir\RdClientAutoTrace folder and convert to xml file as mentioned in this Microsoft have a decent blog for troubleshooting common client-side issues, see: https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-client-windows.
Issue 6: Authentication and Authorization Issues
- Invalid logon credentials: If users enter incorrect login credentials, they will not be able to connect to the AVD environment.
- Problems with AVD infrastructure: Sometimes, Issues with the AVD infrastructure, such as problems with the AVD broker or the AVD agent, can cause authentication and authorization failures.
- Missing Azure RBAC policies: If Azure RBAC policies for the VM are not configured correctly, users may not be able to log in to the AVD environment.
- MFA Sign-in method required: If a Conditional Access policy requires MFA or legacy per-user MFA is enabled, users may not be able to log in to the AVD environment.
Information on proactively monitoring Azure AD (Entra ID) Sign In Logs is provided in, Azure AD Monitoring – Sign In Logs & Attack Detection (eginnovations.com).
Advice on monitoring the AVD Broker is covered in, Monitor and investigate AVD Broker issues | eG Innovations.
To learn more about Azure compliance monitoring and detecting attacks by monitoring sign-in logs, check out this article, How to Monitor Azure AD Sign-ins logs and Detect Attacks Proactively. Broader advice on monitoring Azure AD (Entra ID) including audit logs and so on is provided, here: How to monitor Azure AD Step by Step.
Issue 7: Troubleshooting User Profile Issues
Common user profile issues include the user profile failing to attach to the session or the FSLogix profile container not being correctly configured. To troubleshoot FSLogix failures in AVD environment, you can follow these steps.
- Review FSLogix Logs: You can review the logs by navigating to %ProgramData%\FSLogix\Logs or C:\ProgramData\FSLogix\Logs.
- Check the drive space for FSLogix disks on the file server or the Azure Storage account.
- Make sure RBAC Roles are configured correctly. Make sure each user who is going to be using FSLogix needs to have the role of Storage File Data SMB Share Contributor assigned to them.
- Azure Files: In some cases, Azure Files can play a role in FSLogix failures. Review any potential issues related to Azure Files and ensure that it is properly configured for your AVD environment. You can follow this blog https://shehanperera.com/2021/09/20/fslogix-loading-failed/ for more information.
More information on monitoring and troubleshooting FSLogix is covered in: What is FSLogix and how to monitor FSLogix?
Issue 8: AVD Agent Issues
The Azure Virtual Desktop (AVD) agent plays a significant role in the user experience as it facilitates the connection between the user’s device and the Azure Virtual Desktop environment. If there are issues with the AVD agent, it can lead to a variety of connection issues. For troubleshooting issues related to session connectivity and the Azure Virtual Desktop agent, I recommend you to review the event logs on your session host virtual machines (VMs) by going to Event Viewer > Windows Logs > Application. Look for events that have one of the following sources to identify your issue:
Please refer this Microsoft blog https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-agent for more information on AVD agent side issues and how to fix them.
eG Enterprise is capable of automatically and proactively monitoring Windows Log files, for details on this functionality, see: What is Windows Event Log? | eG Innovations for details on how to ensure full observability on Windows event logs.
Issue 9: Troubleshooting Performance Problems on AVD Session Hosts
Resource bottlenecks can significantly impact AVD user experience. Here are some examples of resource bottlenecks that can affect AVD user experience:
- CPU bottlenecks: AVD session hosts are often CPU-bound, meaning that CPU capacity can be exhausted before running out of RAM capacity.
- RAM bottlenecks: Insufficient RAM can cause disk bottlenecks and impact user experience. Ensure that session hosts are properly provisioned with sufficient RAM to handle the workload.
- Disk bottlenecks: Slow disk response and long disk queues can significantly impact end-user experience. Ensure that the local disk on session host VMs and the FSLogix profile container are properly configured to optimize disk performance.
I’ve covered some details on the best way to proactively monitor and alert on user CPU and RAM metrics in, Troubleshooting Azure Virtual Desktop (AVD) Sessions – Key User Experience and Graphics Metrics to Monitor (some metrics are more helpful to set alerts on than others).
Issue 10: Azure Active Directory (AAD) Connection Issues
Azure Active Directory (AAD) connection issues can significantly impact the Azure Virtual Desktop (AVD) user experience. Some of the common failures such as
- Authentication failures: AAD is responsible for authenticating users when they log into AVD. If there are AAD connection issues, users may not be able to authenticate and log in to their virtual desktops, preventing them from accessing their applications and data.
- Access control issues: AAD also manages access controls for AVD. If there are connection issues, it can prevent users from accessing certain resources or applications that they need for their work, impacting their productivity.
- MFA Issues: Many organizations use AAD to implement multi-factor authentication (MFA) for added security. If there are AAD connection issues, users may not be able to complete the MFA process, preventing them from logging into AVD.
- Users may encounter error messages stating, “Your account is configured to prevent you from using this device”. it’s crucial to ensure the user account was given the Virtual Machine User Login role on the session hosts.
My guide on troubleshooting and monitoring Azure AD (now Entra ID), may be of interest, see: How to monitor Azure AD Step by Step.
Issue 11: Azure AD (Entra ID) Connect Configuration Issues
You must first authenticate to the AVD service by signing in with an Azure AD (in the process of being renamed to Entra ID) account to access desktop and applications. If user accounts are stored in On-Premises Active Directory, then Azure AD Connect service (DirSync) is required.
Any issues in AD Connect service can severely impact the user experience. One of the common issues is the “Passwords are in not sync” and users cannot authenticate to the AVD service. Please read the detailed Microsoft blog https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/tshoot-connect-password-hash-synchronization here and how to resolve many Azure AD (Entra ID) connect issues.
Microsoft have a useful explanation and guide to troubleshooting Azure AD Connect configuration issues, see: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sync-errors.
There are more details about how to monitor Azure AD Connector under the section “What is Azure AD Connector” within the article, What is Azure Active Directory.
I hope you found this blog useful, beyond the troubleshooting strategies I have described there are a few other tricks that can help you manage and optimize AVD deployments to proactively avoid troubleshooting by pre-empting issues:
- Monitor any application database dependencies such as Azure SQL, many user experience issues with applications are often caused by database problems and not the DaaS / VDI platform such as AVD. See: Troubleshoot Azure SQL Database Performance. Indeed, taking an app-centric approach to VDI/DaaS is always wise, see: Application-Centric EUC Monitoring is Key to Digital Employee Experience (DEX).
- Do check or proactively monitor the Azure Advisor service as Microsoft will often inform you of potential misconfigurations, see: Azure Advisor Integration.
- Consider leveraging full session synthetic monitoring beyond logon simulators to include full session simulation, see: Synthetic Monitoring of Microsoft Azure DaaS.
- Some information on monitoring needs, features and strategies for AVD administrators is covered in, Azure Virtual Desktop Monitoring Technology.