Azure Virtual Desktop - Always on policy

Question

Hello!What is best practise for implementing the always on policy for Windows 11 VMs (hybrid domain joined). At the moment if a user session expires the Cato tunnel seems to break. The AVD shows as unavailable in Azure and the user is no longer able to login. Only workaround so far is using the serial console to disable the Cato network adapter or uninstall Cato altogether.Is there a way for the session to still expire while making the domain and other prerequisite AVD features still accessible?&nbsp;Thanks!

jake · Answer

Hi michaelsaw​ , yes that is the way users connect using the Windows app. What we're seeing is that is the user's cato session expires then this workflow is broken. Connecting to the AVD using the Windows App is impossible, I'm assuming because internet connectivity is limited.

jake · Answer

Hello Michael,Apologies for the delay in responding I've been on vacation. There is a auto-shutdown policy due to inactivity. So in the Azure portal it goes into a deallocated state.What I have noticed from troubleshooting is that once the token expires, the AVD stops using the primary Cato DNS server &amp; instead utilises a public one we have setup. So internet connectivity still works and we can login as the builtin local administrator. Our domain controller though is unresolvable which explains why users can no longer sign in with their domain credentials.Would removing that secondary DNS server be of any use?Also I'm wondering if there is any ability for admins to see when user's sessions are about to expire? This would be a huge benefit.Many Thanks

michaelsaw · Answer

Hi&nbsp;jake,
For typical AVD deployments, there are 2 connections: (1) user establishes connection to AVD, and after user connects to AVD, (2) AVD establishes connection to Internet/WAN resources.&nbsp;Just to check, how does the user establish connection to AVD currently?&nbsp;
Cheers

michaelsaw · Answer

Hi jake,&nbsp;
Just wanted to check, on the AVD, is there an auto-logoff function that logs off the users (and disconnects Cato Client) when there is inactivity over a period of time (maybe 5-10 mins)?
To clarify further, would the user be able to connect, if the user is logged out of the AVD instance (with Cato Client disconnected)?
Cheers

michaelsaw · Answer

Hi&nbsp;jake,
The Primary and Secondary DNS can be modified so that users can resolve the URL using the Primary (First) DNS, if not, then with the Secondary DNS.
We can set user session expiry based on the average session time and test/fIne-tune it accordingly to suit the needs/requirements in the VDI environment.
Hope it helps. Do let us know if this works for you, Jake. Cheers

Forum Discussion

Azure Virtual Desktop - Always on policy

5 Replies

Recent Discussions

Cato Client - manual PoP addressing

How can i identify, the device with assest tags

Azure S2S to Cato Routing

Clients get Cato cloud DHCP leases on the wrong subnet range vlan

Cato and UPnP (hole punching)