Browse files

added new troubleshooting steps, other freshness fixes

  • Loading branch information...
lizap committed Jun 30, 2015
1 parent b49fa82 commit 6380a7f3a41d836865cbe641a644d342c5df1b13
Binary file not shown.
@@ -13,14 +13,14 @@
ms.topic="article""05/28/2015""06/30/2015""elizapo" />
# Accessing your apps in Azure RemoteApp
One of the beauty of Azure RemoteApp is that you can access apps published to you from any of your devices. Even better, you can start working on one device and then seamlessly transition to a second device and pick up right where you left off. To get started you need to download the appropriate client for your device and sign in to the service.
One of the beauties of Azure RemoteApp is that you can access apps published to you from any of your devices. Even better, you can start working on one device and then seamlessly transition to a second device and pick up right where you left off. To get started you need to download the appropriate client for your device and sign in to the service.
In this topic, we'll review the list of clients currently supported and how to download them before I show you how to sign in to RemoteApp from each of the clients.
@@ -13,7 +13,7 @@
# Azure RemoteApp FAQ
@@ -32,7 +32,7 @@ We've heard the following questions about Azure RemoteApp. Have others? Visit th
- **Are custom line-of-business (LOB) applications supported?** Yes. To use a custom application in Azure RemoteApp, create a [custom template image](, and then upload it to the RemoteApp collection.
- **Will my custom LOB application work in Azure RemoteApp?** The best way to figure that out is to test it. Review the [application compatibility requirements]( and check out the [RD Compatibility Center](
- **Which deployment method (cloud or hybrid) is best for my organization?** Hybrid collections provide the most complete experience if you want full integration with single sign-on (SSO) and secure on-premises network connectivity. Cloud collections provide an agile and easy way to isolate your deployment by using multiple authentication methods. Read more about the [deployment options](
- **The hybrid collection requires a VNET. Can we use our existing NET?** Not right now, but we know that you want to. While we're working on that, you can connect your existing VNET to the Azure RemoteApp VNET by following [these instructions](
- **The hybrid collection requires a VNET. Can we use our existing VNET?** You can if the existing VNET is an Azure VNET. See "Step 1: Set up your virtual network" in the [hybrid collection instructions]( for more information.
- **Can I use a cloud or existing virtual machine as the template for my RemoteApp collection?** Yes! You can create an image based on an Azure VM, use one of the images included with your subscription, or create a custom image. Check out the [RemoteApp image options](
- **We have SQL or another database either on-premises or in Azure. Which deployment type should we use?** That depends on where your SQL or backend database is. If the database is in a private network, use the hybrid collection. If the database is exposed to the Internet and allows client connections to connect to it, you can use the cloud collection.
- **What about drive mapping, USB and serial port, clipboard sharing, and printer redirection?** All of those features are supported in Azure RemoteApp. Clipboard sharing and printer redirection is enabled by default. You can learn more about redirection [here](
@@ -4,7 +4,7 @@
description="Learn how to troubleshoot RemoteApp hybrid collection creation failures"
solutions="" documentationCenter=""
authors="vkbucha, elizapo"
manager="mbaldwin" />
@@ -13,44 +13,73 @@
ms.topic="article""05/28/2015""vikbucha" />"06/30/2015""elizapo" />
# Troubleshoot creating RemoteApp hybrid collections
# Troubleshoot creating Azure RemoteApp hybrid collections
Before you can troubleshoot failures during hybrid collection creation, it helps to understand how hybrid collections are created. A hybrid collection requires that RemoteApp instances are domain joined – you do this during collection creation. When the collection creation process starts, copies of the template images you uploaded are created in the VNET and are domain joined through the Site-to-Site VPN tunnel to the domain that is resolved by the DNS IP record specified during VNET creation.
A hybrid collection is hosted in and stores data in the Azure cloud but also lets users access data and resources stored on your local network. Users can access apps by logging in with their corporate credentials synchronized or federated with Azure Active Directory. You can deploy a hybrid collection that uses an existing Azure Virtual Network, or you can create a new virtual network. We recommend that you create or use a virtual network subnet with a CIDR range large enough for expected future growth for Azure RemoteApp.
Common errors seen in the Azure Management portal:
Haven't created your collection yet? See [Create a hybrid collection]( for the steps.
DNS server could not be reached
If you are having trouble creating your collection, or if the collection isn't working the way you think it should, check out the following information.
Could not join the domain. Unable to reach the domain.
## Does your VNET use forced tunneling? ##
RemoteApp does not currently support using VNETs that have forced tunneling enabled. If you need this function, contact the RemoteApp team to request support.
If you see one of the above errors, please check the following things:
After your request is approved, make sure the following ports are opened on the subnet you chose for Azure RemoteApp and the VMs in the subnet. The VMs in your subnets should also be able to access the URLs mentioned in the section about network security groups.
- Verify the DNS IP configurations are valid
- Ensure that the DNS IP records are either public IP records or are part of the “local address space” you specified during VNET creation
- Verify the VNET tunnel to ensure it is active or connected state
- Ensure the on-premises side of the VPN connection is not blocking network traffic. You can check that by looking at the logs of your local VPN device or software.
- Ensure that the domain you specified during collection creation is up and running.
Outbound: TCP: 443, TCP: 10101-10175
## Does your VNET have network security groups defined? ##
If you have network security groups defined on the subnet you are using for your collection, make sure the following URLs are accessible from within your subnet:
https://* (if you have Active Directory)
Azure storage *
If you see this error, please check the following things:
Open the following ports on the virtual network subnet:
- Ensure the on-premises side of the VPN connection is not blocking network traffic. You can check that by looking at the logs of your local VPN device or software.
- Ensure that the RemoteApp template image you uploaded was properly syspreped. You can check the RemoteApp image requirements here:
- Please try to create a VM using the template image you uploaded and ensure that it boots up and runs fine either (a) on a local Hyper-V server (b) by creating an Azure IAAS VM in your Azure subscription. If the VM fails to get created or does not start, then this usually indicates that the template image was not prepared correctly and you would have to fix it.
Inbound - TCP: 3030, TCP: 443
OUtbound - TCP: 443
You can add additional network security groups to the VMs deployed by you in the subnet for tighter control.
## Are you using your own DNS servers? And are they accessible from your VNET subnet? ##
For hybrid collections you use your own DNS servers. You specify them in your network configuration schema or through the management portal when you create your virtual network. DNS servers are used in the order that they are specified in a failover manner (as opposed to round robin).
If you see one of the above errors, please check the following things:
Make sure the DNS servers for your collection are accessible and available from the VNET subnet you specified for this collection.
- Verify the credentials entered for domain join are valid
- Verify the domain join credentials are correct or has appropriate domain join permissions
- Verify the Organization Unit (OU) is formatted properly and does exist in the Active directory.
For example:
<DnsServer name="" IPAddress=""/>
![Define your DNS](./media/remoteapp-hybridtrouble/dnsvpn.png)
For more information, see [Name resolution using your own DNS server](
## Are you using an Active Directory domain controller in your collection? ##
Currently only one Active Directory domain can be associated with Azure RemoteApp. The hybrid collection supports only Azure Active Directory accounts that have been synced using DirSync tool from a Windows Server Active Directory deployment; specifically, either synced with the Password Synchronization option or synced with Active Directory Federation Services (AD FS) federation configured. You need to create a custom domain that matches the UPN domain suffix for your on-premises domain and set up directory integration.
See [Configuring Active Directory for Azure RemoteApp]( for more information.
Make sure the domain details provided are valid and the domain controller is reachable from the VM created in the subnet used for Azure Remote App. Also make sure the service account credentials supplied have permissions to add computers to the provided domain and that the AD name provided can be resolved from the DNS provided in the VNET.
## What domain name did you specify when you created your collection? ##
The domain name you created or added must be an internal domain name (not your Azure AD domain name) and must be in resolvable DNS format (contoso.local). For example, you have an Active Directory internal name (contoso.local) and an Active Directory UPN ( - you have to use the internal name when you are create your collection.
@@ -13,7 +13,7 @@
ms.topic="article""05/28/2015""06/30/2015""elizapo" />
# How to add a user in RemoteApp
@@ -42,7 +42,7 @@ You can use this table as a quick reference for which identity is supported in y
|ADsync with password sync |Yes |Yes |
|ADsync without password sync| Yes |No |
|ADsync with AD FS |Yes |Yes |
|3rd-party Azure supported identity providers (example Ping) |Yes |No|
|3rd-party Azure supported identity providers (example Ping) |Yes |Yes|
|Multi-Factor Authentication |Yes |Yes |
Check out [more information]( about configuring Active Directory for RemoteApp.
@@ -13,7 +13,7 @@
# What is Azure RemoteApp?
@@ -30,7 +30,7 @@ Azure RemoteApp is part of the [Microsoft Virtual Desktop Infrastructure](http:/
**New!** Want to learn more about Azure RemoteApp? Or ready to validate RemoteApp at scale? Join our weekly [ask the experts webinar](
## RemoteApp deployment options
## RemoteApp collections
There are two kinds of RemoteApp collections:
@@ -47,9 +47,10 @@ An additional advantage of using the cloud collection with the Office apps is th
You can also create a cloud collection to share a custom application or set of applications for your users. To do this, you need to [create a custom image]( (which is how we publish apps to RemoteApp) and simply choose that image (instead of the Office 2013 image) when you create your collection.
####When to choose Cloud
#### When to choose cloud
Choose a cloud collection when the application you want to share does not require a connection to any resource your company's private network (for example, through a VPN device). If the application uses resources on the Internet, OneDrive, or Azure, a cloud collection will work for you. It's also the quickest to create.
A Cloud Collection is appropriate when the application will not require connectivity to any resources on your company's private network through a VPN device. If your application just uses resources on the Internet, OneDrive or Azure this will work for you and it's the simplest to setup.
### Hybrid collection
The [hybrid RemoteApp collection]( lets you provide both a custom set of applications to your users and access to the data and resources in your local network. Unlike a custom image used with the cloud collection, the image you create for a hybrid collection runs apps in a domain-joined environment, granting full access to your local network and data.
@@ -58,16 +59,15 @@ By integrating Active Directory with Azure Active Directory (using DirSync), you
As long as you build your template image on Windows Server 2012 R2 with the RD Session Host role service, there are few limits on the apps you can publish for your users. If the apps function properly in that template image environment, your end users can access them through RemoteApp.
####When to choose Hybrid
#### When to choose hybrid
Hybrid is more appropriate if you require connectivity back to your private network. Some good examples are:
Choose a hybrid collection if you require a connection to resources on your company's private network. For example, if the application needs access to one of the following:
- Private file servers
- File servers located on your intranet
- Quicken
- Private databases
- etc..
- Databases behind a firewall
This is generally more useful for large companies with lots of resources on their private networks that can't be moved to the Cloud.
This is generally more useful for large companies with lots of resources on their private networks that can't be moved to the cloud.
### Updating your collection
One of the key differences between the hybrid and cloud collections is how software updates are handled. With a cloud collection that uses the preinstalled Office 365 ProPlus or Office 2013 image, you do not have to worry about any updates. The service maintains itself and rolls out updates on an ongoing basis, to both apps and the operating system.
@@ -76,9 +76,13 @@ For hybrid collections, as well as cloud collections that use a custom template
After you update your custom template image, you upload the new image to the Azure cloud and then update the collection to use the new image. (You can do this from the RemoteApp **Quick Start** page or the Dashboard.)
See [Update your collection]( for more information.
## Supported RemoteApp clients
Azure RemoteApp is supported on the RemoteApp client apps for Windows and Windows RT, as well as the Microsoft Remote Desktop apps for Mac, iOS and Android. Your users can use these apps on their mobile or compute devices to access the new RemoteApp programs.
See [Accessing your apps in Azure RemoteApp]( for more information about the clients.
## Next steps
Go! Try it out! These articles help get you started with RemoteApp:
@@ -13,7 +13,7 @@
ms.topic="article""05/28/2015""06/30/2015""elizapo" />
@@ -22,6 +22,19 @@
One of the advantages of RemoteApp is that we are always working to improve it. Every time we do, we'll announce those changes here.
## June 2015
So many changes! The team has been very busy in June:
- Redesigned the Azure RemoteApp [landing page]( - check it out!
- Updated the software in all the images available as part of your subscription.
- Made improvements to hybrid collections, including forced tunneling support and checking IP subnet size before trying to create the collection.
- Discovered that the * wildcard doesn't work for webcams. Instead, you need to specify the instance ID or GUID. We'll be updating the redirection information to reflect that.
- Made it so you can add custom antivirus software to your image when you create a template image from the Azure gallery.
We've got more changes rolling out in July, so we'll be back with another update soon.
## May 2015
There have been a number of additions (and months) since we first created this topic, so this list cheats a bit and is from the beginning of March through May. Check out these new features:

0 comments on commit 6380a7f

Please sign in to comment.