Let’s learn How are Users Connect to AVD? KQL Query to get Gateway details, AVD RD Vs Web Client, and IGEL Client Version. You can get all this information from the AVD service using Azure Monitor (aka Monitor).
You need to have a complete AVD Azure Monitor Diagnostic Settings Setup before proceeding with the KQL query details. Once AVD diagnostic data is available in the Azure monitor, you can get all these details AVD RD thick Vs. Web Client.
It’s really important to understand whether users are connecting from Thin client OS (such as iGel) or Windows OS to troubleshoot issues with performance and other connection errors in the AVD world.
It’s also important to understand whether users use a web client or a full RD client to connect to Azure Virtual Desktop (aka AVD). There could be a performance impact with the different versions of the client.
You can also check whether users connect to a Remote App or a Remote Desktop Azure Monitor Log Analytics workspace. This blog post shares all types of KQL queries for AVD connection details. You can also get all the information on client side IP addresses using KQL queries.
- FIX: AVD Azure AD Joined VM Login Issue With Error Code 0x9735
- AVD VM RD Client Connection Error 0x83886181
How to Setup Azure Monitor Diagnostic Settings for AVD
You need to setup and configure the AVD platform logs to the Azure Log Analytics workspace to make use of the Azure Monitor solution. Azure Monitor solution will provide you with a lot of information about AVD.
I have explained the process in the following blog post – AVD Azure Monitor Diagnostic Settings Setup. As a first step, you need to create a log analytics workspace for storing the AVD logs. You must configure these diagnostic settings for each AVD Host Pool.
NOTE! – If it’s your first time opening Azure Monitor for AVD, you must set up Azure Monitor for your AVD environment. More details on how to configure the workbook for Azure Monitor.
AVD Client Devices
Let’s understand the AVD client devices. There are different types of AVD components, and in this post, you get all the details from the client device from where end-users are connecting to AVD.
All the following information is about client devices, and there are different types of client devices in the AVD context. The end users can connect to AVD VMs using any type of client device. Some of those base client devices are listed down.
- Thin Client (Linux, etc) -> e.g iGel devices
WVDConnections table from Azure log analytics workspace will give you a lot of information on AVD client connections. This information is very important to understand the issues with disconnection, performance, etc.
You can get information from the WVDConnections table. We will focus on the following main columns in this post.
|ClientOS||The OS of the client that is connecting (if available)|
|ConnectionType||The type of connection – either RAIL (RemoteApp Integrated Locally) or Desktop.|
|ClientSideIPAddress||The remote IP address from the client side|
|ClientType||The type of client that is connecting (if available)|
|ClientVersion||The version of the client that is connecting (if available)|
- Fix AVD Could not Connect to Session Desktop Admin has Restricted the Type of Logon
- Fix AVD Refreshing Your Token Error | Couldn’t Connect to Session Desktop
Let’s open the Azure Monitor from the Azure portal and navigate to the logs tab to run the following set of KQL queries.
- Open Azure.portal.com
- Search with the keyword “Monitor.”
- Open Monitor (Azure Monitor) and Navigate to the Logs tab.
Users Connect to AVD using Microsoft Store RD Application
Let’s find out the client devices that are using the Microsoft Store RD application to connect to AVD. You can easily find out this information from the WVDConnections table.
You can use the following KQL query to get the details of the client devices connecting to AVD using RD client installed from MS Store. The Client type is the key value here to identify the type of RD client details.
You can also get the RD client version details from the following query. The MS Store RD client version is 1817, as per the following example. This query also provides the base client OS version details as well.
WVDConnections | where ClientOS contains "Windows" and ClientType == "com.microsoft.rdc.windows.store"
Windows RD Client MSI version to Connect to AVD
Most IT professionals use Windows RD clients to connect to AVD. You can use the following KQL query to get the details of users connect to AVD using Windows RD Client (MSI 64bit version).
This gives you the understanding that the AVD platform can collect the basic data from the client device from which the end users are connecting to AVD. The client version in the following example is 1.2.3317.0.
- The client type for the MSI version of RD client is com.microsoft.rdc.windows.msrdc.x64
WVDConnections | where ClientOS contains "Windows" and ClientType contains "com.microsoft.rdc.windows.msrdc.x64"
How Many Users Connect to AVD using Web Clients
Let’s find out how many users are connecting to AVD using Web Clients. The AVD web client type can be used from different client operating systems such as Windows, macOS, etc.
In the following KQL query, I wanted to quickly look into the users connected from Windows devices using Web Client. It would be an interesting point to understand why they don’t want to use thick RD clients instead.
Use the following KQL query to understand how many users are connecting to AVD using the web client. The Client Type for a web client ends with HTML -> com.microsoft.rdc.html.
WVDConnections | where ClientOS contains "Windows" and ClientType contains "com.microsoft.rdc.html"
AVD Connections from IGEL Devices
Let’s check how many users use IGEL devices or IGEL Linux OS and IGEL RD Client to connect to AVD. This helps to identify some of the issues with IGEL on-prem infra or cloud infra and AVD connectivity issues.
How do you identify AVD connections coming from the thin client devices using IGEL RD Client Version 21 or 23? Try using the following KQL query to identify the Linux IGEL OS device connection to AVD.
- IGEL RD Client Version -> 21 or 23
- IGEL RD Client Type -> com.igel.rdc.linux
WVDConnections | where ClientOS contains "Linux IGEL OS" and ClientType contains "com.igel.rdc.linux"
Identify macOS RD Client Connections to AVD
Let’s see how to Identify macOS RD Client Connections to AVD. You can easily identify the connections coming from macOS devices. You can also segregate the connections coming from the thick macOS RD client and the web client.
The AVD web client type for all the device platforms are the same. Windows web client type is the same as macOS, iOS, and Android platform web client.
- macOS RD Client Version -> 2006
- Client Type for macOS -> com.microsoft.rdc.macos
WVDConnections | where ClientOS contains "macOS" and ClientType == "com.microsoft.rdc.macos"
Identify AVD Connections coming from iOS devices
Let’s Identify AVD Connections coming from iOS devices. You can use the following KQL query to identify the users who are using iOS/iPadOS devices to connect to AVD.
This query helps to understand the basic information that iOS/iPadOS collects from the iOS/iPadOS platform. This also helps the Client OS version and a lot of other information.
- iOS RD Client Version -> 5170
- iOS Client Type -> com.microsoft.rdc.ios
WVDConnections | where ClientOS contains "iOS" and ClientType == "com.microsoft.rdc.ios"
Get the AVD Gateway Region Details
Using the Azure Monitor option, you can get the AVD gateway region details using the KQL query from the WVDConnections table. The RD or Web clients will get connected to the nearest AVD gateway region.
You can check the RD Client event logs to get the details on TCP Reverse Connect Flow for AVD. From the AVD service side, you can find out AVD Gateway connection details using the following KQL query.
- AVD Gateway Region -> WEU.
WVDConnections | where GatewayRegion != "SGP" | project GatewayRegion, ClientOS, ClientType, UserName, SessionHostOSVersion
You can get the total number of AVD gateway regions that the RD clients are getting connected to using the following KQL query.
WVDConnections | summarize OperationCount=count() by GatewayRegion
You can check whether users connect to Remote App or Remote Desktop from the following KQL query.
WVDConnections | where ConnectionType contains "APP" or ConnectionType != "DESKTOP"
Resources -> Azure Monitor Logs reference – WVDConnections | Microsoft Docs
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.