I'm trying to set up Azure Virtual Desktop using a private link, but I'm getting an error indicating that the session host can't connect because of the private link configuration. The error message states: "HostPoolDoesNotAllowPublicNetworkAccess: Network access from public endpoint is DENIED for hostpool x.x.x.x." However, when I check the session host itself, I can resolve all the private link addresses. Does anyone have any ideas on how to fix this? Thanks!
3 Answers
First off, are you connecting to the session host from a VPN connected to your Azure network? If not, that might be necessary to establish a successful connection.
You might want to check your Azure Firewall settings. To allow private link traffic, you need to add the private endpoint's IP CIDR range (likely /32) to your firewall's network rules to prevent it from SNATting and ensure internal routing. Also, disable Network Policy for Private Endpoints on your subnet.
It sounds like the session host is in the host pool but isn’t active yet. Could you check if it is able to resolve the public DNS name of the host pool? If it does, verify whether it returns the private IP address.
I can confirm that it resolves correctly. Seems like a network access issue on that end.
Yes, I do have a site-to-site VPN from Azure to my on-premises network. That shouldn’t be the issue.