I'm trying to set up Azure Virtual Desktop (AVD) using Private Link, but I'm getting an error message that says the session host cannot connect due to a private link configuration issue. It specifically states: 'HostPoolDoesNotAllowPublicNetworkAccess: Network access from public endpoint is DENIED for hostpool x.x.x.x.' However, when I check from the session host, I can resolve all the private link and private-link global addresses. Does anyone have suggestions on how to resolve this? Thanks!
3 Answers
It sounds like you're trying to activate the session host within the host pool, but currently, it's marked as unavailable. When you resolve the public DNS name of the host pool from the session host, does it give you back the private IP address?
To prevent Azure Firewall from SNATting your Private Link traffic, you need to add the **Private Endpoint's IP CIDR** (usually `/32`) to your Azure Firewall settings. Make sure to set a **Network Rule** that allows traffic to that IP. Additionally, ensure that you **disable Network Policy for Private Endpoints** on the subnet, which will allow your VNet to route correctly to the Private Link service. This configuration is essential to keep your firewall from sending traffic to the public IP.
Where exactly are you connecting from? You might need a VPN connection to your Azure network to properly access the session host.
Yes, I have a Site-to-Site VPN set up from Azure to my on-premises network.