Marcel Follow That's me: Marcel

Azure Windows Virtual Desktop - Monitoring the Spring Backend - WVD

The long await update from WVD/AVD is public. It comes with a full ARM integration and is natively useable in the Azure Portal. Some things changed from the Fall to Spring update, and that’s include monitoring.

In this post, I’m focused on monitoring the WVD/AVD backend and not monitoring the sessions, applications, session host performance, latency, etc. To exactly monitoring these metrics, check out the solution “Azure Monitor for WVD” which works for Fall and the Spring update - and the new version comes with great Azure workbooks to additionally visualize data by host pool.

The Fall update writes logs to Azure Monitor / Log Analytics as custom logs. There is a really good blog post about this.

The Spring update writes logs to Log Analytics as well, but they have a different name and schema. To enable logging the backend, you have to enable the diagnostic settings on all involved resources:

Workspace
Host Pool
App Group

Make sure that you select all logs and select your Log Analytics workspace (if you use sepago’s “Azure Monitor for WVD” use the same Log Analytics workspace for the backend logging)

![Registry with values](../assets/images/Azure Monitor for WVD/Blog-01-05.png)

If you have done this for all resources, the WVD/AVD send logs to the selected workspace. Keep in mind that writing the first entries can take up to 20 minutes to build the data schema initially.

After a while, you should have log data in your Log Analytics workspace:

![Registry with values](../assets/images/Azure Monitor for WVD/Blog-01-06.png)

You can see the following logs (tables):

WVDCheckpoints
- Intermediate steps while establishing and running a connection
WVDConnections
- Start/End of connections
WVDErrors
- Errors while establishing a connection, failures during the administration, failures getting feed informations
WVDHostRegistrations
- About session host registration to host pools
WVDManagement
- Administration log

The logs are internally connectable with their correlation id you have in each log.

Let’s start digging some data

Open Log Analytics an go to “Logs” and run your queries based on the KUSTO query language.

Count of brokered sessions by state

WVDConnections 
| where State =~ "Started" and Type =~"WVDConnections" 
| extend CState=iff(SessionHostOSVersion=="<>","Failure","Success") | summarize Count=count() by State=CState
| render piechart

![Registry with values](../assets/images/Azure Monitor for WVD/Blog-01-02.png)

Failed connections

WVDConnections 
| where State =~ "Started" and Type =~"WVDConnections" 
| extend Multi=split(_ResourceId, "/") | extend CState=iff(SessionHostOSVersion=="<>","Failure","Success")
| where CState=~"Failure" 
| project TimeStamp=TimeGenerated, UserName, ResourceGroup=Multi[4], HostPool=Multi[8],ResourceAlias, SessionHost=SessionHostName, ClientOS=ClientOS, ClientWvdVersion=ClientVersion, CorrelationId
| order by TimeStamp desc

Failed connection with details

WVDConnections | where State =~ "Started" and Type =~"WVDConnections" 
| extend Multi=split(_ResourceId, "/") | extend CState=iff(SessionHostOSVersion=="<>","Failure","Success")
| where CState =~"Failure"
| order by TimeGenerated desc
| where State =~ "Started" | extend Multi=split(_ResourceId, "/") 
| project ResourceAlias, ResourceGroup=Multi[4], HostPool=Multi[8], SessionHostName ,UserName ,CState=iff(SessionHostOSVersion=="<>","Failure","Success"), CorrelationId, TimeGenerated
| join kind= leftouter (
    WVDErrors 
) on CorrelationId
| extend DurationFromLogon=datetime_diff("Second",TimeGenerated1,TimeGenerated)
| project  TimeStamp=TimeGenerated, DurationFromLogon, UserName, ResourceAlias ,SessionHost=SessionHostName ,Source ,CodeSymbolic , ErrorMessage=Message, ErrorCode=Code, ErrorSource=Source ,ServiceError, CorrelationId
| order by TimeStamp desc

Session logon duration by host pool

WVDConnections 
| where Type =~"WVDConnections" and State =~ "Started" | extend Multi=split(_ResourceId, "/") | project ResourceAlias, HostPool=toupper(HP=Multi[8]), SessionHostName , UserName ,CState=iff(SessionHostOSVersion=="<>","Failure","Success"), CorrelationId, TimeGenerated, ResourceGroup=Multi[4], DesktopGroup_s=toupper(strcat(RG=Multi[4],".", HP=Multi[8])) 
| join kind= leftouter (
    WVDCheckpoints 
) on CorrelationId
| extend DurationFromLogon=datetime_diff("Second",TimeGenerated1,TimeGenerated)
| where Name=~"RdpStackLogon" 
| project UserName, ResourceGroup, DesktopGroup_s,SessionHost=SessionHostName, TimeStamp=TimeGenerated1, DurationFromLogon
| summarize DurationInSeconds=avg(DurationFromLogon) by HostPool=DesktopGroup_s 
| render columnchart kind=unstacked

![Registry with values](../assets/images/Azure Monitor for WVD/Blog-01-01.png)

Session logon duration by user (desc)

>WVDConnections 
| where Type =~"WVDConnections" and State =~ "Started" | extend Multi=split(_ResourceId, "/") | project ResourceAlias, HostPool=toupper(HP=Multi[8]), SessionHostName , UserName ,CState=iff(SessionHostOSVersion=="<>","Failure","Success"), CorrelationId, TimeGenerated, ResourceGroup=Multi[4], DesktopGroup_s=toupper(strcat(RG=Multi[4],".", HP=Multi[8])) 
| join kind= leftouter (
    WVDCheckpoints 
) on CorrelationId
| extend DurationFromLogon=datetime_diff("Second",TimeGenerated1,TimeGenerated)
| where Name=~"RdpStackLogon" 
| project UserName, ResourceGroup, DesktopGroup_s,SessionHost=SessionHostName, TimeStamp=TimeGenerated1, DurationFromLogon
| summarize DurationInSeconds=avg(DurationFromLogon) by HostPool=UserName
| order by DurationInSeconds desc

Administrative activities over time

WVDManagement 
| summarize Count=count() by bin(TimeGenerated,15)
| render scatterchart

![Registry with values](../assets/images/Azure Monitor for WVD/Blog-01-03.png)

Good to know: Sepago’s commercial “Azure Monitor for WVD” brings the ready to use Azure workbooks for the session and app monitoring and workbooks for the WVD/AVD backend:

![Registry with values](../assets/images/Azure Monitor for WVD/Blog-01-07.png)

05 May 2020

ITProCloud Blog