How the AVD Client Connection Sequence Works
It is important to understand the client connection sequence, which will help you to troubleshoot the client connections. Based on the startup of the Azure Virtual Desktop session host, the Remote Desktop Agent Loader service determines the Azure Virtual Desktop broker’s persistent communication channel. This communication channel is layered on top of a secure TLS connection and serves as a bus for service message exchange between the session host and Azure Virtual Desktop infrastructure.
\ 1.\ As the first step, a user utilizing a supported Azure Virtual Desktop client subscribes to the Azure Virtual Desktop workspace.
\ 2.\ Then Azure Active Directory authenticates the user and returns the token used to enumerate resources available to the user.
\ 3.\ The client passes the token to the Azure Virtual Desktop feed subscription service.
\ 4.\ The Azure Virtual Desktop feed subscription service validates the token.
\ 5.\ The Azure Virtual Desktop feed subscription service passes the list of available desktops and RemoteApps back to the client in the form of a digitally signed connection configuration.
\ 6.\ The client stores the connection configuration for each available resource in a set of .rdp files.
\ 7.\ When a user chooses the resource to connect to, the client uses the associated .rdp file, establishes a secure TLS 1.2 connection to the closest Azure Virtual Desktop gateway instance, and passes the connection information.
\ 8.\ The Azure Virtual Desktop gateway validates the request and asks the Azure Virtual Desktop broker to orchestrate the connection.
\ 9.\ The Azure Virtual Desktop broker identifies the session host and uses the previously established persistent communication channel to initialize the connection.
\ 10.\ The Remote Desktop stack initiates the TLS 1.2 connection to the same Azure Virtual Desktop gateway instance as used by the client.
\ 11.\ After both the client and session hosts connect to the gateway, the gateway starts relaying the raw data between both endpoints; this establishes the base reverse connect transport for the RDP.
\ 12.\ After the base transport is set, the client starts the RDP handshake, and the user can access the Azure Virtual Desktop.