Windows Virtual Desktop (WVD) – Image Management : How to manage and deploy custom images (including versioning) with the Azure Shared Image Gallery (SIG)

A lot of questions I receive about Windows Virtual Desktop (WVD) are about Image Management. Questions like; How can I create a custom image and apply updates on it? What about versioning and the possibility to rollback an image version? All these functions are available with Windows Virtual Desktop, together with the Azure Shared Image Gallery (SIG). In this blog I will show you step-by-step how to create an image, deploy a Windows Virtual Desktop Host pool with it, and update it with a new image version afterwards.

A great benefit of the Azure Image Gallery is that you can deploy your image to different Regions within Azure at the same time. This makes a Windows Virtual Desktop deployment over more then one region even easier. In this blog I will deploy an image to two Regions to show you how that works.

This blog is divided into the following steps:

  1. Deploy a Virtual Machine for creating and customizing the image
  2. Make a disk Snapshot
  3. Creating a Virtual Machine Capture
  4. Create a Shared Image Gallery
  5. Add an image to the Shared Image Gallery
  6. Deploy a Windows Virtual Desktop Host pool with the custom image
  7. Update the custom image (create Disk, new VM, Snapshot and VM Capture)
  8. Add a version to the image in the Shared Image Gallery
  9. Update the Windows Virtual Desktop Host pool with the new image

Step 1 : Deploy a Virtual Machine for creating and customizing the image

The first step is to deploy a VM for creating a custom image with, for example, all the required Line Of Business (LOB) applications and updates. For the next steps, login to the Microsoft Azure Portal.

On the home screen of the Azure portal click + Create a resource

Search for Microsoft Windows 10 + Office 365 ProPlus (if you want to use a Windows 10 Multi-Session OS with Microsoft Office 365 ProPlus pre-installed on it) and click Create

Select your Subscription and create a new Resource group. Give the VM a name, select Region and a VM Size. Fill in the information for the local admin account and click Next : Disks

Select Premium SSD and click Next : Networking

Select the correct Virtual network and Subnet and click Next : Management

Turn off the Boot diagnostics. Click Review + create

Click Create

Connect to the Virtual Machine and install the required LOB applications. Also think about Windows and Store updates. When your finished with the installation and configurations, shut down the Virtual Machine.

Step 2 : Make a disk Snapshot

Windows 10 allows us to run Sysprep 1001 times. Therefor it is not required to make a snapshot before running Sysprep, but its recommended to have the option to go back to an older version of your image. You can do this with a disk Snapshot where you can create a new VM of (see next steps in this blog). Therefor it is a good moment to make a disk Snapshot after every update like in this case.

Make sure the Virtual Machine have the Stopped (or deallocated) status,

Open the Virtual Machine and go to the Disk blade. Next, click on the OS Disk.

Click + Create snapshot

Select the in step 1 created Resource group and give the Snapshot name. If you are plan to create multiple versions like I do, it’s good to think about a good name convention. Also we make a Snapshot before Sysprep and a Capture after Sysprep (in the next step). Therefor I apply the following name convention:

WVD-Win10MS-<Year>-<Month>-<Day>-BS

BS = Before Sysprep in this case so I know this version is before I have run Sysprep and can be used for the next update.

Click Review + create

Click Create

Step 3 : Creating a Virtual Machine Capture

After creating the Disk Snapshot, start the Virtual Machine back up again.

Connect to the Virtual Machine and run Sysprep. (C:\Windows\System32\Sysprep\sysprep.exe). Make sure to select Generalize and to set the Shutdown Option to Shutdown

Click OK

After the Virtual Machine has been turned off. De-allocated the Virtual Machine (select it in the Azure Portal and click Stop). After the Virtual Machine has the de-allocated status, go the Overview blade, and click Capture

Give this Capture / Image a name. In this case I will give it a name with the following name convention:

WVD-Win10MS-<Year>-<Month>-<Day>-AS

AS = After Sysprep in this case. This so I know this version is after I have run Sysprep and I can use it for image deployment.

Select Automatically delete this virtual machine after creating the image. Type the virtual machine name and click Create

Step 4 : Create a Shared Image Gallery (SIG)

Before we can upload the custom image, we need to create a Shared Image Gallery (SIG) first. In the Azure search bar, search for Shared Image Gallery and open it.

Click Create shared image gallery

Select your Subscription and the Resource group you want to use. Give the Shared Image Gallery a name (in this case I will name it WindowsVirtualDesktop) and select a Region.

Click Review + create

Click Create

Step 5 : Add an image to the Shared Image Gallery

Open the just created Shared image Gallery (in my case WindowsVirtualDesktop)

Click + Add new image definition

Select your Region. Give this Image definition a name, this name will be visible when deploying a Windows Virtual Desktop host pool.

Configure the following:

Operating system :  Windows
VM generation : Gen1
Operating system state : Generalized

Fill in a Publisher, Offer and a SKU name of choice.

Click Next : Version

Fill in a Version name, this must be in the x.x.x format. Of course, you can start with 1.0.0, but you can also use a date like I do. In this case my version is: 2020.05.30 (next version needs to be higher of course).

Set Exclude from latest to No. Fill in an Image version end of life date and the regions you want to make this image available. I will deploy VMs with this image to the West Europe and East US so I select both locations.

Click Review + create

Click Create

Step 6 : Deploy a Windows Virtual Desktop Host pool with the custom image

Within the Azure portal, go the Windows Virtual Desktop

Click Create a host pool

Select your Subscription and Resource group. Give the Host pool a name and select the Location. Select the Host pool type, the Max session limit and the Load balancing algorithm. Click Next : Virtual Machines

Select the Resource group for the Session Host servers and the Virtual machine location. Fill in the Number of VMs you want to create in this Host pool and enter a Name prefix name.

For the Image type, select Gallery, and click Browse all images and disks

Click My Items, select Shared Images and click the image created in the previous step.

Select the OS disk type and configure the network settings. Click Next: Workspace

Select a Workspace or create a new one. Click Review + create

Click Create

I repeated these steps for the East US region, so I have two servers in West Europe, and two in East US with the same image as source.

Step 7 : Update the custom image (create Disk, new VM, Snapshot and VM Capture)

Before we can update the custom image, we need to create a Disk with the Snapshot (before Sysprep) as sources. Next, we can create a new VM from that disk. I will show you step-by-step below.

Within the Microsoft Azure portal, go to Disks and click + Add

Select the Subscription and the Resource group. Give the Disk a name. I give it the name of the snapshot with “-Restored” at the end. So in my case “WVD-Win10MS-2020-05-30-BS-Restored”.

Select Snapshot as source, and select the snapshot created in previous steps. Make sure the Disk Size is correct. Click Review + create

Click Create

After the deployment is complete, click Go to resource

Click + Create VM

Select the Resource group of choice and give the Virtual machine a name. Make sure the correct Image is selected and click Next : Disks

Click Next: Networking

Configure your network settings and click Next: Management

Set Boot diagnostics to off and click Review + create

Click Create

After the deployment is complete, login to the VM and make the required changes.

When your finished with the changes in the VM, repeat Step 2 (Make a disk Snapshot) and Step 3 (Creating a Virtual Machine Capture) of this blog (with new dates in the snapshot and image name).

Step 8 : Add a version to the image in the Shared Image Gallery

Now that we have a new image version (VM Capture) we need to add this to the current custom image in the Shared Image Gallery.

Go to the Shared Image Gallery and click the WindowsVirtualDekstop Shared image gallery.

Click the custom image created in previous steps.

Click + Add Version

Fill in the Version (date of image in my case) and the Source image. Make sure Exclude from latest is set to No. Select the Target regions and click Review + create

Click Create

Step 9 : Update the Windows Virtual Desktop Host pool with the new image

In this final step we are going to update the Windows Virtual Desktop Host pool with the new version of the custom image. We do this by creating new Session Host VMs and enabling Drain mode on the old (current) VMs. If for some reason the new version of the image is not working you have a fall back to these (old) servers.

But first we need to add the new servers.

Within the Windows Virtual Desktop portal, navigate to Host pools > <your host pool> > Session hosts and click the + Add button.

Click Next: Virtual Machines

Select the Resource group and the Virtual machine location. Fill in the Number of VMs you want to add to this Host pool. Note that all other options are grayed out. Scroll down

Configure your network settings and click Review + create

Click Create

After the deployment is finished, the new servers are added to the Windows Virtual Desktop Host pool, created with the latest version of the custom image.

Now you can enable the Drain mode on the old VMs (VMs created with an old version of the custom image) and test the new version of the custom image. If all tests are successful you can delete the old servers.

49 comments

  • Great Article!
    I followed the steps, everything went well but when I check the VM status in session hosts, it says “unavailable” but I go back to main portal and check the VM status it says available, only under session hosts, VM is showing “unavailable”

  • Awesome, Fabulous and Outstanding Job Robin. This article with screenshots really helped me deploy a WVD POC in my organization.

    Just one question – Do you have a powershell script for all the above steps ? Can this be automated..I am a novice powershell user.

    Thanks.

  • Hi Robin,
    I followed your steps and created an image, sysprep’ed it then captured and created a SIG all works as expected. When I did create a new hostpool with the image, the session host were created and domain joined, the portal says they are available but every time I access I get “We couldn’t connect to the gateway because of an error” I can rdp locally from my DC to the newly created session host and it works perfectly. Do you have any idea why this is happening? If I create a session host from the MS gallery it works properly.

  • Hi Robin,

    i follow your Instructions but having some troubles to deploy a WVD hostpool with a shared image Gallery. The Image based on 2004 Windows 10 MS. If i want to select the Image in the Creation Process i will get an error that the Image is Not available in this region. The shared image is replicated to the Region where the Ressource group and the hostpool is located.

  • new image isnt loaded – ive followed the guide – adding Notepad++ to the image and updated.

    New servers are running the same image… what am i missing?

    • I assume that you added the new image as an version to the current image in the Shared Image Gallery? And if so, that is the status of the version? (is it completed). And is the “exclude from latest” option unselected?

  • Just tried to update our image and noticed an option about Windows 10 Multi User License which you have to select.

    Doing this and running the update as your guide now getting the following error

    Error details: This installation of Windows is undeployable. Make sure the image has been properly prepared (generalized)

    Is there some new steps that should be on on the updated image as I am unable to find anything online for this.

  • I would say Horizon View 8 is much easier for this process than WVD. I have tested both the product. There are Pro and Cons between the product. This process of WVD is lengthy and it will cost a lot of money to do in home lab setting. Anyway thanks for sharing detailed instruction. Have BM the site for future yse.

  • Robin, When the master image requires some updates or additional applications, you will have to boot from the previous created snapshot (created in step 2).
    Do you have the steps to do this ?

  • I have followed your instructions. The first time creating VM, doing Sysprep and Shared Image Gallery, successfully created new host pool and session hosts worked great. My issue is with creating a new VM out of snapshot, to update SIG image definition, sysprep never completes and shuts the system down and marks as generalized. I can run powershell scripts to deallocate and mark as generalize, but the VM creation always fails to join machine to domain and session host with timeout error. Have you ran across this?

    • Sysprep shuts down while logged on, but it never shows as stopped in the Azure Portal.

    • I was able to resolve this. I created a new 2004 build image. My other “Golden Image” was updated to 2004 from 1909. I think the failure was connected to the build and the ARM templates not working together.

  • Hi Robin,
    On Step 9 : Update the Windows Virtual Desktop Host pool with the new image > I get: “A registration key must be setup before you can add a new VM to the host pool xyz”
    This prompt doesn’t show on your guide, any ideas as to why?
    Thanks, M

    • Yes, you need to have an active registration key before you can add new session host VMs. Just click generate a new key and select an expire date. After the key is created you can add the new session host VMs to the host pool.

  • Hey Robin, awesome guide as always! You really do make it easy. It would be worth mentioning somewhere that some Anti-Virus clients which use tamper protection such as Sophos Endpoint or Sophos Central cause major issues with sysprep. Azure will fail to generate a VM from the image in that case.

    • If you are using Temper protection like with Sophos, you need to disable Tamper protection first, disable the Sophos services and delete some files (Sophos has a step-by-step guide for it). After completing the steps you can run successful run Sysprep.

  • Hi Robin,

    Nice blog! Something weird happened to me yesterday when deploying a session host to the hostpool. When using the portal, the portal says I forgot to add a parameter. As far as I can see it needs the “Workspace” parameters too.
    Unfortunately I can not add this parameter through the portal. So I can’t click the button to start deployment.

    So I decided to create a whole new hostpool. Then I can add the workspace parameter and then I am able to start a deployment. Although it fails over a few seconds. It can’t find the shared image. When looking at the parameters at redeploy, it has the uri of the SIG and not of the /version/ uri.

    I needed to go to the image itself and copy the ResourceID of the Version, set that as the parameter for “Vm Custom Image Source Id”. Now it works.

    Looks like a bug to me. Wanted to share this in case other people run into the same problems

  • Hi Robin, thank you for providing this helpful info. I have tried this 3 times and each time it fails on the Stage 9 step, the error to the effect of timing out and I should delete and re-create the virtual machine. I’m not sure what else to try.

      • After trial and error, I was able to provision the host pool with the restored image. It’s the little stuff that get you! Thanks again.

      • I got this to work after several tries, but after updating the image as a new version in the SIG, I can’t get new session hosts. I even created a new host pool using the new image version (in a new SIG). The host pool gets created with no errors, but there are 0 session hosts. Any suggestions?

        • Update: I’ve done this step over many times, and each time the VMs are not attached to the host pool, so I register them manually. I would not think this is a bug but I cannot tell which piece isn’t working for this to be done automatically. At least I know how to get them connected.

          • Yes I followed your guide so many times I almost have it memorized. I can create a VM from that image and it is in fact my “golden image.” I’ve have to resort to adding the VMs to the host pool manually for now until I can figure out what is going on.

          • You can check the log files for more information. Usually this is due to the fact that he cannot download the configuration package (network / proxy problems)

          • Do you mean the logs on one of the VMs that did not get joined? I can take a look. Everything is on the same vnet/subnet in Azure and no proxy so it would be odd to be a network issue unless I’m missing something.
            Thank you

        • Hi Robin

          I got the same problem as Philip today. Maybe there is a bug that does not allow the VM to join the hostpool. Everything else works without a problem, the deployment finishes without an error too.
          I cloud not find any errors in Eventlog, where should I search?
          Any ideas why this happens?

          Thanks.

    • FYI, I asked this question at a Microsoft WVD online event and was advised to create the resource (first option) rather than the image (second option) to allow for more customization.

  • A word of caution, as this has burned me twice now:
    In Step 3 – Capturing the Image – If you have the “Automatically delete” checked, Azure will delete the VM even if there are errors during the creation process.
    Obviously, you can go back to your snapshot, create a new disk, and then spin up a VM from there, but it’s extra steps.
    I’m curious if there are other reasons for selecting that “Automatically delete” checkbox during this process vs. going back after confirmed successful Image creation to clean it up.
    I appreciate the tutorial, of course. Wouldn’t have gotten to the point I am without it. But this has vexed me.
    Thanks!

  • I followed these steps and found that I could not connect to a session host from the custom image. I deployed another session host straight from the gallery using the same Microsoft Windows 10 + Office 365 ProPlus and could connect just fine. In comparing the two I found that the non-working host was missing the rdp-sxsNNNNN registry keys from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations that the working host has.

    Could the sysprep step have done something to affect these keys. I’m at a bit of a loss as to why customizing the same exact build, I’m unable to make connections to it.

  • Super Article which clears my queries on wvd.

    However could you assist with this warning when updating the existing version Replication is not supported with customer-managed key encryption. If you choose to replicate this image, you must use platform-managed keys. Support for customer-managed keys will be enabled after preview.

  • Having problem similar to @Jason – Gallery Image deployed to host pool works fine but custom image does not. Circumstances point to an issue with the rdp-SXS stack. Unlike @Jason, I do see registry entries for rdp-SXS but qwinsta does not show a rdp-SXSnnnnnnnnn session.

    Custom image was just a Win10 Pro gallery image (2004, 20H2 both fail) that was sysprepped and captured to a Shared Image Gallery.

    Any idea who could help with figuring this out?

    • Microsoft Support said that using a Windows 10 Pro Gallery image as a base for customization is not a supported scenario in Windows Virtual Desktop. Base Gallery Image has to be Windows 10 Enterprise if customizing. Using Win10Ent as a base has addressed my issue with the customized images showing up as unavailable in the host pool.

About Robin Hobo

Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page. You can also join me on the following social networks:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close