Azure WVD and ZIA

Looking to see if anyone has come across this issue using ZIA and Azure WVD?

Using Azure WVD (Windows Virtual Desktop), with Client Connector installed and user logged in, we cannot connect to the VM through the Remote Desktop web interface, but using RDP (mstc), I can connect.

If the user logs out of Zscaler client connector, then the web Remote Desktop works.

We have a similar setup - persistent desktops?
Will message you if I can just on some findings.

Yes, persistent desktops is used.
Any info is greatly appreciated.

In short check with your Zscaler contact there is a unlisted youtube video.

Zapp / Tunnel 2.0 with TLS bypassed with WVD ranges?

We are in the process of trying to bypass via pac files via fqdns / tunnel 2.0.

We can login using the full Windows Desktop client but within 4-5 seconds the session hangs and drops off (when not bypassed properly).

Hope this helps - we don’t use the web client.


I’m getting a similar issue when trying to use tunnel 2.0 works fine with 1.0

Did you manage to find out what was causing the issue?

Any help much appreciated


Hi All,

Anyone made any progress on this one? We have the same experience tunnel 1.0 is good, 2.0 is not.



Tunnel 2.0 works but you have to exempt the AVD subnets and URLs in the profile. (Bypass).

@johna8 would be interested to know more about your configuration. Having the same issue and can see that websockets to the RDBroker URLs are being blocked

Tunnel 2.0 TLS ensure you bypass the specific WVD IPS from the json list around 288 IPs in the tunnel 2.0 bypass settings.

You can copy & paste it though.

I take it it disconnects once ZIA signs in if you are signed in using the Remote Desktop client?

Best practice is using an ipsec or great tunnel. Check out the azure marketplace for maidenhead bridge. Very simple and straightforward.

Thanks for the info @twoodbury. We are also looking at VWAN integration with ZScaler, which I believe achieves the same/similar as/to the Maidenhead Bridge CSC.

So when I tried to use Azure VWAN about 6 months ago, there wasn’t a way to “bypass” and go direct easily. So things like licensing broke. Also the cost of Azure VWAN is way more expensive the Maidenhead. Just food for thought

Hi @twoodbury ,

Is there any other limitation for Azure VWAN? i heard that once deployed the scale unit is fix and you can’t increase when required…is that true?

Also does VWAN can do HA/Failover automatically?

Appreciate your insights…


Azure VWAN does HA/Failover automatically.
Yes true on fixed Scale.
The big limitation we found was the bypassing for WVD so that your workstations showed as liscensed.

We’ve been using Maidenhead in our deployments but have had issues with random disconnects or poor performance/lag in AVD sessions. We can usually fix this by shutting the MhB appliance down for a few minutes. Has anyone had a similar experience?