Forum Discussion
An internal error occurred / can't connect anymore
- Please set-up a validation pool as we have a fix deployed to the validation pools. Learn here how to set those up: https://docs.microsoft.com/en-us/azure/virtual-desktop/create-validation-host-pool We recommend to make use of Azure Service Health Alerts where you will be notified when the fix is available for production: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-service-alerts
Please review our troubleshooting guide for domain join issues: https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-issues
evasse It's been 2.5 weeks now. Can you get some ETA on the fix for this problem? Neither validation or production environment works!!
TenantGroupName : Default Tenant Group
HostPoolName : MyTest_HostPool
FriendlyName : My Test Host Pool
Description :
Persistent : False
CustomRdpProperty :
MaxSessionLimit : 999999
LoadBalancerType : BreadthFirst
ValidationEnv : True
Ring :
Still getting the same SID error:
ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : OrchestrateAsync: SID value in the database is different than the value returned in the
orchestration reply from the agent for user ≤rhythmnewt@rhythmnewt.com≥ with Id
85a45a4c-413d-4074-2e41-08d6e4d9abe8. This scenario is not supported - we will not be able to
redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 7/16/2019 3:08:54 PM
User activity log
ActivityId : 10dd46a2-4836-49f1-8f89-face053b0000
ActivityType : Connection
StartTime : 7/16/2019 3:08:54 PM
EndTime : 7/16/2019 3:08:54 PM
UserName : rhythmnewt@rhythmnewt.com
RoleInstances : mrs-eus2r0c001-rdgateway-prod::RD2818785C114D;mrs-eus2r0c002-rdbroker-prod::RD2818788A0588;≤rmrvw-0
.rhythmnewt.com≥
Outcome : Failure
Status : Completed
Details : {[ClientOS, ], [ClientVersion, ], [ClientType, ], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 7/16/2019 3:10:26 PM
Checkpoints : {LoadBalancedNewConnection, TransportConnecting, TransportConnected, RdpStackDisconnect...}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}
Roop_Kiran_ChevuriMicrosoft
rhythmnewt We would like to understand more about your domain setup. We observe that SID which VM resolves the user to doesn't match the SID we are getting from his AAD token. Can you please give brief overview of your domain setup and how it is connected to AAD? Do you have multiple domains?
Roop_Kiran_Chevuri I hope you look into this in a more general way, as we are many with the same problem... Our setup is exactly the same as rhythmnewt , so please express your findings here for us all to see.. :)
- Roop_Kiran_Chevuri
Mtollex70 : Thanks for letting us know that you have similar setup and yes we will look into it in a general way.
Mtollex70 wrote:
Roop_Kiran_Chevuri I hope you look into this in a more general way, as we are many with the same problem... Our setup is exactly the same as rhythmnewt , so please express your findings here for us all to see.. :)
Roop_Kiran_Chevuri I sent you identifiable details about my user account and domain in a PM.
My setup is as follows On-Prem AD -> Ad Sync -> AAD -> Azure ADDS
I do have password write-back enabled.
I do NOT have multiple On-Prem AD instances.
I do have multiple stand-alone AAD (cloud-only) instances.
VM in question is domain-joined to my Azure ADDS instance and I have no problem authenticating into it with my domain credentials.
Thank you for looking into this.
- Roop_Kiran_Chevuri
rhythmnewt Thanks for sharing this detail. Its very helpful to understand the setup. We have recently introduced a change where we need User SID's from VM and token to match before we allocate a session. There seems to be a case with AADDS where they may not always match. We are currently investigating how do we handle these scenarios. I will keep you posted on progress.
