Forum Discussion

Christian_Montoya's avatar
Christian_Montoya
Icon for Microsoft rankMicrosoft
Jul 17, 2019
Solved

[Announcement] Connectivity issues from synchronized users to VMs joined to AAD DS

Hi everyone, thanks for the continued testing of WVD. We’ve seen multiple connection errors with UPN when connecting to VMs joined to Azure AD Domain Services. We’ve done some preliminary investigati...
MrTbone_se's avatar
MrTbone_se
MCT
Jul 29, 2019

Hi,

We have just noticed the same problem in our test environment.

But a strange thing is that it only affects one of the 17 pilot users.

 

The users were synced from a local AD to Azure AD.

Azure AD connect sync was removed 1 year ago.

Azure AD services was setup to support the WVD environment.

Users envolved in pilot had to reset their passwords and could then logon.

 

But now, one user gets the error message:

SID value in the database is different than the value returned in the orchestration reply from the agent for user...

 

The Hostpool is in "validation" 

<#

ErrorSource      : RDBroker
ErrorOperation    : OrchestrateSessionHost
ErrorCode        : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage      : OrchestrateAsync: SID value in the database is different than the value returned in the orchestration reply from the agent for user ≤a.b@domain.se≥ with Id b663bb3d-3f67-42e9-f891-08d6fb3eb712. This scenario is not supported - we will not be able to redirect the user session.
ErrorInternal    : False
ReportedBy        : RDGateway
Time              : 2019-07-18 09:36:42
 
ErrorSource      : Client
ErrorOperation    : ClientRDPConnect
ErrorCode        : 2147965400
ErrorCodeSymbolic :
ErrorMessage      : Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance.
ErrorInternal    : True
ReportedBy        : Client
Time              : 2019-07-18 09:36:42

#>

 

 

Christian_Montoya's avatar
Christian_Montoya
Icon for Microsoft rankMicrosoft
Aug 07, 2019

MrTbone_se : As it stands now, the issue stems from the SID's being synchronized as part of the Azure AD token and then receiving a different one through Azure AD Domain Services. Are you aware of any difference of properties between this 1 user and the other 16?

  • MrTbone_se's avatar
    MrTbone_se
    MCT
    Aug 20, 2019

    Christian_MontoyaI have checked with every powershell cmdlet i can think of, but the users are identical configured. I have compared with another user that was hired at the same time (2014). And also has been migrated from an onprem AD to an Azure AD only environment. The ad connect was removed a year ago ish. The Azure Domain Services was setup to support WVD preview in June.

    My user is on vaccation and I cannot get an answer if it still is an issue or if it has been solved by agent update.

     

    But, you should think of a rollback of the sid verification and do a rearchitect.
    If it is so much trouble for preview users, how will this work for GA?

    /Mr T-Bone

Resources