Forum Discussion
AVD Single Session - Password is incorrect - lockout screen
Hi Guys,
I hope you are all well.
Recently I set up these policies for my AVD env:
Set time limit for active but idle Remote Desktop Services sessions - Disabled
Set time limit for active Remote Desktop Services sessions - Disabled
Disconnect remote session on lock for legacy authentication - Disabled
Disconnect remote session on lock for Microsoft identity platform authentication - Disabled
The result is that the after some idle time session is not completely disconnected but AVD is being locking out, and that is good but - from lock screen I can't log-in again - I received info that the password is incorrect. In event viewer I see: Event ID 4673. From that place I can disconnect session, restart machine or add additional keyboard layout -> after I click "Update" I am being moved to Desktop, but still poor solution.
Password is definitely correct, account is not being locked out/disabled.
All machines are Entra ID Joined.
Any ideas?
Best regards,
Damian
7 Replies
For Entra Joined devices you need to ensure that you have assigned Virtual machine user role to the AVD users so that they can authenticate using Entra Account.
This mostly happening with Single session AVD. When user is connecting to any 3rd Party or client network via VPN.
When they go away from desk, the AVD got locked but her AVD was on client network connected so your domain credentials will not work.
The Only Solution we are applying, Reboot the AVD from backend & educate users to disconnect VPN once you are away.Any chance to validate Entra ID Authentication policies, LSA restrictions and host group policy conflicts?
I noticed that this issue is most likely related to network configuration as with VPN connected I can lock out computer and log-in again without issues.
I will ask Azure-Network team for set up peering to our internal network.
Thanks!
Hi DamianL1984 , Did you find a solution to this issue? We are running into the exact same thing. Thanks!
