Forum Discussion
Azure Virtual Desktop - Black Screens on logins - What we've tried so far
michealscott Same experience - applying the KIR decreases the black screen on logon but increases M365 auth failures, correlated with Microsoft.AAD.Brokerplugin crash.
I don't think the KIR is the cause, I think when the appx service crashes it will leave appx SID's of a particular user corrupted on the server, so when they next log on, it does not load it properly. The KIR will stop any further corruption happening but the damage is already done.
I have had to rebuild several session hosts from an old image to resolve this issue, apply the KIR and let Windows Update to October now and all is fine.
They did say run the following command on the affected session host:
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
That in theory should clear out any left over files or SID information for that particular user, whether it causes other issues, is your own risk to take.
This is what Microsoft have said about the particular issue we are facing:
“The Windows 10, 2024 7D Windows Update added the Undocked DEH feature added which has a bug in the profile delete path. A corner case of user logoff with Undocked DEH handler registered and profile delete via RemovePackage API in other user session causing appxsvc crash during another user logon. The targetUserSidString of logging off user isn’t updated.”
They are classing the Microsoft.AAD.Brokerplugin as a separate issue, whereas my argument is they are related and should be resolved with everything else.
I'm not convinced this is linked to user logoff as its typically 9am we see the issue... although I guess that is a which came first, the chicken or egg situation type, as we all know the "my Outlook isn't working" fix is "I won't bother reporting this, I'll do as IT always tell me and log off and back on in the first instance and hopefully get on a new server" so I'm surmising it could be that AAD.Brokerplugin fails, the user logs off and then that edge case triggers... now if AAD.Brokerplugin didn't fail, MS apps worked ok and the user didn't log off then its possible that the issue was only happening at like 5pm as the working day ends - an in our environment we programmatically stick most hosts into drain mode mid-late afternoon.
What we do know if that MS are saying this regression happened in July's 7D and August's 8B, whilst the D week preview updates might not be too widely deployed I'm not aware the proverbial hitting the fan until after the 9B update in September. Now maybe what Microsoft are doing is not 100% wrong; is what we are seeing get triggered by a change to AAD.Brokerplugin in September making it much more likely a user logs off earlier in the day and thus triggers that earlier bug which whilst there perhaps was effectively laying untriggered, we certainly reboot out session hosts overnight.This would also of course explain why the KIR appear to only half work... its only fixing one half of the issue we are seeing!
That said if the root cause of why it all kicked off in mid September was as I am wondering and they are seeing that as a separate issue maybe they will fix one issue and not fix the cause of why that edge case is triggering... have you (or anyone) got anything on the AAD.Brokerplugin issue separately as a case if they are saying they are separate?I agree it's multiple things that combined to cause this. Has anyone tried the insider preview KB5045594? In my case it wasn't Azure related but due to the Appx crashes. The Appx removals get more errors than previously and make me think some of these Store apps are corrupted now. This would also explain some of the app related lingering issues.
- A client has a Citrix Cloud VDI and AVD environment. Both running Win10 same Windows, M365 App etc. software update levels across both environments.
The September update caused havoc with the Citrix VDI environment but only with Teams, Office and OD4B logons. No black screens so I am assuming that is an AVD specific issue. AAD Broker Plugin was constantly breaking. Anything we did in terms of FSLogix profile resets; AAD Broker Plugin repairs were temporary or failed.
Prior to activating the KIR, the only thing that worked for Citrix VDI was to go back to August 8B. Knock on wood, the KIR seems to have worked for us. having read through the posts here, I feel nervous saying that though.
The AVD environment has had no issues at all. It is a lot smaller / less load so maybe that is a factor but I am skeptical as I could reproduce the problem at will on a persistent single session Citrix VDI.
The lingering issue after applying the KIR would explain why I need to repair all OneDrive of my users even after creating a new session host.
For those who have OneDrive syncing corruption issue :
Close OneDrive
Clear regedit Current_User\Software\OneDrive
Clear files under %localAppdata%\OneDrive\
Clear files under %localAppdata%\Microsoft\OneDrive\settings
Reopen and reconnect OneDrive
The sync should reevaluate existing files in synced directory and should fix the issue.
OneDrive.exe /reset wasn't enough.
