Forum Discussion
GuyMathieuSupport
Jul 07, 2023Copper Contributor
Azure Virtual Desktop authentication loop
Hello, I have created my first Azure Virtual Desktop deployment. When I try to connect to a session host using the Azure Virtual Desktop Preview client, I get in an authentication loop where I ge...
MathieuVandenHautte
Jul 09, 2023Steel Contributor
Hi GuyMathieuSupport,
Can you try this action plan?
1. Rename the folder "%localappdata%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy" to "%localappdata%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy.old"
2. Login to Windows. A clean Microsoft.AAD.BrokerPlugin-folder should be created
3. Try to sign-in again
Please note that renaming this folder requires the user to be logged off. The renaming can for example be done via another (administrative) account.
- GuyMathieuSupportJul 10, 2023Copper Contributor
MathieuVandenHautte Thanks for the quick response. I renamed the Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy directory using a local administrator account while the user was not logged in. Unfortunately, it did not solve my problem. I still can't log in on a Azure Virtual Desktop.
- MathieuVandenHautteJul 10, 2023Steel Contributor
Hi GuyMathieuSupport,
Can you check the event viewer logs on the Windows clients for error codes regarding the Azure Virtual Desktop Client?
I would also recommend using the GA Azure Virtual Desktop Client in production (not the Microsoft Store public preview version):
https://learn.microsoft.com/en-us/azure/virtual-desktop/users/connect-windows
If this does not solve the issue, please contact Azure support. They can run extended diagnostics in the backend to determine the cause of your issue.- GuyMathieuSupportJul 10, 2023Copper Contributor
Using the GA client does not solve the problem. There is no error in the Event Viewer on the client. I can only log on with the local admin account. To do so, I need to disable Azure AD SSO.
I notice that an Event ID 4625 is logged in the Security event log of the VM every time I try to connect with an Azure AD account. The Failure Information of the event are:
Failure reason: An Error occured during Logon
Status: 0xC000006D
Sub Status: 0xC0000250
I have not found any useful information regarding the SubStatus. (https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625)
I am unable to log on with an Azure AD account even when SSO is disabled. I tried these different ways to enter the username, and none are working:
- email address removed for privacy reasons
- AzureAD\email address removed for privacy reasons
- tenant.onmicrosoft.com\email address removed for privacy reasons
- tenant.onmicrosoft.com\email address removed for privacy reasons
I know the VM is Azure AD joined as there is a device object in AzureAD that has the name of the SessionHost. There is a "Client Authentication" certificate issued by "MS-Organization-Access" which is issued to the GUID corresponding to the Device ID of the VM's device object in Azure AD.
The user is a member of the "Remote Desktop Users" local group in the VM.
As you have suggested, I'll contact Microsoft to try to solve this issue.
Thanks for your time MathieuVandenHautte