Forum Discussion

Spanky1655's avatar
Spanky1655
Copper Contributor
Nov 02, 2023

Azure Virtual Desktop Your Credentials did not work error until several reboots of Local AD Computer

We have an Azure Virtual Desktop environment created for a Local AD joined company. We are using the Remote Desktop client for Windows. Every day, users get the issue Your credentials did not work (the logon attempt failed) using their local domain account, but the odd thing is, if they reboot their computers from 1-3 times it then works. The Store version of Remote Desktop seems to work but lacks the features the one we use. We are trying to get to the root cause of this and any input or insight would be appreciated.

  • Hi Spanky1655,

    Can you post the Azure user sign-in logs (non-interactive) error code and failure reason of one affected user?

     

    Please also try to reset the user password in Active Directory, sync the hash to Microsoft Entra ID and try to logon again. Sometimes removing and re-adding the Microsoft 365 license does also fix such issues.

     
     
    • Spanky1655's avatar
      Spanky1655
      Copper Contributor

      MathieuVandenHautte Here is one of the non-interactive sign-in failures. Auth passed along with everything else. The odd thing is it is very sporadic, it appears that today no one was affected, but it would affect different users seemingly at random.

       

      Authentication requirement
      Multifactor authentication
      Status
      Failure
      Continuous access evaluation
      No
      Original transfer method
      None
      Sign-in error code
      65002
      Failure reason
      Consent between first party application '{applicationId}' and first party resource '{resourceId}' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API.
      Additional Details
      A developer in your tenant may be attempting to reuse an App ID owned by Microsoft. This error prevents them from impersonating a Microsoft application to call other APIs. They must move to another app ID they register in portal.azure.com.
       
      User type
      Member
      Cross tenant access type
      None
      Application
      Accounts Control UI
       
      Client app
      Mobile Apps and Desktop clients
      Client credential type
      None
      Token issuer type
      Microsoft Entra ID
      Token issuer name
       
      Incoming token type
      Primary refresh token
      Authentication Protocol
      None

Resources