Forum Discussion

David Overton's avatar
David Overton
Copper Contributor
Feb 23, 2022

Error "the connection was denied because the user account is not authorised"

We have a handful of users on our AVD deployment who are unable to connect to a session. They are able to sign into RD Client, see the applications in their feed and refresh the feed.  However when they try to connect to a desktop or remote app, it fails with the error message "the connection was denied because the user account is not authorised for remote log-in" and with error code 0x3

 

We have checked the Azure group entries, their M365 licensing and cannot find a cause.

 

Is anyone able to diagnose the issue or recommend a fix?

 

Thanks


David

  • Hi David Overton,

     

    May be you have some GPO setup to deny certain groups/individuals from using RDP, and it got applied to the AVD session hosts?

     

    Something like this:

     

    hope this will be helpful.

    • David Overton's avatar
      David Overton
      Copper Contributor

      michael_moshkovich Unfortunately that is not the issue. We do have a deny group, but it is empty in AD and Azure AD. I double checked, the user's account to make sure they were not part of that group, so not applicable both ways.

      I also tried adding the user to the local VM's Remote Desktop Users group and suddenly they are able to sign in without issue. I have other users in the same domain who are able to sign in without being added to the Remote Desktop Users local group.

       

      I looked at the logs and in WVDErrors and I see these 3 lines consistently for a user who fails to sign in. 

      TimeGenerated [UTC]

      ActivityTypeSourceCodeCodeSymbolicMessageServiceErrorOperation
      24/02/2022, 13:20:33.197ConnectionClient9,223SSL_ERR_ACCESS_DENIEDSSL_ERR_ACCESS_DENIEDFALSEClientRDPConnect
      24/02/2022, 13:20:35.118ConnectionRDGateway-2,147,467,259ConnectionFailedReverseUngracefulCloseThe Session Host did not respond to the service attempt to gracefully terminate the connection.FALSEGatewayConnectionActive
      24/02/2022, 13:21:25.772ConnectionRDStack12NotAuthorizedForLogonThis user isn't authorized so sign in to the session host.FALSEAuthorization

       

      Given that the VMs are not AzureAD domain joined, I have seen that the SSL error could be associated with users who might be AzureAD joined, so I took the precaution of enabling the PKU2U policy setting, but this also made no difference.

       

      Any pointers appreciated.

       

      David

      • jimmyliebe's avatar
        jimmyliebe
        Copper Contributor

        David Overton Were you able to resolve this issue. I have something very similar. A windows 11 machine cannot connect, but we use the credentials on other machines, and it works fine to log in. This one machine just has the problem. 

Resources