Forum Discussion
Intermittent AVD Host Pool Login issues with WhfB endpoint, SSO, Entra ID Auth & MFA via Cond. Acc.
tommykneetz - hey thanks for getting back to me, and yes (I missed an important part of the config out) - I do run FSLogix user profiles from an Azure Files Share.
Stuck FSLogix processes from a previous login are an interesting possibility, but I have tried rebooting the host and then trying to login and get the same behaviour, so I don't think it can be that in this case.
I have also tried rebooting the end-point (turn it off and turn it on again). Made sure the Remote Desktop app is fully updated, reset settings etc.
I have tried switching between when the end-point is both on our corporate network (no MFA needed) and on public WiFi (MFA needed).
The same user can connect to another Host Pool they have access to - just not the one in question (and they are configured with the same settings for the host pool and MFA etc).
It just seems to be time - you give it a few hours and it works again... But I can't really live with this for my users.
can you reproduce the issue without fslogix?
- garymansellMay 03, 2024Brass Contributor
I have just now had this issue occur on my account and I have more information...
This occurred logging into (only one of) my Host Pools whilst I was on the Corporate network (via a VPN connection) - so I should not get prompted for MFA (as we have a Cond Access policy for all Apps to require MFA if not on a trusted network). I repeatedly got the "Just a Moment" screen and the "initiating/securing connection dialog box) stuck in a loop. When I looked at the Host Pool VM - my user was showing as connected but in a Pending state.
But, what I then did, was to shut that VM down (to clear my session), and then disconnected from the VPN and tried to connect off of the corporate network - this time it succeeded and I could login. I will note, that I was not prompted for MFA (I think because we have a grace period on MFA and don't get prompted every time, if the user selects to "remain logged in" when prompted.)
After that, I could re-connect to the corporate network via VPN and then connect successfully from there too.
So - it seems that it is something to do with the MFA / Token - perhaps?