Forum Discussion
Outlook login issues with WVD - FSLogix
DAsnow this scenario isn't ringing a bell in terms of a common scenario, probably best to contact support on this.
Rob Blankers Have you seen any need password issues since making that GPO change? "
Use Shared Computer Activation"
--Computer Config\Admin Templates\Microsoft Office 2016 (Machine)/Licensing Settings\Use shared computer activation = Enabled--"
We'll still use a shared pool for some segment of our population but have also seen some disappointing performance issues there. We're putting 5-7 users on DS8 v3 machines (8 vcpu, 32gb memory) and users get black screened (explorer.exe crash) and slow responsiveness in Outlook (when it works) that make it nearly unbearable for minutes at a time.
Mark Lunn We gave up on the D8sV3 machines, were having too many performance issues with them. We are using fewer D16sV3 machines now. Makes the cost profile less attractive, but, at least it is working for now.
My guess is that it is something to do with the network performance on the D8sV3 size. We were seeing huge latency spikes to the profile shares on the host machines.
Our only issue now is this whole need password thing. Still haven't gone through and nuked everyone's profile yet.
We are experiencing the same issues as you:
- Outlook prompting for need password and unable to sign in.
- Terrible performance issues - We now have 12 X D8sV3 running for 150 users to try and help with the performance issues. The WVD’s will work fine for a little bit and then randomly lock up for the users causing them to be unusable. Have got serval cases open with Microsoft for the different issues and still no answer.
We are using AADDS, WVD, Azure Fileshare and FSlogix. The spec should only be 8 X D8sV3 machines for the user but it was just unusable.
This is getting really frustrating for me, customer and users.
- First let me point out that for us, adding the BlockAADWorkplaceJoin key to the registry, as has been suggested in this thread, has worked for us. We did have to reset all profiles, which was painful, but it has worked.
About your performance issues, perhaps not the right thread for it, but maybe this will be helpful. We have 115 users in WVD on the same host pool, running 8x E8s_v3 machines (8 cores, 64 GB). Performance has been good but we occasionally get CPU peaking at 100% on some machines which of course hampers performance. RAM never goes above 50%, so we decided that memory-boosted machines may be unnecessary. So we deployed new 10x D8s_v3 machines to give more CPU and less RAM across the company. The CPU/RAM balance looked much better and we never peaked, but in spite of this, users started getting massive issues with Windows Search (SearchProtocolHost.exe error messages and software crashes) which appeared RAM related and made the machines unworkable. So we rolled back the old 8x E8s_v3 machines and have had no problems since.
Our working patterns may be different from yours but perhaps try to allocate more RAM to your deployment. - Exactly same here we run 14 users on DS5_V2 (16 cores + 56gb memory) - Profiles on Azure File Share
Performance is very bad and very inconsistent compared to what i'm used to on-premise.
It works and then it does not - Outlook freezes from time to time - explorer freezes.. Think its some issues with FSLogix pausing for some seconds.. Or Exchange Online sync is performing very bad.. No clue but really frustrating - and its a really small setup - think if it was 500 users... 😕
Wonder if there at all is any cases running more than 100 users?!? And performing moderate? There are two ways of preventing this:
- For AD joined VMs, follow this guidance on how to prevent the VMs from being registered
- Configure hybrid Azure Active Directory join for managed domains <- preferred
Registering is supposed to be done against another tenant (e.g. user has AADJ device from CompanyA and is registering to the tenant of CompanyB). Registering to the same tenant as the device is AD joined to will cause issues, most likely the ones described in this thread.
VMs can get to this state when a user selects the "use this account everywhere" prompt from an Office app, this can be done by standard (non-admin) users. I'm exploring options to see what we can do to prevent this from happening on Win10 Enterprise multi-session.
that must be my problem as well.
Looking at this thread more closely there could be several issues, we'll have to focus on one for now.
The issue that @FinTechSean is describing is very likely related due to the "registered" vs. "Hybrid Azure AD" status. I think Deanbostedor is spot on.
If I look at our internal selfhost all VMs are in a "Hybrid Azure AD" state and SSO is working in Windows 10 Enterprise multi-session (including Outlook). I can ask our Azure AD team what could result in the "registered" state. That will have to be corrected followed by a FSLogix profile reset.
- They should NOT be showing as registered. This is the problem. They must be showing only as Hybrid Azure AD joined.
The registered devices have to be deleted so that the only session hosts showing are displaying as "Hybrid Azure AD Joined". Once the registered devices are deleted, the profiles for all users who have any registered session hosts must be deleted.
To ensure that the devices do not get re-register, use the regedit on each session host (push through GPO and reboot all hosts). I have the registry settings in my post with the MS ticket numbers. Yes, Azure AD Connect. Hybrid AD Join yes, Azure AD -> Devices -> shows the WVD hosts as 'Azure AD registered' under join type. You'll see several per machine, basically one per person who has logged into that host via WVD. There is also an InTune registration once per host, with an Owner of whoever first logged into that host.
Seamless SSO in place (however, I've been meaning to take a pass through the link posted in here earlier to confirm nothing was missed).
So:
- Confirm all Seamless SSO steps were completed
- Drain Mode all Hosts in a pool, and shut them down?
- Delete all session hosts from Azure AD Device list (including Intune MDM registrations?)
- Delete all user profiles (from the FSLogix Storage container? or from the hosts themselves as well?)
- Restart Hosts
Sound like it is worth a try? Rob Blankers - am I wasting my time? Should I just go persistent?? 🙂
We also tried to split the O365 container from the profile container with no luck.
FinTechSean - Do you have Azure AD Connect in place? If so, have you configured Hybrid Azure AD join so that the session hosts are showing in your Azure AD directory? If you have done this AND configured seamless SSO, your issue should be cleared up. Important note - you will need to delete the existing session hosts out of Azure AD if they are showing as "registered" and then delete user profiles (in that order).
FinTechSean Ouch those are some big VMs... the persistent desktop option is more expensive but so far much better for users. And the cost per-VM is much less if using the 'personal' option. Check the WVD area on Azure pricing site... it wasn't as bad as I expected, and if we keep this config we'll use reserved instances to cut costs even more.
I definitely still believe WVD will be a great solution, just working through the bugs... It's a great value for a completely hosted VDI environment.
Rob Blankers That stinks. I was holding out hope! 🙂 On the performance front, I gave up and went up to DS16s hosts, for even fewer users. Considering switching to persistent desktops.
