Forum Discussion
Outlook login issues with WVD - FSLogix
Having an issue where user of WVD Windows 10 Multi-session have issues moving between hosts. Essentially first login on a host is fine, when the user moves to a new host outlook eventually says "need...
DAsnow this scenario isn't ringing a bell in terms of a common scenario, probably best to contact support on this.
cvanaxel
PieterWigleven
FinTechSean
DAsnow
benjamink9
Just got confirmation directly from our Microsoft Partner Technology Strategist and Sr. Cloud Solution Architect with collaboration with the FS Logix, WVD, and Office team. This IS an issue. It's being call a "defect" in Office where it's registering session hosts to Azure AD. When users get moved to other hosts, the token breaks because it contains the deviceID of the first registered session host in the FS Logix profile.
The workaround/fix is to:
A: Implement Hybrid Azure AD join/Seamless SSO and BLOCK device registration through registry settings for Hybrid AD environments (I have registry settings above).
B: For Azure ADDS environments, block device registration in registry (no option for Hybrid Azure AD Join/Seamless SSO at the moment. A login script may be required if the Azure AD Broker plugin stops working (see my posts much earlier in the thread).
Engineering is working on a fix on the Office/OneDrive side of things. In the meantime, you must implement the fix and recreate all FSLogix profiles.
PieterWigleven
FinTechSean
DAsnow
benjamink9
Just got confirmation directly from our Microsoft Partner Technology Strategist and Sr. Cloud Solution Architect with collaboration with the FS Logix, WVD, and Office team. This IS an issue. It's being call a "defect" in Office where it's registering session hosts to Azure AD. When users get moved to other hosts, the token breaks because it contains the deviceID of the first registered session host in the FS Logix profile.
The workaround/fix is to:
A: Implement Hybrid Azure AD join/Seamless SSO and BLOCK device registration through registry settings for Hybrid AD environments (I have registry settings above).
B: For Azure ADDS environments, block device registration in registry (no option for Hybrid Azure AD Join/Seamless SSO at the moment. A login script may be required if the Azure AD Broker plugin stops working (see my posts much earlier in the thread).
Engineering is working on a fix on the Office/OneDrive side of things. In the meantime, you must implement the fix and recreate all FSLogix profiles.
Is it really required to recreate the FSLogix Profiles??
They are QUITE big and its huge penalty when it syncs OL Profiles etc.. And people lose their settings - cant i some how via a Script fix / remove the defect and just relogin to the user?
I have implemented the BlockAADWorkplaceJoin in registry ..
They are QUITE big and its huge penalty when it syncs OL Profiles etc.. And people lose their settings - cant i some how via a Script fix / remove the defect and just relogin to the user?
I have implemented the BlockAADWorkplaceJoin in registry ..
- PieterWigleven
Microsoft
Christian_Pedersen Let me investigate options to manually remove and get back to this thread.
PieterWigleven I think you may be able to apply the fix without recreating the fslogix profile if the user signs out and signs back into office.
- Is not working.. Just leaves you in limbo with office signed out
- PieterWigleven
Christian Pedersen The only supported way is by having an end-user go into "Settings/Accounts/Access work or school" and remove the entry created. We don't have a script that allows automation.
- If that's the only supported thing to do you have an issue - because on Win10 Multi User the whole account thing is missing (Work/School) options..
I have this open case 120042822002223 - waiting to get a real fix - recreate Profiles is really not an option.. The users will be very unpleased
There MUST be another way - delete registry / files etc??
- No, for each profile, do a 'dsregcmd /status'. If it says "Workplace joined: Yes", run WPJCleanUp in the user's session. That'll quit the session from Azure AD. Then all you have to do is disconnect from Teams, and sign back into Teams and Outlook.
