Forum Discussion
Outlook login issues with WVD - FSLogix
DAsnow this scenario isn't ringing a bell in terms of a common scenario, probably best to contact support on this.
We also tried to split the O365 container from the profile container with no luck.
FinTechSean - Do you have Azure AD Connect in place? If so, have you configured Hybrid Azure AD join so that the session hosts are showing in your Azure AD directory? If you have done this AND configured seamless SSO, your issue should be cleared up. Important note - you will need to delete the existing session hosts out of Azure AD if they are showing as "registered" and then delete user profiles (in that order).
Yes, Azure AD Connect. Hybrid AD Join yes, Azure AD -> Devices -> shows the WVD hosts as 'Azure AD registered' under join type. You'll see several per machine, basically one per person who has logged into that host via WVD. There is also an InTune registration once per host, with an Owner of whoever first logged into that host.
Seamless SSO in place (however, I've been meaning to take a pass through the link posted in here earlier to confirm nothing was missed).
So:
- Confirm all Seamless SSO steps were completed
- Drain Mode all Hosts in a pool, and shut them down?
- Delete all session hosts from Azure AD Device list (including Intune MDM registrations?)
- Delete all user profiles (from the FSLogix Storage container? or from the hosts themselves as well?)
- Restart Hosts
Sound like it is worth a try? Rob Blankers - am I wasting my time? Should I just go persistent?? 🙂
There are two ways of preventing this:
- For AD joined VMs, follow this guidance on how to prevent the VMs from being registered
- Configure hybrid Azure Active Directory join for managed domains <- preferred
Registering is supposed to be done against another tenant (e.g. user has AADJ device from CompanyA and is registering to the tenant of CompanyB). Registering to the same tenant as the device is AD joined to will cause issues, most likely the ones described in this thread.
VMs can get to this state when a user selects the "use this account everywhere" prompt from an Office app, this can be done by standard (non-admin) users. I'm exploring options to see what we can do to prevent this from happening on Win10 Enterprise multi-session.
that must be my problem as well.
Looking at this thread more closely there could be several issues, we'll have to focus on one for now.
The issue that @FinTechSean is describing is very likely related due to the "registered" vs. "Hybrid Azure AD" status. I think Deanbostedor is spot on.
If I look at our internal selfhost all VMs are in a "Hybrid Azure AD" state and SSO is working in Windows 10 Enterprise multi-session (including Outlook). I can ask our Azure AD team what could result in the "registered" state. That will have to be corrected followed by a FSLogix profile reset.
- They should NOT be showing as registered. This is the problem. They must be showing only as Hybrid Azure AD joined.
The registered devices have to be deleted so that the only session hosts showing are displaying as "Hybrid Azure AD Joined". Once the registered devices are deleted, the profiles for all users who have any registered session hosts must be deleted.
To ensure that the devices do not get re-register, use the regedit on each session host (push through GPO and reboot all hosts). I have the registry settings in my post with the MS ticket numbers.
