Forum Discussion

DAsnow's avatar
DAsnow
Copper Contributor
Nov 21, 2019
Solved

Outlook login issues with WVD - FSLogix

Having an issue where user of WVD Windows 10 Multi-session have issues moving between hosts. Essentially first login on a host is fine, when the user moves to a new host outlook eventually says "need...
  • Doug_Coombs's avatar
    Doug_Coombs
    Nov 22, 2019

    DAsnow this scenario isn't ringing a bell in terms of a common scenario, probably best to contact support on this.

HilcoF's avatar
HilcoF
Copper Contributor
Dec 13, 2022
Sounds logical but still leave me with questions.
- Only one customer got issues while we have multiple setups like this
- Only happens after password change (in our case)
- I dont see this issue on VDI while they change desktops every day

Only difference is that some users got multiple accounts in outlook from different tenants, but also see this happen with users that got a single account after changing password.
KevinDeSchrijver's avatar
KevinDeSchrijver
Copper Contributor
Dec 13, 2022

There are more than 1 reason why Modern Authentication can break. My situation and the fix is very specific:
The use-case is multiple Hosts AND multiple O365 accounts (or an O365 account that isn't covered by SSO)

In VDI and almost any setup you should have SSO configured which handles the primary O365 account. If it "breaks" by moving to another VM, SSO kicks in and repairs it without the user ever noticing.

My fix is only intended if both conditions are met: Multiple hosts and multiple O365 accounts.

If you are having issues with Modern Auth and those conditions are not met I suggest looking at SSO which may not be configured or may not function as desired. Seems like the case with the changing password issue. Your local AD may not be in sync with AAD.

  • HilcoF's avatar
    HilcoF
    Copper Contributor
    Dec 19, 2022
    Hi Kevin,

    SSO works even when Outlook is broken, customer got Mutiple hosts and some users mutiple O365 accounts from different tenants. But we also see outlook broken issues with the users that
    dont have the second tenant account added.

    Outlook breaks after user change password (They needed to change password every 42 days).
    Looks like they need to set new password / token on both RD-Host servers.

    We see logs in Azure AD like

    "The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'."

    Expected part of the token lifecycle - either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require re-authentication. Have the user sign-in again.

    Error code: 50173

    Next test case will be to extend the password change to 365 and see if it still happen. Token refresh is 90 days i understand.


Resources