Forum Discussion
Outlook login issues with WVD - FSLogix
- Nov 22, 2019
DAsnow this scenario isn't ringing a bell in terms of a common scenario, probably best to contact support on this.
- Only one customer got issues while we have multiple setups like this
- Only happens after password change (in our case)
- I dont see this issue on VDI while they change desktops every day
Only difference is that some users got multiple accounts in outlook from different tenants, but also see this happen with users that got a single account after changing password.
There are more than 1 reason why Modern Authentication can break. My situation and the fix is very specific:
The use-case is multiple Hosts AND multiple O365 accounts (or an O365 account that isn't covered by SSO)
In VDI and almost any setup you should have SSO configured which handles the primary O365 account. If it "breaks" by moving to another VM, SSO kicks in and repairs it without the user ever noticing.
My fix is only intended if both conditions are met: Multiple hosts and multiple O365 accounts.
If you are having issues with Modern Auth and those conditions are not met I suggest looking at SSO which may not be configured or may not function as desired. Seems like the case with the changing password issue. Your local AD may not be in sync with AAD.
- HilcoFDec 19, 2022Copper ContributorHi Kevin,
SSO works even when Outlook is broken, customer got Mutiple hosts and some users mutiple O365 accounts from different tenants. But we also see outlook broken issues with the users that
dont have the second tenant account added.
Outlook breaks after user change password (They needed to change password every 42 days).
Looks like they need to set new password / token on both RD-Host servers.
We see logs in Azure AD like
"The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '{authTime}' and the TokensValidFrom date (before which tokens are not valid) for this user is '{validDate}'."
Expected part of the token lifecycle - either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require re-authentication. Have the user sign-in again.
Error code: 50173
Next test case will be to extend the password change to 365 and see if it still happen. Token refresh is 90 days i understand.