Forum Discussion

Johan_Eriksson's avatar
Johan_Eriksson
Brass Contributor
Oct 10, 2019

User cant login when UserPrincipalName is reused due to azure ad delete+add

Scenario:

1. Add user a@mysite.com in azure ad and replicated to Azure AD DS getting SID X

2. Add user to app group

3. User logs in successfully (required for error to occur in step 😎

4. Remove user from app group

5. Delete user a@mysite.com in azure ad

6. Add a@mysite.com in azure ad and replicated to Azure AD DS getting SID Y

7. Add user to app group

8. User cant log in because he logged in with SID Y from step 6 and WWD remeber SID X from step 1

 

This feels like a bug in WVD. Is there some workaround that allows me to tell WVD that the old SID is no longer active? 

 

PS C:\Users\johan> (Get-RdsDiagnosticActivities -TenantName "not-my-tenant-name" -ActivityId masked-activity-id -Detailed).Errors


ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : User a@mysite.com: SID information in the database
'X' does not match SID information returned by agent
'Y' in the orchestration reply.. This scenario is not
supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 10/10/2019 9:06:20 AM

Resources