Forum Discussion
User cant login when UserPrincipalName is reused due to azure ad delete+add
Scenario:
1. Add user a@mysite.com in azure ad and replicated to Azure AD DS getting SID X
2. Add user to app group
3. User logs in successfully (required for error to occur in step 😎
4. Remove user from app group
5. Delete user a@mysite.com in azure ad
6. Add a@mysite.com in azure ad and replicated to Azure AD DS getting SID Y
7. Add user to app group
8. User cant log in because he logged in with SID Y from step 6 and WWD remeber SID X from step 1
This feels like a bug in WVD. Is there some workaround that allows me to tell WVD that the old SID is no longer active?
PS C:\Users\johan> (Get-RdsDiagnosticActivities -TenantName "not-my-tenant-name" -ActivityId masked-activity-id -Detailed).Errors
ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : User a@mysite.com: SID information in the database
'X' does not match SID information returned by agent
'Y' in the orchestration reply.. This scenario is not
supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 10/10/2019 9:06:20 AM
- Christian_MontoyaMicrosoft
Johan_Eriksson : This is related to this article: https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Announcement-Connectivity-issues-from-synchronized-users-to-VMs/m-p/759642 . Essentially, since it's a new user account, the user gets a new SID but it collides with a cached mapping we had.
We're working on a fix that will be out this month.