@christianmontoya do you have any updates on when we can expect to see the fix rolled out for us?

FYI, i just ditched AADDS and extended the on-premise AD through S2S VPN and DC VMs in Azure instead.
Re-used my TenantGroup, Tenant, and ServicePrincipal.
Template Deployment and user connexion went flawless on the first try.

I would recommend to forget about AADDS if you can.

@Arthur GERARD 

That's not helpful to those of us who would rather not have to deal with ADDS and AD Connect unnecessarily.   

@DubC85 Maybe i wasn't clear but i went from :

On-prem AD + AADConnect + AADDS (WVD VM being joined to AADDS)
-> was stuck with this bug for several months

to : 

On-prem AD + AADConnect + On-prem AD extended to Azure vNet (WVD VM being joined to AD)
-> everything worked on the first try

@Arthur GERARD 

Yep, this works great, and has since the beginning (adding a hostpool that's actually on your on-prem domain and not AADDS joined).  I didn't even add a DC out in the Azure vnet - just joined on-prem domain over the S2S tunnel.

I wish I could use that - I would be six months ahead now.  The smaller attack surface of available users (filtered sync to AADDS) will be required for us.

@rhythmnewt If you look at this link, it looks that we will have to wait a little bit longer. I am pretty sure this Note has been added recently.

@rhythmnewt @Olivier Debonne : Correct, the link was added in the past week and a half ago so that customers would not accidentally hit this scenario.

No worries though: once the fix is in and live, the scenario will be supported :) We're on still on track for this month. I will post back here once we have it available for validation pools (host pools with "ValidationEnv" set to $true) so that we can confirm the fix before the broadest rollout.

@christianmontoya thank you for the update :)

@christianmontoya 

I am still experiencing this same issue you explain above with AADDS, however even when I create a Cloud native user I get the following error when trying to connect to Virtual Desktop / RemoteApp:-

ErrorSource : RDAgent
ErrorOperation : AddUserToRDUGroup
ErrorCode : -2147467259
ErrorCodeSymbolic : ConnectionFailedAdErrorNoSuchMember
ErrorMessage : Failed to add user = ≤Cloud.User@teammetalogic.com≥ to group = Remote
Desktop Users. Reason: Win32.ERROR_NO_SUCH_MEMBER
ErrorInternal : False
ReportedBy : RDGateway
Time : 05/10/2019 17:05:32

Windows Virtual Desktop DNS name - azure.DOMAIN.com was initially created because recommendation was to not have conflicting DNS names with tenant, which is DOMAIN.com

@CraigSmith87 : Where was that recommendation made (to not match your AAD tenant name)?

@christianmontoyaThank you for the updates. Will there be any additional steps for us to perform if we already have the host pools with validation set to true? Hopefully your target of this month remains on track, I have 2 clients that I would like to migrate to WVD as it, at least from the outset, looks to out perform their existing Citrix environment and a much lower cost.

@christianmontoya 

I'm still encountering the issue. On 9/11, you wrote:

We've completed step #1 completely and #2 is what we're implementing/validating now. We expect this to complete and rollout within the next month.

So, we're 5 weeks out from there now and there is still no fix...and it seems like it's not even available in validation environments yet. Is this correct?

You also decided to go GA with a product that can't support basic usage (deleting a user account and recreating it...or just renaming a user)...

I would really like to understand what's going on here. Is there any update here?

Hi,

would like to add to this thread. I also have deployed WVD in view of rolling it out for our business but when I try and add new user directly to AAD (we have no AADC sync) it is failing with error:

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : User xxx@xxx.net: SID information in the database 'S-1-5-21-1382006385-1486747441-1399156625-1111' does not match SID information returned
by agent 'S-1-5-21-1382006385-1486747441-1399156625-1129' in the orchestration reply.. This scenario is not supported - we will not be able
to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 23/10/2019 12:48:50

@christianmontoya: Would appreciate idea of when this will be fixed. Like @jeffb8 and others, I've tried everything (even deleting, adding user) but nothing works.

@christianmontoya last day of the month. Any news?

I can add that this does not work with accounts sourced from local AD when converting users to cloud by disabling AD-connect either..

Fantastic!! I just successfully logged into a desktop session on an account that was previously not working due to the SID issue, no reconfiguration required beforehand, literally just tried the login again and it worked perfectly.

@Eva Seydl great news! Things are working now. Thank you!

@Eva Seydl

Hi Eva, unfortunately this fix did not resolve our sign-in issues. It did change the error code.

We have migrated all our users to Microsoft 365 Business (synced from AD to Azure AD and afterwards removed Azure AD Connect) then configured AADDS and WVD.

We can succesfully signin on the Microsoft Remote Desktop application and from there we can connect to our WVD Hostpool. When entering username and password the Remote Desktop seems to initiate the connection but keeps prompting for username and password, without any error.

Get-RdsDiagnosticActivities states the following:

ActivityId        : ##########-f64b-405f-a79a-###########

ActivityType      : Connection
StartTime         : 13-11-2019 12:46:03
EndTime           : 13-11-2019 12:46:11
UserName          : user@domain
RoleInstances     : computername;≤≥
Outcome           : Success
Status            : Completed
Details           : {[ClientOS, WINDOWS 10.0.18362], [ClientVersion, 1.2.431.19493], [ClientType, com.microsoft.rdc.win
                    dows.msrdc.x64], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 13-11-2019 12:47:43
Checkpoints       : {TransportConnecting, TransportConnected, RdpStackDisconnect, OnCredentialPromptInvoke...}
Errors            : {}

We also tried: Set-RdsHostPool -TenantName XX -Name XX -ValidationEnv $true

I'm not sure where to look from here.. What fix has been rolled out? Are there any specifics about this fix?

btw newly created users seem to work ok. so only the synced user have this issue.

@rdoorduin : For this scenario, I recommend filing a support ticket, as the fix that was rolled out should cover all of the standard cases.

@christianmontoya 

What is the fix. Can you please share the details. What needs to be done to resolve this issue. Please explain.

Thanks