SOLVED
Home

[Announcement] Connectivity issues from synchronized users to VMs joined to AAD DS

%3CLINGO-SUB%20id%3D%22lingo-sub-759642%22%20slang%3D%22en-US%22%3E%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-759642%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%20thanks%20for%20the%20continued%20testing%20of%20WVD.%20We%E2%80%99ve%20seen%20multiple%20connection%20errors%20with%20UPN%20when%20connecting%20to%20VMs%20joined%20to%20Azure%20AD%20Domain%20Services.%20We%E2%80%99ve%20done%20some%20preliminary%20investigations%20and%20figured%20out%20which%20scenarios%20are%20currently%20affected%20and%20which%20scenarios%20should%20continue%20to%20work.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWorks%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ELogging%20into%20VM%20joined%20to%20Azure%20AD%20DS%20instance%20with%20Azure%20AD%20user%20sourced%20from%3CSTRONG%3EAzure%20Active%20Directory%20%3C%2FSTRONG%3E(aka%2C%20%3CSTRONG%3ENew%20user%3C%2FSTRONG%3Ecreated%20just%20in%20Azure%20AD).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDoes%20not%20work%20(and%20investigating%20fix)%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ELogging%20into%20VM%20connected%20to%20Azure%20AD%20DS%20with%20Azure%20AD%20user%20sourced%20from%3CSTRONG%3EWindows%20Server%20AD%20%3C%2FSTRONG%3E(aka%2C%20synchronized%20to%20Azure%20AD%20through%20Azure%20AD%20Connect).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20will%20see%20an%20error%20in%20the%20Diagnostics%20similar%20to%20below%3A%3C%2FP%3E%0A%3CP%3EErrorSource%20%3A%20RDBroker%3CBR%20%2F%3EErrorOperation%20%3A%20OrchestrateSessionHost%3CBR%20%2F%3EErrorCode%20%3A%20-2146233088%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedUserSIDInformationMismatch%3CBR%20%2F%3EErrorMessage%20%3A%20OrchestrateAsync%3A%20SID%20value%20in%20the%20database%20is%20different%20than%20the%20value%20returned%20in%20the%3CBR%20%2F%3Eorchestration%20reply%20from%20the%20agent%20for%20user%20%E2%89%A4%3CA%20href%3D%22mailto%3Auser1%40contoso.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Euser1%40contoso.com%3C%2FA%3E%E2%89%A5%20with%20Id%3CBR%20%2F%3E54a45a4c-41ad-4374-5e41-08d6e4d9acde.%20This%20scenario%20is%20not%20supported%20-%20we%20will%20not%20be%20able%20to%3CBR%20%2F%3Eredirect%20the%20user%20session.%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%207%2F16%2F2019%203%3A17%3A24%20PM%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWorkaround%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EIf%20your%20setup%20matches%20the%20description%20but%20you%20would%20still%20like%20to%20test%2C%20we%20suggest%20creating%20cloud%20users%20in%20Azure%20Active%20Directory%20for%20the%20time%20being.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EResolution%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ENo%20current%20ETA%2C%20but%20working%20towards%20a%20fix.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHow%20to%20check%20where%20your%20user%20is%20sourced%20from%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EYou%20can%20navigate%20to%20the%20Azure%20AD%20portal%20or%20the%20Azure%20Active%20Directory%20blade%20in%20the%20Azure%20portal%2C%20then%20go%20to%20users%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123570i33DB7E0421078641%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22aaduser.PNG%22%20title%3D%22aaduser.PNG%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ELocate%20where%20the%20Azure%20AD%20user%20is%20sourced.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-762578%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-762578%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20before%20the%20post%20that%20Cloud%20ID%20only%20is%20working%20but%20that%20is%20not%20valid%20for%20our%20production%20POC%3C%2FP%3E%3CP%3Ei%20been%20testing%20with%20cloud%20ID%20only%20and%20that%20works%20%2C%20further%20more%20the%20issue%20with%20synced%20account%2C%20it%20looks%20like%20recently%20(because%20this%20was%20working%20before)%20you%20doing%26nbsp%3B%20SID%20check%20between%20the%20azure%20synced%20account%20and%20the%20account%20in%20azure%20DS%20and%20that%20will%20not%20match.%20i'm%20wondering%20if%20the%20scenario%20without%20azure%20DS%20%2C%20i%20mean%20extending%20AD%20to%20the%20cloud%20and%20join%20the%20virtual%20desktop%20machines%20to%20the%20same%20domain%20will%20have%20the%20same%20issue%20or%20not%20for%20synced%20user%20account.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-763626%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-763626%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F376480%22%20target%3D%22_blank%22%3E%40ashro2%3C%2FA%3E%26nbsp%3B%3A%20Thanks%20for%20the%20clarifying%20question%2C%20but%20no%2C%20the%20issue%20will%20not%20replicate%20if%20you%20have%20a%20hybrid%20setup%20and%20are%20joining%20your%20virtual%20machines%20to%20the%20domain%20that%20is%20syncing%20up%20the%20users%20with%20Azure%20AD%20Connect.%20The%20primary%20issue%20lies%20in%20the%20SID%20check%2C%20and%20that%20Azure%20AD%20DS%20creates%20a%20new%20SID%20(by%20design)%20for%20the%20users%20that%20it%20creates%20on%20the%20managed%20domain%20services%20instance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-764620%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-764620%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%20%26nbsp%3Bi%20came%20to%20the%20same%20conclusion%20when%20looking%20ate%20the%20object%20SID%20in%20AAD%20and%20Azure%20DS%20and%20the%20Mismatch.%20i%20have%202%20comments%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20this%20check%20was%20introduced%20recently%20because%20this%20scenario%20was%20working%20before%20%2C%20is%20it%20possible%20to%20trun%20off%20this%20check%20of%20the%20SID%3F%20I%20saw%20the%20feedback%20on%20the%20form%20suggested%20moving%20the%20pool%20to%20validation%20pool%20where%20you%20deployed%20a%20fix%20for%20the%20issue%20but%20looks%20like%20that%20is%20not%20working%20as%20well.%20so%20is%20there%20a%20way%20to%20trun%20off%20this%20check%20i%20can%20do%20in%20my%20side%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20is%20there%20a%20way%20to%20modify%20the%20Azure%20DS%20object%20SID%20to%20match%20AAD%20%3F%20we%20don't%20have%20much%20control%20over%20the%20object%20in%20Azure%20DS%20I%20realized%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eit%20will%20be%20great%20if%20we%20can%20manually%20turnoff%20this%20SID%20check%20manually%20at%20least%20for%20testing%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-764917%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-764917%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F376480%22%20target%3D%22_blank%22%3E%40ashro2%3C%2FA%3E%26nbsp%3B%3A%20Unfortunately%2C%20it's%20not%20quite%20as%20simple%20as%20turning%20off%20the%20check%20since%20this%20check%20was%20implemented%20to%20stabilize%20the%20reconnection%20scenarios%20so%20that%20users%20get%20redirected%20back%20to%20a%20previously%20existing%20session%20(as%20opposed%20to%20get%20a%20new%20session).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20not%20sure%20if%20there's%20a%20way%20to%20manipulate%20the%20SIDs%2C%20but%20we're%20investigating%20all%20possible%20options%20right%20now.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20the%20feedback%20and%20dialogue%20though.%20We%20want%20to%20unblock%20testing%2C%20but%20also%20do%20not%20want%20to%20leave%20users%20in%20a%20bad%20state.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-769417%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-769417%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3BSo%20no%20workaround%20for%20this%20scenario%20since%20the%20SID%20check%20is%20active%20now%20and%20according%20to%20you%20no%20ETA%20too.%20that's%20a%20bit%20disappointing!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-769759%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-769759%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20the%20service%20is%20currently%20in%20preview%2C%20but%20i%20find%20the%20fact%20that%20this%20bug%20took%20multiple%20weeks%20to%20identify%20and%20acknowledge%20is%20a%20bit%20worrying%20for%20the%20state%2Ffuture%20of%20AAD%20DS%20(that%20we%20rarely%20deployed%20before%20WVD).%3CBR%20%2F%3E%3CBR%20%2F%3EAre%20there%20so%20few%20orgs%20using%20AAD%20DS%20%3F%20Should%20we%20drop%20it%20and%20extend%20on-prem%20ADs%20to%20Azure%20LAN%20for%20WVD%20instead%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-770061%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770061%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F35332%22%20target%3D%22_blank%22%3E%40Bazam%20Chekrian%20Valappu%3C%2FA%3E%26nbsp%3B%3A%20Yes%2C%20we%20solved%20one%20failing%20behavior%20but%20now%20it's%20hindering%20another%2C%20but%20definitely%20working%20to%20achieve%20both.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-770074%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770074%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78166%22%20target%3D%22_blank%22%3E%40Arthur%20GERARD%3C%2FA%3E%26nbsp%3B%3A%20I%20wouldn't%20say%20that%20no%20one%20is%20using%20Azure%20AD%20DS%20or%20that%20it's%20not%20a%20viable%20solution.%20Primarily%2C%20understanding%20this%20failing%20scenario%20is%20an%20intersection%20of%20where%20customers%20are%20today%20and%20how%20they%20are%20piloting%20Windows%20Virtual%20Desktop%20with%20just%20cloud%20users%20(before%20trying%20to%20extend%20this%20with%20a%20full%20site-to-site%20on-prem%20infrastructure).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBetween%20using%20Azure%20AD%20DS%20or%20extending%20existing%20domain%20structure%20to%20Azure%2C%20it%20depends%20on%20your%20scenarios%20you're%20targeting.%20You%20have%20much%20more%20flexibility%20by%20extending%2C%20since%20you%20can%20use%20Federation%2C%20Passthrough%20Authentication%2C%20or%20password%20hash%20(whereas%20AAD%20DS%20only%20works%20with%20password%20hash).%20Not%20sure%20if%20you've%20already%20seen%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Fcomparison%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ecomparison%20article%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-770094%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770094%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3EThat%20makes%20sense%2C%20thank%20you.%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20%22Azure%20AD%20join%22%20on%20the%20roadmap%20for%20WVD%20%3F%20Or%20will%20AAD%20DS%20continue%20to%20be%20the%20lightest%20deployment%20for%20our%20SMB%20customers%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-770124%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770124%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78166%22%20target%3D%22_blank%22%3E%40Arthur%20GERARD%3C%2FA%3E%26nbsp%3B%3A%20Azure%20AD%20Join%20is%20definitely%20a%20scenario%20we%20want%20to%20support%20and%20we're%20in%20the%20initial%20investigation%20stages%2C%20as%20it's%20a%20larger%20change%20from%20how%20VDI%2FRDS%20has%20worked%20in%20the%20past.%20Unfortunately%2C%20this%20feature%20is%20not%20something%20that%20will%20make%20it%20into%20our%20initial%20GA.%20We%20will%20continue%20to%20update%20these%20forums%20and%20our%20Docs%20site%20as%20we%20have%20more%20information%20on%20this%20scenario%2C%20and%20other%20new%20ones.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-771838%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-771838%22%20slang%3D%22en-US%22%3EJust%20checking%20if%20there's%20any%20ETA%20on%20the%20fix%20for%20the%20initial%20problem%20in%20this%20thread.%20Thanks.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-776643%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-776643%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Christian%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20seem%20to%20be%20experiencing%20the%20exact%20same%20error%20in%20a%20test%20environment.%20However%2C%20the%20user%20is%20sourced%20from%20Azure%20Active%20Directory.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20be%20happy%20to%20help%20troubleshoot%20since%20I%20have%20clients%20looking%20forward%20to%20WVD.%20below%20is%20some%20info%20that%20might%20be%20relevant%20and%20if%20you%20need%20identifying%20tenant%20info%20I'll%20be%20happy%20to%20send%20via%20PM%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDBroker%3CBR%20%2F%3EErrorOperation%20%3A%20OrchestrateSessionHost%3CBR%20%2F%3EErrorCode%20%3A%20-2146233088%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedUserSIDInformationMismatch%3CBR%20%2F%3EErrorMessage%20%3A%20OrchestrateAsync%3A%20SID%20value%20in%20the%20database%20is%20different%20than%20the%20value%20returned%20in%20the%20orchestration%20reply%20from%20the%20agent%20for%20user%20%E2%89%A4username%E2%89%A5%20with%20Id%20%3CID%3E.%20This%20scenario%20is%3CBR%20%2F%3Enot%20supported%20-%20we%20will%20not%20be%20able%20to%20redirect%20the%20user%20session.%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%207%2F28%2F2019%2014%3A17%3A15%3C%2FID%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETenantName%20%3A%20IC-WVD2%3CBR%20%2F%3ETenantGroupName%20%3A%20Default%20Tenant%20Group%3CBR%20%2F%3EHostPoolName%20%3A%20Desktop%3CBR%20%2F%3EFriendlyName%20%3A%3CBR%20%2F%3EDescription%20%3A%3CBR%20%2F%3EPersistent%20%3A%20False%3CBR%20%2F%3ECustomRdpProperty%20%3A%3CBR%20%2F%3EMaxSessionLimit%20%3A%20999999%3CBR%20%2F%3ELoadBalancerType%20%3A%20BreadthFirst%3CBR%20%2F%3EValidationEnv%20%3A%20True%3CBR%20%2F%3ERing%20%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-777298%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-777298%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWe%20have%20just%20noticed%20the%20same%20problem%20in%20our%20test%20environment.%3C%2FP%3E%3CP%3EBut%20a%20strange%20thing%20is%20that%20it%20only%20affects%20one%20of%20the%2017%20pilot%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20users%20were%20synced%20from%20a%20local%20AD%20to%20Azure%20AD.%3C%2FP%3E%3CP%3EAzure%20AD%20connect%20sync%20was%20removed%201%20year%20ago.%3C%2FP%3E%3CP%3EAzure%20AD%20services%20was%20setup%20to%20support%20the%20WVD%20environment.%3C%2FP%3E%3CP%3EUsers%20envolved%20in%20pilot%20had%20to%20reset%20their%20passwords%20and%20could%20then%20logon.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20now%2C%20one%20user%20gets%20the%20error%20message%3A%3C%2FP%3E%3CP%3ESID%20value%20in%20the%20database%20is%20different%20than%20the%20value%20returned%20in%20the%20orchestration%20reply%20from%20the%20agent%20for%20user...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Hostpool%20is%20in%20%22validation%22%26nbsp%3B%3C%2FP%3E%3CP%3E%26lt%3B%23%3C%2FP%3E%3CDIV%3EErrorSource%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20RDBroker%3CBR%20%2F%3EErrorOperation%20%26nbsp%3B%20%26nbsp%3B%3A%20OrchestrateSessionHost%3CBR%20%2F%3EErrorCode%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20-2146233088%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedUserSIDInformationMismatch%3CBR%20%2F%3EErrorMessage%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20OrchestrateAsync%3A%20SID%20value%20in%20the%20database%20is%20different%20than%20the%20value%20returned%20in%20the%20orchestration%20reply%20from%26nbsp%3Bthe%20agent%20for%20user%20%E2%89%A4a.b%40domain.se%E2%89%A5%20with%20Id%20b663bb3d-3f67-42e9-f891-08d6fb3eb712.%20This%20scenario%20is%20not%20supported%20-%20we%20will%20not%20be%20able%20to%20redirect%20the%20user%20session.%3CBR%20%2F%3EErrorInternal%20%26nbsp%3B%20%26nbsp%3B%3A%20False%3CBR%20%2F%3EReportedBy%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20RDGateway%3CBR%20%2F%3ETime%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%202019-07-18%2009%3A36%3A42%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EErrorSource%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20Client%3CBR%20%2F%3EErrorOperation%20%26nbsp%3B%20%26nbsp%3B%3A%20ClientRDPConnect%3CBR%20%2F%3EErrorCode%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%202147965400%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%3CBR%20%2F%3EErrorMessage%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20Your%20computer%20can't%20connect%20to%20the%20Remote%20Desktop%20Gateway%20server.%20Contact%20your%20network%20administrator%20for%20assistance.%3CBR%20%2F%3EErrorInternal%20%26nbsp%3B%20%26nbsp%3B%3A%20True%3CBR%20%2F%3EReportedBy%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%20Client%3CBR%20%2F%3ETime%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3A%202019-07-18%2009%3A36%3A42%3C%2FDIV%3E%3CP%3E%23%26gt%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778080%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778080%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3Bwould%20be%20great%20to%20get%20an%20update%20on%20when%20this%20will%20be%20fixed%20-%20we%20were%20happily%20using%20this%20with%20this%20setup%20then%20in%20abruptly%20broke%20and%20we've%20been%20investigating%20on%20and%20off%20as%20time%20allowed%20ever%20since.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20i%20stumbled%20across%20this%20issue%20(after%20finally%20figuring%20out%20how%20to%20debug%20what%20was%20going%20wrong).%20Do%20we%20have%20an%20ETA%20as%20this%20is%20now%20a%20total%20block%20on%20us%20using%20WVD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20really%20disappointed%20as%20this%20is%20the%202nd%20major%20stumbling%20block%20-%20we've%20fully%20adopted%20Azure%20AD%20and%20the%20lack%20of%20support%20for%20Azure%20AD%20join%20is%20the%20other%20one.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20can%20be%20such%20a%20good%20solution%20it's%20just%20so%20frustrating.....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-778926%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-778926%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20identify%20the%20public%20IP%20range%20used%20by%20azure%20virtual%20desktops%20to%20communicate%20with%20external%20resources%20such%20as%20O365%3C%2FP%3E%3CP%3EServices%20.%20this%20is%20required%20to%20apply%20some%20azure%20%26nbsp%3Baccess%20control%20policy%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-779549%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-779549%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F376480%22%20target%3D%22_blank%22%3E%40ashro2%3C%2FA%3E%26nbsp%3BSee%20this%20thread%20on%20github%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F33988%23issuecomment-509722530%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fazure-docs%2Fissues%2F33988%23issuecomment-509722530%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-789440%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-789440%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%20Same%20issue%20for%20one%20of%20test%20Azure-born%20user%2C%20the%20second%20one%20(Azure-born%20as%20well)%20still%20works%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-791960%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-791960%22%20slang%3D%22en-US%22%3EAny%20update%20on%20a%20resolution%3F%20This%20is%20a%20hard%20blocker%20for%20us.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20workaround%20only%20works%20with%20NEWLY%20CREATED%20users%20-%20meaning%20I%20cannot%20delete%20a%20Windows%20Server%20AD%20user%2C%20then%20recreate%20with%20the%20same%20username%20as%20an%20Azure%20AD%20sourced%20user.%20It%20seems%20like%20Windows%20Virtual%20Desktop%20permanently%20stores%20the%20upn%20and%20sid%20in%20its%20database....so%20deleting%20and%20recreating%20the%20user%20in%20Azure%20AD%20doesn%E2%80%99t%20help...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794147%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794147%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64296%22%20target%3D%22_blank%22%3E%40Richard%20Harrison%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F383387%22%20target%3D%22_blank%22%3E%40Integral-Consulting%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F374394%22%20target%3D%22_blank%22%3E%40rhythmnewt%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F54353%22%20target%3D%22_blank%22%3E%40Alex%20Ignatenko%3C%2FA%3E%26nbsp%3B%3A%20Hi%20everyone%2C%20apologies%20for%20this%20thread%20going%20a%20bit%20quiet.%20We've%20done%20investigations%20and%20started%20implementing%20the%20fix%2C%20but%20will%20take%20time%20to%20roll%20into%20production.%20Once%20I%20get%20a%20better%20date%2C%20I%20will%20reach%20out%20here%20so%20you%20all%20can%20continue%20your%20testing!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESince%20we%20roll%20out%20in%20phases%2C%20I'd%20highly%20recommend%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Fvirtual-desktop%2Fcreate-validation-host-pool%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Esetting%20up%20a%20host%20pool%20for%20validation%3C%2FA%3E%2C%20as%20this%20will%20be%20the%20first%20place%20to%20test.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAgain%2C%20thanks%20all%20and%20we're%20definitely%20trying%20to%20get%20this%20fix%20rolled%20out%20as%20soon%20as%20we%20can.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794150%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794150%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F18065%22%20target%3D%22_blank%22%3E%40Torbj%C3%B6rn%20Granheden%3C%2FA%3E%26nbsp%3B%3A%20As%20it%20stands%20now%2C%20the%20issue%20stems%20from%20the%20SID's%20being%20synchronized%20as%20part%20of%20the%20Azure%20AD%20token%20and%20then%20receiving%20a%20different%20one%20through%20Azure%20AD%20Domain%20Services.%20Are%20you%20aware%20of%20any%20difference%20of%20properties%20between%20this%201%20user%20and%20the%20other%2016%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794151%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794151%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78166%22%20target%3D%22_blank%22%3E%40Arthur%20GERARD%3C%2FA%3E%26nbsp%3B%3A%20Azure%20AD%20Join%20is%20in%20our%20backlog.%20We've%20heard%20overwhelming%20interest%20for%20this%2C%20and%20we%20want%20to%20align%20with%20Azure%20AD%20Join%2FIntune%20as%20a%20means%20of%20deploying%20and%20managing%20Windows.%20We%20don't%20have%20any%20specific%20dates%20on%20this%2C%20but%20we%20definitely%20want%20to%20supporting%20this%20as%20a%20scenario%20down%20the%20road.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794227%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794227%22%20slang%3D%22en-US%22%3EThank%20you%20for%20keeping%20us%20informed!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-794229%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-794229%22%20slang%3D%22en-US%22%3EThanks.%20Is%20there%20an%20eta%20for%20when%20a%20fix%20will%20be%20available%20to%20host%20pools%20in%20validation%20mode%3F%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20not%2C%20is%20there%20any%20way%20to%20submit%20a%20support%20request%20to%20get%20you%20to%20delete%20stale%20user%20accounts%20from%20your%20sql%20azure%20database%20or%20is%20this%20exposed%20in%20any%20way%3F%20It%20would%20at%20least%20allow%20us%20to%20proceed%20with%20testing%20if%20there%20was%20a%20way%20to%20recreate%20the%20user%20accounts%20with%20problems.%20As%20I%20mentioned%20above%20-%20today%20we%20can%E2%80%99t%20even%20delete%2Frecreate%20the%20user.%20It%20has%20to%20be%20created%20as%20a%20cloud%20only%20user%20with%20a%20different%20upn...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-802715%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-802715%22%20slang%3D%22en-US%22%3E%3CP%3EHola%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%2C%26nbsp%3Bthanks%20for%20the%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20case%2C%20the%20scenario%20and%20behavior%20are%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20an%20Active%20Directory%20On-Premise%20synchronized%20to%20Azure%20Active%20Directory%20through%20ADConnect.%20In%20Azure%20I%20have%20implemented%20an%20Azure%20Active%20Directory%20Domanin%20Services%20(AADDS).%20Both%20directories%20are%20synchronized%20(ADDS%20and%20AADDS)%20through%20the%20AAD.%20I%20have%20password%20hashes%20replication%20set.%20I%20implemented%20a%20WVD%20HostPool.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20perform%20tests%20with%20my%20synchronized%20users%2C%20I%20have%20also%20created%20Cloud%20users%20(AAD%20only).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBoth%20types%20of%20users%20allow%20me%20to%20connect%20the%20most%20virtual%20machines%20of%20the%20WVD%20HostPool%20through%20RDP.%20However%2C%20when%20I%20try%20to%20use%20the%20WebClient%20through%20the%20URL%20%3CA%20title%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fwebclient%2Findex.html%22%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fwebclient%2Findex.html%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fwebclient%2Findex.html%3C%2FA%3Eboth%20types%20of%20users%20can%20log%20in%20with%20their%20AADDS%20and%20AAD%20credentials.%20But%20by%20selecting%20applications%20to%20log%20in%20to%20them%2C%20only%20users%20created%20in%20the%20cloud%20(in%20AAD)%20can%20successfully%20start%3B%20synchronized%26nbsp%3Busers%20from%20ADDS%20get%20the%20error%20from%20the%20following%20image%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20604px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F126757i0F14C6F4EA53419A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Error.png%22%20title%3D%22Error.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20log%20error%20for%20synced%20users%20is%20the%20follow%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EActivityId%20%3A%20e5eaa99a-0873-4e39-9063-d39e511c0000%3CBR%20%2F%3EActivityType%20%3A%20Connection%3CBR%20%2F%3EStartTime%20%3A%2012%2F08%2F2019%205%3A09%3A12%20p.%20m.%3CBR%20%2F%3EEndTime%20%3A%2012%2F08%2F2019%205%3A09%3A18%20p.%20m.%3CBR%20%2F%3EUserName%20%3A%20F21212121%40fvl.org.co%3CBR%20%2F%3ERoleInstances%20%3A%20rdwebclient%3Bmrs-eus2r0c002-rdgateway-prod-staging%3A%3ARD2818788A5384%3Bmrs-eus2r0c001-rdbroker-prod-staging%3A%3ARD2818782C7086%3B%E2%89%A4WVDSH-0.fvl.org.co%E2%89%A5%3CBR%20%2F%3EOutcome%20%3A%20Failure%3CBR%20%2F%3EStatus%20%3A%20Completed%3CBR%20%2F%3EDetails%20%3A%20%7B%5BClientOS%2C%20Win32%20Chrome%2076.0.3809.100%5D%2C%20%5BClientVersion%2C%201.0.18.5%5D%2C%20%5BClientType%2C%20HTML%5D%2C%20%5BPredecessorConnectionId%2C%20%5D...%7D%3CBR%20%2F%3ELastHeartbeatTime%20%3A%2012%2F08%2F2019%205%3A09%3A19%20p.%20m.%3CBR%20%2F%3ECheckpoints%20%3A%20%7BLoadBalancedNewConnection%2C%20TransportConnected%2C%20TransportConnecting%7D%3CBR%20%2F%3EErrors%20%3A%20%7BMicrosoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20the%20same%20error%20that%20you%20are%20describing%20in%20this%20post%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20a%20lot%20for%20your%20response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPaul%20Pedroza%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-807351%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-807351%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eany%20updates%3F%20we%20are%20hard%20blocked%20in%20terms%20of%20using%20Windows%20Virtual%20Desktop%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-812602%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-812602%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3EI%20have%20checked%20with%20every%20powershell%20cmdlet%20i%20can%20think%20of%2C%20but%20the%20users%20are%20identical%20configured.%20I%20have%20compared%20with%20another%20user%20that%20was%20hired%20at%20the%20same%20time%20(2014).%20And%20also%20has%20been%20migrated%20from%20an%20onprem%20AD%20to%20an%20Azure%20AD%20only%20environment.%20The%20ad%20connect%20was%20removed%20a%20year%20ago%20ish.%20The%20Azure%20Domain%20Services%20was%20setup%20to%20support%20WVD%20preview%20in%20June.%3C%2FP%3E%3CP%3EMy%20user%20is%20on%20vaccation%20and%20I%20cannot%20get%20an%20answer%20if%20it%20still%20is%20an%20issue%20or%20if%20it%20has%20been%20solved%20by%20agent%20update.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%2C%20you%20should%20think%20of%20a%20rollback%20of%20the%20sid%20verification%20and%20do%20a%20rearchitect.%3CBR%20%2F%3EIf%20it%20is%20so%20much%20trouble%20for%20preview%20users%2C%20how%20will%20this%20work%20for%20GA%3F%3C%2FP%3E%3CP%3E%2FMr%20T-Bone%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-815957%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-815957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%20Any%20update%20on%20this%26nbsp%3B%20%3F%20As%20others%20have%20reported%20we%20are%20at%20a%20stand%20still.%26nbsp%3B%3CBR%20%2F%3ESynced%20from%20on-premise%20aren't%20working.%26nbsp%3B%20I%20have%20tried%20validation%20pools%20and%20still%20no%20luck%20with%20Sync%20accounts.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-822173%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-822173%22%20slang%3D%22en-US%22%3ESeems%20like%20we%E2%80%99re%20in%20store%20for%20a%20repeat%20of%20Azure%20RemoteApp.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-822467%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-822467%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3EAnother%20week%20without%20status%20update%3F%3C%2FP%3E%3CP%3EAny%20progress%20of%20getting%20the%20WVD%20working%20again%20for%20all%20of%20us%20with%20Azure%20DS%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20only%20one%20user%20out%20of%2030%20pilots%20that%20get%20sid%20failure%3F%3C%2FP%3E%3CUL%3E%3CLI%3ECannot%20see%20any%20different%20attributes%20on%20this%20specific%20user%20compared%20with%20another%20user%20created%20same%20week.%3C%2FLI%3E%3CLI%3EBoth%20accounts%20created%203%20years%20ago%20in%20a%20local%20AD.%3C%2FLI%3E%3CLI%3ESynced%20to%20Azure%20AD%20with%20AD%20connect.%3C%2FLI%3E%3CLI%3ELocal%20AD%20and%20Azure%20AD%20connect%20dismounted%20and%20retired%2012%20month%20ago.%3C%2FLI%3E%3CLI%3EAzure%20DS%20started%20for%20WVD%203%20months%20ago.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%2FMr-Tbone%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%2FTorbj%C3%B6rn%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-823017%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-823017%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F18065%22%20target%3D%22_blank%22%3E%40Torbj%C3%B6rn%20Granheden%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F396243%22%20target%3D%22_blank%22%3E%40cititechs%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%3A%20Thanks%20for%20being%20patient%20with%20us.%20As%20an%20update%2C%20we've%20identified%20the%20issue%20and%20have%20taken%20the%20first%20step%20to%20solving%20it%2C%20just%20that's%20a%20multi-phase%20fix%2Froll-out.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%2C%20to%20address%20some%20of%20the%20feedback%2C%20in%20order%20to%20login%20users%20and%20work%20between%20cloud%2Fon-prem%20accounts%2C%20there%20are%20only%20so%20many%20interfaces%20and%20returned%20values%20that%20the%20system%20gives%20us%20for%20logon.%20And%2C%20unfortunately%2C%20it%20wasn't%20as%20easy%20as%20rolling%20back%20because%20then%20we%20would%20then%20have%20other%20sets%20of%20users%20be%20unable%20to%20reconnect%20to%20existing%20sessions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWill%20hope%20to%20have%20another%20update%20soon%20regarding%20the%20full%20fix.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-823069%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-823069%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%3A%20Just%20to%20get%20more%20clarity%2C%20is%20it%20primarily%20%3CEM%3E%3CSTRONG%3Ethis%3C%2FSTRONG%3E%3C%2FEM%3Eissue%20that%20you%20think%20will%20make%20it%20the%20next%20Azure%20RemoteApp%3F%20Is%20there%20other%20functionality%20that%20we're%20missing%2C%20should%20be%20focusing%20on%2C%20or%20should%20be%20fixing%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-824239%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-824239%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20validation%20pool%20seems%20like%20a%20good%20idea%20(%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Fvirtual-desktop%2Fcreate-validation-host-pool%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fazure%2Fvirtual-desktop%2Fcreate-validation-host-pool%3C%2FA%3E%3C%2FFONT%3E)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20to%20make%20that%20really%20viable%20we%20need%20a%20schedule%20of%20upcoming%20releases%20to%20know%20when%20we%20should%20be%20validating%20(and%20potentially%20what%20specific%20areas%20to%20check).%20Is%20that%20something%20that%20is%20also%20going%20to%20be%20published%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20control%20of%20when%20updates%20are%20pushed%20would%20also%20be%20very%20useful%20-%20for%20example%20if%20we%20find%20an%20issue%20during%20validation%20can%20we%20prevent%20that%20being%20pushed%20to%20our%20environments%20or%20would%20if%20just%20get%20pushed%20anyway%20after%20some%20timeout%20period%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3ERich%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-824558%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-824558%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E-%20one%20other%20thing%20to%20just%20mention%20-%20we%20recently%20had%20some%20other%20issues%20with%20AADDS%20and%20in%20conversations%20with%20the%20product%20group%20there%20they%20told%20us%20there%20is%20a%20new%20version%20of%20the%20sync%20process%20planned%20(quite%20soon%20I%20think)%20from%20AAD%20to%20AADDS%20-%20not%20sure%20if%20this%20helps%20you%20in%20any%20way%20with%20the%20issues%20you%20have%20-%20perhaps%20if%20you%20have%20any%20requirements%20for%20changes%20these%20could%20be%20included%20in%20what%20that%20team%20is%20doing%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-825661%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-825661%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64296%22%20target%3D%22_blank%22%3E%40Richard%20Harrison%3C%2FA%3E%26nbsp%3B%3A%20Great%20questions!%20We%20definitely%20intend%20to%20push%20out%20notice%20of%20things%20coming%20out%20the%20validation%20pool%20so%20it%20can%20be%20tested.%20We%20have%20done%20this%20in%20limited%20capacity%20and%20to%20smaller%20groups%20of%20customers%2C%20but%20we%20intend%20to%20use%20this%20more.%20We%20have%20also%20not%20pushed%20a%20build%20all%20the%20way%20to%20the%20general%20population%20due%20to%20issues%20we've%20seen%20in%20validation%2C%20so%20we%20plan%20on%20using%20it%20exactly%20like%20you're%20expecting.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20thank%20you%20for%20the%20notification.%20Will%20bring%20this%20up%20with%20the%20Azure%20AD%20DS%20team.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-828102%22%20slang%3D%22es-ES%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-828102%22%20slang%3D%22es-ES%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3BI%20have%20deleted%20and%20re-created%20my%20WVD%20test%20environment%20several%20times%2C%20now%20I%20can't%20longer%20log%20in%20even%20with%20users%20created%20directly%20in%20the%20Azure%20cloud%2C%20with%20these%20accounts%2C%20the%20users%20before%20login.%20I%20can%20no%20longer%20log%20in%20with%20synchronized%20users%20from%20my%20AD%20On-Premise%20(ADDS%20-%26gt%3B%20AAD%20-%26gt%3B%20AADDS)%20nor%20with%20the%20old%20ones%20created%20directly%20in%20Azure%20(AAD%20-%26gt%3B%20AADDS).%20I%20can%20only%20use%20the%20scenario%20if%20I%20create%20new%20users%20in%20Azure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%3CBR%20%2F%3ERDBroker%20ErrorOperation%20%3A%3CBR%20%2F%3EOrchestrateSessionHost%20ErrorCode%20%3A%20-2146233088%3CBR%20%2F%3EErrorCodeSymbolic%3CBR%20%2F%3E%3A%20ConnectionFailedUserSIDInformationMismatch%20ErrorMessage%20%3A%20User%20wahtever-whatever%3A%20SID%20information%20in%20the%20database%20'S-1-5-21-1201331163-3862359571-1670876360-8430'%20does%20not%20match%20SID%20returned%20information%20by%20agent%3CBR%20%2F%3E'S-1-5-21-1194805571-575163812-3500997978-1549'%20in%20the%20orchestration%20reply..%20This%20scenario%20is%20not%20supported%20-%20we%20will%20not%20be%20able%20to%20redirect%20the%20user%20session.%20%3CBR%20%2F%3EErrorInternal%20%3A%3CBR%20%2F%3EFalse%20ReportedBy%3CBR%20%2F%3E%3A%20RDGateway%20Time%20%3A%2028%2F08%2F2019%203%3A24%3A57%20p.m.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-830363%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-830363%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20issue%20specifically%20is%20**extremely**%20concerning%20-%20because%20this%20isn%E2%80%99t%20an%20edge%20case%3B%20this%20is%20a%20fundamental%20architecture%2Fdatabase%20design%20problem%20in%20how%20you%20uniquely%20identify%20users.%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20don%E2%80%99t%20need%20to%20get%20AAD%20Domain%20Services%20or%20any%20other%20complicated%20scenario%20in%20the%20mix%20to%20reproduce%20this%20problem.%20All%20you%20need%20to%20do%20is%20delete%20**any**%20user%20in%20**any**%20kind%20of%20environment%20and%20then%20create%20a%20new%20one%20with%20the%20same%20upn.%20And%20bam%2C%20that%20user%20is%20screwed...forever.Deleting%20and%20recreating%20the%20tenant%20doesn%E2%80%99t%20help%20any%2C%20which%20tells%20me%20that%20user%20registration%20data%20is%20stored%20independently%20of%20tenant%20data.%20This%20will%20lead%20down%20an%20avenue%20of%20problems%20with%20no%20end.%20There%20are%20alternative%20architectural%20approaches%20that%20would%20likely%20be%20more%20reliable.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-838200%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-838200%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20attest%20this!%20It%20seems%20like%20a%20flaw%20in%20design.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20happend%20to%20me%20is%20the%20following%3A%3C%2FP%3E%3CP%3EI%20had%20a%20user%20in%20my%20old%20Azure%20AD%20tenant.%20lets%20call%20it%20tenant%20A%2C%20with%20a%20UPN%20of%20user%40domain.com%20and%20used%20WVD%20succesfully%20there.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20moved%20my%20domain.com%20to%20another%20Azure%20AD%20tenant%2C%20tenant%20B.%20Setup%20Azure%20ADDS%20there%20and%20tried%20to%20login%20with%20a%20user%20with%20UPN%20user%40domain.com%2C%20so%20the%20exact%20same%20UPN%20of%20the%20user%20that%20existed%20in%20tenant%20A.%20although%20offcourse%20it%20doesn't%20exists%20in%20tenant%20A%20anymore.%3C%2FP%3E%3CP%3EWhat%20I%20saw%20when%20I%20logged%20in%2C%20was%20the%20WVD%20tenant%20with%20the%20published%20desktops%20that%20I%20created%20in%20my%20Azure%20AD%20tenant%20A!%20AND%20I%20saw%20my%20new%20WVD%20tenant%20with%20the%20published%20desktops%20that%20I%20created%20in%20my%20Azure%20AD%20tenant%20B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20when%20I%20tried%20to%20sign-in%20to%20the%20desktops%20from%20the%20new%20tenant%20B%2C%20I%20get%20the%20same%20error%20as%20everyone%20else%2C%20that%20the%20SID%20doesn't%20match%20with%20the%20one%20in%20the%20database.%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20I%20can%20understand%20that%20it%20doesn't%20match%20if%20you%20still%20saved%20the%20SID%20from%20the%20user%20in%20tenant%20A.%20But%20this%20is%20a%20completely%20new%20user%20in%20tenant%20B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20like%20JeffN825%20already%20concludes%2C%20this%20means%20that%20the%20user%20data%20is%20independent%20from%20the%20tenant%20data%2C%20which%20seems%20strange%20to%20me.%3C%2FP%3E%3CP%3EAlso%2C%20I%20would%20like%20some%20way%20to%20delete%20my%20old%20user%20with%20its%20SID%20from%20this%20backend%20database.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-839715%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-839715%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20each%20day%20that%20passes%20with%20no%20meaningful%20reply%20on%20this%20issue%2C%20I%20become%20more%20skeptical%20that%20the%20right%20team%20(one%20with%20extensive%20experience%20in%20distributed%2C%20AzureAD%20based%20authentication%20and%20authorization)%20is%20working%20on%20this%20product.%20I%20also%20wonder%20if%20the%20lack%20of%2Fdelay%20in%20reply%20is%20indicative%20of%20the%20team%20taking%20a%20pause%20to%20re-evaluate%20if%20they%20can%20successfully%20develop%20this%20solution...%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20information%20you%20can%20provide%20that%20might%20alleviate%20this%20concern%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-848508%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-848508%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20add%20users%20from%20a%20'invited%20user'%20source%20or%20from%20an%20'external%20aad'%20source%20to%20a%20remoteapp%20group%20using%20powershell.%20I%20notice%20that%20only%20users%20created%20directly%20in%20AAD%20can%20be%20added%2C%20but%20externals%20or%20invited%20ones%20cannot.%20I%20keep%20getting%20the%20error%26nbsp%3B%26nbsp%3B%22The%20specified%20UserPrincipalName%20does%20not%20exist%20in%20the%20Azure%20AD%20associated%20with%20the%20RD%20tenant.%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20confirm%20if%20these%20external%20users%20or%20invited%20users%20should%20work%20with%20WVD%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-849728%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-849728%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193408%22%20target%3D%22_blank%22%3E%40Marcel%20A'%20Campo%3C%2FA%3E%26nbsp%3B-%20external%20users%20can't%20work%20with%20WVD%20because%20they%20are%20not%20replicated%20via%20Azure%20AD%20Domain%20Services%20to%20the%20managed%20AD%20domain.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-849784%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-849784%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20issue%20a%20showstopper%20for%20us.%26nbsp%3B%20We're%20trying%20to%20roll%20out%20VDI%20for%20thousands%20of%20users%20globally....%20but%20the%20inability%20to%20automate%20handling%20of%20multiple%20security%20identifiers%20is%20a%20bit%20deal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGlad%20I%20encountered%20this%20now%2C%20instead%20of%202%20months%20from%20now%20when%20a%20single%20user%20identity%20will%20exist%20in%20AADDS%2C%20AzureAD%2C%20and%20ADDS.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-849850%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-849850%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F363970%22%20target%3D%22_blank%22%3E%40DubC85%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193408%22%20target%3D%22_blank%22%3E%40Marcel%20A'%20Campo%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F201943%22%20target%3D%22_blank%22%3E%40Roel%20Everink%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F391201%22%20target%3D%22_blank%22%3E%40pau_pedroza%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F18065%22%20target%3D%22_blank%22%3E%40Torbj%C3%B6rn%20Granheden%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F396243%22%20target%3D%22_blank%22%3E%40cititechs%3C%2FA%3E%26nbsp%3B%2F%20All%20%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20provide%20an%20update%2C%20we're%20still%20working%20on%20this%20fix.%20As%20alluded%20to%20before%2C%20the%20fix%20is%202%20steps%3A%3C%2FP%3E%0A%3CP%3E1.%20To%20create%20and%20populate%20the%20fields%3C%2FP%3E%0A%3CP%3E2.%20To%20adjust%20the%20logic%20to%20use%20these%20fields%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe've%20completed%20step%20%231%20completely%20and%20%232%20is%20what%20we're%20implementing%2Fvalidating%20now.%20We%20expect%20this%20to%20complete%20and%20rollout%20within%20the%20next%20month.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20may%20still%20seem%20like%20a%20long%20time%20out%2C%20but%20we%20do%20want%20to%20be%20more%20cautious%20on%20the%20rollout%20and%20ensure%20we%20don't%20break%20user%20connections%20like%20the%20changes%20we%20made%20that%20landed%20here.%20There%20is%20always%20an%20option%20to%20push%20straight%20to%20production%2C%20but%20that%20also%20doesn't%20help%20us%20if%20there's%20another%20case%20that%20we%20missed%20and%20if%20we%20did%20quick%20validation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUltimately%2C%20we%20realize%20that%20this%20has%20led%20to%20the%20inability%20to%20quickly%20test%20out%20the%20service%20using%20Azure%20AD%20DS.%20Once%20the%20fix%20is%20live%2C%20you%20should%20be%20quickly%20unblocked%2C%20re-start%20efforts%20to%20evaluate%20the%20product%20as%20you%20need%2C%20and%20hope%20to%20see%20continued%20feedback%20as%20you%20have%20been%20so%20far%20on%20TechCommunity%20so%20far.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20will%20post%20back%20here%20as%20we%20progress%20further%20in%20the%20fix%20and%20when%20we%20have%20this%20available%20in%20the%20validation%20pools%20to%20test.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-853330%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-853330%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20month%20-%20alright.%26nbsp%3B%20Still%20paying%20for%20the%20actual%20resource%20(that%20doesn't%20work)...have%20been%20for%20several%20months%20now.%26nbsp%3B%20This%20has%20become%20very%20disappointing.%26nbsp%3B%20Standstill%20-%20Business%20Units%20waiting%20on%20the%20solution%20-%20complaining%20about%20chargebacks%20for%20the%20resource%20(that%20doesn't%20work)%20will%20be%20the%20next%20thing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20guys%20-%20get%20this%20fixed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-854312%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-854312%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%2C%20is%20there%20any%20news%20on%20this%3F%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20is%20a%20hard%20block%20for%20us%20as%20well!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-854567%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-854567%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3ECan%20you%20share%20some%20technical%20details%20on%20what%20these%20fields%20are%20and%20how%20they%20are%20used%3F%20Any%20details%20that%20would%20inspire%20confidence%20in%20the%20solution%20you%E2%80%99ve%20designed%20would%20be%20helpful.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-860892%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-860892%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3Bthanks%20for%20the%20update.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20waiting%20to%20deploy%20WVD%20with%20Azure%20AD%20DS%20and%20if%20I%20understand%20correctly%20it%20will%20be%20possible%20once%20the%20second%20fix%20is%20rolled%20out%3F%20We%20have%20host%20pools%20set%20as%20%22Validation%22%20host%20pools%2C%20can%20we%20hope%20to%20get%20the%20fixes%20out%20sooner%20to%20these%20hostpools%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EJoakim%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-863610%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-863610%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193358%22%20target%3D%22_blank%22%3E%40Joakim%20Westin%3C%2FA%3E%26nbsp%3B-%20I%20wouldn't%20count%20on%20this%20fixing%20the%20underlying%20issue.%20From%20the%20description%20of%20the%20fix%2C%20it%20sounds%20like%20it%20will%20just%20work%20around%20it%20for%20some%20situations.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-863691%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-863691%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%3A%20Essentially%2C%20there%20are%20three%20pieces%20of%20information%20we%20need%20for%20processing%20the%20new%20or%20reconnecting%20user%20connection%3A%3C%2FP%3E%0A%3CP%3E1.%20UPN%20in%20Azure%20AD%20token%3C%2FP%3E%0A%3CP%3E2.%20SID%20in%20Azure%20AD%20token%3C%2FP%3E%0A%3CP%3E3.%20SID%20that%20the%20on-premises%20domain%20sends%20back%20when%20it%20matches%20up%20the%20user%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEverything%20is%20based%20according%20to%20the%20UPN%2C%20as%20that%20is%20provided%20in%20all%20tokens.%20The%20fixes%20will%3A%3C%2FP%3E%0A%3CP%3E1.%20Update%20the%20SID%20for%20the%20UPN%20(accounts%20for%20user%20migration%20on%20premises%20or%20new%20instantiations%20of%20Azure%20AD%20DS%20for%20users%20sourced%20in%20Windows%20Server%20AD)%3C%2FP%3E%0A%3CP%3E2.%20Update%20the%20SID%20that%20the%20on-premises%20domain%20sends%20back%20when%20it%20matches%20up%20the%20user%2C%20which%20is%20needed%20for%20manual%2Fauto-reconnect%20scenarios.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20definitely%20hear%20feedback%20on%20%22why%20SID%3F%22%2C%20but%20unfortunately%20that%20is%20needed%20for%20current%20logon%20APIs%20if%20we%20want%20to%20provide%20a%20consistent%20re-connect%20experience%20that%20can%20get%20triggered%20even%20if%20you%20lose%20Internet%20connectivity%20for%20a%20brief%20second%20or%20switch%20wireless%20networks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871432%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871432%22%20slang%3D%22en-US%22%3EI%20don%E2%80%99t%20understand%20how%20this%20will%20resolve%20the%20underlying%20issue%2C%20which%20is%20as%20simple%20to%20reproduce%20as%20deleting%20and%20recreating%20a%20user.%20Or%20deleting%20an%20AAD%20DS%20domain%20and%20recreating%20it.%20It%20seems%20that%20would%20still%20be%20broken%20after%20this%20fix.%3CBR%20%2F%3E%3CBR%20%2F%3EFurther%2C%20you%20say%3CBR%20%2F%3E%E2%80%9C2.%20Update%20the%20SID%20that%20the%20on-premises%20domain%20sends%20back%20when%20it%20matches%20up%20the%20user%2C%20which%20is%20needed%20for%20manual%2Fauto-reconnect%20scenarios.%E2%80%9D%3CBR%20%2F%3E%3CBR%20%2F%3EFirst%20-%20I%20assume%20you%20mean%20the%20RDSH%20agent%3F%20If%20so%2C%20how%20is%20the%20agent%20going%20to%20get%20the%20token%20for%20the%20current%20AAD%20user%20(which%20contains%20the%20SID%20you%20want)%3F%20If%20what%20you%20mean%20is%20that%20you%E2%80%99re%20going%20to%20try%20to%20silently%20acquire%20a%20token%20from%20the%20agent%20as%20the%20user...please%20don%E2%80%99t.%20The%20user%20could%20be%20subject%20to%20MFA%20policies%20which%20would%20muck%20you%20up%20even%20further...%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878097%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878097%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40JeffN825%3C%2FA%3E%26nbsp%3B%3A%20Ultimately%2C%20everything%20is%20mapped%20to%20a%20UPN%20so%20we%20know%20how%20to%20connect%2Freconnect%20them.%20Regardless%20of%20how%20you%20get%20your%20UPN%2C%20we%20map%20the%20resulting%20SID%20(that%20the%20domain%20understands%20relates%20to%20that%20user)%20back%20to%20the%20UPN.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlso%2C%20just%20to%20clarify%2C%20the%20Azure%20AD%20token%20is%20initially%20acquired%20by%20the%20user%20for%20the%20Windows%20Virtual%20Desktop%20Azure%20AD%20application%2C%20and%20we%20pass%20this%20through%20our%20system%20when%20we%20need%20to%20reference%20the%20incoming%20Azure%20AD%20user.%20We%20are%20not%20trying%20to%20silently%20get%20one.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879165%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879165%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3Bdo%20you%20have%20any%20updates%20on%20when%20we%20can%20expect%20to%20see%20the%20fix%20rolled%20out%20for%20us%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879169%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879169%22%20slang%3D%22en-US%22%3E%3CP%3EFYI%2C%20i%20just%20ditched%20AADDS%20and%20extended%20the%20on-premise%20AD%20through%20S2S%20VPN%20and%20DC%20VMs%20in%20Azure%20instead.%3CBR%20%2F%3ERe-used%20my%20TenantGroup%2C%20Tenant%2C%20and%20ServicePrincipal.%3CBR%20%2F%3ETemplate%20Deployment%20and%20user%20connexion%20went%20flawless%20on%20the%20first%20try.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20would%20recommend%20to%20forget%20about%20AADDS%20if%20you%20can.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879236%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879236%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78166%22%20target%3D%22_blank%22%3E%40Arthur%20GERARD%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat's%20not%20helpful%20to%20those%20of%20us%20who%20would%20rather%20not%20have%20to%20deal%20with%20ADDS%20and%20AD%20Connect%20unnecessarily.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879267%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879267%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F363970%22%20target%3D%22_blank%22%3E%40DubC85%3C%2FA%3E%26nbsp%3BMaybe%20i%20wasn't%20clear%20but%20i%20went%20from%20%3A%3CBR%20%2F%3E%3CBR%20%2F%3EOn-prem%20AD%20%2B%20AADConnect%20%2B%20AADDS%20(WVD%20VM%20being%20joined%20to%20AADDS)%3CBR%20%2F%3E-%26gt%3B%20was%20stuck%20with%20this%20bug%20for%20several%20months%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eto%20%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EOn-prem%20AD%20%2B%20AADConnect%20%2B%20On-prem%20AD%20extended%20to%20Azure%20vNet%20(WVD%20VM%20being%20joined%20to%20AD)%3CBR%20%2F%3E-%26gt%3B%20everything%20worked%20on%20the%20first%20try%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-882206%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-882206%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78166%22%20target%3D%22_blank%22%3E%40Arthur%20GERARD%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYep%2C%20this%20works%20great%2C%20and%20has%20since%20the%20beginning%20(adding%20a%20hostpool%20that's%20actually%20on%20your%20on-prem%20domain%20and%20not%20AADDS%20joined).%26nbsp%3B%20I%20didn't%20even%20add%20a%20DC%20out%20in%20the%20Azure%20vnet%20-%20just%20joined%20on-prem%20domain%20over%20the%20S2S%20tunnel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20wish%20I%20could%20use%20that%20-%20I%20would%20be%20six%20months%20ahead%20now.%26nbsp%3B%20The%20smaller%20attack%20surface%20of%20available%20users%20(filtered%20sync%20to%20AADDS)%20will%20be%20required%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887104%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887104%22%20slang%3D%22en-US%22%3EAny%20timeline%20on%20the%20fix%3F%20Looks%20like%20WVD%20went%20GA%20today.%20I%20can%20see%20there%20are%20some%20options%20with%20VPN%20tunnels%2C%20but%20I%20would%20rather%20avoid%20re-configuring%20my%20WVD%20environment%20away%20from%20Azure%20ADDS.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-890627%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-890627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F374394%22%20target%3D%22_blank%22%3E%40rhythmnewt%3C%2FA%3E%26nbsp%3BIf%20you%20look%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Foverview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20link%3C%2FA%3E%2C%20it%20looks%20that%20we%20will%20have%20to%20wait%20a%20little%20bit%20longer.%20I%20am%20pretty%20sure%20this%20Note%20has%20been%20added%20recently.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F135255iCF86CEF4F98D5C23%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892274%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892274%22%20slang%3D%22en-US%22%3ESo%20now%20it's%20officially%20not%20supported%20%3A(%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892579%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892579%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F374394%22%20target%3D%22_blank%22%3E%40rhythmnewt%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F11816%22%20target%3D%22_blank%22%3E%40Olivier%20Debonne%3C%2FA%3E%26nbsp%3B%3A%20Correct%2C%20the%20link%20was%20added%20in%20the%20past%20week%20and%20a%20half%20ago%20so%20that%20customers%20would%20not%20accidentally%20hit%20this%20scenario.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENo%20worries%20though%3A%20once%20the%20fix%20is%20in%20and%20live%2C%20the%20scenario%20will%20be%20supported%20%3A)%3C%2Fimg%3E%20We're%20on%20still%20on%20track%20for%20this%20month.%20I%20will%20post%20back%20here%20once%20we%20have%20it%20available%20for%20validation%20pools%20(host%20pools%20with%20%22ValidationEnv%22%20set%20to%20%24true)%20so%20that%20we%20can%20confirm%20the%20fix%20before%20the%20broadest%20rollout.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892601%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892601%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3Bthank%20you%20for%20the%20update%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-895082%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-895082%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20still%20experiencing%20this%20same%20issue%20you%20explain%20above%20with%20AADDS%2C%20however%20even%20when%20I%20create%20a%20Cloud%20native%20user%20I%20get%20the%20following%20error%20when%20trying%20to%20connect%20to%20Virtual%20Desktop%20%2F%20RemoteApp%3A-%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDAgent%3CBR%20%2F%3EErrorOperation%20%3A%20AddUserToRDUGroup%3CBR%20%2F%3EErrorCode%20%3A%20-2147467259%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedAdErrorNoSuchMember%3CBR%20%2F%3EErrorMessage%20%3A%20Failed%20to%20add%20user%20%3D%20%E2%89%A4Cloud.User%40teammetalogic.com%E2%89%A5%20to%20group%20%3D%20Remote%3CBR%20%2F%3EDesktop%20Users.%20Reason%3A%20Win32.ERROR_NO_SUCH_MEMBER%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%2005%2F10%2F2019%2017%3A05%3A32%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%20Virtual%20Desktop%20DNS%20name%20-%20azure.DOMAIN.com%20was%20initially%20created%20because%20recommendation%20was%20to%20not%20have%20conflicting%20DNS%20names%20with%20tenant%2C%20which%20is%20DOMAIN.com%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-897375%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-897375%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F420663%22%20target%3D%22_blank%22%3E%40CraigSmith87%3C%2FA%3E%26nbsp%3B%3A%20Where%20was%20that%20recommendation%20made%20(to%20not%20match%20your%20AAD%20tenant%20name)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-911138%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-911138%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3EThank%20you%20for%20the%20updates.%20Will%20there%20be%20any%20additional%20steps%20for%20us%20to%20perform%20if%20we%20already%20have%20the%20host%20pools%20with%20validation%20set%20to%20true%3F%20Hopefully%20your%20target%20of%20this%20month%20remains%20on%20track%2C%20I%20have%202%20clients%20that%20I%20would%20like%20to%20migrate%20to%20WVD%20as%20it%2C%20at%20least%20from%20the%20outset%2C%20looks%20to%20out%20perform%20their%20existing%20Citrix%20environment%20and%20a%20much%20lower%20cost.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-912948%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-912948%22%20slang%3D%22en-US%22%3ENo%20other%20steps%20will%20be%20necessary%2C%20aside%20from%20setting%20the%20pool%20to%20be%20a%20validation%20pool.%20I%20will%20keep%20you%20all%20updated%20on%20this%20thread.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-920111%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-920111%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20still%20encountering%20the%20issue.%20On%209%2F11%2C%20you%20wrote%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3EWe've%20completed%20step%20%231%20completely%20and%20%232%20is%20what%20we're%20implementing%2Fvalidating%20now.%20We%20expect%20this%20to%20complete%20and%20rollout%20within%20the%20next%20month.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20we're%205%20weeks%20out%20from%20there%20now%20and%20there%20is%20still%20no%20fix...and%20it%20seems%20like%20it's%20not%20even%20available%20in%20validation%20environments%20yet.%20Is%20this%20correct%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20also%20decided%20to%20go%20GA%20with%20a%20product%20that%20can't%20support%20basic%20usage%20(deleting%20a%20user%20account%20and%20recreating%20it...or%20just%20renaming%20a%20user)...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20really%20like%20to%20understand%20what's%20going%20on%20here.%20Is%20there%20any%20update%20here%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-934847%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-934847%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewould%20like%20to%20add%20to%20this%20thread.%20I%20also%20have%20deployed%20WVD%20in%20view%20of%20rolling%20it%20out%20for%20our%20business%20but%20when%20I%20try%20and%20add%20new%20user%20directly%20to%20AAD%20(we%20have%20no%20AADC%20sync)%20it%20is%20failing%20with%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDBroker%3CBR%20%2F%3EErrorOperation%20%3A%20OrchestrateSessionHost%3CBR%20%2F%3EErrorCode%20%3A%20-2146233088%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedUserSIDInformationMismatch%3CBR%20%2F%3EErrorMessage%20%3A%20User%20xxx%40xxx.net%3A%20SID%20information%20in%20the%20database%20'S-1-5-21-1382006385-1486747441-1399156625-1111'%20does%20not%20match%20SID%20information%20returned%3CBR%20%2F%3Eby%20agent%20'S-1-5-21-1382006385-1486747441-1399156625-1129'%20in%20the%20orchestration%20reply..%20This%20scenario%20is%20not%20supported%20-%20we%20will%20not%20be%20able%3CBR%20%2F%3Eto%20redirect%20the%20user%20session.%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%2023%2F10%2F2019%2012%3A48%3A50%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%3A%26nbsp%3BWould%20appreciate%20idea%20of%20when%20this%20will%20be%20fixed.%20Like%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F388293%22%20target%3D%22_blank%22%3E%40jeffb8%3C%2FA%3E%26nbsp%3Band%20others%2C%26nbsp%3BI've%20tried%20everything%20(even%20deleting%2C%20adding%20user)%20but%20nothing%20works.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-954109%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-954109%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F431716%22%20target%3D%22_blank%22%3E%40antonywm%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EOnce%20a%20user%20is%20messed%20up%20in%20this%20state%2C%20it%20is%20completely%20impossible%20to%20correct%20the%20situation%20yourself.%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20can%20get%20into%20this%20state%20in%20many%20many%20different%20ways%2C%20ranging%20from%20AADC%2FAADS%20hybrid%20deployments%2C%20to%20recreating%20a%20deleted%20user%2C%20to%20using%20a%20Microsoft%20account%20to%20sign%20in%2C%20to%20moving%20from%20one%20AAD%20tenant%20to%20another.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20mechanism%20WVD%20uses%20for%20user%20info%20persistence%20is%20fundamentally%20unstable%20and%20unsound%20and%20it%20seems%20that%20no%20one%20on%20the%20Microsoft%20team%20has%20understanding%20of%20Azure%20AD%20(or%20maybe%20the%20Azure%20platform%20as%20a%20whole).%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-968427%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-968427%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3Blast%20day%20of%20the%20month.%20Any%20news%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20add%20that%20this%20does%20not%20work%20with%20accounts%20sourced%20from%20local%20AD%20when%20converting%20users%20to%20cloud%20by%20disabling%20AD-connect%20either..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-980263%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-980263%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%20%3A%20A%20fix%20has%20been%20rolled%20out%20to%20production%20for%20this%20issue.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-983235%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-983235%22%20slang%3D%22en-US%22%3E%3CP%3EFantastic!!%20I%20just%20successfully%20logged%20into%20a%20desktop%20session%20on%20an%20account%20that%20was%20previously%20not%20working%20due%20to%20the%20SID%20issue%2C%20no%20reconfiguration%20required%20beforehand%2C%20literally%20just%20tried%20the%20login%20again%20and%20it%20worked%20perfectly.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-991297%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-991297%22%20slang%3D%22en-US%22%3EGreat%2C%20will%20test%20-%20thanks.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-993520%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-993520%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%26nbsp%3Bgreat%20news!%20Things%20are%20working%20now.%20Thank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1005146%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1005146%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%3C%2FP%3E%3CP%3EHi%20Eva%2C%20%3CFONT%3Eunfortunately%20this%20fix%20did%20not%20resolve%20our%20sign-in%20issues.%20It%20did%20change%20the%20error%20code.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3EWe%20have%20migrated%20all%20our%20users%20to%20Microsoft%20365%20Business%20(synced%20from%20AD%20to%20Azure%20AD%20and%20afterwards%20removed%20Azure%20AD%20Connect)%20then%20configured%20%3CFONT%3EAADDS%20and%20WVD.%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3E%3CFONT%3EWe%20can%20succesfully%20signin%20on%20the%20Microsoft%20Remote%20Desktop%20application%20and%20from%20there%20we%20can%20connect%20to%20our%20WVD%20Hostpool.%20When%20entering%20username%20and%20password%20the%20Remote%20Desktop%20seems%20to%20initiate%20the%20connection%20but%20keeps%20prompting%20for%20username%20and%20password%2C%20without%20any%20error.%3C%2FFONT%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3EGet-RdsDiagnosticActivities%20states%20the%20following%3A%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%3EActivityId%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20%23%23%23%23%23%23%23%23%23%23-f64b-405f-a79a-%23%23%23%23%23%23%23%23%23%23%23%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CFONT%3EActivityType%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Connection%3CBR%20%2F%3EStartTime%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%2013-11-2019%2012%3A46%3A03%3CBR%20%2F%3EEndTime%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%2013-11-2019%2012%3A46%3A11%3CBR%20%2F%3EUserName%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20user%40domain%3CBR%20%2F%3ERoleInstances%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20computername%3B%E2%89%A4%E2%89%A5%3CBR%20%2F%3EOutcome%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Success%3CBR%20%2F%3EStatus%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20Completed%3CBR%20%2F%3EDetails%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20%7B%5BClientOS%2C%20WINDOWS%2010.0.18362%5D%2C%20%5BClientVersion%2C%201.2.431.19493%5D%2C%20%5BClientType%2C%20com.microsoft.rdc.win%3CBR%20%2F%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20dows.msrdc.x64%5D%2C%20%5BPredecessorConnectionId%2C%20%5D...%7D%3CBR%20%2F%3ELastHeartbeatTime%20%3A%2013-11-2019%2012%3A47%3A43%3CBR%20%2F%3ECheckpoints%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20%7BTransportConnecting%2C%20TransportConnected%2C%20RdpStackDisconnect%2C%20OnCredentialPromptInvoke...%7D%3CBR%20%2F%3EErrors%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3A%20%7B%7D%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3EWe%20also%20tried%3A%20%3C%2FFONT%3E%3CFONT%3ESet-RdsHostPool%20-TenantName%20XX%20-Name%20XX%20-ValidationEnv%20%24true%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3EI'm%20not%20sure%20where%20to%20look%20from%20here..%20%3C%2FFONT%3E%3CFONT%3EWhat%20fix%20has%20been%20rolled%20out%3F%20Are%20there%20any%20specifics%20about%20this%20fix%3F%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3Ebtw%20newly%20created%20users%20seem%20to%20work%20ok.%20so%20only%20the%20synced%20user%20have%20this%20issue.%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1005607%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1005607%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3EThis%20fixed%20it%20for%20us%20to.%20After%20it%20was%20implemented%20everything%20started%20working%20without%20having%20to%20do%20anything.%3CBR%20%2F%3E%3CBR%20%2F%3ECheers%2C%3CBR%20%2F%3ERich%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1005808%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1005808%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F456561%22%20target%3D%22_blank%22%3E%40rdoorduin%3C%2FA%3E%26nbsp%3B%3A%20For%20this%20scenario%2C%20I%20recommend%20filing%20a%20support%20ticket%2C%20as%20the%20fix%20that%20was%20rolled%20out%20should%20cover%20all%20of%20the%20standard%20cases.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1032379%22%20slang%3D%22en-US%22%3ERe%3A%20%5BAnnouncement%5D%20Connectivity%20issues%20from%20synchronized%20users%20to%20VMs%20joined%20to%20AAD%20DS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1032379%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20fix.%20Can%20you%20please%20share%20the%20details.%20What%20needs%20to%20be%20done%20to%20resolve%20this%20issue.%20Please%20explain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E

@jeffb8 : Ultimately, everything is mapped to a UPN so we know how to connect/reconnect them. Regardless of how you get your UPN, we map the resulting SID (that the domain understands relates to that user) back to the UPN.

 

Also, just to clarify, the Azure AD token is initially acquired by the user for the Windows Virtual Desktop Azure AD application, and we pass this through our system when we need to reference the incoming Azure AD user. We are not trying to silently get one.

@christianmontoya do you have any updates on when we can expect to see the fix rolled out for us?

FYI, i just ditched AADDS and extended the on-premise AD through S2S VPN and DC VMs in Azure instead.
Re-used my TenantGroup, Tenant, and ServicePrincipal.
Template Deployment and user connexion went flawless on the first try.

I would recommend to forget about AADDS if you can.

@Arthur GERARD 

That's not helpful to those of us who would rather not have to deal with ADDS and AD Connect unnecessarily.   

@DubC85 Maybe i wasn't clear but i went from :

On-prem AD + AADConnect + AADDS (WVD VM being joined to AADDS)
-> was stuck with this bug for several months

 

to : 


On-prem AD + AADConnect + On-prem AD extended to Azure vNet (WVD VM being joined to AD)
-> everything worked on the first try

@Arthur GERARD 

 

Yep, this works great, and has since the beginning (adding a hostpool that's actually on your on-prem domain and not AADDS joined).  I didn't even add a DC out in the Azure vnet - just joined on-prem domain over the S2S tunnel.

 

I wish I could use that - I would be six months ahead now.  The smaller attack surface of available users (filtered sync to AADDS) will be required for us.

Any timeline on the fix? Looks like WVD went GA today. I can see there are some options with VPN tunnels, but I would rather avoid re-configuring my WVD environment away from Azure ADDS.

@rhythmnewt If you look at this link, it looks that we will have to wait a little bit longer. I am pretty sure this Note has been added recently.

image.png

 
So now it's officially not supported :(

@rhythmnewt @Olivier Debonne : Correct, the link was added in the past week and a half ago so that customers would not accidentally hit this scenario.

 

No worries though: once the fix is in and live, the scenario will be supported :) We're on still on track for this month. I will post back here once we have it available for validation pools (host pools with "ValidationEnv" set to $true) so that we can confirm the fix before the broadest rollout.

@christianmontoya 

 

I am still experiencing this same issue you explain above with AADDS, however even when I create a Cloud native user I get the following error when trying to connect to Virtual Desktop / RemoteApp:-

 

ErrorSource : RDAgent
ErrorOperation : AddUserToRDUGroup
ErrorCode : -2147467259
ErrorCodeSymbolic : ConnectionFailedAdErrorNoSuchMember
ErrorMessage : Failed to add user = ≤Cloud.User@teammetalogic.com≥ to group = Remote
Desktop Users. Reason: Win32.ERROR_NO_SUCH_MEMBER
ErrorInternal : False
ReportedBy : RDGateway
Time : 05/10/2019 17:05:32

 

Windows Virtual Desktop DNS name - azure.DOMAIN.com was initially created because recommendation was to not have conflicting DNS names with tenant, which is DOMAIN.com

@CraigSmith87 : Where was that recommendation made (to not match your AAD tenant name)?

@christianmontoyaThank you for the updates. Will there be any additional steps for us to perform if we already have the host pools with validation set to true? Hopefully your target of this month remains on track, I have 2 clients that I would like to migrate to WVD as it, at least from the outset, looks to out perform their existing Citrix environment and a much lower cost.

No other steps will be necessary, aside from setting the pool to be a validation pool. I will keep you all updated on this thread.

@christianmontoya 

 

I'm still encountering the issue. On 9/11, you wrote:

 

We've completed step #1 completely and #2 is what we're implementing/validating now. We expect this to complete and rollout within the next month.

 

So, we're 5 weeks out from there now and there is still no fix...and it seems like it's not even available in validation environments yet. Is this correct?

 

You also decided to go GA with a product that can't support basic usage (deleting a user account and recreating it...or just renaming a user)...

 

I would really like to understand what's going on here. Is there any update here?

Hi,

 

would like to add to this thread. I also have deployed WVD in view of rolling it out for our business but when I try and add new user directly to AAD (we have no AADC sync) it is failing with error:

 

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : User xxx@xxx.net: SID information in the database 'S-1-5-21-1382006385-1486747441-1399156625-1111' does not match SID information returned
by agent 'S-1-5-21-1382006385-1486747441-1399156625-1129' in the orchestration reply.. This scenario is not supported - we will not be able
to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 23/10/2019 12:48:50

 

@christianmontoya: Would appreciate idea of when this will be fixed. Like @jeffb8 and others, I've tried everything (even deleting, adding user) but nothing works.

@antonywm

Once a user is messed up in this state, it is completely impossible to correct the situation yourself.

You can get into this state in many many different ways, ranging from AADC/AADS hybrid deployments, to recreating a deleted user, to using a Microsoft account to sign in, to moving from one AAD tenant to another.

The mechanism WVD uses for user info persistence is fundamentally unstable and unsound and it seems that no one on the Microsoft team has understanding of Azure AD (or maybe the Azure platform as a whole).

@christianmontoya last day of the month. Any news?

 

I can add that this does not work with accounts sourced from local AD when converting users to cloud by disabling AD-connect either..

Solution

@christianmontoya : A fix has been rolled out to production for this issue. 

Fantastic!! I just successfully logged into a desktop session on an account that was previously not working due to the SID issue, no reconfiguration required beforehand, literally just tried the login again and it worked perfectly.

@Eva Seydl great news! Things are working now. Thank you!

@Eva Seydl

Hi Eva, unfortunately this fix did not resolve our sign-in issues. It did change the error code.

 

We have migrated all our users to Microsoft 365 Business (synced from AD to Azure AD and afterwards removed Azure AD Connect) then configured AADDS and WVD.

 

We can succesfully signin on the Microsoft Remote Desktop application and from there we can connect to our WVD Hostpool. When entering username and password the Remote Desktop seems to initiate the connection but keeps prompting for username and password, without any error.

 

Get-RdsDiagnosticActivities states the following:

ActivityId        : ##########-f64b-405f-a79a-###########

ActivityType      : Connection
StartTime         : 13-11-2019 12:46:03
EndTime           : 13-11-2019 12:46:11
UserName          : user@domain
RoleInstances     : computername;≤≥
Outcome           : Success
Status            : Completed
Details           : {[ClientOS, WINDOWS 10.0.18362], [ClientVersion, 1.2.431.19493], [ClientType, com.microsoft.rdc.win
                    dows.msrdc.x64], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 13-11-2019 12:47:43
Checkpoints       : {TransportConnecting, TransportConnected, RdpStackDisconnect, OnCredentialPromptInvoke...}
Errors            : {}

 

We also tried: Set-RdsHostPool -TenantName XX -Name XX -ValidationEnv $true

 

I'm not sure where to look from here.. What fix has been rolled out? Are there any specifics about this fix?

 

btw newly created users seem to work ok. so only the synced user have this issue.

 

 

 

Hi,
This fixed it for us to. After it was implemented everything started working without having to do anything.

Cheers,
Rich

@rdoorduin : For this scenario, I recommend filing a support ticket, as the fix that was rolled out should cover all of the standard cases.

@christianmontoya 

 

What is the fix. Can you please share the details. What needs to be done to resolve this issue. Please explain.

 

 

 

Thanks

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies