cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Home

Issue with one user logging in

%3CLINGO-SUB%20id%3D%22lingo-sub-805989%22%20slang%3D%22en-US%22%3EIssue%20with%20one%20user%20logging%20in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-805989%22%20slang%3D%22en-US%22%3E%3CP%3EWe've%20set%20up%20a%20new%20Tenant%20with%20Azure%20AD%20DS%20and%20WVD%20(No%20Windows%20DC)%2C%20the%20setup%20itself%20is%20for%20the%20most%20part%20working%2C%20however%20we%20have%20one%20user%20that%20cannot%20log%20in%20regardless%20of%20what%20we%20try.%20Digging%20in%20to%20the%20logs%20here%20is%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDBroker%3CBR%20%2F%3EErrorOperation%20%3A%20OrchestrateSessionHost%3CBR%20%2F%3EErrorCode%20%3A%20-2146233088%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedUserSIDInformationMismatch%3CBR%20%2F%3EErrorMessage%20%3A%20OrchestrateAsync%3A%20SID%20value%20in%20the%20database%20is%20different%20than%20the%20value%20returned%20in%20the%20orchestration%20reply%20from%20the%20agent%20for%20user%20%E2%89%A4USERNAME%E2%89%A5%20with%20Id%3CBR%20%2F%3E%3CID%3E.%20This%20scenario%20is%20not%20supported%20-%20we%20will%20not%20be%20able%20to%20redirect%20the%20user%20session.%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%2015%2F08%2F2019%203%3A52%3A21%20PM%3C%2FID%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20get%20the%20same%20error%20regardless%20of%20using%20the%20website%20or%20the%20remote%20desktop%20app.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20a%20validation%20host%20pool%20in%20this%20configuration.%20I%20can%20create%20new%20users%20and%20they%20can%20connect%20without%20an%20issue%20but%20this%20one%20user%20is%20stuck.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understand%20that%20this%20error%20is%20likely%20due%20to%20an%20error%20with%20this%20user%20which%20has%20caused%20an%20SID%20mismatch.%20I%20have%20deleted%20this%20user%20(also%20from%20the%20recycle%20bin)%2C%20waited%20overnight%20and%20tried%20again%20but%20the%20user%20is%20still%20blocked.%20They%20can%20sign%20in%20directly%20to%20the%20session%20host%20using%20RDP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anything%20that%20I%20am%20missing%20here%3F%20How%20can%20I%20recreate%20this%20user%20and%20update%20the%20SID%20so%20that%20I%20can%20get%20this%20one%20user%20to%20connect%2C%20changing%20their%20UPN%20is%20not%20an%20option.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3ETo%20clarify%20this%20is%20a%20CLOUD%20user%2C%20not%20hybrid%20or%20synced%20from%20on-prem.%20All%20we%20have%20is%20Azure%20AD%2C%20Azure%20AD%20Domain%20Services%20and%20WVD.%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-812225%22%20slang%3D%22en-US%22%3ERe%3A%20Issue%20with%20one%20user%20logging%20in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-812225%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F392676%22%20target%3D%22_blank%22%3E%40DJohnsonE2E%3C%2FA%3EI%20have%20encountered%20such%20an%20issue%20when%20I%20recreated%20AADDS%20and%20a%20user%20had%20been%20used%20for%20WVD%20in%20the%20previous%20instance.%20I%20could%20not%20find%20a%20solution%20to%20the%20problem%20though.%20My%20thread%20is%20at%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FWVD-after-re-installing-AAD-DS%2Fm-p%2F781280%22%20target%3D%22_self%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FWVD-after-re-installing-AAD-DS%2Fm-p%2F781280%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-813725%22%20slang%3D%22en-US%22%3ERe%3A%20Issue%20with%20one%20user%20logging%20in%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-813725%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F384910%22%20target%3D%22_blank%22%3E%40ChristophB%3C%2FA%3E%26nbsp%3BI%20work%20with%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F392676%22%20target%3D%22_blank%22%3E%40DJohnsonE2E%3C%2FA%3E%26nbsp%3B-%20what%20we%20have%20ended%20up%20doing%20to%20keep%20this%20project%20moving%20is%3A%3C%2FP%3E%3CP%3ERenamed%20the%20affected%20user%20account%20(leaving%20it%20licensed%2Factive)%3C%2FP%3E%3CP%3ECreated%20a%20new%20account%20under%20a%20random%20username%2C%20allowed%20~20%20mins%20for%20it%20to%20sync%20into%20AADDS.%3C%2FP%3E%3CP%3ERenamed%20the%20new%20account%20to%20the%20original%20username%20we%20wanted%2C%20allowed%20~20%20mins%20for%20the%20change%20to%20sync%20into%20AADDS.%3C%2FP%3E%3CP%3EGranted%20the%20new%20account%20access%20to%20WVD%20and%20then%20it%20works%20and%20we%20can%20delete%20the%20affected%20original%20user%20account.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20absolutely%20no%20help%20if%20you%20have%20an%20existing%20account%20that%20you%20can't%20just%20rename%20because%20you'd%20have%20to%20offboard%20and%20migrate%20that%20user's%20Exchange%2C%20ODfB%20etc%2C%20but%20if%20you're%20trying%20to%20complete%20proof%20of%20concept%20it's%20enough%20until%20Microsoft%20resolve%20this%20bug.%3C%2FP%3E%3C%2FLINGO-BODY%3E
DJohnsonE2E
DJohnsonE2E
Occasional Visitor

‎08-14-2019 09:09 PM

‎08-14-2019 09:09 PM

Issue with one user logging in

We've set up a new Tenant with Azure AD DS and WVD (No Windows DC), the setup itself is for the most part working, however we have one user that cannot log in regardless of what we try. Digging in to the logs here is error.

 

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : OrchestrateAsync: SID value in the database is different than the value returned in the orchestration reply from the agent for user ≤USERNAME≥ with Id
<ID>. This scenario is not supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 15/08/2019 3:52:21 PM

 

I get the same error regardless of using the website or the remote desktop app.

 

We are using a validation host pool in this configuration. I can create new users and they can connect without an issue but this one user is stuck.

 

I understand that this error is likely due to an error with this user which has caused an SID mismatch. I have deleted this user (also from the recycle bin), waited overnight and tried again but the user is still blocked. They can sign in directly to the session host using RDP.

 

Is there anything that I am missing here? How can I recreate this user and update the SID so that I can get this one user to connect, changing their UPN is not an option.

 

To clarify this is a CLOUD user, not hybrid or synced from on-prem. All we have is Azure AD, Azure AD Domain Services and WVD.
207 Views
0 Likes
2 Replies
Reply
2 Replies
Highlighted
ChristophB

‎08-19-2019 11:52 PM

‎08-19-2019 11:52 PM

Re: Issue with one user logging in

@DJohnsonE2EI have encountered such an issue when I recreated AADDS and a user had been used for WVD in the previous instance. I could not find a solution to the problem though. My thread is at https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/WVD-after-re-installing-AAD-DS/m-p/78...

0 Likes
Reply
Scott Pettit

‎08-20-2019 01:49 PM

‎08-20-2019 01:49 PM

Re: Issue with one user logging in

@ChristophB I work with @DJohnsonE2E - what we have ended up doing to keep this project moving is:

Renamed the affected user account (leaving it licensed/active)

Created a new account under a random username, allowed ~20 mins for it to sync into AADDS.

Renamed the new account to the original username we wanted, allowed ~20 mins for the change to sync into AADDS.

Granted the new account access to WVD and then it works and we can delete the affected original user account.

 

It's absolutely no help if you have an existing account that you can't just rename because you'd have to offboard and migrate that user's Exchange, ODfB etc, but if you're trying to complete proof of concept it's enough until Microsoft resolve this bug.

1 Like
Reply
Related Conversations
Tabs and Dark Mode
 cjc2112 in Discussions on 09-18-2019
46 Replies
Extentions Synchronization
 Deleted in Discussions on 11-13-2019
3 Replies
Stable version of Edge insider browser
 HotCakeX in Discussions on 10-12-2019
35 Replies
How to Prevent Teams from Auto-Launch
 chenrylee in Microsoft Teams on 06-27-2019
30 Replies
flashing a white screen while open new tab
 Deleted in Discussions on 10-05-2019
14 Replies
Security Community Webinars
 Valon_Kolica in Security, Privacy & Compliance on 10-22-2019
13 Replies