SOLVED

An internal error occurred / can't connect anymore

Copper Contributor

We've been running WVD succesfully for a few months, but since this morning my users cannot login anymore. Not through the desktop and not through the webclient. The desktop client returns 'An internal error occurred' after logging in. The webclient has a cannot connect message (in Dutch). I've traced the connection failure via Powershell to below two errors. It seems my SID has changed somehow, but I cannot understand how:

 

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : OrchestrateAsync: SID value in the database is different than the value returned in the orchestration reply from the agent for user ≤PRIVATE≥ with Id PRIVATE. This scenario is not supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 28-6-2019 12:42:44

ErrorSource : Client
ErrorOperation : ClientRDPConnect
ErrorCode : 2147965400
ErrorCodeSymbolic :
ErrorMessage : Your computer can't connect to the Remote Desktop Gateway server. Contact your network administrator for assistance.
ErrorInternal : True
ReportedBy : Client
Time : 28-6-2019 12:42:44

 

I've tried removing an RdsAppGroupUser and re adding it, but the same error remains.

 

46 Replies

@Deleted Please review our troubleshooting section under https://aka.ms/wvdpreview. We have articles on that as well.

@Eva Seydl I looked over the troubleshooting steps but none of it applies, we deploy to a new resource group in the same vnet, same region, same source image as our production ring. If I create the new host pool with -ValidationEnv $False flag then there is no problem with domain join, and the only issue is the SID error on connection.

@Eva SeydlAwesome, it worked perfectly. 

Thanks for the quick fix.

@Eva Seydl I created a new hostpool as validationenvironment, to see if that would make difference. The agent is 1.0.833.5 but the error remains the same. In an earlier reply you mentioned a legacy setup. Could you elaborate on that? What could we setup differently to make this work again?

 

Thanks, Gerrit

We were able to set up the validation hostpool, but the internal error occurred message still pops up.@Eva Seydl 

@Eva Seydl 

 

Maybe relevant to know from our setup. Users created in the Azure AD as cloud only are able to connect, users synchronized from our on-premise AD are not.

@JanPijnacker @Eva Seydl  This is true for us as well.

@Eva Seydl - anything new on this? All of my client's IDs are sourced from on-prem AD > AADC > AAD. The error remains on my existing pools, and based on the feedback here - suspect it will with a validation pool deployment. Moving to cloud only IDs isn't really an option 

 

Can you provide any more detail on what leads to this condition? 

This started working for me yesterday without any intervention on our part. I did notice that the RDS Infrastructure Agent updated on 7/3/19 to 1.0.833.5

@Eva Seydl This is still not working for us in either validation pool or production pool. These are the agent versions installed on my VM.

 

Remote Desktop Services Infrastructure Agent         Microsoft Corporation  1.0.833.5
Remote Desktop Services SxS Network Stack            Microsoft Corporation  1.0.1904.29002
Remote Desktop Agent Boot Loader                     Microsoft Corporation  1.0.0.0
Remote Desktop Services Infrastructure Geneva Agent  Microsoft Corporation  42.3.9
Remote Desktop Services Infrastructure Agent         Microsoft Corporation  1.0.0.1462

@richiewrt I just had the same thing happen on this end. I'm super interested to see the RCA for this. 

 @Eva Seydl 
For us its the same as for the others. Only some InCloud accounts are able to access Virtual Desktop. The validation pool is setup. InCloud as well as AAD synced Accounts get the following error:

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : OrchestrateAsync: SID value in the database is different than the value returned in the orchestration reply from the agent for user
≤Firstname.Surname@domain.com≥ with Id xxxxxxxx-yyyy-zzzz-xxxx-xxxxyyyyzzzz. This scenario is not supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 11.07.2019 10:42:56 

@Eva Seydl Is there any news on the fix? We're unfortunately dead in the water here with synced accounts.

Please review our troubleshooting guide for domain join issues: https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-set-up-issues

 

 

Can I just move my pool to validation pool instead or cretaing new POOL , i found that I can switch the POOL to validation pool using command below Set-RdsHostPool -TenantName MVPPOC -Name POCHOST1 -ValidationEnv $true

Do we know if there is a fix for this yet.  I have installed a new Validation Pool and still the same error.  My agent is 1.0.833.5

@Eva Seydl It's been 2.5 weeks now. Can you get some ETA on the fix for this problem? Neither validation or production environment works!!

 

TenantGroupName : Default Tenant Group
HostPoolName : MyTest_HostPool
FriendlyName : My Test Host Pool
Description :
Persistent : False
CustomRdpProperty :
MaxSessionLimit : 999999
LoadBalancerType : BreadthFirst
ValidationEnv : True
Ring :

 

Still getting the same SID error:

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : OrchestrateAsync: SID value in the database is different than the value returned in the
orchestration reply from the agent for user ≤rhythmnewt@rhythmnewt.com≥ with Id
85a45a4c-413d-4074-2e41-08d6e4d9abe8. This scenario is not supported - we will not be able to
redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 7/16/2019 3:08:54 PM

 

User activity log

ActivityId : 10dd46a2-4836-49f1-8f89-face053b0000
ActivityType : Connection
StartTime : 7/16/2019 3:08:54 PM
EndTime : 7/16/2019 3:08:54 PM
UserName : rhythmnewt@rhythmnewt.com
RoleInstances : mrs-eus2r0c001-rdgateway-prod::RD2818785C114D;mrs-eus2r0c002-rdbroker-prod::RD2818788A0588;≤rmrvw-0
.rhythmnewt.com≥
Outcome : Failure
Status : Completed
Details : {[ClientOS, ], [ClientVersion, ], [ClientType, ], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 7/16/2019 3:10:26 PM
Checkpoints : {LoadBalancedNewConnection, TransportConnecting, TransportConnected, RdpStackDisconnect...}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}

@rhythmnewt We would like to understand more about your domain setup. We observe that SID which VM resolves the user to doesn't match the SID we are getting from his AAD token. Can you please give brief overview of your domain setup and how it is connected to AAD? Do you have multiple domains?

@Joe Flynn


Do we know if there is a fix for this yet.  I have installed a new Validation Pool and still the same error.  My agent is 1.0.833.5