Azure Virtual Desktop Your Credentials did not work error until several reboots of Local AD Computer

Copper Contributor

We have an Azure Virtual Desktop environment created for a Local AD joined company. We are using the Remote Desktop client for Windows. Every day, users get the issue Your credentials did not work (the logon attempt failed) using their local domain account, but the odd thing is, if they reboot their computers from 1-3 times it then works. The Store version of Remote Desktop seems to work but lacks the features the one we use. We are trying to get to the root cause of this and any input or insight would be appreciated.

3 Replies

Hi Spanky1655,

Can you post the Azure user sign-in logs (non-interactive) error code and failure reason of one affected user?

 

Please also try to reset the user password in Active Directory, sync the hash to Microsoft Entra ID and try to logon again. Sometimes removing and re-adding the Microsoft 365 license does also fix such issues.

 
 

@MathieuVandenHautte Here is one of the non-interactive sign-in failures. Auth passed along with everything else. The odd thing is it is very sporadic, it appears that today no one was affected, but it would affect different users seemingly at random.

 

Authentication requirement
Multifactor authentication
Status
Failure
Continuous access evaluation
No
Original transfer method
None
Sign-in error code
65002
Failure reason
Consent between first party application '{applicationId}' and first party resource '{resourceId}' must be configured via preauthorization - applications owned and operated by Microsoft must get approval from the API owner before requesting tokens for that API.
Additional Details
A developer in your tenant may be attempting to reuse an App ID owned by Microsoft. This error prevents them from impersonating a Microsoft application to call other APIs. They must move to another app ID they register in portal.azure.com.
 
User type
Member
Cross tenant access type
None
Application
Accounts Control UI
 
Client app
Mobile Apps and Desktop clients
Client credential type
None
Token issuer type
Microsoft Entra ID
Token issuer name
 
Incoming token type
Primary refresh token
Authentication Protocol
None