Can't connect to WVD - using AD "on prem" with ADFS and AD Connect

Copper Contributor

Users synchronised from "on prem" AD get "security error" issue, and pure Azure AD users get "We couldn't connect to the gateway because of an error". From the logs, this translates to:

"GenericSecurityError" for synced AD users; and

"No mapping between account names and security IDs was done" for Azure.

 

I have redeployed WVD countless times, following different instructions each time. Previously, I deployed WVD without issue using AD Connect with password hash sync, so I assume this is something to do with ADFS (which is required for some InTune / Autopilot components elsewhere in the domain). 

 

Any one have any ideas, as I'm stumped. Attached are some screenshots.

1 Reply

FYI to anyone who comes across this thread, the issue was down to NTLM authentication being blocked. To get this working, we had to add the WVD session host names to the following AD group policy which is applied to the AD domain controllers:

 

Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication: <wvd hostnames>
Network security: Restrict NTLM: Add server exceptions in this domain: <wvd hostnames>