Mar 11 2020 09:00 AM
Pilot users are having an issue with the EDGE browser within WVD, when accessing sites that leverage ADFS. Users can connect to one host, one day and Edge will work as expected when accessing sites. The next day they may connect to a different host and the will receive an error when trying access sites that leverage ADFS.
The error generated is "Cannot connect securely to this page" "This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening try contact the website owner."
If the users opens up IE in the same session, they can access the site, if the user resets edge via settings/apps the site starts working (until they move to a different host, it appears again)
We have implemented Redirections.xml, but are currently only excluding (<Exclude Copy="0">AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache</Exclude>)
Apr 06 2020 08:29 AM
Hi, we're seeing similar behaviour but it seems limited to when we have FSLogix enabled. Is that the case for your environment?
When FSLogix is disabled the the profiles write locally to each WVD host then we cannot replicate this problem.
I did some testing with an FSLogix profile and could see that if the profile disk edited and the appdata/local folder is removed, that the issue seems to vanish.
To add further complication, we have some users that are excluded from group policy and they cannot replicate this fault at all, so we're now looking through to reverse engineer that.
Oct 11 2020 11:48 PM
I have the same issue and following steps solved my issue.
Excluding "AppData\LocalLow\Microsoft" didn't help with all the users
Root cause: Local profile wasn't deleted properly and especially this folder (locallow\microsoft\crypto\TokenBindingKeys) was causing the issue.
Lots of users were already used WVD and FSLogix so it was unable to exclude the folder from some of the session hosts. To tackle the issue I enabled the following Group Policy and it worked like a charm.
Example of my redirection.xml file
<?xml version="1.0"?> <FrxProfileFolderRedirection ExcludeCommonFolders="0"> <Excludes> <Exclude Copy="0">AppData\LocalLow\Microsoft</Exclude> <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache</Exclude> <Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\Cache</Exclude> <Exclude Copy="0">AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache</Exclude> <Exclude Copy="0">AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache</Exclude> </Excludes> <Includes> <Include Copy="3">AppData\LocalLow\Sun\Java\Deployment\security</Include> </Includes> </FrxProfileFolderRedirection>
Hope that will help.
Please don't forget to restart your Session Hosts.
Thank you
Oct 11 2020 11:49 PM
I have the same issue and following steps solved my issue.
Excluding "AppData\LocalLow\Microsoft" didn't help with all the users
Root cause: Local profile wasn't deleted properly and especially this folder (locallow\microsoft\crypto\TokenBindingKeys) was causing the issue.
Lots of users were already used WVD and FSLogix so it was unable to exclude the folder from some of the session hosts. To tackle the issue I enabled the following Group Policy and it worked like a charm.
Example of my redirection.xml file
<?xml version="1.0"?> <FrxProfileFolderRedirection ExcludeCommonFolders="0"> <Excludes> <Exclude Copy="0">AppData\LocalLow\Microsoft</Exclude> <Exclude Copy="0">AppData\Local\Google\Chrome\User Data\Default\Cache</Exclude> <Exclude Copy="0">AppData\Local\Microsoft\Edge\User Data\Default\Cache</Exclude> <Exclude Copy="0">AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache</Exclude> <Exclude Copy="0">AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache</Exclude> </Excludes> <Includes> <Include Copy="3">AppData\LocalLow\Sun\Java\Deployment\security</Include> </Includes> </FrxProfileFolderRedirection>
Hope that will help.
Please don't forget to restart your Session Hosts.
Thank you