cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error "the connection was denied because the user account is not authorised"

David Overton
Copper Contributor

‎Feb 23 2022 03:52 PM

‎Feb 23 2022 03:52 PM

Error "the connection was denied because the user account is not authorised"

We have a handful of users on our AVD deployment who are unable to connect to a session. They are able to sign into RD Client, see the applications in their feed and refresh the feed.  However when they try to connect to a desktop or remote app, it fails with the error message "the connection was denied because the user account is not authorised for remote log-in" and with error code 0x3

 

We have checked the Azure group entries, their M365 licensing and cannot find a cause.

 

Is anyone able to diagnose the issue or recommend a fix?

DavidOverton_0-1645660331429.png

 

Thanks


David

23K Views
0 Likes
4 Replies
Reply
4 Replies
michael_moshkovich

‎Feb 24 2022 12:22 PM

‎Feb 24 2022 12:22 PM

Re: Error "the connection was denied because the user account is not authorised"

Hi @David Overton,

 

May be you have some GPO setup to deny certain groups/individuals from using RDP, and it got applied to the AVD session hosts?

 

Something like this:

michael_moshkovich_3-1645734098760.png

 

hope this will be helpful.

0 Likes
Reply
David Overton

‎Feb 25 2022 04:30 AM

‎Feb 25 2022 04:30 AM

Re: Error "the connection was denied because the user account is not authorised"

@michael_moshkovich Unfortunately that is not the issue. We do have a deny group, but it is empty in AD and Azure AD. I double checked, the user's account to make sure they were not part of that group, so not applicable both ways.

I also tried adding the user to the local VM's Remote Desktop Users group and suddenly they are able to sign in without issue. I have other users in the same domain who are able to sign in without being added to the Remote Desktop Users local group.

 

I looked at the logs and in WVDErrors and I see these 3 lines consistently for a user who fails to sign in. 

TimeGenerated [UTC]

ActivityTypeSourceCodeCodeSymbolicMessageServiceErrorOperation
24/02/2022, 13:20:33.197ConnectionClient9,223SSL_ERR_ACCESS_DENIEDSSL_ERR_ACCESS_DENIEDFALSEClientRDPConnect
24/02/2022, 13:20:35.118ConnectionRDGateway-2,147,467,259ConnectionFailedReverseUngracefulCloseThe Session Host did not respond to the service attempt to gracefully terminate the connection.FALSEGatewayConnectionActive
24/02/2022, 13:21:25.772ConnectionRDStack12NotAuthorizedForLogonThis user isn't authorized so sign in to the session host.FALSEAuthorization

 

Given that the VMs are not AzureAD domain joined, I have seen that the SSL error could be associated with users who might be AzureAD joined, so I took the precaution of enabling the PKU2U policy setting, but this also made no difference.

 

Any pointers appreciated.

 

David

0 Likes
Reply
jimmyliebe

‎Jul 12 2022 06:00 AM

‎Jul 12 2022 06:00 AM

Re: Error "the connection was denied because the user account is not authorised"

@David Overton Were you able to resolve this issue. I have something very similar. A windows 11 machine cannot connect, but we use the credentials on other machines, and it works fine to log in. This one machine just has the problem. 

0 Likes
Reply
David Overton

‎Jul 14 2022 04:40 PM

‎Jul 14 2022 04:40 PM

Re: Error "the connection was denied because the user account is not authorised"

Hi @jimmyliebe.
The workaround was a group policy that added the users who could not connect natively to the AVD. The group policy added the users to the Remote Desktop Users group on each of the AVD hosts.
0 Likes
Reply