Login loop in Remote Desktop client

%3CLINGO-SUB%20id%3D%22lingo-sub-1459028%22%20slang%3D%22en-US%22%3ELogin%20loop%20in%20Remote%20Desktop%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1459028%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20setting%20a%20sign%20in%20frequency%20for%20conditional%20access%20users%20using%20the%20remote%20desktop%20client%20are%20having%20issues%20once%20their%20session%20times%20out.%20When%20the%20login%20screen%20pops%20up%20if%20they%20click%20their%20account%20it%20starts%20a%20loop%20of%20trying%20to%20login%20but%20it%20never%20allows%20them%20to%20input%20their%20credentials.%20It%20looks%20to%20quickly%20flash%20the%20password%20screen%20then%20goes%20back%20to%20screen%20showing%20%22trying%20to%20log%20you%20in%22%20and%20repeats.%20In%20logs%20I%20can%20see%26nbsp%3B%22Sign-in%20error%20code%3A%2070044%22%20and%20a%20Failure%20Reason%20of%20%22The%20session%20has%20expired%20or%20is%20invalid%20due%20to%20sign-in%20frequency%20checks%20by%20conditional%20access.%22%20If%20the%20user%20instead%20of%20clicking%20their%20account%20instead%20chooses%20%22Use%20another%20account%22%20and%20then%20just%20types%20in%20their%20credentials%20it%20works%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1459028%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Virtual%20Desktop%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1462719%22%20slang%3D%22en-US%22%3ERe%3A%20Login%20loop%20in%20Remote%20Desktop%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1462719%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F663686%22%20target%3D%22_blank%22%3E%40William_Kurrelmeyer%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHello%2C%20here%20the%20same%20problem!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1540968%22%20slang%3D%22en-US%22%3ERe%3A%20Login%20loop%20in%20Remote%20Desktop%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1540968%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F663686%22%20target%3D%22_blank%22%3E%40William_Kurrelmeyer%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESame%20problem%20here.%20The%20strange%20thing%20is%20that%20we%20have%20the%20same%20exact%20Conditional%20Access%20rule%20working%20on%20two%20different%20tenants.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EI%20also%20noticed%20that%20in%20the%20case%20where%20it%20loops%2C%20it%20has%20already%20gotten%20the%20username%20%2B%20password%20filled%20in.%20When%20I%20choose%20to%20manually%20log%20in%20to%20a%20Microsoft%20account%2C%20it%20works%20fine%20without%20looping.%26nbsp%3B%3C%2FLI%3E%3CLI%3EFor%20the%20two%20tenants%20where%20it%20works%20fine%20I%20noticed%20that%20it%20doesn't%20automatically%20supply%20the%20password%2C%20but%20it%20rather%20prompts%20the%20user%20to%20fill%20in%20the%20password.%3C%2FLI%3E%3C%2FUL%3E%3CP%3EDoes%20anybody%20have%20an%20idea%20where%20we%20can%20look%20for%3F%20Perhaps%20it%20could%20have%20something%20to%20do%20with%20a%20certain%20policy%20that%20restricts%20the%20Microsoft%20password%20to%20be%20saved%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1546409%22%20slang%3D%22en-US%22%3ERe%3A%20Login%20loop%20in%20Remote%20Desktop%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1546409%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F663686%22%20target%3D%22_blank%22%3E%40William_Kurrelmeyer%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20the%20same%20issue%20at%20my%20client.%20Using%20WVD%20Fall%20Release%2C%20Conditional%20Access%20policy%20from%20Microsoft%20DOCS.%20And%20Microsoft%20Remote%20Desktop%20Client%201.2.1104.0%20(x64).%20The%20looping%20keeps%20going%20when%20I%20select%20the%20account%20attached%20to%20Windows.%20If%20I%20select%20other%2C%20and%20fill%20in%20the%20same%20credentials%20it%20works%20perfectly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHard%20to%20explain%20this%20workarround%20to%20customers.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E%20please%20fix%20asap%20in%20Fall%20Release.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1890243%22%20slang%3D%22en-US%22%3ERe%3A%20Login%20loop%20in%20Remote%20Desktop%20client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1890243%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F378298%22%20target%3D%22_blank%22%3E%40tomdw%3C%2FA%3EAre%20you%20still%20experiencing%20this%20issue%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI%20just%20had%20a%20similar%20issue%20to%20this%20and%20after%20checking%3A%3CBR%20%2F%3E%3CBR%20%2F%3E1.%20The%20host%20pool%20reg%20key%20had%20expired%2C%20so%20this%20was%20remedied.%3CBR%20%2F%3E2.%20Seeing%20that%20the%20issue%20still%20persisted%2C%20I%20then%20created%20a%20demo%20app%20group%20to%20test%20with%20a%20user%20with%20MFA%20and%20not%20with%20MFA%2C%20still%20the%20issue%20persisted.%3CBR%20%2F%3E3.%20I%20later%20realised%20I%20was%20accessing%20%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fwebclient%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fwebclient%3C%2FA%3E%20instead%20of%20%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.azure.us%2Farm%2Fwebclient%2Findex.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.azure.us%2Farm%2Fwebclient%2Findex.html%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMy%20deployment%20is%20on%20the%20latest%20release%20thus%20it%20kept%20looping%20and%20throwing%20the%20error%20that%20I%20do%20not%20have%20permission%20to%20the%20app.%20I%20hope%20this%20sheds%20some%20light.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

After setting a sign in frequency for conditional access users using the remote desktop client are having issues once their session times out. When the login screen pops up if they click their account it starts a loop of trying to login but it never allows them to input their credentials. It looks to quickly flash the password screen then goes back to screen showing "trying to log you in" and repeats. In logs I can see "Sign-in error code: 70044" and a Failure Reason of "The session has expired or is invalid due to sign-in frequency checks by conditional access." If the user instead of clicking their account instead chooses "Use another account" and then just types in their credentials it works fine.

4 Replies

@WilliamK1 

 

Hello, here the same problem!

@WilliamK1 

 

Same problem here. The strange thing is that we have the same exact Conditional Access rule working on two different tenants.

 

  • I also noticed that in the case where it loops, it has already gotten the username + password filled in. When I choose to manually log in to a Microsoft account, it works fine without looping. 
  • For the two tenants where it works fine I noticed that it doesn't automatically supply the password, but it rather prompts the user to fill in the password.

Does anybody have an idea where we can look for? Perhaps it could have something to do with a certain policy that restricts the Microsoft password to be saved?

@WilliamK1 

 

I have the same issue at my client. Using WVD Fall Release, Conditional Access policy from Microsoft DOCS. And Microsoft Remote Desktop Client 1.2.1104.0 (x64). The looping keeps going when I select the account attached to Windows. If I select other, and fill in the same credentials it works perfectly.

 

Hard to explain this workarround to customers. @microsoft please fix asap in Fall Release.

@tomdwAre you still experiencing this issue?

I just had a similar issue to this and after checking:

1. The host pool reg key had expired, so this was remedied.
2. Seeing that the issue still persisted, I then created a demo app group to test with a user with MFA and not with MFA, still the issue persisted.
3. I later realised I was accessing https://rdweb.wvd.microsoft.com/webclient instead of https://rdweb.wvd.azure.us/arm/webclient/index.html

My deployment is on the latest release thus it kept looping and throwing the error that I do not have permission to the app. I hope this sheds some light.