Oct 26 2022 08:52 AM
After KB5020435 is applied to the AVD session hosts, and after updating the remote client's Remote Desktop app version beyond 1.2.3213, clients are unable to connect to the session hosts. After authentication, they receive the following error message: An authentication error has occurred. A specified logon session does not exist. It may have already been terminated. Error code: 0x0, extended error code: 0x0, Activity ID: 5278116b-4dd6-4e08-a3b8-5f1bce1c0000. If we uninstall that hotfix from the AVD session hosts or use an older version of the Remote Desktop client for Windows, this error does not occur.
Our AVD session hosts are running Windows 10 21H2.
End users are running a mix of operating systems and clients. The problem occurs with the Windows client (versions noted above), and with the web client, but does not occur on the Store App client or on macOS clients.
Nov 11 2022 08:23 AM
After a lot of troubleshooting, we found that removing the enablerdsaadauth:i:1 setting from the RDP settings of the host pool, users are able to connect again. This parameter was set to enable a more seamless Azure Active Directory authentication experience, but we did not realize this was a preview feature. We have a ticket open with Microsoft support and we are awaiting further information on how we can reenable this functionality.
Jan 12 2023 06:59 AM
@fmagic We are facing the issue. Is there any feedback or update from Microsoft? I knew remove enablerdsaadauth:i:1 or set enablerdsaadauth:i:0 can be a workaround. But it means Azure AD authentication (SSO) not enabled. Don't know why it works for Mac or iPhone/iPad but can't work for Windows.
Jan 12 2023 07:03 AM
@Paul_Wang It seems that we were able to solve this problem by setting up a KDC Proxy, which is as simple as publishing a Remote Desktop Gateway server, with a valid SSL certificate. On the same screen where you enable Azure Active Directory authentication in the host pool, there is an option to enter the KDC Proxy (the RD Gateway). You don't have to do much configuration on the RD Gateway server other than setting up the SSL certificate. This is the link that Microsoft support provided to us:
Set up Kerberos Key Distribution Center proxy Azure Virtual Desktop - Azure | Microsoft Learn
Jan 13 2023 12:17 AM
Thanks @fmagic ! You gave me the troubleshooting direction. But I don't know if we have Remote Desktop Gateway server setup in our environment. Can you guide me how to validate/setup it? Is it an on-premised server or an Azure cloud server? Can it be setup on any Windows Server? Or, must be configured on some specific server?
Jan 17 2023 05:52 AM
@Paul_Wang The link in the previous message has everything I know about it. The server can be on-premises or in the Azure cloud, as long as it has connectivity to your AD Domain Services domain (it needs to be domain-joined.) We deployed our RDG in our Azure cloud, and then published port 443 on it via the Network Security Group attached to the Azure VM NIC.
Jan 24 2023 11:57 AM
Feb 20 2023 05:29 AM