User can't login to HostPool.

%3CLINGO-SUB%20id%3D%22lingo-sub-715417%22%20slang%3D%22en-US%22%3EUser%20can't%20login%20to%20HostPool.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715417%22%20slang%3D%22en-US%22%3E%3CP%3EA%20new%20host%20pool%20has%20been%20created%20and%20I%20am%20able%20to%20login%20myself%20but%20when%20I%20add%20one%20of%20my%20users%20to%20to%20the%20AppGroup%20so%20they%20can%20see%20the%20desktop%20icon%2C%20they%20login%20and%20get%20an%20error%20message%3A%3C%2FP%3E%3CDIV%20class%3D%22modal-header%22%3E%3CH3%20id%3D%22toc-hId-1592289758%22%20id%3D%22toc-hId-1592289787%22%20id%3D%22toc-hId-1592289787%22%20id%3D%22toc-hId-1592289787%22%20id%3D%22toc-hId-1592289787%22%20id%3D%22toc-hId-1592289787%22%20id%3D%22toc-hId-1592289787%22%20id%3D%22toc-hId-1592289758%22%3EOops%2C%20we%20couldn't%20connect%20to%20%22AzureDesktops%22%3C%2FH3%3E%3CP%3E%3CSPAN%3ESign%20in%20failed.%20Please%20check%20your%20user%20name%20and%20password%20and%20try%20again.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FDIV%3E%3CDIV%20class%3D%22modal-body%22%3EThe%20user%20can%20login%20to%20other%20services%20but%20not%20WVD.%3CBR%20%2F%3EFYI%20I%20have%20setup%20Azure%20AD%20DS.%20I%20am%20using%20AD%20Connect%20to%20sync%20with%20our%20on-prem%20domain%20DCs.%3C%2FDIV%3E%3CDIV%20class%3D%22modal-body%22%3EAny%20suggestions%20as%20to%20how%20to%20diagnose%20this%20one%3F%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-715434%22%20slang%3D%22en-US%22%3ERe%3A%20User%20can't%20login%20to%20HostPool.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715434%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F81522%22%20target%3D%22_blank%22%3E%40Paul%20Shadwell%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20sure%26nbsp%3B%3CSPAN%3Edeployment%20did%20not%20fail%20a%20domain%20join%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERun%20below%26nbsp%3B%20cmdlet%20to%20add%20Azure%20Active%20Directory%20user%20to%20the%20default%20desktop%20app%20group%20for%20the%20host%20pool.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22language%22%3EPowerShell%3C%2FSPAN%3E%3C%2FP%3E%3CPRE%3EAdd-RdsAppGroupUser%20-TenantName%20%26lt%3Btenantname%26gt%3B%20-HostPoolName%20%26lt%3Bhostpoolname%26gt%3B%20-AppGroupName%20%22Desktop%20Application%20Group%22%20-UserPrincipalName%20%26lt%3Buserupn%26gt%3B%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3EDav%2C%3C%2FP%3E%3CDIV%20class%3D%22codeHeader%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-715435%22%20slang%3D%22en-US%22%3ERe%3A%20User%20can't%20login%20to%20HostPool.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715435%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F81522%22%20target%3D%22_blank%22%3E%40Paul%20Shadwell%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3EWhen%20you%20said%20that%20you%20were%20able%20to%20login%2C%20do%20you%20mean%20using%20WVD%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340070%22%20target%3D%22_blank%22%3E%40Dav1988%3C%2FA%3E%26nbsp%3B%2C%20considering%20that%20the%20user%20has%20the%20icon%20for%20the%20AppGroup%2C%20I%20would%20think%20the%20user%20is%20correctly%20asigned%2C%20but%20the%20AD%20could%20indeed%20be%20an%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F81522%22%20target%3D%22_blank%22%3E%40Paul%20Shadwell%3C%2FA%3E%26nbsp%3B%2C%20when%20you%20run%20the%20Get-RdsSessionHost%2C%20do%20you%20see%20the%20new%20sessionhost%20and%20is%20it%26nbsp%3B%3CSTRONG%3EAvailable%3C%2FSTRONG%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-715602%22%20slang%3D%22en-US%22%3ERe%3A%20User%20can't%20login%20to%20HostPool.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715602%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340070%22%20target%3D%22_blank%22%3E%40Dav1988%3C%2FA%3E%26nbsp%3BAh!%20that%20did%20the%20trick.%20I%20used%20the%20WebUI%20tool%20to%20add%20the%20user%20but%20it%20seems%20this%20is%20not%20working%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-715603%22%20slang%3D%22en-US%22%3ERe%3A%20User%20can't%20login%20to%20HostPool.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715603%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F340070%22%20target%3D%22_blank%22%3E%40Dav1988%3C%2FA%3E%26nbsp%3BDomain%20join%20succeeded.%20Deployment%20completed%20with%20no%20errors.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2177246%22%20slang%3D%22en-US%22%3ERe%3A%20User%20can't%20login%20to%20HostPool.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2177246%22%20slang%3D%22en-US%22%3E%3CP%3E%40%20know%20this%20is%20an%20old%20thread%20but%20hopefully%20my%20finding%20may%20help%20others.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20one%20user%20who%20cant%20login%20to%20the%20session%20host%20but%20has%20logged%20into%20the%20pool.%3CBR%20%2F%3EThe%20special%20thing%20about%20this%20user%20is%20the%20only%20user%20that%20existed%20in%20the%20AAD%20before%20me.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EThe%201st%20stage%20login%20to%20the%20pool%20is%20done%20against%20Azure%20AD%20and%20works.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EThe%202nd%20stage%20is%20against%20the%20Session%20Host%20and%20is%20against%20AAD-DS%20this%20fails.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EWhen%20AAD-DS%20was%20setup%20I%20had%20to%20change%20my%20Azure%20password%20before%20my%20password%20from%20AAD%20could%20sync%20to%20AAD-DS%20as%20the%20password%20syncs%20on%20change.%3CBR%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EI%20assume%20the%20failing%20will%20need%20to%20change%20password%20in%20Azure.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EIt%20didn't%20affect%20other%20users%20as%20they%20were%20created%20in%20AAD%20after%20AAD-DS%20was%20setup%20and%20so%20their%20passwords%20are%20synced.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

A new host pool has been created and I am able to login myself but when I add one of my users to to the AppGroup so they can see the desktop icon, they login and get an error message:

6 Replies

Hi@Paul Shadwell 

 

Are you sure deployment did not fail a domain join?

 

Run below  cmdlet to add Azure Active Directory user to the default desktop app group for the host pool.

 

PowerShell

Add-RdsAppGroupUser -TenantName <tenantname> -HostPoolName <hostpoolname> -AppGroupName "Desktop Application Group" -UserPrincipalName <userupn>

 

Thank you

Dav,

 

Hi @Paul Shadwell ,

When you said that you were able to login, do you mean using WVD?

 

@Deleted , considering that the user has the icon for the AppGroup, I would think the user is correctly asigned, but the AD could indeed be an issue.

 

@Paul Shadwell , when you run the Get-RdsSessionHost, do you see the new sessionhost and is it Available?

@Deleted Ah! that did the trick. I used the WebUI tool to add the user but it seems this is not working yet.

@Deleted Domain join succeeded. Deployment completed with no errors.

@ know this is an old thread but hopefully my finding may help others.

I have one user who cant login to the session host but has logged into the pool.
The special thing about this user is the only user that existed in the AAD before me.

The 1st stage login to the pool is done against Azure AD and works.
The 2nd stage is against the Session Host and is against AAD-DS this fails. When AAD-DS was setup I had to change my Azure password before my password from AAD could sync to AAD-DS as the password syncs on change.

I assume the failing will need to change password in Azure. It didn't affect other users as they were created in AAD after AAD-DS was setup and so their passwords are synced.

You are a life saver, that really helped me with the exact same issue I have. Creating AAD DS with WVD, so the already created users weren't able to login!