User cant login when UserPrincipalName is reused due to azure ad delete+add

Johan_Eriksson · ‎Oct 10 2019

Scenario:

1. Add user a@mysite.com in azure ad and replicated to Azure AD DS getting SID X

2. Add user to app group

3. User logs in successfully (required for error to occur in step 8)

4. Remove user from app group

5. Delete user a@mysite.com in azure ad

6. Add a@mysite.com in azure ad and replicated to Azure AD DS getting SID Y

7. Add user to app group

8. User cant log in because he logged in with SID Y from step 6 and WWD remeber SID X from step 1

This feels like a bug in WVD. Is there some workaround that allows me to tell WVD that the old SID is no longer active?

PS C:\Users\johan> (Get-RdsDiagnosticActivities -TenantName "not-my-tenant-name" -ActivityId masked-activity-id -Detailed).Errors

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : User a@mysite.com: SID information in the database
'X' does not match SID information returned by agent
'Y' in the orchestration reply.. This scenario is not
supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 10/10/2019 9:06:20 AM

Christian_Montoya · ‎Oct 10 2019

@Johan_Eriksson : This is related to this article: https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Announcement-Connectivity-issues-from... . Essentially, since it's a new user account, the user gets a new SID but it collides with a cached mapping we had.

We're working on a fix that will be out this month.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

User cant login when UserPrincipalName is reused due to azure ad delete+add

User cant login when UserPrincipalName is reused due to azure ad delete+add

Re: User cant login when UserPrincipalName is reused due to azure ad delete+add