User cant login when UserPrincipalName is reused due to azure ad delete+add



1. Add user in azure ad and replicated to Azure AD DS getting SID X

2. Add user to app group

3. User logs in successfully (required for error to occur in step 8)

4. Remove user from app group

5. Delete user in azure ad

6. Add in azure ad and replicated to Azure AD DS getting SID Y

7. Add user to app group

8. User cant log in because he logged in with SID Y from step 6 and WWD remeber SID X from step 1


This feels like a bug in WVD. Is there some workaround that allows me to tell WVD that the old SID is no longer active? 


PS C:\Users\johan> (Get-RdsDiagnosticActivities -TenantName "not-my-tenant-name" -ActivityId masked-activity-id -Detailed).Errors

ErrorSource : RDBroker
ErrorOperation : OrchestrateSessionHost
ErrorCode : -2146233088
ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch
ErrorMessage : User SID information in the database
'X' does not match SID information returned by agent
'Y' in the orchestration reply.. This scenario is not
supported - we will not be able to redirect the user session.
ErrorInternal : False
ReportedBy : RDGateway
Time : 10/10/2019 9:06:20 AM

1 Reply

@Johan_Eriksson : This is related to this article: . Essentially, since it's a new user account, the user gets a new SID but it collides with a cached mapping we had.


We're working on a fix that will be out this month.