Oct 17 2022 03:18 AM
Oct 17 2022 03:18 AM
I see a behavior with Remote Desktop client that once the machine inactivity timeout is passed , the remote session will be disconnection with a message " You were disconnected because your session was locked . Reconnect by launching your resource again " . The normal behavior is to lock the user's screen and ask for password instead of disconnecting the session .
any idea what is causing such behavior ?
Oct 17 2022 10:07 AM
Hi - Facing the same issue. Started facing the issue couple of days before
Oct 17 2022 10:37 AM
Do you have any conditional access applied?
If you have, check Session controls.
Oct 17 2022 12:17 PM
@KEmam I have an AVD lab setup that i'm testing with and this behaviro started for me out of the blue late last week. I have the sessions set to lock after 15 minutes, disconnect after 2 hours, and log off after 4 hours of disconneced but for some reason this started. As far as the other comment around conditional access I do require MFA after 1 hour but that only happens with the Remote Desktop App and only when connecting again after one horue is never prompts during a session.
In the end somethign has changed in the last few days as best I can tell
Oct 18 2022 01:57 AM
@mikhailf Thanks for the reply.
I have checked the CA Session control policies and nothing is coming from there. we have not enabled the session control policy.
Oct 19 2022 04:02 AM
Oct 28 2022 09:48 AM
@BernardVB we have the same issue. Whenever the screen gets locked, either after a time or manually by pressing Ctrl-Alt-End->lock. The session gets disconnected. Does anyone know how to prevent the connection from being disconnected?
Oct 30 2022 09:42 PM - edited Oct 30 2022 09:46 PM
@BernardVB I have an open case with Microsoft but I still didn't get any solution . I will keep you all posted once I get an update .
Oct 31 2022 11:13 AM
Nov 07 2022 06:31 AM
@Kobyahsi There is still no clue from Microsoft side about this behavior but here is my analysis so far for troubleshooting the issue :
The issue is related to the new Single Sign-on feature that was released in September for Azure VD by attempting to authenticate to Azure Active Directory .
If I disable that feature from host pool RDP settings , the screen locks properly and asks for Password .
The issue looks related to how the conditional access policy is configured and if the account has MFA enabled .
Although I am able to login with Single Sign-on it looks like when the screen locks the MFA part kicks in and disconnect the session instead of locking the screen and this is where I see the below error in the logs :
I am currently checking with our AD Team on how to prevent MFA on those machines to see if the issue is resolved with Machine Inactivity Time and Screen Lock .
You can try the same procedure from your side by disabling Azure AD authentication to confirm the issue and check with AD Team what policies are getting applied when you enable that feature .
I will update the thread once I have that discussion and confirm if the issue is resolved .
Nov 09 2022 10:09 AM
Nov 09 2022 11:40 PM
Nov 11 2022 01:14 AM