question

Ice-9041 avatar image
0 Votes"
Ice-9041 asked kgahbiche commented

Unable to sign into Windows Virtual Desktop session - Error: Sign in failed. Please check your username and password and try again.

Hi All,

Goal: Setup a cloud environment that allows cloud users to be able to log into the Windows Virtual Desktop

Context:
I have signed up for the 90 day trial Azure AD Premium P2 license which also supplies the Microsoft 365 E5 Developer (without Windows and Audio Conferencing).
Also using my admin account created within the trial tenant, I have signed up for the 12month of free services with USD200 credit.

I have configured the Azure AD DS (no errors when provisioned). Kept the default domain name. I have set-up the Windows Virtual Desktop following the set-up wizard.

Issue:
I have successfully signed into my workspace using a cloud user credential via web client (https://rdweb.wvd.microsoft.com/arm/webclient). When attempting to launch the session desktop, it prompts me to re-enter my credentials in which it returns sign in error (see attached image)

Troubleshoot steps:
Updated my cloud user password after AAD DS was created
Created new cloud user
Recreated the Host pool - Multisession
126604-screenshot-2.png
If anyone could provide some assistance, it would be much appreciated.


azure-virtual-machinesazure-virtual-desktopazure-ad-domain-services
screenshot-2.png (20.7 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Ice-9041

Wanted to check few things here based on the issue description.

Firstly, have you enabled the diagnostics on the service or enabled the tracing in the browser client to identify further info?
Are you using the UPN or sAMAccountName?
Assuming cloud only identity, after the password reset I assume you have waited 15min for the password hash to sync?

Are the VMs properly joined to the AAD DS domain?
Are the users synced to AAD DS?

1 Vote 1 ·

Hi @vipullag-MSFT

The issue is now resolved as I have just re-created the VM Host pool (not sure what exactly was the problem).

To answer your questions:

Yes, I have enabled diagnostics and it didn't really provide much regarding sign in issues.

I am using the UPN to sign in

I have reset the password and waited 20 or so minutes.

VM is joined to the AAD DS domain as I checked by utilises the run commands and users are synced to AAD DS.

0 Votes 0 ·

Correction, so previously it was working and then I shutdown the VM to save spend.

2 hours later, I start up the VM and now I cannot login again. Receiving same error message as per image attached.

0 Votes 0 ·

@Ice-9041 ,
I had the same issue, and it was intermittent. After checking with Microsoft Support, here's what it should be done :

1- User should be granted Virtual Machine User Login or Virtual Machine Administrator Login role. : DONE
2- If using the web, Android, macOS, and iOS clients, you must add targetisaadjoined:i:1 as an RDP property to the host pool. : DONE
3- Per-user MFA has not been supported in AAD joined AVD, you must disable the legacy per-user multifactor authentication. THAT'S WHAT WAS MISSING

I connected to Microsof365 admin center and disabled per-user MFA (You can run a PowerShell script as well), after that, all tested users successfully connected to the VM.

You can check this post : https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#mfa-sign-in-method-required

Hope this helps you.

0 Votes 0 ·

1 Answer

Ice-9041 avatar image
1 Vote"
Ice-9041 answered

Just an update I believe this is what resolved the problem.

I had to enable the PKU2U local policy on both client and VM.

See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities for more details.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.