Intermittent AVD Host Pool Login issues with WhfB endpoint, SSO, Entra ID Auth & MFA via Cond. Acc.
Hi,
We have been suffering intermittent (once every few months) AVD Auth/Login issues to multiple Host Pools for multiple Users – the login gets stuck and just loops continually between the Authentication “Just a moment” screen, and then initiating/configuring/securing remote connection dialog box. It seems to just happen at random for just one of our users/admin and other users can login to the same Host Pool VM.
We have found that if we leave it for a couple of hours and try again, it will work for the user – but this is not really acceptable for an Enterprise System, so would like to get to the bottom of this.
We have pure Entra ID (only) joined Host Pool VMs, but the laptop endpoints that we connect from are Hybrid AD joined (with GPO and Intune polices). We have a conditional access policy that forces MFA if you are not accessing from a corporate network, we have Windows Hello for Business (WHfB) PIN set on the end points (setup via GPO), we have Entra ID & SSO enabled on the Host Pool properties. Users and Admins are in the respective Virtual Machine User/Admin RBAC role for the RG the Host Pool VMs are in. User/Admin is in the Desktop App Group.
The fact that it seems to sort itself out after a few hours makes me wonder if it is a AD replication / Entra ID Connect Sync issue with the WHfB PIN/Cert from AD (does this even get changed after you have set the PIN the first time though?)
Does anyone else see this or have any ideas as to what the cause is, or how to debug it?
Hi, We have been suffering intermittent (once every few months) AVD Auth/Login issues to multiple Host Pools for multiple Users – the login gets stuck and just loops continually between the Authentication “Just a moment” screen, and then initiating/configuring/securing remote connection dialog box. It seems to just happen at random for just one of our users/admin and other users can login to the same Host Pool VM. We have found that if we leave it for a couple of hours and try again, it will work for the user – but this is not really acceptable for an Enterprise System, so would like to get to the bottom of this. We have pure Entra ID (only) joined Host Pool VMs, but the laptop endpoints that we connect from are Hybrid AD joined (with GPO and Intune polices). We have a conditional access policy that forces MFA if you are not accessing from a corporate network, we have Windows Hello for Business (WHfB) PIN set on the end points (setup via GPO), we have Entra ID & SSO enabled on the Host Pool properties. Users and Admins are in the respective Virtual Machine User/Admin RBAC role for the RG the Host Pool VMs are in. User/Admin is in the Desktop App Group. The fact that it seems to sort itself out after a few hours makes me wonder if it is a AD replication / Entra ID Connect Sync issue with the WHfB PIN/Cert from AD (does this even get changed after you have set the PIN the first time though?) Does anyone else see this or have any ideas as to what the cause is, or how to debug it? Read More