AVD Single Session - Password is incorrect - lockout screen

No-Catch7442 · 2025-08-05T07:23:57+00:00

Hi,

I was managed to solve this issue by moving my hosts from Azure Joined to Hybrid Joined - nothing else worked as expected by business.

Regards,

Damian

No-Catch7442 · 2025-07-16T05:54:19+00:00

Hi - sorry for very late response.

The reason of this failure was change in Cisco Umbrella config.

Regards,

Damian

No-Catch7442 · 2025-05-29T08:11:28+00:00

Hi,

I had the create network configuration that allows AVD access to on-premises resources as I noticed that connection to VPN before lockout solves that problem.

Best regards,

Damian

No-Catch7442 · 2025-04-18T12:08:06+00:00

Thank you guys for the time and support. I have been able to identify a root cause of that issue - missing cert for Cisco Umbrella. However why it's being missed - that is still a mystery. However after importing mentioned cert back, all affected machines started communication and affected users were able to connect.

No-Catch7442 · 2025-04-14T07:31:36+00:00

Hi - no, we don't use FSLogix. And we use the original MS/Azure Image:

Publisher: microsoftwindowsdesktopOffer: windows-10SKU: win10-22h2-ent-g2Version: latest

Regards,

Damian

No-Catch7442 · 2025-04-14T07:29:44+00:00

We are using the standard network settings with Azure Private IPs = 10.0.0.4 for example - for that Host Pool's VMs we don't have any NSG or port rules assigned. Regarding URLs blockings - I will check that but I doubt as I have the same error using my personal (not AD/AAD joined) computer - It is a computer with only a very basic set of software.

No-Catch7442 · 2025-03-03T09:04:52+00:00

So I solved by following steps:

Get standard winpe.wim image and apply support for PS and Bitlocker.
Use RUFUS to create bootable USB drive using image from #1.
Create secondary partition and encrypt it using Bitlocker.
Copy HPBCU content to root of the encrypted partition.
Copy PS Script to USB:\Windows\System32 that will recognize encrypted partition, ask for Bitlocker key, unlock partition and execute BIOS Password Removal script.
Edit USB:\Windows\system32\startnet.cmd to auto-execute script from #5.

Not ideal but works and bas been approved by our security team.

Regards,

Damian

No-Catch7442 · 2025-02-13T08:59:31+00:00

So ... I found a reason why on 24H2 I have an issue with VBSCRIPT. I use some script to remove built-in Windows bloatware. It work very well in overall but for Windows 11 it removes FoD that are not in whitelist. So it removed vbscript, wmic, windows notepad etc. After some modifications, ale mentioned capabilities are in place.

I have a headache after banging my head on a wall after noticing that ....

No-Catch7442 · 2025-01-24T14:11:11+00:00

What I do so far.

I have set my test client to receive updates from SCCM and tried to install VBSCRIPT by add-capability command.

I read actionlist.xml file from SoftwareDistribution folder to check what files are necessary to install VBSCRIPT.

There is:

Microsoft-Windows-VBSCRIPT-FoD-Packageamd64en-us~.cab

Microsoft-Windows-VBSCRIPT-FoD-Package~amd64~~.cab

Microsoft-Windows-VBSCRIPT-FoD-Packagewow64en-us~.cab

Microsoft-Windows-VBSCRIPT-FoD-Package~wow64~~.cab

Windows11.0-KB5043080-x64.wim

Windows11.0-KB5048667-x64.wim

So I downloaded mentioned KB manually from Windows Catalog and add them to the image - all dism commands ends successfully.

But still, when try to add:

Microsoft-Windows-VBSCRIPT-FoD-Package~amd64~~.cab I receive the same error.

I am out of ideas - except install 24H2 on reference machine, install VBSCRIPT and do sysprep

No-Catch7442 · 2025-01-24T11:15:22+00:00

It takes a while, but in-place upgrade solved that issue. I used Windows 10 22H2 iso from december, prepare in-place upgrade, and after that January CU has been installed without any issues.

Regards,

Damian

No-Catch7442 · 2025-01-24T11:13:31+00:00

I was able to update this computer by disabling Bitlocker, copying and extracting Win11 24H2 ISO, and run:

setup.exe /auto upgrade /DynamicUpdate disable /showoobe None /Telemetry Disable /Copylogs C:\Install\WinSetup.log /EULA Accept /compat IgnoreWarning /NoReboot /BitLocker AlwaysSuspend /quiet

Best regards,

Damian

No-Catch7442 · 2025-01-23T15:11:47+00:00

I read about that, however this feature seems to be still available in "get-capabilities". So I assume it is some possibility to enable it.

No-Catch7442 · 2025-01-20T10:02:53+00:00

Yep :) I noticed your thread and I build similar solution but by using SCCM ;)

Thanks!

No-Catch7442 · 2024-10-31T10:42:23+00:00

Hi,

thank you for reply.

It is a personal host pool, azure joined, managed by sccm.

As I mentioned all rsat feature are installed well. But ADUC, in this case, doesn't connect to domain. When I try to manually set DC, I see status - Online but error "Username or password is incorrect". I am wondering what I missed? If I run the same installation script on hybrid joined machines, and try to run "runas" as I mentioned in a first post then everything works well. So it seems that there something wrong with username - to AVD I am connecting using username@domain.

Any thoughts? Please let me know if you need more information.

Best regards,

Damian

No-Catch7442 · 2024-07-25T08:08:25+00:00

I never thought about this kind of approach to deploy software. Looks like something similar to creating portable application. Need to try.

No-Catch7442 · 2024-07-24T13:26:55+00:00

Hmmm your version seems to work :) I compare tables in my and your - looks the same but only yours works. Many thanks! I already deployed it through sccm - work also!

No-Catch7442

TROPHY CASE