Applies ToWindows 10, version 22H2, all editions

Original publish date: November 8, 2024

KB ID: 5048864

Note: This article documents the resolution for a known issue documented on Windows release health and Microsoft admin center.

Change date

Description

December 4, 2024

Updated Step 1 of Option 2 removing "Perform an In-place upgrade of the affected device with Windows 10, version 22H2 update (KB5045594)" and replacing it with "Install the Windows 10, version 22H2 update released on or after October 22, 2024 (KB5045594) on the affected device."

Symptoms

A small subset of Azure Virtual Desktop customers who use multi-session hosts (AVD) and have installed Windows Updates released between July 23, 2024 (KB5040525) and October 8, 2024 (KB5044273) may experience the following issues: 

  • An extended 10-to-30-minute-long hang at a black screen following user logon.

  • Office applications including Outlook and Teams experience single sign-on (SSO) failures, preventing users from connecting or synchronizing data.

Cause

This issue is caused by a deadlock in the interactions between the Azure Active Directory (AAD) broker and the underlying AppX deployment service (AppxSvc) and Background tasks infrastructure service. You are more likely to experience this issue if you are using FSLogix user profile containers on multi-session environments. FSLogix is a Microsoft tool that helps manage and speed up user profiles on computers, especially in virtual environments like remote desktops.

Windows 10 Education edition users and home users of Windows who use Home or Pro editions are unlikely to face this issue as Azure Virtual Desktop is more commonly used in enterprise environments.

Resolution

To resolve this issue, apply one of the following options if you observe the Microsoft-Windows-AppModel-State Event ID 10 in the Application Event Log with the following signature,

  • Description: Failure to load the application settings for package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

  • Error Code: -2147024893

Option 1: Re-image the affected device

Follow these steps to create a new custom image by using the latest "Windows 10 Enterprise multi-session, Version 22H2" gallery image from the Azure Marketplace:

  1. Go to the Microsoft Azure Marketplace. In the Search Marketplace search bar, type Microsoft Windows 10.

  2. On the Microsoft Windows 10 page, click Get It Now.

  3. Sign-in once you are prompted to enter your email address.

  4. On the Create this app in Azure page, select Windows 10 Enterprise multi-session, version 22H2 from the Software plan drop-down list.

  5. After selecting the image, click Create to create a new virtual machine.

  6. Follow these steps on the Create a golden image in Azure page:

    1. Create an image from an Azure VM to create the custom image.

    2. Customize your VM and then install the October 24, 2024 Windows Update (KB5045594).

    3. Take the final snapshot.

    4. Run sysprep.

    5. Capture the VM.

  7. You can now reimage your affected AVD device by using the newly created custom image from Step 6.

​​​​​​​NOTE  If you want an image that includes the fix KB5045594 for this issue, you will have to wait until November 19, 2024 to reimage your device (to avoid step 6).

Option 2: Install the Windows update KB5045594 and add the user logon script

  1. Install the Windows 10, version 22H2 update released on or after October 22, 2024 (KB5045594) on the affected device.

  2. After the Windows update is installed, for users who do not have an existing logon script, create a new PowerShell script file (.ps1) and then add the below-mentioned PowerShell command:

    Add-AppxPackage -Register -Path "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxManifest.xml" -DisableDevelopmentMode

  3. If you already have an existing logon script that uses a PowerShell script in Group Policy, you can add the PowerShell command mentioned in Step 2 to your existing PowerShell script.

    • To use this newly created logon script on Hybrid Entra ID-joined or Domain-joined AVD devices, follow Step 5 in the To assign user logon script section.

    • To use this newly created logon script on Entra ID-only joined AVD devices, follow step 5 in the To assign user logon scripts section.

  4. ​​​​​​​If you have an existing logon script in a format other than PowerShell, such as a .bat or .cmd file, you can do the following

    1. Create a new PowerShell.ps1 script file and add the PowerShell command mentioned in Step 2.

    2. Next, add one of the following commands to your .bat or .cmd file for executing the script:

      • Example using a sample SYSVOL path: powershell -File "scripts\script.ps1"

      • ​​​​​​​Example using a sample local path: powershell -File "D:\scripts\script.ps1"

Additional assistance

For any additional assistance on this issue, we recommend that you submit a support request to Azure Support.

References

Description of the standard terminology that is used to describe Microsoft software updates

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.