Original publish date: November 8, 2024
KB ID: 5048864
Note: This article documents the resolution for a known issue documented on Windows release health and Microsoft admin center.
Change date |
Description |
December 4, 2024 |
Updated Step 1 of Option 2 removing "Perform an In-place upgrade of the affected device with Windows 10, version 22H2 update (KB5045594)" and replacing it with "Install the Windows 10, version 22H2 update released on or after October 22, 2024 (KB5045594) on the affected device." |
Symptoms
A small subset of Azure Virtual Desktop customers who use multi-session hosts (AVD) and have installed Windows Updates released between July 23, 2024 (KB5040525) and October 8, 2024 (KB5044273) may experience the following issues:
-
An extended 10-to-30-minute-long hang at a black screen following user logon.
-
Office applications including Outlook and Teams experience single sign-on (SSO) failures, preventing users from connecting or synchronizing data.
Cause
This issue is caused by a deadlock in the interactions between the Azure Active Directory (AAD) broker and the underlying AppX deployment service (AppxSvc) and Background tasks infrastructure service. You are more likely to experience this issue if you are using FSLogix user profile containers on multi-session environments. FSLogix is a Microsoft tool that helps manage and speed up user profiles on computers, especially in virtual environments like remote desktops.
Windows 10 Education edition users and home users of Windows who use Home or Pro editions are unlikely to face this issue as Azure Virtual Desktop is more commonly used in enterprise environments.
Resolution
To resolve this issue, apply one of the following options if you observe the Microsoft-Windows-AppModel-State Event ID 10 in the Application Event Log with the following signature,
-
Description: Failure to load the application settings for package Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
-
Error Code: -2147024893
Option 1: Re-image the affected device
Follow these steps to create a new custom image by using the latest "Windows 10 Enterprise multi-session, Version 22H2" gallery image from the Azure Marketplace:
-
Go to the Microsoft Azure Marketplace. In the Search Marketplace search bar, type Microsoft Windows 10.
-
On the Microsoft Windows 10 page, click Get It Now.
-
Sign-in once you are prompted to enter your email address.
-
On the Create this app in Azure page, select Windows 10 Enterprise multi-session, version 22H2 from the Software plan drop-down list.
-
After selecting the image, click Create to create a new virtual machine.
-
Follow these steps on the Create a golden image in Azure page:
-
Create an image from an Azure VM to create the custom image.
-
Customize your VM and then install the October 24, 2024 Windows Update (KB5045594).
-
-
You can now reimage your affected AVD device by using the newly created custom image from Step 6.
NOTE If you want an image that includes the fix KB5045594 for this issue, you will have to wait until November 19, 2024 to reimage your device (to avoid step 6).
Option 2: Install the Windows update KB5045594 and add the user logon script
-
Install the Windows 10, version 22H2 update released on or after October 22, 2024 (KB5045594) on the affected device.
-
After the Windows update is installed, for users who do not have an existing logon script, create a new PowerShell script file (.ps1) and then add the below-mentioned PowerShell command:
Add-AppxPackage -Register -Path "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppxManifest.xml" -DisableDevelopmentMode
-
If you already have an existing logon script that uses a PowerShell script in Group Policy, you can add the PowerShell command mentioned in Step 2 to your existing PowerShell script.
-
To use this newly created logon script on Hybrid Entra ID-joined or Domain-joined AVD devices, follow Step 5 in the To assign user logon script section.
-
To use this newly created logon script on Entra ID-only joined AVD devices, follow step 5 in the To assign user logon scripts section.
-
-
If you have an existing logon script in a format other than PowerShell, such as a .bat or .cmd file, you can do the following
-
Create a new PowerShell.ps1 script file and add the PowerShell command mentioned in Step 2.
-
Next, add one of the following commands to your .bat or .cmd file for executing the script:
-
Example using a sample SYSVOL path: powershell -File "scripts\script.ps1"
-
Example using a sample local path: powershell -File "D:\scripts\script.ps1"
-
-
Additional assistance
For any additional assistance on this issue, we recommend that you submit a support request to Azure Support.
References
Description of the standard terminology that is used to describe Microsoft software updates