Re: Anyone having issues with Outlook or Teams aft... - Page 3

kanid99 · ‎02-23-2024

We are running Horizon 2303 in ESXI 7.03. Guests are Windows 10 21H2 Ent. Horizon pools instant clones with floating assignments.

We just pushed Windows security update for February (KB5034763) and after this was published, the users in these pools where it was published were having intermittent issues connecting to Outlook or Teams (MS365). If the same user logged out and back in, they would be ok, but maybe not the next day.

I used my test user to connect to 30 sessions in the pilot pool and about 1 in 3 had the issue.

It seems to be WAM is broken because if I apply DisableAADWAM Outlook will work again (but no such workaround for Teams). The only consistent fix is to rollback the update.

The reason Im posting this here is that this issue is NOT affecting our physical workstations or, as far as I can tell any persistent VMs. Only affecting our instant clone VMs. Ive seen a couple posts on Reddit about this but in each case the experience was the same, affecting Horizon instant clones but not persistent machines or Physical devices and specific to this MS KB.

JohnTwilley · ‎04-03-2024

It's almost like this isn't a big deal...

Does anyone with an Active Support case have any updates?

Or is Microsoft and VMware still pointing fingers at each other?!

Healthcare Enterprise Architect
Tampa, FL

CGat01 · ‎04-04-2024

from our own experience, it seems like Microsoft is simply pointing fingers at Vmware. its crazy.

we're going to try the task running a trace to see if it helps in our environment.

JohnTwilley · ‎04-04-2024

I'm running the trace on logon for my 4,000+ Horizon sessions and it's working fine. It's the silliest workaround I've ever done in my long career... I held up our New Teams rollout over it, and I'm hesitant to move forward.

Healthcare Enterprise Architect
Tampa, FL

bjohn · ‎04-04-2024

I'm running the new teams without any issues (with the trace workaround)

Yeah, it seems that basically MS and VMware are blaming each other.

kanid99 · ‎04-04-2024

In case anyone hadnt seen it yet, VMWare has a KB now on this issue

https://kb.vmware.com/s/article/97111?lang=en_US

Their workaround is this - but I wont be doing this myself. Our workaround seems better by comparison.

Add the registry clusters to disable Modern-Authentication for O365.

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001
"DisableAADWAM"=dword:00000001

bjohn · ‎04-04-2024

I don't think the VMware solution worked for me.

I believe you also said it didn't work for you in the reddit thread?

vShazerJr · ‎04-04-2024

VMware's solution didn't work for me. I ended up doing the trace.

kanid99 · ‎04-04-2024

I had limited luck with it - Outlook I got to work but not NEW Teams. But I didnt do the last step they recommend about clearing the UWP app from the package folder either and after I got the workaround we are using now from your post I saw no need to review their solution further.

CGat01 · ‎04-04-2024

i agree. adding the keys for the workaround didn't consistently work for us from testing.

we're going to work to implement the trace workaround soon to get some relief. 🙂

gpapacharalampo · ‎04-05-2024

We implement the workaround with "trace start" and stop on DEM and Now teams login without any issue. THANK YOU vmware community!!! I would expect MS would find a solution BUT....

JB8 · ‎04-05-2024

I can confirm this works as well. Nice to get the windows updates up-to-date

gpapacharalampo · ‎04-05-2024

Question: do we know if this issue happens to other virtual desktop solutions? Like Citrix or AVD?

Because Microsoft says its VMware issue.

cdeschepper · ‎04-08-2024

I've been fighting this for ages, and finally found this thread. Putting the trace fix in place seems to have got us up and working again. Thank you so much for your help!

DanVM99 · ‎04-11-2024

Excellent work all round with the netsh fix.

We've built upon this slightly by just creating a single DEM Logon Task calling it's associated Privilege Elevation task using the below. This restricts the written trace .etl to 1MB in size, at which point trace logging finishes due to circular logging being disabled. This removes the need to have a second set of tasks to stop the trace.

You're welcome.

netsh trace start scenario=InternetClient_dbg provider=Microsoft-Windows-TCPIP level=5 capture=yes packettruncatebytes=120 tracefile=c:\Temp\net.etl report=disabled maxSize=1 fileMode=single perf=yes correlation=disabled

bjohn · ‎04-11-2024

Good stuff.

P.S. The issue has not been fixed with the April updates.

Third month now...

JohnTwilley · ‎04-11-2024

Great work @DanVM99 !!

I may go back and modify mine to clean it up a bit. I'm always worried about a runaway NetTrace. This fixes that.

Now...When will VMware & Microsoft come up with a fix?! The ~~VMware~~ Broadcom KB article has gone silent. Microsoft Store Apps stop working in VDI after applying Microsoft Monthly Patch (KB5034763) (97111) ... Maybe we should all go click on the 'Was this Article Helpful' and let them know what we think. I know I did!

Healthcare Enterprise Architect
Tampa, FL

gpapacharalampo · ‎04-11-2024

Microsoft waits until the release of NEW teams on vdi. they say that is fixed on that. it's a bit confusing because we have an open ticket with Microsoft and they told us to ask vmware.

All

Anyone having issues with Outlook or Teams after latest Windows 10 security updates ?