Today I'm going to share with you my 6 week quest in trying to setup a multi-tenant O365 client on a Win 2019 RDP Farm with 2 session hosts and one session broker and users profiles are stored in UPDs (User Profile Disks). The other issue was trying to use Teams from a machine wide install of Teams in an RDP multi session-host farm, needs to be treated differently than on a standard PC or single session-host setup.
In a normal Windows 10 desktop environment, setting up an Outlook client with a multi-tenant O365 setup is a very simple task that is easily managed through the control panel Mail option or through the Outlook add account feature.
When trying to do the same in a multi-session host RDP Farm it it doesn't work as advertised and requires manual intervention to get to work properly. You can add the second tenant to your RDP version of Outlook, but you will inevitably encounter constant password prompts for the various tenants and in some cases Outlook just fails to log on altogether and you end up with the dreaded Outlook needs password in the status bar.
While working closely with Microsoft support during this whole ordeal, we tried numerous fixes that all failed and in some cases made things worse. Things like uninstalling Office from each session host and re-installing using the proper multi users installation method as outlined here... Also, running the the Office automated tools to rectify issues here...
You can use the dsregcmd to see how your user is setup within Azure, Your Domain and other information. You can read more about the command here... Use the following syntax in a command prompt:
Nothing worked until we finally got escalated to level 2 support at Microsoft and they came up with the solution. So how do you fix it?
Before we commence the rectification procedure, ensure you have closed Outlook on the users profile. Let's start... The issue was rectified by adding 3 registry entries. The registry entries that are required are as follows:
Navigate to.... Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity
Create a new DWORD named EnableADAL and give it a value 1
Create a new DWORD named DisableAADWAM and give it a value 1
Create a new DWORD named DisableADALatopWAMOverride and give it a value 1
Alternatively, you can simply download a reg file that will insert the necessary entries for you automatically here...
Once you've applied the registry entries to the users profile, you do not have to log off or reboot the server, simply re-open Outlook and the new settings should take effect. Happy days dude! I cannot tell you how great this felt to firstly have Microsoft acknowledge the issue, but to also have it fixed.
Now onto rectifying Teams not being able to log on in a multi-session host RDP farm. The issue here is users can one day logon without issue and a few days later they can't no matter what they do. The only fix that I could find initially was to end the Teams process in Task Manager and then delete the Teams folder within the %appdata%\Microsoft folder.
What causes this is when the users logs on at a later date and the session broker gives them a different server from their original session then Teams gets all muddled up and it's impossible to log on. To fix this behaviour, simply uninstall the machine-wide Teams installation from all your session host servers.
Now just ask all your users to install Teams from the Microsoft site here... and this will install a profile based version of Teams, rather than the machine wide version. This fix was thanks to this... Microsoft forum post by YannickCLEVY-8483 and I'm eternally grateful...
If you've found this useful, you may want to sign up to our newsletter where you'll receive notices on when we post new articles and helpful "how tos". Just fill out your details below and we'll do the rest…