Can't connect to AVD: We couldn't connect to the Azure Active Directory service ... Error code: 0x3507

Question

Environment:
MacBook Pro (Retina, 15-inch, Late 2013) - macOS 11.7.10

Remote Desktop: Version 10.9.5 (2179)

I often get this error and can't connect to Azure Virtual Desktop workspace via MacOS Remote Desktop client. I enabled verbose logging and below are the lines from the log that match the error code the UI shows via pop-up after waiting a long time trying to "configure". If I reboot the computer it seems to fix it which to me suggests something is cached. I use PKI (smart card) to login into the workspace which is registered via https://www.wvd.azure.us/.

I|2024-06-12 07:21:53.2150 -04:00|:0 {64a26e5b-2bfd-4e2d-b8ce-9da63ddd0000} <0x70000371c000> DIAGNOSTICS(INFO): IDiagnostics::Log {"Attributes":{"ActivityId":"{64a26e5b-2bfd-4e2d-b8ce-9da63ddd0000}","Component":"Client","Type":"Checkpoint","RoleInstance":"...","Timestamp":"06/12/24 11:21:53.215089","ActivityHint":"ms-wvd-ep:fbc8477b-00f0-40a8-948f-ba5a7c0aa035","ActivityType":"Connection","CheckpointName":"OnDisconnected","DisconnectCode":"0x3507","DisconnectCodeSymbolic":"SSL_ERR_AAD_NONCE_ACQUISITION_FAILURE","DisconnectMessage":"SSL: failed to acquire AAD nonce.","DisconnectOperation":"ClientRDPConnect","DisconnectSource":"Client","IsInternal":"True"}}

I|2024-06-12 07:21:53.2160 -04:00|:0 {64a26e5b-2bfd-4e2d-b8ce-9da63ddd0000} <0x70000371c000> DIAGNOSTICS(INFO): IDiagnostics::Log {"Attributes":{"ActivityId":"{64a26e5b-2bfd-4e2d-b8ce-9da63ddd0000}","Component":"Client","Type":"Final","RoleInstance":"...","Timestamp":"06/12/24 11:21:53.215089","ActivityHint":"ms-wvd-ep:fbc8477b-00f0-40a8-948f-ba5a7c0aa035","ErrorCode":"0x3507","ErrorCodeSymbolic":"SSL_ERR_AAD_NONCE_ACQUISITION_FAILURE","ErrorInternal":"True","ErrorMessage":"SSL: failed to acquire AAD nonce.","ErrorOperation":"ClientRDPConnect","ErrorSource":"Client"}}

Answer 1

Hi @Andy Arismendi

It seems like the error SSL_ERR_AAD_NONCE_ACQUISITION_FAILURE is causing the issue. This error typically occurs when there’s a failure to acquire the Azure Active Directory (AAD) nonce during the SSL handshake.

Here are a few troubleshooting steps you can try:

1. Clearing Cached Credentials: Since rebooting your machine seems to fix the issue temporarily, it might be related to cached credentials. Try clearing any cached credentials related to Azure Virtual Desktop on your machine.
   1. https://learn.microsoft.com/en-us/answers/questions/1465916/azure-virtual-desktop-web-client-login-failed-with
2. Check Conditional Access Policies: Ensure that your Conditional Access policy does not exclude multi-factor authentication requirements for the Azure Windows VM sign-in cloud application.
   1. https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-azure-ad-connections
3. Check Server Certificate Revocation: The SSL certificate's revocation might be an issue. A workaround is to turn off the “Check for server certification revocation” option in your system settings.
   1. https://techcommunity.microsoft.com/t5/azure-database-support-blog/revocation-of-the-ssl-certificate-failed-for-aad-authentication/ba-p/2278773
4. Check User Login Role: Ensure the user account was given the Virtual Machine User Login role on the VMs.
   1. https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-azure-ad-connections

If you find this response helpful and it resolves your issue, please consider marking it as “Accepted” or giving it an upvote. This will help others in the community find the solution more easily.

Answer 2

I was able to address this issue by upgrading to MacOS Monterey which allowed me to upgrade Microsoft Remote Desktop to Version 10.9.8 (2217). The issue no longer occurs so it appears the issue was addressed in later versions of the Remote Desktop software.