Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
Intermittent SSL Certificate Errors in AVD Sessions – Affects Both Chrome and Microsoft Edge (NET::ERR_CERT_AUTHORITY_INVALID)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 7.000000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MTD
0
Reputation points
Description of Issue:
We are encountering intermittent SSL certificate errors across our Azure Virtual Desktop (AVD) environment. Users randomly receive the following error in both Google Chrome and Microsoft Edge when attempting to access legitimate HTTPS websites such as Xero and Companies House:
“Your connection is not private”
NET::ERR_CERT_AUTHORITY_INVALID
This issue is not consistent – the same websites that load correctly one day may fail the next, without any change to system settings, policies, or connectivity. The error appears across different browsers and different AVD user sessions.
- The issue occurs in both Chrome and Microsoft Edge, confirming it’s not browser-specific.
Environment Details:
| AVD Host Pool Name | vdpool-avd-prod-cin-01 |
|---|---|
| AVD Host Pool Name | vdpool-avd-prod-cin-01 |
| Host Pool Type | Multi Pooled |
| AVD Session Host | vmavdprodcin01 |
| VM Location | Central India |
| Session Host Timezone | Set to GMT Standard Time |
| Time Zone Redirection | Enabled via Registry |
| FSLogix Profile Containers | Not yet implemented (profiles local) |
| Users Primary Locations | Pakistan, India, UK, UAE |
| Browsers Used | Primarily Google Chrome |
Troubleshooting Already Performed:
- Time Sync Configuration
- We reconfigured the AVD session host to use time.windows.com as the authoritative NTP source:
w32tm /config /manualpeerlist:"time.windows.com" /syncfromflags:manual /reliable:YES /updatew32tm /resync /force
- We reconfigured the AVD session host to use time.windows.com as the authoritative NTP source:
- Time Zone Redirection
- Set session host timezone to GMT Standard Time.
- Enabled Time Zone Redirection via registry:
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name "fEnableTimeZoneRedirection" -Value 1 - Connectivity Tests
- Verified Test-NetConnection to affected sites resolves correctly with no packet loss or TCP issues.
- DNS resolution is consistent.
- Chrome Cache Clearance
- Temporary resolution achieved by executing the following PowerShell to clear Chrome’s cache:
Stop-Process -Name chrome -Force -ErrorAction SilentlyContinueRemove-Item "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cache" -Recurse -Force -ErrorAction SilentlyContinue - Root Store:
- Certificate authorities are present in Trusted Root.
- No proxy or SSL interception in the environment.
Symptoms:
- Browser displays NET::ERR_CERT_AUTHORITY_INVALID
- Inconsistent appearance (sometimes resolves on its own)
- Affects both Chrome and Edge
- Only within AVD sessions (not on users’ local physical machines)
- Disrupts access to critical platforms like Xero and government sites
Important: We’ve ruled out the website itself as the root cause — these domains are valid, publicly trusted sites with properly configured SSL certificates. Other devices on non-AVD networks load the same sites without issue.
Could we please kindly request support on this issue.
Azure Virtual Desktop
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 64%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Durga Reshma Malthi 9,840 Reputation points Microsoft External Staff Moderator2025-08-06T10:37:51.8066667+00:00 Hi MTD
Could you please check below things:
- Ensure that the root and intermediate certificates for the Certificate Authorities (CAs) that issued the SSL certificates for the websites are present in the Trusted Root Certification Authorities store on the AVD session hosts.
- Check if there are any Group Policy settings that might be affecting the certificate trust.
- Verify that the AVD session hosts are fully updated with the latest Windows updates and patches. Sometimes, outdated systems can have issues with SSL/TLS.
- Since you mentioned that clearing the Chrome cache temporarily resolves the issue, consider checking for any browser extensions or settings that might be interfering with SSL connections. Ensure that both Chrome and Edge are updated to their latest versions.
Hope this helps!
Please Let me know if you have any queries.
-
MTD 0 Reputation points
2025-08-06T23:28:46.3+00:00 This is still causing an issue I have checked the below:
- Check if there are any Group Policy settings that might be affecting the certificate trust.
- Verify that the AVD session hosts are fully updated with the latest Windows updates and patches. Sometimes, outdated systems can have issues with SSL/TLS.
- Since you mentioned that clearing the Chrome cache temporarily resolves the issue, consider checking for any browser extensions or settings that might be interfering with SSL connections. Ensure that both Chrome and Edge are updated to their latest version
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 8%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
Himanshu Shekhar 160 Reputation points Microsoft External Staff Moderator2025-08-07T00:46:53.1133333+00:00 Hello MTD Could you please help on clarification questions below:
- Does the issue affect all users on the session host at the same time, or just certain users or sessions?
- Do the certificate errors happen more often right after the session host restarts, or during specific times of day?
- Are you using any custom Windows image for your AVD deployment? If yes, when was it last updated?
- Have you tested with a completely new local user profile (not domain-based) to check if the issue is profile-related?
Sign in to comment
Sign in to answer