Forum Discussion

AT1991's avatar
AT1991
Copper Contributor
Jan 02, 2020

Cannot Query Management Service - WVD

Hi Everyone,

Happy New Year!

Since joining a new organization, me and one of my colleagues build/maintain the azure environment we have. When I first joined I was only given Global Reader Access.

I now have the same access control as him (Owner, Contributor, User Access Admin), same AAD Roles such as Global Admin and others whilst he just has Global Admin. 

The problem I have is that I cannot manage our tenants/hostpools via powershell like he can.

Running Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"

I sometimes get errors or it will connect.

I just connected and attempted to run Get-RdsTenant for one of our tenants and got the following :

 

Get-RdsTenant : User is not authorized to query the management service.

 

Even running the same command for a tenant I created I get the same error.

We have both have MFA enabled but he has no issues whatsoever.

Can anyone share any suggestions/fixes? 

  • Hi AT1991,

     

    Your doing it with the Azure CLI or Powershell?

    Maybe this is a Problem with the Account Cache in the Powershell.

    I saw this somewhen in the past.

    Maybe reinstallation of the Modules or Azure CLI may help, and also a new AZ Login and Token Refresh. Maybe also try if the Issue is the same in your colleagues Cliwent, or if all works fine with that one.

     

    Sounds more like a Client Issue instead of a Azure Permission Issue.

     

    Kind Regards, Peter

    • AT1991's avatar
      AT1991
      Copper Contributor
      Hi Peter,

      I should have closed this, it is resolved. It was to do with a RDS Role permission 🙂

      Thanks,
      Aaron

Resources