Forum Discussion

Manuel Alejandro Peña Sánchez's avatar
Apr 15, 2019

Add-RdsAccount : One or more errors occurred.

Hi to all! 

 

I'm Testing the new Windows Virtual Desktop on Azure...

I'm following this link https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory to create the service on my Azure Tenant.

When i'm tring to add the rds account to my tenant with powershell it sends me the next error:

Add-RdsAccount : One or more errors occurred.

At line:1 char:1

+ Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Add-RdsAccount], AggregateException

    + FullyQualifiedErrorId : System.AggregateException,Microsoft.RDInfra.RDPowershell.Context.AddRdsAccount

 

i was searching any similar errors on the web but there is nothing about it. I hope you may help me.

 

This is my psping output:

 

./psping.exe rdbroker.wvd.microsoft.com:443

PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 52.177.206.73:443:
5 iterations (warmup 1) ping test:
Connecting to 52.177.206.73:443 (warmup): from 192.168.11.143:20539: 155.41ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20541: 168.12ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20542: 2366.36ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20543: 161.27ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20544: 168.14ms

TCP connect statistics for 52.177.206.73:443:
Sent = 4, Received = 4, Lost = 0 (0% loss),
Minimum = 161.27ms, Maximum = 2366.36ms, Average = 715.97ms

  • Jez85 

    evasse 

     

    Hi all,

     

    I was observing al AAD relation between my subscriptions and this is the conclusion that solved my problem.

     

    1. I am a Global Admin (Guest User) of a AAD where i was creating the WVD Service, like the guide says.

    2. I observed that when you log-on with add-rdsaccount it takes the aadid of your account not the one that you are using to create the service, so in my case will never get that i was a Global Admin of the AAD that i was really using. I know it seems obvious but, Cause my account was member from another AAD ID.

    3. So i created a new global admin user in the AAD that i used to register the WVD Service.

    4. I run again the aad-rdsaccount and the command runned without problem.

     

    So my recommendation is to see back on the aadid that you registered and verify that the account it's not only global admin so also it's should appears like a member of the AAD where you registered the WVD Enterprise Application.

     

    Hopes it helps you Jez85 

  • Jez85 

    evasse 

     

    Hi all,

     

    I was observing al AAD relation between my subscriptions and this is the conclusion that solved my problem.

     

    1. I am a Global Admin (Guest User) of a AAD where i was creating the WVD Service, like the guide says.

    2. I observed that when you log-on with add-rdsaccount it takes the aadid of your account not the one that you are using to create the service, so in my case will never get that i was a Global Admin of the AAD that i was really using. I know it seems obvious but, Cause my account was member from another AAD ID.

    3. So i created a new global admin user in the AAD that i used to register the WVD Service.

    4. I run again the aad-rdsaccount and the command runned without problem.

     

    So my recommendation is to see back on the aadid that you registered and verify that the account it's not only global admin so also it's should appears like a member of the AAD where you registered the WVD Enterprise Application.

     

    Hopes it helps you Jez85 

      • Manuel Alejandro Peña Sánchez's avatar
        Manuel Alejandro Peña Sánchez
        Copper Contributor
        No manjeetr in my case there is no MFA enable on the account i used to register the RDS.
        But to do the register i guess you may do it with a MFA account and then change it to a Service Principal, like the guides says.
    • mshparber's avatar
      mshparber
      Copper Contributor
      Thanks a lot! It worked!
      • Nicholas Semenkovich's avatar
        Nicholas Semenkovich
        Brass Contributor

        Just ran into this issue.

         

        The $creds for a Service Principal expire after some time, and an expired credential will throw this vague error.

         

        You can re-generate your Service Principal's password using:

        $svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId "your-service-principal-id"

         

        Use Get-AzureADApplication to find your principal's ID if you don't have it.

  • Jez85's avatar
    Jez85
    Copper Contributor

    Manuel Alejandro Peña Sánchez 

     

    We are experiencing the same issue. Microsoft's customer support can't help as this service is still in preview. 

     

    Did you manage to resolve this issue?

     

    Thanks.

Resources