Forum Discussion
Add-RdsAccount : One or more errors occurred.
Hi to all!
I'm Testing the new Windows Virtual Desktop on Azure...
I'm following this link https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory to create the service on my Azure Tenant.
When i'm tring to add the rds account to my tenant with powershell it sends me the next error:
Add-RdsAccount : One or more errors occurred.
At line:1 char:1
+ Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-RdsAccount], AggregateException
+ FullyQualifiedErrorId : System.AggregateException,Microsoft.RDInfra.RDPowershell.Context.AddRdsAccount
i was searching any similar errors on the web but there is nothing about it. I hope you may help me.
This is my psping output:
./psping.exe rdbroker.wvd.microsoft.com:443
PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
TCP connect to 52.177.206.73:443:
5 iterations (warmup 1) ping test:
Connecting to 52.177.206.73:443 (warmup): from 192.168.11.143:20539: 155.41ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20541: 168.12ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20542: 2366.36ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20543: 161.27ms
Connecting to 52.177.206.73:443: from 192.168.11.143:20544: 168.14ms
TCP connect statistics for 52.177.206.73:443:
Sent = 4, Received = 4, Lost = 0 (0% loss),
Minimum = 161.27ms, Maximum = 2366.36ms, Average = 715.97ms
Hi all,
I was observing al AAD relation between my subscriptions and this is the conclusion that solved my problem.
1. I am a Global Admin (Guest User) of a AAD where i was creating the WVD Service, like the guide says.
2. I observed that when you log-on with add-rdsaccount it takes the aadid of your account not the one that you are using to create the service, so in my case will never get that i was a Global Admin of the AAD that i was really using. I know it seems obvious but, Cause my account was member from another AAD ID.
3. So i created a new global admin user in the AAD that i used to register the WVD Service.
4. I run again the aad-rdsaccount and the command runned without problem.
So my recommendation is to see back on the aadid that you registered and verify that the account it's not only global admin so also it's should appears like a member of the AAD where you registered the WVD Enterprise Application.
Hopes it helps you Jez85
- Manuel Alejandro Peña SánchezCopper Contributor
Hi all,
I was observing al AAD relation between my subscriptions and this is the conclusion that solved my problem.
1. I am a Global Admin (Guest User) of a AAD where i was creating the WVD Service, like the guide says.
2. I observed that when you log-on with add-rdsaccount it takes the aadid of your account not the one that you are using to create the service, so in my case will never get that i was a Global Admin of the AAD that i was really using. I know it seems obvious but, Cause my account was member from another AAD ID.
3. So i created a new global admin user in the AAD that i used to register the WVD Service.
4. I run again the aad-rdsaccount and the command runned without problem.
So my recommendation is to see back on the aadid that you registered and verify that the account it's not only global admin so also it's should appears like a member of the AAD where you registered the WVD Enterprise Application.
Hopes it helps you Jez85
- Jez85Copper Contributor
- manjeetrCopper Contributor
Glad to know your problem is fixed. A quick question - is your account MFA enabled?
- Manuel Alejandro Peña SánchezCopper ContributorNo manjeetr in my case there is no MFA enable on the account i used to register the RDS.
But to do the register i guess you may do it with a MFA account and then change it to a Service Principal, like the guides says.
- mshparberCopper ContributorThanks a lot! It worked!
- Nicholas SemenkovichBrass Contributor
Just ran into this issue.
The $creds for a Service Principal expire after some time, and an expired credential will throw this vague error.
You can re-generate your Service Principal's password using:
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId "your-service-principal-id"
Use Get-AzureADApplication to find your principal's ID if you don't have it.
- Jez85Copper Contributor
We are experiencing the same issue. Microsoft's customer support can't help as this service is still in preview.
Did you manage to resolve this issue?
Thanks.
- Manuel Alejandro Peña SánchezCopper Contributor
No Jez, I came here cause Support also send me here. If i have any feed back or a solution i'll be posting it.
- evasseMicrosoftEnsure you are following the steps to described on consent and assigning the tenantcreator role. The issues you are running into are resulting from missing steps: https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory
- Manuel Alejandro Peña SánchezCopper Contributor