Forum Discussion

evasse's avatar
evasse
Icon for Microsoft rankMicrosoft
Jun 11, 2019

Deploy a sample management UI to manage your Windows Virtual Desktop resources!

Thank you for everyone who’s begun testing Windows Virtual Desktop! Primarily, management of your Windows Virtual Desktop resources has been through PowerShell. However, now you can manage your resources with a sample UI that you can deploy in your own Azure subscription. See deploy a management tool for the steps!

  • ghonyme's avatar
    ghonyme
    Brass Contributor

    Hello, if I want another user to publish application through this portal. What should be his access?

     

    I tried to give him "Tenant creator" on the "Windows Virtual Desktop" application but it does not seem to work as my user can not see the WVD tenant.

     

    I already tried in Powershell with his user account but it does not seems to be enough access.

     

    PS C:\windows\system32> New-RdsAppGroup ***** **** **** -ResourceType "RemoteApp"

    New-RdsAppGroup : User is not authorized to query the management service. ActivityId: ***** Powershell commands to diagnose the failure: Get-RdsDiagnosticActivities -ActivityId ***** At line:1 char:1 + New-RdsAppGroup ******* ***** ***** -ResourceType "Rem ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : FromStdErr: (Microsoft.RDInf....NewRdsAppGroup:NewRdsAppGroup) [New-RdsAppGroup], RdsPow erShellException + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.RDInfra.RDPowershell.AppGroup.NewRdsAppGroup

    • michawets's avatar
      michawets
      Iron Contributor

      Hi ghonyme ,

       

      The Tenant Creator permission is only to give a user/SPN permissions to create a WVD Tenant for that specific Azure AD Tenant. It does not provide access to the WVD Tenant itself.

       

      To manage resources in the WVD Tenant, you will have to delegate permissions using these cmdlets:

      • Get-RdsRoleAssignment displays a list of role assignments.
      • New-RdsRoleAssignment creates a new role assignment.
      • Set-RdsRoleAssignment edits role assignments.

       

      More information can be found here:

      https://docs.microsoft.com/en-us/azure/virtual-desktop/delegated-access-virtual-desktop

       

      Here is an example of delegation which I use in my slides:

  • Mtollex70's avatar
    Mtollex70
    Brass Contributor

    evasse I have followed these instructions, but when i access the URL thats supposed to launch the admin portal afterwords, all i get is a page saying "Hey, app developers! Your app service is up and running".... Any ideas to why this is happening, and how to fix it?

  • sbuntun's avatar
    sbuntun
    Brass Contributor

    evasse I'm getting a "The IconPath property does not contain a well-formed RDSH file path" error when trying to publish a start menu app through this.

  • Michael_Kolm's avatar
    Michael_Kolm
    Copper Contributor

    evasse 

     

    Hello,

     

    i tried to deploy management tool, during deployment i got an error, here is error message:

     

    { "status": "Failed", "error": { "code": "ResourceDeploymentFailure", "message": "The resource operation completed with terminal provisioning state 'Failed'." } }

     

    Any idea what i am doing wrong?

     

    BR Michael

  • Michael_Kolm's avatar
    Michael_Kolm
    Copper Contributor
    Hi again, tried to redeploy template, now i get other error message Job with specified id already exists. Job id: 2561761f-7ba3-5d9d-a095-a1e506ae4460, br Michael
  • stevenzelenko's avatar
    stevenzelenko
    Brass Contributor

    evasse I have successfully deployed the UI but I cannot get user's to see the default tenant group.  I am the only one that can see the default tenant group as well as our Tenants.  I add them using the new-rdsroleassignment PS cmdlet and also made them Tenant Creators in the WVD app.  They can log in but get a screen that looks like this.

     

    • Wintech12's avatar
      Wintech12
      Copper Contributor

      @Eva Seydl 

       

      I have the same issue that none of my colleagues can see "default tenant group" from Web UI. How do we fix this issue?

       

      • stevenzelenko's avatar
        stevenzelenko
        Brass Contributor
        Actually for us, our palo firewalls we’re blocking some traffic. We had to add the URL as being exempt from the url filter.

Resources