Forum Discussion

Christopher Anderson's avatar
Christopher Anderson
Copper Contributor
Mar 26, 2019

Error: User is not authorized to query the management service

When following the directions below, I always run into an error related to querying the management service.   https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketpl...
Christian_Montoya's avatar
Christian_Montoya
Icon for Microsoft rankMicrosoft
Apr 10, 2019

GriffinDodd : Are you able to install the PowerShell locally and try logging in with that service principal? Also, the other requirement for the service principal is that it must be created as a "Converged app" or as "multi-tenant" because our service currently uses a 3rd party Azure AD application for authentication.

GriffinDodd's avatar
GriffinDodd
Copper Contributor
Apr 10, 2019

I created my tenant like this....

 

New-RdsTenant -Name <my tenant name> -AadTenantId <aad id> -AzureSubscriptionId <az sub id>


$myTenantGroupName = "Default Tenant Group"
$myTenantName = "<my tenant name>" #As you used in the previous step
$hostpoolname = "<my pool name>"

# create the service principal:
$aadContext = Connect-AzureAD
$svcPrincipal = New-AzureADApplication -AvailableToOtherTenants $true -DisplayName "Windows Virtual Desktop Svc Principal"
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId $svcPrincipal.ObjectId

# Don't change the URL below.
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
Set-RdsContext -TenantGroupName $myTenantGroupName
New-RdsHostPool -TenantName $myTenantName -name $hostpoolname


New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName -HostPoolName $hostpoolname

 

Resources