Forum Discussion
Error: User is not authorized to query the management service
GriffinDodd Did you run the Add-RdsAccount command? To run using Service Principal credentials I run the command:
Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com" -ServicePrincipal -AadTenantId "[add-your-id]"
Then enter the Service Principal AppId and password.
Running get-rdscontext should then show the username as ServicePrincipal.
tilikumtim I went through the steps you provided, however my username is returned as blank,
PS C:\WINDOWS\system32> get-rdscontext
DeploymentUrl TenantGroupName UserName
------------- --------------- --------
https://rdbroker.wvd.microsoft.com Default Tenant Group
My role assignment looks like this..
RoleAssignmentId : xxxxx-xxxx-xxxx-xxxx-xxxxxxx
Scope : /Default Tenant Group/LMRVVDTENANT/LMRVpoolname
TenantGroupName : Default Tenant Group
TenantName : LMRVVDTENANT
HostPoolName : LMRVpoolname
DisplayName :
SignInName :
GroupObjectId :
AADTenantId :
AppId : xxxxx-xxxx-xxxx-xxxx-xxxxxxx
RoleDefinitionName : RDS Owner
RoleDefinitionId : xxxxx-xxxx-xxxx-xxxx-xxxxxxx
ObjectId : xxxxx-xxxx-xxxx-xxxx-xxxxxxx
ObjectType : ServicePrincipal
Item :
I inspected the Manifest for my Svc Principal and noticed on line 2 that the appRoles value was empty, is that correct? Should it read "RDS Owner" ???
Christian_Montoya Thanks I sorted that by assigning the user access but after deployment not able to access remote session and last night I shutdown the VM and today morning getting error and found no heartbeat.
- Christian_Montoya
Microsoft
chhabrag : Did you assign the user to the application group (Add-RdsAppGroupUser)? This is the action that assigns to the user and makes it visible in whichever client you use.
- christianmontoya
GriffinDodd my deployment was successful and I cannot see any deployed resources on https://rdweb.wvd.microsoft.com/webclient but I can access the WVD VM through RDP login which got deployed through WVD setup. please suggest. I used same user with Global Admin access of AD and also assigned the tenant creator permissions.
Christian_Montoya could you explain how to do this, I'm not much of a powershell ninja
- Christian_Montoya
GriffinDodd : Currently, when running service principal, the name does not come up. We are tracking this. However, it does show correctly that it is an RDS Owner (if you look at RoleDefinitionName.
- Christian_Montoya
GriffinDodd : You can remove that extra "session desktop" by finding that host pool and app group, and running "Remove-RdsAppGroupUser". You can then also remove the app group (Remove-RdsAppGroup) and host pool (Remove-RdsHostPool).
I have been able to successfully connect through the web client at
https://rdweb.wvd.microsoft.com/webclient/index.htmlalthough I still see the ghost 'session desktop' icon in my feed from previous failed deployment attempts, so I need to find a way to kill that as that doesn't work.
But progress!!!
After completely remaking my Tenant and Service Principal I was finally able to to get a successful deployment using my UPN rather than AppID and secret.
However now, I see two Session Desktops (with no icon) in my rdweb feed, double clicking either of them errors out trying to launch an rdp file at an invalid path local path on my PC. Instead of having my proper name of "xxx xxx Dodd" (my user folder) at the beginning of the path, it simply has "Dodd" so obviously it cannot find the RDP file. When I drill down to where the RDP files are stored (along with their icons) and try and manually launch them with the remote desktop app the connection also fails with the error
"The RDP file provided is invalid. Make sure the file contains the full address and is formatted properly or contact your admin for help"Also when in Office 365, launching the 'Windows Virtual Desktop' app resolves to an invalid URL after first trying to hit a session at account.activedirectory.windowsazure.com/applications/signin/xxxxxx and ends at https://mrs-prod.ame.gbl/mrs-RDInfra-prod
