Forum Discussion
User is not authorized to query the management service.
Hi All,
I have deployed WVD successfully and desktop is the only published app in my panel.
I am trying to publish more apps following below link:
https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups
But when running
New-RdsRemoteApp <tenantname> <hostpoolname> <appgroupname> -Name <remoteappname> -AppAlias <appalias>
I get this error:
New-RdsRemoteApp :
ActivityId: 0cc5d60d-cda7-41f8-981d-e6063e549ec7
Powershell commands to diagnose the failure:
Get-RdsDiagnosticActivities -ActivityId 0cc5d60d-cda7-41f8-981d-e6063e549ec7
At line:1 char:1
+ New-RdsRemoteApp $TN $HPN $AppGN -Name Word -FilePath "C:\Program Fi ...
Then I enter the below code as mentioned for further troubleshooting in the error code:
PS C:\Windows\system32> Get-RdsDiagnosticActivities -ActivityId 0cc5d60d-cda7-41f8-981d-e6063e549ec7
Get-RdsDiagnosticActivities : User is not authorized to query the management service.
ActivityId: b1a17855-065d-4244-824b-39cbad8eb37d
Powershell commands to diagnose the failure:
Get-RdsDiagnosticActivities -ActivityId b1a17855-065d-4244-824b-39cbad8eb37d
At line:1 char:1
+ Get-RdsDiagnosticActivities -ActivityId 0cc5d60d-cda7-41f8-981d-e6063 ...
I do confirm that my user has permission in the tenant, has Tenant creator, owner and RDS owner.
I followed this article:
https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory
I can logon to Windows Virtual Desktop with this username and there is NOT any MFA enabled for this user.
Running "Get-RdsTenant" returns the Windows Virtual Desktop tenant name.
Windows Virtual Desktop tenant group name is "Default Tenant Group"
Get-RdsRoleAssignment -TenantName DRTN ===> RoleDefinitionName : RDS Owner for the admin user
I don't know what else I have to check or what I am missing on my setup.
Please assist.
Hanif1138 : To actually see the error message for the specific issue use the following cmdlet which is documented under "View error message for a failed activity in our troubleshooting guidance.
- Get-RdsDiagnosticActivities -TenantName <tenantname> -ActivityId <ActivityGuid> -Detailed | Select-Object -ExpandProperty Errors
When you look at the error for your activity it looks like you haven't created an app group. Here the link on how to manage app groups:
https://docs.microsoft.com/azure/virtual-desktop/manage-app-groups
- evasseMicrosoft
Hanif1138: Please review if you have specified the tenant when querying the diagnostic activities:
https://docs.microsoft.com/en-us/powershell/module/windowsvirtualdesktop/get-rdsdiagnosticactivities
Here are as well some examples specified: https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service
- Hanif1138Copper Contributor
I made the query with tenant name -failure parameter and it returned the below results, so what is the next step? my problem is that I can't not publish new app on the panel as I explained initially, please read the issue properly.
I searched in the community and unfortunately all similar questions to mine were not answered properly or solutions were not efficient, If there was a proper document in Microsoft and coherent troubleshooting steps I could have fixed this issue long ago.
PS C:\Windows\system32> Get-RdsDiagnosticActivities -TenantName $TN[0] -ActivityId 590a9b6d-28d4-4c3c-bd32-d5dc54e16ca4 -Detailed -Outcome Failure
ActivityId : 590a9b6d-28d4-4c3c-bd32-d5dc54e16ca4
ActivityType : Management
StartTime : 2/22/2020 11:51:04 AM
EndTime : 2/22/2020 11:51:06 AM
UserName : admin@johnkrystaoutlook.onmicrosoft.com
RoleInstances :
Outcome : Failure
Status : Completed
Details : {[Object, /RdsManagement/V1/TenantGroups/Default%20Tenant%20Group/Tenants/DR1Tenant/HostPools/DRHoostpool/AppGroups/Desktop%20Applic
ation%20Group/RemoteApps/word], [Method, Add], [Route, RemoteApp::CreateRemoteAppAsync], [ObjectsFetched, 0]...}
LastHeartbeatTime : 2/22/2020 11:51:04 AM
Checkpoints : {}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}- evasseMicrosoft
Hanif1138 : To actually see the error message for the specific issue use the following cmdlet which is documented under "View error message for a failed activity in our troubleshooting guidance.
- Get-RdsDiagnosticActivities -TenantName <tenantname> -ActivityId <ActivityGuid> -Detailed | Select-Object -ExpandProperty Errors
When you look at the error for your activity it looks like you haven't created an app group. Here the link on how to manage app groups:
https://docs.microsoft.com/azure/virtual-desktop/manage-app-groups