Home

DSCextension failure

%3CLINGO-SUB%20id%3D%22lingo-sub-555677%22%20slang%3D%22en-US%22%3EDSCextension%20failure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-555677%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20recently%20deleted%20the%20WVD%20tenant%2C%20hostpool%2C%20and%20tenantgroup%20in%20an%20attempt%20to%20recreate%20the%20VDI%20and%20have%20the%20machine%20go%20through%20a%20new%20Intune%20enrollment.%20The%20full%20error%20log%20I%20am%20getting%20is%3A%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%3CSPAN%20class%3D%22Apple-converted-space%22%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%3C%2FSPAN%3E%22message%22%3A%20%22VM%20has%20reported%20a%20failure%20when%20processing%20extension%20'dscextension'.%20Error%20message%3A%20%5C%22DSC%20Configuration%20'FirstSessionHost'%20completed%20with%20error(s).%20Following%20are%20the%20first%20few%3A%20PowerShell%20DSC%20resource%20MSFT_ScriptResource%3CSPAN%20class%3D%22Apple-converted-space%22%3E%26nbsp%3B%20%3C%2FSPAN%3Efailed%20to%20execute%20Set-TargetResource%20functionality%20with%20error%20message%3A%20User%20is%20not%20authorized%20to%20query%20the%20management%20service.%5CnActivityId%3A%2089eda1a1-dc5a-4abc-911b-897ab1abfd22%5CnPowershell%20commands%20to%20diagnose%20the%20failure%3A%5CnGet-RdsDiagnosticActivities%20-ActivityId%2089eda1a1-dc5a-4abc-911b-897ab1abfd22%5Cn%3CSPAN%20class%3D%22Apple-converted-space%22%3E%26nbsp%3B%20%3C%2FSPAN%3EThe%20SendConfigurationApply%20function%20did%20not%20succeed.%5C%22.%22%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22p1%22%3E%26nbsp%3BI%20have%20verified%20that%20my%20user%20and%20the%20service%20principal%20have%20RDS%20Owner%20in%20the%20tenant%20group%2C%20and%20that%20my%20user%20is%20a%20TenantCreator%2C%20but%20I%20still%20get%20this%20error.%20Unsure%20what%20else%20I%20may%20have%20missed%20in%20my%20recreation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-560027%22%20slang%3D%22en-US%22%3ERe%3A%20DSCextension%20failure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-560027%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F323541%22%20target%3D%22_blank%22%3E%40dash-dj%3C%2FA%3E%26nbsp%3BI%20am%20getting%20the%20same%20issue.%20I%20am%20using%20the%20same%20script%20which%20worked%20last%20week%20and%20I%20have%20tried%20to%20redeploy%20and%20failed.%26nbsp%3B%3C%2FP%3E%3CP%3EUser%20is%20TenantCreator%20and%20MFA%20disable%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-560048%22%20slang%3D%22en-US%22%3ERe%3A%20DSCextension%20failure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-560048%22%20slang%3D%22en-US%22%3EI%20was%20actually%20able%20to%20figure%20out%20where%20my%20issue%20lied.%20The%20process%20of%20setting%20up%20the%20WVD%20does%20seem%20to%20be%20very%20process%20oriented.%20When%20I%20recreated%20it%20this%20morning%20I%20made%20sure%20that%20my%20service%20principal%20had%20RDS%20Owner%20app%20role%20before%20I%20created%20the%20host%20pool.%20That%20was%20the%20only%20change%20I%20made%20versus%20what%20I%20was%20doing%20before%20and%20I%20was%20able%20to%20get%20past%20this%20error.%3C%2FLINGO-BODY%3E
dash-dj
New Contributor

I have recently deleted the WVD tenant, hostpool, and tenantgroup in an attempt to recreate the VDI and have the machine go through a new Intune enrollment. The full error log I am getting is:

 

        "message": "VM has reported a failure when processing extension 'dscextension'. Error message: \"DSC Configuration 'FirstSessionHost' completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource  failed to execute Set-TargetResource functionality with error message: User is not authorized to query the management service.\nActivityId: 89eda1a1-dc5a-4abc-911b-897ab1abfd22\nPowershell commands to diagnose the failure:\nGet-RdsDiagnosticActivities -ActivityId 89eda1a1-dc5a-4abc-911b-897ab1abfd22\n  The SendConfigurationApply function did not succeed.\"."

 

 I have verified that my user and the service principal have RDS Owner in the tenant group, and that my user is a TenantCreator, but I still get this error. Unsure what else I may have missed in my recreation.

2 Replies

@dash-dj I am getting the same issue. I am using the same script which worked last week and I have tried to redeploy and failed. 

User is TenantCreator and MFA disable

I was actually able to figure out where my issue lied. The process of setting up the WVD does seem to be very process oriented. When I recreated it this morning I made sure that my service principal had RDS Owner app role before I created the host pool. That was the only change I made versus what I was doing before and I was able to get past this error.
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies