Home

You Need the Right to Sign in Through Remote Desktop Services

%3CLINGO-SUB%20id%3D%22lingo-sub-872005%22%20slang%3D%22en-US%22%3EYou%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-872005%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20created%20a%20Windows%20Virtual%20Desktop%20pool%20in%20Azure%20(Azure%20is%20connected%20back%20to%20our%20on-premise%20AD%20via%20a%20site-to-site%20VPN).%3C%2FP%3E%3CP%3EWhen%20I%20sign%20in%20as%20a%20domain%20admin%20I%20can%20log%20in%20fine%20to%20the%20desktop%20pool.%20When%20I%20tried%20as%20a%20standard%20user%20account%20I%20get%20this%20error%20message%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20957px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F133298i33BD1EC38B04AEE0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20already%20ran%20the%20Add-RdsAppGroupUser%20cmdlet%20in%20PowerShell.%3C%2FP%3E%3CP%3EWhen%20I%20check%20the%20Remote%20Desktop%20Users%20group%20in%20lusrmgr.msc%20on%20the%20remote%20desktop%20(we%20only%20have%20one%20in%20the%20pool%20currently%20for%20testing)%20I%20can%20see%20that%20the%20user%20account%20is%20in%20there.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20please%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907140%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907140%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F350954%22%20target%3D%22_blank%22%3E%40CyclopsHelpdesk%3C%2FA%3E%26nbsp%3B%3A%20Just%20to%20confirm%2C%20are%20you%20using%20the%20Windows%20Virtual%20Desktop%20clients%20to%20connect%20to%20the%20VM%3F%20Or%20are%20you%20trying%20to%20launch%20just%20a%20direct%20RDP%20connection%20to%20the%20VM%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-908007%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908007%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%2C%20I've%20tried%20both%20approaches%2C%20and%20also%20the%20WVD%20client%20via%20the%20web%20browser.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1000622%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1000622%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F350954%22%20target%3D%22_blank%22%3E%40CyclopsHelpdesk%3C%2FA%3E%26nbsp%3B%3A%20Can%20you%20try%20the%20troubleshooting%20steps%20indicated%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Ftroubleshoot-client-connection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Ftroubleshoot-client-connection%3C%2FA%3E%20%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESpecifically%2C%20it%20would%20be%20great%20to%20see%20which%20error%20message%20you%20get.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1001740%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1001740%22%20slang%3D%22en-US%22%3EHi%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20no%20longer%20get%20this%20error%20since%20recreating%20the%20WVD%20pool%20and%20joining%20it%20to%20Azure%20AD%20and%20not%20our%20on-premise%20AD.%3CBR%20%2F%3EWe%20also%20still%20run%3A%3CBR%20%2F%3EAdd-RdsAccount%20-DeploymentUrl%20%3CA%20href%3D%22https%3A%2F%2Frdbroker.wvd.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdbroker.wvd.microsoft.com%3C%2FA%3E%3CBR%20%2F%3EAdd-RdsAppGroupUser%20-TenantName%20'Tenant%20Name'%20-HostPoolName%20'Host%20Pool%20Name'%20-AppGroupName%20'Desktop%20Application%20Group'%20-UserPrincipalName%20user%40azureaddomain.com%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1002723%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1002723%22%20slang%3D%22en-US%22%3EWhen%20you%20say%20%22joining%20it%20to%20Azure%20AD%22%2C%20do%20you%20mean%20an%20Active%20Directory%20that%20exists%20on%20a%20virtual%20network%20in%20your%20Azure%20subscription%3F%20Or%20do%20you%20mean%20%22Azure%20AD%20Join%22%2C%20the%20Windows%2010%20feature%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1004542%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1004542%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20joining%20it%20to%20Azure%20Active%20Directory%20(bought%20through%20the%20Azure%20marketplace).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1005861%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1005861%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F350954%22%20target%3D%22_blank%22%3E%40CyclopsHelpdesk%3C%2FA%3E%26nbsp%3B%3A%20We%20do%20not%20support%20Azure%20Active%20Directory.%20If%20you're%20following%20the%20steps%20in%20the%20Azure%20Marketplace%2C%20then%20that%20would%20be%20a%20standard%20Windows%20Server%20Active%20Directory%20domain%20join.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1007710%22%20slang%3D%22en-US%22%3ERe%3A%20You%20Need%20the%20Right%20to%20Sign%20in%20Through%20Remote%20Desktop%20Services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1007710%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F305776%22%20target%3D%22_blank%22%3E%40christianmontoya%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20creating%20the%20WVD%20you%20have%20to%20join%20it%20to%20a%20domain%20-%20I%20did%20not%20use%20a%20DC%20set%20up%20manually%20in%20Azure%20or%20an%20on-premise%20DC.%20I%20used%20an%20Azure%20Active%20Directory%20from%20the%20Marketplace%20-%20all%20working%20fine%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Ftenant-setup-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-desktop%2Ftenant-setup-azure-active-directory%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
CyclopsHelpdesk
Occasional Contributor

Hi

 

We have created a Windows Virtual Desktop pool in Azure (Azure is connected back to our on-premise AD via a site-to-site VPN).

When I sign in as a domain admin I can log in fine to the desktop pool. When I tried as a standard user account I get this error message:

image.png

 

I have already ran the Add-RdsAppGroupUser cmdlet in PowerShell.

When I check the Remote Desktop Users group in lusrmgr.msc on the remote desktop (we only have one in the pool currently for testing) I can see that the user account is in there.

 

Any ideas please?

 

Thank you.

8 Replies

@CyclopsHelpdesk : Just to confirm, are you using the Windows Virtual Desktop clients to connect to the VM? Or are you trying to launch just a direct RDP connection to the VM?

Hi @christianmontoya, I've tried both approaches, and also the WVD client via the web browser.

@CyclopsHelpdesk : Can you try the troubleshooting steps indicated here: https://docs.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-client-connection ?

 

Specifically, it would be great to see which error message you get.

Hi

We no longer get this error since recreating the WVD pool and joining it to Azure AD and not our on-premise AD.
We also still run:
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com
Add-RdsAppGroupUser -TenantName 'Tenant Name' -HostPoolName 'Host Pool Name' -AppGroupName 'Desktop Application Group' -UserPrincipalName user@azureaddomain.com
When you say "joining it to Azure AD", do you mean an Active Directory that exists on a virtual network in your Azure subscription? Or do you mean "Azure AD Join", the Windows 10 feature?

Hi @christianmontoya 

 

When joining it to Azure Active Directory (bought through the Azure marketplace).

@CyclopsHelpdesk : We do not support Azure Active Directory. If you're following the steps in the Azure Marketplace, then that would be a standard Windows Server Active Directory domain join.

Hi @christianmontoya 

 

When creating the WVD you have to join it to a domain - I did not use a DC set up manually in Azure or an on-premise DC. I used an Azure Active Directory from the Marketplace - all working fine - https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies