cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New-RdsAppGroup error

DavidMagrathSmith
Copper Contributor

‎Oct 28 2019 07:30 AM - edited ‎Oct 28 2019 07:39 AM

‎Oct 28 2019 07:30 AM - edited ‎Oct 28 2019 07:39 AM

New-RdsAppGroup error

Hi,

 

I've deployed a host pool, and have no problem logging in and installing apps.  Now I want to set up RemoteApp, but when I run:

 

New-RdsAppGroup tenantname.onmicrosoft.com Hostpoolname Appgroupname -ResourceType "RemoteApp"

 

I get this error:

 

New-RdsAppGroup : User is not authorized to query the management service.
ActivityId: 2864fdf4-7092-4584-a0f8-4fbb8dd6f49b
Powershell commands to diagnose the failure:
Get-RdsDiagnosticActivities -ActivityId 2864fdf4-7092-4584-a0f8-4fbb8dd6f49b
At line:1 char:1
+ New-RdsAppGroup tenantname.onmicrosoft.com Hostpoolname Appgroupnam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : FromStdErr: (Microsoft.RDInf....NewRdsAppGroup:NewRdsAppGroup) [New-RdsAppGroup], RdsPow
erShellException
+ FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.RDInfra.RDPowershell.AppGroup.NewRdsAppGroup

 

And running the suggested Get-RdsDiagnosticActivities returns the same error.

 

I'm running this as the global admin, who is also an RDS Owner.  Appreciate any help... thanks!

1,330 Views
0 Likes
3 Replies
Reply
3 Replies
Christian_Montoya

‎Oct 29 2019 10:56 AM

‎Oct 29 2019 10:56 AM

Re: New-RdsAppGroup error

@DavidMagrathSmith : Can you start by running "Get-RdsRoleAssignment" and specifying the tenant? Then with the tenant and host pool?

 

Also, it might just be that you left the PowerShell session open, in which case you need to log out and log back in to refresh your Azure AD token.

0 Likes
Reply
DavidMagrathSmith

‎Oct 29 2019 11:50 AM

‎Oct 29 2019 11:50 AM

Re: New-RdsAppGroup error

@Christian_Montoya Here's what I have for role assignments.  The second one (the service principal) was never used because the host pool creation on the marketplace would always fail with the same "User is not authorized to query the management service" error.  So I ended up creating the host pool with my UPN instead.

 

RoleAssignmentId : 302c9ef6-f57a-4be1-2187-08d751db72f6
Scope : /Default Tenant Group/Tenantname
TenantGroupName : Default Tenant Group
TenantName : Tenantname
DisplayName : Amy Sfakios
SignInName : amy@altaxprep.com
GroupObjectId : cb94329e-f164-446d-9108-8fab6a39f41d
AADTenantId : ca33ca83-5314-4ab0-81a8-c23a97718057
AppId : fa4345a4-a730-4230-84a8-7d9651b86739
RoleDefinitionName : RDS Owner
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : d82af3d3-4e0c-400d-f5fc-08d750e946f0
ObjectType : User
Item :

 

RoleAssignmentId : 35a5f471-3313-4797-c489-08d756666d7a
Scope : /Default Tenant Group/Tenantname/Hostpoolname
TenantGroupName : Default Tenant Group
TenantName : Tenantname
HostPoolName : Hostpoolname
DisplayName :
SignInName :
GroupObjectId : 00000000-0000-0000-0000-000000000000
AADTenantId : ca33ca83-5314-4ab0-81a8-c23a97718057
AppId : 7f1a85b3-49d1-4a06-a88c-da005bdb3b43
RoleDefinitionName : RDS Owner
RoleDefinitionId : 3b14baea-8d82-4610-f5da-08d623dd1cc4
ObjectId : 09a7de92-caf2-48ad-06bb-08d75666623e
ObjectType : ServicePrincipal
Item :

 

Maybe the problem is that the role assignment for my UPN is not scoped to the pool?

 

Thanks,

Dave

0 Likes
Reply
Christian_Montoya

‎Nov 11 2019 01:51 PM

‎Nov 11 2019 01:51 PM

Re: New-RdsAppGroup error

@DavidMagrathSmith : Did you get any further on this? Primarily, it's a little challenging to troubleshoot permissions/access without specific details. If you have official support through Azure, I'd recommend going that way and they might be able to get down to the root cause. Just a notice though: even if you have a Global Admin account, that does not automatically give you access to manage WVD.

0 Likes
Reply