cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

New-RdsRoleAssignment : User is not authorized to query the management service

alexander tikhomirov
Brass Contributor

‎Apr 02 2019 01:20 AM

‎Apr 02 2019 01:20 AM

New-RdsRoleAssignment : User is not authorized to query the management service

Hello

I am trying to follow this manual to create service principal name to use it on Azure Portal in the blade of creating new single host pool 

https://docs.microsoft.com/en-us/azure/virtual-desktop/create-service-principal-role-powershell

 

All command I am executing using Global Admin.

New App Registration was created "Windows Virtual Desktop Svc Principal" but according to manual next step it is to assign RDS Owner role to this app.

 

New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName

 

After doing this I have an error:

New-RdsRoleAssignment : User is not authorized to query the management service."

 

Any ideas what I missed?

//Alexander

 

11.9K Views
0 Likes
6 Replies
Reply
6 Replies
alexander tikhomirov

‎Apr 03 2019 05:34 AM - edited ‎Apr 03 2019 05:51 AM

‎Apr 03 2019 05:34 AM - edited ‎Apr 03 2019 05:51 AM

Re: New-RdsRoleAssignment : User is not authorized to query the management service

The same error when I tried to execute using Global admin account which has Tenant
Get-RdsDiagnosticActivities

//Alexander

0 Likes
Reply
Stefan Georgiev

‎Apr 03 2019 11:24 AM

‎Apr 03 2019 11:24 AM

Re: New-RdsRoleAssignment : User is not authorized to query the management service

@alexander tikhomirov 

Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
New-RdsRoleAssignment -RoleDefinitionName "RDS Owner" -ApplicationId $svcPrincipal.AppId -TenantGroupName $myTenantGroupName -TenantName $myTenantName

 

So this fails for the service principal? What account did you use for the Add-RdsAccount prompt...

0 Likes
Reply
alexander tikhomirov

‎Apr 03 2019 08:50 PM

‎Apr 03 2019 08:50 PM

Re: New-RdsRoleAssignment : User is not authorized to query the management service

@Stefan Georgiev 

I used my Global Admin credential. And the same account when I am checking has RDS Owner role and also this account was used to create new wvd tenant.

 

//Alexander

0 Likes
Reply
best response confirmed by alexander tikhomirov (Brass Contributor)
alexander tikhomirov

‎Apr 08 2019 06:03 AM

‎Apr 08 2019 06:03 AM

Solution

Re: New-RdsRoleAssignment : User is not authorized to query the management service

was my bad, I successfully executed this command to grant permission RDS Owner to "Windows Virtual Desktop Svc Principal" I have just used wrong TenantName

//Alexander
1 Like
Reply
jmarcum

‎Jul 16 2019 06:25 AM

‎Jul 16 2019 06:25 AM

Re: New-RdsRoleAssignment : User is not authorized to query the management service

@alexander tikhomirov  You are obviously trying to follow the same guide I am trying to follow. Did you use you Azure AD tenant name here: $myTenantName = "blahblahblah.onmicrosoft.com" or did you use what was defined in this command New-RdsTenant -Name blahblahblahblahblah????

0 Likes
Reply
mntsupport

‎Aug 18 2020 07:37 AM

‎Aug 18 2020 07:37 AM

Re: New-RdsRoleAssignment : User is not authorized to query the management service

@alexander tikhomirov Where did you find your tenant name? I've been looking for WAY too long and the Get-RdsTenant and Get-RdsContext commands won't work for me.

0 Likes
Reply