SOLVED

User is not authorized to query the management service.

Copper Contributor

Hi All,

 

I have deployed WVD successfully and desktop is the only published app in my panel.

 

I am trying to publish more apps following below link:

https://docs.microsoft.com/en-us/azure/virtual-desktop/manage-app-groups

 

But when running

New-RdsRemoteApp <tenantname> <hostpoolname> <appgroupname> -Name <remoteappname> -AppAlias <appalias>

I get this error:

New-RdsRemoteApp :
ActivityId: 0cc5d60d-cda7-41f8-981d-e6063e549ec7
Powershell commands to diagnose the failure:
Get-RdsDiagnosticActivities -ActivityId 0cc5d60d-cda7-41f8-981d-e6063e549ec7
At line:1 char:1
+ New-RdsRemoteApp $TN $HPN $AppGN -Name Word -FilePath "C:\Program Fi ...

 

Then I enter the below code as mentioned for further troubleshooting in the error code:


PS C:\Windows\system32> Get-RdsDiagnosticActivities -ActivityId 0cc5d60d-cda7-41f8-981d-e6063e549ec7
Get-RdsDiagnosticActivities : User is not authorized to query the management service.
ActivityId: b1a17855-065d-4244-824b-39cbad8eb37d
Powershell commands to diagnose the failure:
Get-RdsDiagnosticActivities -ActivityId b1a17855-065d-4244-824b-39cbad8eb37d
At line:1 char:1
+ Get-RdsDiagnosticActivities -ActivityId 0cc5d60d-cda7-41f8-981d-e6063 ...

 

I do confirm that my user has permission in the tenant, has Tenant creator, owner and RDS owner.

I followed this article:

https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory

 

I can logon to Windows Virtual Desktop with this username and there is NOT any MFA enabled for this user.

 

Running "Get-RdsTenant" returns the Windows Virtual Desktop tenant name.

 

Windows Virtual Desktop tenant group name is "Default Tenant Group"

 

Get-RdsRoleAssignment -TenantName DRTN   ===> RoleDefinitionName : RDS Owner for the admin user

 

I don't know what else I have to check or what I am missing on my setup.

Please assist.

 

3 Replies

@Hanif1138: Please review if you have specified the tenant when querying the diagnostic activities:

https://docs.microsoft.com/en-us/powershell/module/windowsvirtualdesktop/get-rdsdiagnosticactivities

 

Here are as well some examples specified: https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service

 

 

@evasse 

 

I made the query with tenant name -failure parameter and it returned the below results, so what is the next step?  my problem is that I can't not publish new app on the panel as I explained initially, please read the issue properly. 

 

I searched in the community and unfortunately all similar questions to mine were not answered properly or solutions were not efficient, If there was a proper document in Microsoft and coherent troubleshooting steps I could have fixed this issue long ago. 

 


PS C:\Windows\system32> Get-RdsDiagnosticActivities -TenantName $TN[0] -ActivityId 590a9b6d-28d4-4c3c-bd32-d5dc54e16ca4 -Detailed -Outcome Failure


ActivityId : 590a9b6d-28d4-4c3c-bd32-d5dc54e16ca4
ActivityType : Management
StartTime : 2/22/2020 11:51:04 AM
EndTime : 2/22/2020 11:51:06 AM
UserName : admin@johnkrystaoutlook.onmicrosoft.com
RoleInstances :
Outcome : Failure
Status : Completed
Details : {[Object, /RdsManagement/V1/TenantGroups/Default%20Tenant%20Group/Tenants/DR1Tenant/HostPools/DRHoostpool/AppGroups/Desktop%20Applic
ation%20Group/RemoteApps/word], [Method, Add], [Route, RemoteApp::CreateRemoteAppAsync], [ObjectsFetched, 0]...}
LastHeartbeatTime : 2/22/2020 11:51:04 AM
Checkpoints : {}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}

best response confirmed by evasse (Microsoft)
Solution

@Hanif1138 :  To actually see the error message for the specific issue use the following cmdlet which is documented under "View error message for a failed activity in our troubleshooting guidance.

- Get-RdsDiagnosticActivities -TenantName <tenantname> -ActivityId <ActivityGuid> -Detailed | Select-Object -ExpandProperty Errors

 

When you look at the error for your activity it looks like you haven't created an app group. Here the link on how to manage app groups:

https://docs.microsoft.com/azure/virtual-desktop/manage-app-groups  

1 best response

Accepted Solutions
best response confirmed by evasse (Microsoft)
Solution

@Hanif1138 :  To actually see the error message for the specific issue use the following cmdlet which is documented under "View error message for a failed activity in our troubleshooting guidance.

- Get-RdsDiagnosticActivities -TenantName <tenantname> -ActivityId <ActivityGuid> -Detailed | Select-Object -ExpandProperty Errors

 

When you look at the error for your activity it looks like you haven't created an app group. Here the link on how to manage app groups:

https://docs.microsoft.com/azure/virtual-desktop/manage-app-groups  

View solution in original post