Get-RdsTenant : User is not authorized to query the management service.

Copper Contributor

Hello,

I have next kind of problem with WVD.

Originally we created WVD environment somewhere at the beginning of the may and we created three different host pools which still works nicely. Then at the some point our customer removed from local AD the user account which was used to create rds-tenant and after that we have been able to log in to RDS tenant, but for example command GetRdsTenant fails with error  "User is not authorized to query the management service" and we have not been able to do any changes to RDS tenant.

Please also note that it is my guess that deletion of user account which was used for provisioning of RDS Tenant is root cause of this, but from timeline perspective it was just done before we notice the problem.

Have anyone face the similar kind of situation and recovered it somehow?

Here you have list of tasks done including ActivityID:

Tasks done.
1. WVD has worked and we were able to create tenant and host pool
2. User created the host pool was deleted (Could be it has nothing to do with this)
3. After removal of user in step 2 next error always when trying to make changes to RDS tenant
    Get-RdsTenant : User is not authorized to query the management service.
    ActivityId: a6768e96-b968-4cb2-b00d-a83d30ca4625
4. Next checks done
    a. Permissions re-granted to server and client Apps
    b. Tenant creation roles assignment checked
5 Whole powershell responce to Get-RdsTenant command
    Get-RdsTenant : User is not authorized to query the management service.
    ActivityId: a6768e96-b968-4cb2-b00d-a83d30ca4625
    Powershell commands to diagnose the failure:
    Get-RdsDiagnosticActivities -ActivityId a6768e96-b968-4cb2-b00d-a83d30ca4625

    At line:1 char:1
    + Get-RdsTenant -Name "tenant Name" #!!!!Tenant Name changed from original name to "tenant Name"
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : FromStdErr: (Microsoft.RDInf...nt.GetRdsTenant:GetRdsTenant) [Get-RdsTenant], RdsPowerShellException
        + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.RDInfra.RDPowershell.Tenant.GetRdsTenant
3 Replies

@Vesseli73
AAD Sign in reports error code "65001" for application "Windows Virtual Desktop". This doesn't make sense as user is included as tenant creator for a application.

 


 

@Vesseli73 : Was that user the only person who had permission on the RDS Tenant? If so, then it may be that single-point of failure broke.

@Christian_Montoya
Thanks Cristian.
If I remember correctly, user I use now was not access to application, but tone another might had that moment, still I tested with another user also and it did't work. I tried quite many things after facing the problem, so cannot quarantee what was situation at that moment and it was somewhere at June. Do you know how could I check failure point and if possible, correct the situation?