User Profile
andrewstollery
Copper Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Error: User is not authorized to query the management service
Hi Stavros Mitchell, I'm inclined to agree now. I've finished a completely new setup: AAD Tenant AAD DS Resource Followed Erjen's excellent deployment steps for WVD Deployment fails at the /dcsextension step every time with the error "PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with the error message: User is not authorized to query the management service" I'm still not sure I understand why WVD requires a full-blown ADDS domain controller to work? Perhaps a Microsoft representative can shed some light on this? Anyway, just like you, I am not prepared to give up! :) Next step is to deploy an IaaS ADDS VM and use AAD Connect to sync up to AAD and then run the WVD setup again...watch this space!Re: Error: User is not authorized to query the management service
Hi Erjen, Yes, my friend, I created my service principles key and used that. I listened to everything you wrote, you know what you are doing so I didn't want to assume anything :). I also doubled checked the VM deployment user is Owner on the subscription and it is. I really appreciate your help with this, thank you for replying.Re: Error: User is not authorized to query the management service
Hi Erjen Rijnders, thank you for the prompt reply. Given the number of times I've run this now, I actually get 5 RoleAssigmentIds returned...oops. How do I tidy those up? Using Remove-RdsRoleAssigment I guess? I'll have a crack at that later... The last one in the list though is the correct one: I guess the only difference for me is that I am using AAD DS too, which you stated below is not supported. I'm not sure why not? I can get the VM to join the AAD DS domain. It is the DSCextension step which fails. Anyhow, I'll do some tidying up and also keep progressing with my greenfield AAD, AAD DS and WVD deployment.Re: Error: User is not authorized to query the management service
Erjen Rijnders, firstly thank you for pulling together that post and the associated PowerShell. It certainly makes the first steps for setting up WVD easier. However, my efforts in this are still failing on that last step in the Azure deployment /dscextension with the error: " PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: User is not authorized to query the management service." I'm wondering exactly what the step is doing? I've remoted on to the VM which gets created and tired trawling through the event logs but there are no more details. I have also tried using just a UPN rather than your suggestion of service principle. It is a real head scratcher! I'm going to go off and create a brand new AAD tenant and AAD DS resource just to rule out anything related to our existing corporate AAD tenant. Wish me luck :)
