@Diwiton, I'm getting the same error. I was thinking if it was caused by lack of "administrative access" on the created host pool, or Set-TargetResource is casuing a conflict

@Diwiton, I've added "domain computers" to my AD Account. It works now when i tried it for the 2nd time.

Not sure it this was the fix, or it was just an intermittent error the 1st time around.

@Diwiton, I've also added Windows Virtual Desktop tenant name as xxxxxxxxx.onmicrosoft.com for the 2nd time attempt.

@chunsiongtan, I do not follow exactly. I cant see how I can add ".onmicrosoft.com" to my WVD Tenant Name. My WVD Tenant name is "Diwitest Virtual Desktop".

Im also using Azure AD Domain Services in my test setup and Im not sure how to assign the "Domain Computers" group to my admin account.

My bad, I meant something like this.
Existing tenant group name: "Default tenant group"
Existing Tenant Name: xxxxxx.onmicrosoft.com <--- this is based on my Azure Active Directory Name.

Let me try to run the template again without the "domain computers" group

By the way @Diwiton, I'm using AD DS on VM.
I've checked the requirement,
The Azure virtual machines you create for Windows Virtual Desktop must be:
Standard domain-joined or Hybrid AD-joined. Virtual machines can't be Azure AD-joined. <--- that might be the issue

https://docs.microsoft.com/en-us/azure/virtual-desktop/overview#requirements

No I do not mean Azure AD joined. The session hosts VM's will be joined to Azure AD Domain Services, Microsofts hosted ADDS.

Of course ADDS on VM is an option, but I like the concept of Azure ADDS because you do not need to worry about updates and backup and do not need to install Azure AD Connect, its built in to the service.

It would be stupid (in my opinion) for Microsoft not to support WVD on Azure ADDS machines.

I read the link you supplied with the requirements now and it says:

"A Windows Server Active Directory in sync with Azure Active Directory. This can be enabled through:
Azure AD Connect
Azure AD Domain Services"

Azure AD Domain Services is what I run so it seems thats not the problem at least. However, in my directory I can not add user accounts (or any members at all) to the Domain Computers group.

@Diwiton Thank you for your query . We will investigate and update further.

I received this error yesterday and after investigating the dsc package I uncovered that I had not correctly following the pre-reqs of creating the tenant with powershell and also granting the proper role on the app registration.

Ok, tenant is created with PowerShell and the role TenantCreator is assignee to the service principal per the dokumentation.

Dora the user adding the CM’s to the domain need to have the TenantCreator role as well?

The user I used for domain join in my deployment did NOT have the TenantCreator role.

When WVD was first released the documentation did not have the link to create the tenant, this caused a lot of confusion and led to that DSC failure on deployment. Follow the below links:

https://docs.microsoft.com/en-us/powershell/windows-virtual-desktop/overview - install WVD PS Module
https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory - create the WVD tenant

Then you can move on to deploying the WVD marketplace offer.

I guess I spoke too soon. Even after adding the tenant, following the guide step by step, I am still getting the same DSC failure. It's joining my Active Directory domain, but still failing on the DSC with the same error.

https://i.imgur.com/K8TGL4K.png

Same issue here also. Been trying since yesterday. Not sure what else to try

So, I just had a successful deployment after ensuring that my AD Connect was synchronizing to Azure AD. Usually in my demo tenant I don't use AD Connect or have it on, but I think for this deployment to succeed - you have to have AD Connect set up and running, to sync the AD DS users to Azure AD. Once doing this, and specifying the UPN of the synchronized AD DS Users ([email protected]) during the deployment (Page 1 of WVD Deployment) this worked. I think since it is assigning the users you specify on page 1 to the tenant, that something is requiring that sync to be active in order to work. I'll continue to see if I can make further progress...

That could be my issue, maybe. I'm all Azure ADDS; no on-premises AD.

I also had the same problem with AADDS, it kept failing on the DSCextension. Now i booted a VM with ADDS and now i got WVD to work. So it seems that AADDS is not working (yet)

Leon,

I've got to the point where I can see my Session Desktop in the WVD client, but when I click on it I get an error, 'invalid connection file'. After the deployment, did you do anything else before you were able to connect? It authenticated my UPN user/password, and pulled down the webfeed and the session desktop - but I can't launch it.

https://i.imgur.com/7fZTamq.png

@rbergertd I'm also now struggling to get the RDP connection to work. My WVD is now deployed without errors, but when i publish an RemoteApp (Calc.exe for example) i get an error message: Can't connect to the Remote Desktop Gateway Server.

@LeonJansen just out of curiosity, could you try the automatically created SessionDesktop and see if it lets you in that way? Sorry, I am just hoping I'm not alone at this point! :)

@rbergertd Nope, that also doesn't work. So we are at the same level right now ;-) I will try some stuff to get it to work. I'll send you a message when i found something.

@LeonJansen I think we may be at a stand still until Microsoft fixes things on the broker/gateway side. That's the point we're at with accessing the resource. If you navigate to the directory where the RDP file is launching from (my previous screen shot) you can 'edit' the .RDP file and look, it's going thru their Gateway at this point. If you try and double click the .RDP file from there, you'll get further errors. It's not even trying to connect before it errors out. I think at this point, this will be something Microsoft looks into. Let me know if you make any progress, I am going to call it a day. :)

https://i.imgur.com/vQo85x0.png
https://i.imgur.com/w3tPNc8.png

What is the status of your session host when queried with Get-RdsSessionHost

What’s weird is I discovered the web client works fine but still having issues with the RDP file. Continuing to look into this.

Get Outlook for iOShttps://aka.ms/o0ukef

From: tiktb8 notifications@github.com
Sent: Saturday, March 23, 2019 7:28 AM
To: MicrosoftDocs/azure-docs
Cc: Berger, Ryan; Mention
Subject: Re: [MicrosoftDocs/azure-docs] Deployment failure (#27773)

       This email originated outside of Tech Data.  Please help keep our organization and partners safe. It's up to us; think before you click.

What is the status of your session host when queried with Get-RdsSessionHost

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_MicrosoftDocs_azure-2Ddocs_issues_27773-23issuecomment-2D475861896&d=DwMCaQ&c=qk747rkER3kecdav6nsl8A&r=SPZRUkJ2cu5Q7lB-yS5fZGrUVvZyfyrKplF8Wmk95LI&m=vLFqnxZ_FUAymz-5tC17VST1VHwLlTPY4-WVUAeNgWc&s=qbbCM-UfDDlrn34e5_ETIiCHHyd4MUFT36A8CxQ5FME&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_Ar0Uf0Tk0-2DfQJTeEYpef88yiyNRJOXt1ks5vZg-2D-2DgaJpZM4cDACN&d=DwMCaQ&c=qk747rkER3kecdav6nsl8A&r=SPZRUkJ2cu5Q7lB-yS5fZGrUVvZyfyrKplF8Wmk95LI&m=vLFqnxZ_FUAymz-5tC17VST1VHwLlTPY4-WVUAeNgWc&s=5N-CCoaKe67Q1TcQjfK3o07or_PQJD8GgrPhR2K9dQc&e=.

[cid:[email protected]]

The RDS Session Host looks good.

From: tiktb8 notifications@github.com
Sent: Saturday, March 23, 2019 7:28 AM
To: MicrosoftDocs/azure-docs azure-docs@noreply.github.com
Cc: Berger, Ryan Ryan.Berger@techdata.com; Mention mention@noreply.github.com
Subject: Re: [MicrosoftDocs/azure-docs] Deployment failure (#27773)

This email originated outside of Tech Data. Please help keep our organization and partners safe. It's up to us; think before you click.

What is the status of your session host when queried with Get-RdsSessionHost

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_MicrosoftDocs_azure-2Ddocs_issues_27773-23issuecomment-2D475861896&d=DwMCaQ&c=qk747rkER3kecdav6nsl8A&r=SPZRUkJ2cu5Q7lB-yS5fZGrUVvZyfyrKplF8Wmk95LI&m=vLFqnxZ_FUAymz-5tC17VST1VHwLlTPY4-WVUAeNgWc&s=qbbCM-UfDDlrn34e5_ETIiCHHyd4MUFT36A8CxQ5FME&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_Ar0Uf0Tk0-2DfQJTeEYpef88yiyNRJOXt1ks5vZg-2D-2DgaJpZM4cDACN&d=DwMCaQ&c=qk747rkER3kecdav6nsl8A&r=SPZRUkJ2cu5Q7lB-yS5fZGrUVvZyfyrKplF8Wmk95LI&m=vLFqnxZ_FUAymz-5tC17VST1VHwLlTPY4-WVUAeNgWc&s=5N-CCoaKe67Q1TcQjfK3o07or_PQJD8GgrPhR2K9dQc&e=.

@Heidilohr Could you please review this issue ?

This is now resolved for us. The service principal I created myself was the problem. When I followed the instructions on this page it went better:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-service-principal-role-powershell

This instruction should be included or linked to in the tutorial section "Windows Virtual Desktop Preview tenant information" under point 3 here:
https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-azure-marketplace#windows-virtual-desktop-preview-tenant-information

@Diwiton ! Thx had the same scenario and issue. And agree the documentation was not in a logic order.

Did create a service principal when realizing an MFA enabled account would not work as the "WVD RDS Tenant Owner" BUT did that without setting it with the AvailableToOtherTenants=True
Changed that flag to true and all was good for me.

The information about creating service principals and role assignment came in too late , since then I already hade created the SP and didn´t noticed the parameter they did it with.

Having issues with the DSC failure. Copied the instructions on setting up the tenant in sections 1 and 4 but still having issues. Also seeing this when attempting to create the Host Pool via Powershell: New-RdsHostPool : User is not authorized to query the management service.

I am using a test Pay as you go subscription. Can anyone help point me in the right direction as to why I cannot create the Host Pool?

Also experiencing this error:

"id": "/subscriptions/01c0266d-fa91-4918-a9a5-b2a028fc8522/resourceGroups/Test_WVD/providers/Microsoft.Resources/deployments/rds.wvd-provision-host-pool-20190402141619/operations/08586473995036309862",
"operationId": "08586473995036309862",
"properties": {
  "provisioningOperation": "EvaluateDeploymentOutput",
  "provisioningState": "Failed",

Any ideas/solutions available? The registrations etc were all donw following the tutorial, the tenant group name is identical during initial setup aswell.

Try to verify that you enter the correct Application ID and Tenant Admin PW.
If you want to verify those run the following commands in PowerShell:

By running the command you will get the Password:
$svcPrincipalCreds.Value

By running the command you will get the Tenant ID:
$aadContext.TenantId.Guid

By running the command you will get the Application ID:
$svcPrincipal.AppId

I succesfully deployed a WVD, created a blogpost about it:
https://erjenrijnders.nl/2019/04/04/how-to-deploy-windows-virtual-desktop-in-azure/
Please let me know if that works for you, otherwise let me know where you struggle.

Still the same error.

"error": { "code": "VMExtensionProvisioningError", "message": "VM has reported a failure when processing extension 'dscextension'. Error message: \"DSC Configuration 'FirstSessionHost' completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: One or more errors occurred. The SendConfigurationApply function did not succeed.\"." }, "name": "redacted } } }}

Van: erjenrijnders notifications@github.com
Verzonden: donderdag 4 april 2019 11:48
Aan: MicrosoftDocs/azure-docs
CC: Joepvtilburg; Comment
Onderwerp: Re: [MicrosoftDocs/azure-docs] Deployment failure (#27773)

I succesfully deployed a WVD, created a blogpost about it:
https://erjenrijnders.nl/2019/04/04/how-to-deploy-windows-virtual-desktop-in-azure/
Please let me know if that works for you, otherwise let me know where you struggle.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/azure-docs/issues/27773#issuecomment-479829272, or mute the threadhttps://github.com/notifications/unsubscribe-auth/Au6wi149BLNsd9-pB2EeQ5g-_bWg9BYFks5vdcpRgaJpZM4cDACN.

Does your user have Owner access on the Azure Subscription?

Hey has anyone got it to work with AADDS. I seem to have the problem with AADDS, it kept failing on the DSCextension

I have folllowed the microsoft and https://erjenrijnders.nl/2019/04/04/how-to-deploy-windows-virtual-desktop-in-azure/ guide step by step and am thinking the problem is AADDS

thanks

@stavrosmitchell yes, we used AADDS (Azure AD Domain Services) and got it to work.
Have you done as I wrote in my answer?

https://github.com/MicrosoftDocs/azure-docs/issues/27773#issuecomment-476862108

I still getting the error:

VM has reported a failure when processing extension 'dscextension'. Error message: \"DSC Configuration 'FirstSessionHost' completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: User is not authorized to query the management service.\nActivityId: df42f7e3-73d9-47ec-be4a-408019d2d62f\nPowershell commands to diagnose the failure:\nGet-RdsDiagnosticActivities -ActivityId df42f7e3-73d9-47ec-be4a-408019d2d62f\n The SendConfigurationApply function did not succeed.\"."

• my user has owner access on the Azure Subscription.
• i had created the service principals
• all the follow commands worked:
  By running the command you will get the Password:
  $svcPrincipalCreds.Value

By running the command you will get the Tenant ID:
$aadContext.TenantId.Guid

By running the command you will get the Application ID:
$svcPrincipal.AppId

Can you help me, please?

@fbcarvalho Hi whatever user you are using does not have RDS Owner or RDS Contributor permissions on the WVD tenant and is not able to complete the creation of the WVD host pool

Error in IsAuthorizedAsync(Resources/Tenant/≤RPA_Tenant≥///Read) Exception=Microsoft.RDInfra.Authorization.Common.UserNotFoundException: WVD_50002: not found.
at Microsoft.RDInfra.RDBroker.Authorization.RDmiUserIdentity.IsAuthorizedImplAsync(Provider provider, Operation operation, AuthorizationRoleScope scope, CancellationToken cancellationToken)

How can I assing RDS Owner or RDS Contributor permissions to the user?

Its in the documentation New-RdsRoleAssignment -TenantName $tenant -UserPrincipalName $userName -RoleDefinitionName "RDS Contributor"

Can anyone recommend further troubleshooting steps to those still experiencing a 'dscextension’ error, even after switching from a user UPN to a service principal? I still receive the same error message as the OP:

VM has reported a failure when processing extension ‘dscextension’. Error message: DSC Configuration ‘FirstSessionHost’ completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: One or more errors occurred. The SendConfigurationApply function did not succeed.

I've tried deploying the host pool through the Azure web UI, via powershell script, and have even read through some of the scripts saved onto the WVD Host VM under C:\WindowsAzure and C:\Packages folder, nothing jumps out at me to explain why the deployment continually fails on this step.

I am deploying a single host, I run a single DC with AAD Connect as an Azure VM, and that is essentially it for my test environment.

Edit: Resolved by creating Hostpool manually using Powershell:

https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-powershell

@r-maestas : Glad your issue got resolved. We'll continue to monitor feedback to understand how to have the automated deployment mechanisms (Azure Marketplace and GitHub ARM template) can have more consistency. We also edited the order of these docs, so that should help. https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory

please-close

Closing as per author comments.