Azure-docs: NOT WORKING.. Add-RdsAccount -DeploymentUrl giving error on Powershell

Thanks for the question. We are currently investigating and will update you shortly.

Hi Team,
Any update on this issue. We are trying to test out this service in preview but stuck at this critical step.

Please advise.

Thanks!

@jez85 There is a similar issue opened here on Techcommunity forum. Please try the steps suggested there and let me know.

@Karishma-Tiwari-MSFT
Thanks. We have exhausted all the steps listed on the forum you mentioned but still getting the same error. Would request if you could get someone from the AD team to look into this as it seems to be an AD related error.

@ChristianMontoya Can you please share your insights on this issue? It seems like multiple customers are seeing this issue. Thanks. :)

@Jez85 : Did you also assign the TenantCreator role to the user you're attempting to login with?

@ChristianMontoya
Yes the tenant creator role has been assigned to the user for Windows Virtual Desktop application in the AD tenant.

We have followed this guide down to the word for each step until the "Add-RdsAccount" step which is returning an error. Our corporate user accounts have MFA enabled. When I run the Add-RdsAccount cmdlet in powershell, I get the interactive login and the MFA completes but right after that we get the error.

@ChristianMontoya @Karishma-Tiwari-MSFT
Any updates on this issue?
Thanks!

@ChristianMontoya Did you get a chance to take a look. The customer has replied with the information you requested. Thanks :)

@Jez85 : One more thing to confirm...is the user sourced from the Azure Active Directory you're trying to make a tenant from? Or is it a guest user (sourced from another directory)?

I am experiencing the same issue. If I could answer on behalf of the OP - yes the user with the TenantCreator permissions is from the same AAD.
I have also tried from a Global admin user, without MFA, and specified the TenantCreator Role.
The WVD powershell module installs correctly.
The error remains the same. I have tried powershell on local PC and Azure Shell. Error is the same.
We are not able to setup WVD for testing until this is resolved.

@ChristianMontoya Yes it is sourced from the same directory.

This road block error is keeping us from testing the service.

@Jez85 @zimbonz : Apologies for the delay. This is something I'm not accustomed to seeing. I'm circling back with the team to see if there are common configurations that would cause this, so I can provide more immediate resolution. If not, it is something we'll have to investigate.

I ran into this same issue, and the root of the problem was that I was trying to use pscore/PowerShell 7. As soon as I went back to PowerShell 5 and followed the instructions again, everything worked.

Per https://docs.microsoft.com/en-us/powershell/windows-virtual-desktop/overview#supported-powershell-versions

The Windows Virtual Desktop module is not built on .NET Core, so it cannot be run on macOS, Linux, Azure Cloud Shell, and wherever PowerShell Core 6.0 is supported.

I have the same issue:
PSVersion 5.1.17763.592
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.592
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

PS C:\WINDOWS\system32> Install-Module -Name Microsoft.RDInfra.RDPowerShell
PS C:\WINDOWS\system32> Import-Module -Name Microsoft.RDInfra.RDPowerShell
PS C:\WINDOWS\system32> Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
Add-RdsAccount : One or more errors occurred.
At line:1 char:1

• Add-RdsAccount -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
• ~~~~~~~~~~~~~~
  
  
  
  • CategoryInfo : NotSpecified: (:) [Add-RdsAccount], AggregateException
  
  
  • FullyQualifiedErrorId : System.AggregateException,Microsoft.RDInfra.RDPowershell.Context.AddRdsAccount
  
  

If I try a personal account I get a lot more information:
AADSTS50020: User account '[email protected]' from identity provider 'live.com' does not exist in tenant 'MS Azure Cloud' and cannot access the application 'fa4345a4-a730-4230-84a8-xxxxxxxxxxxx'(Windows Virtual Desktop Client) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

I suspect that although I'm running a trial, I need a current Microsoft 365 E3 or similar license - my Office 365 E3 is not sufficient and there is no grace period. If so a better error message would save time.

@stuholden : Definitely acknowledge better error messaging. By chance, did you already grant consent to the Windows Virtual Desktop Azure AD apps listed here: https://docs.microsoft.com/en-us/azure/virtual-desktop/tenant-setup-azure-active-directory ?

@ChristianMontoya I was getting this error as well. In the link above I noticed this "This process doesn't support Azure Active Directory B2B (guest) accounts." I was using a guest account. As soon as I switched to a member account that was a global admin with user admin privileges and a tenant creator role (same roles as the guest acct) it worked.

@stuholden can you try the suggestion that @jhankins71 suggested too? Have a user that's sourced from Azure Active Directory, even that's a new user?

Just to clarify, the AD member account I switched to was one I had just created. From my guest account that had global admin privileges, I used that to grant the same privileges to the new member account. Then I logged in with the new member account and had no problems.

I'm getting the same error, I noticed that I can run this "add-rdsaccount -DeploymentUrl …." before rolling out the host pool, then after the rollout to do the rest of the steps I'm getting this error. Now I'm stock testing the service.

@lelandvelasco : so you're saying that you were able to create a tenant in WVD? We recently published a newer edition of our PowerShell. Can you try before and after installing that?

I'm also getting this error, latest module version, PS version 5.1.14409.1005. Note: this happens before I even get the chance to sign in. Add-RdsAccount -DeploymentUrl "https:rdsbroker.wvd.microsoft.com" throws the error, not when I try to sign-in.

@lelandvelasco : Which version of PowerShell are you running? Our module requires PowerShell 5.0 or 5.1 .

@dsyorkd : The URL should be "https://rdbroker.wvd.microsoft.com".

As Powershell Core 7.0 is now in GA, more and more users will receive this error. At least, a notice should state that for now, this module requires using Powershell 5.1

Sure, it's a matter of stating PowerShell 5.1 The challenge is that we do specify to download the module where we say this matter, but we could try to highlight this more.

Sure, it's a matter of stating PowerShell 5.1 The challenge is that we do specify to download the module where we say this matter, but we could try to highlight this more.

My bad, I missed that (and you are right, this limitation is obviously the first point of the cmdlet install page).

Just ran into this issue attempting to provision WVD, using PowerShell 7.0 via snapd on Linux.

Just noticed the supported PowerShell versions notification via https://docs.microsoft.com/en-us/powershell/windows-virtual-desktop/overview#supported-powershell-versions

I agree with @tbolon that it could be made more verbose from within PowerShell, though.

@Jez85 : Did you also assign the TenantCreator role to the user you're attempting to login with?

How so i assign "TenantCreator" role it doesn't exist in my azure subscription's set of available role assignments. Its also not a role i see within the linked Azure AD environment. I'm running Get-Host | Select-Object Version -> 5.1.19041.1.

<update>
Found this link [ https://docs.microsoft.com/en-us/azure/virtual-desktop/virtual-desktop-fall-2019/tenant-setup-azure-active-directory ] that outlines how to admin consent wvd and wvd client 1st party apps and then access the wvd 1st party apps tenantCreator role assignment.
</update>

Until i can get this working my wvd host pool template deployments are going to keep failing on VM has reported a failure when processing extension 'dscextension'. Error message: "DSC Configuration 'CreateHostPoolAndRegisterSessionHost' completed with error(s).