Configuration Script SMA Troubleshooting

PowerShell – Remote Desktop Cmdlets “A Remote Desktop Services deployment does not exist…”

Posted on Author stefanroth Comment(1)

PowerShellBanner

Recently while automating some cool stuff I needed to create a PowerShell workflow for deploying VDI clients using Windows Server 2012 R2 Remote Desktop Services. One of the first things I always do is checking the existing PowerShell support and I figured out there is a large number of cmdlets available for managing RDS services. So the first thoughts were, this is going to be an easy walk in the park. Well, not really…

One of the first things I wanted to know, which users are assigned to which client. The Get-RDPersonalVirtualDesktopAssignment cmdlet gives you this information by providing the connection broker and collection name…

Get-RDPersonalVirtualDesktopAssignment [-CollectionName] <String> [-ConnectionBroker <String> ]

Because I will execute the script in a PowerShell workflow from a remote machine (SMA) using WinRM, I did some tests and I used Invoke-Command to do some PowerShell Remoting just to get started. Usually we develop PowerShell workflows starting with its core part / functionality and then wrap all other stuff around it, like logging, error handling and PowerShell workflow structure.

My test command looks like this…

$ConnectionBroker = &quot;ConnectionBroker.domain.com&quot;
$VDICollection = &quot;MyVDICollection&quot;
$UserName = &quot;domain\user&quot;

Invoke-Command -ComputerName $ConnectionBroker -Credential (Get-Credential -UserName $UserName -Message &quot;Enter credentials&quot;) -ScriptBlock `
{
Import-Module RemoteDesktop;`
Get-RDPersonalVirtualDesktopAssignment -CollectionName $Using:VDICollection -ConnectionBroker $Using:ConnectionBroker
}

The specified user has administrator permission on the connection broker and VDI deployment itself, so it should be working just fine. Well, it did not and I received an error…

A Remote Desktop Services deployment does not exist on ComputerName. This operation can be performed after creating a deployment. For information about creating a deployment, run &quot;Get-Help New-RDVirtualDesktopDeployment&quot; or &quot;Get-Help New-RDSessionDeployment&quot;.
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-RDPersonalVirtualDesktopAssignment
+ PSComputerName : ComputerName

To make it short it seems that the Get-RDPersonalVirtualDesktopAssignment connects to the connection broker doing another hop, so we run here into a second hop problem. What is a ”second hop problem”? Don Jones has published a nice post here explaining the second hop. In this paper on page 39 Ravikanth Chaganti explains our problem a bit more in detail and how to handle it.

Finally to solve the problem we need to use CredSSP for passing the authentication to the second hop. In order to do that we need to use the parameter “-Authentication CredSSP” which will delegate our credential to the “second” hop. Be aware that you also need to enable CredSSP either via GPO or via PowerShell using Enable-WSManCredSSP cmdlet and then it worked like a charm.

$ConnectionBroker = &quot;ConnectionBroker.domain.com&quot;
$VDICollection = &quot;MyVDICollection&quot;
$UserName = &quot;domain\user&quot;



Invoke-Command -ComputerName $ConnectionBroker -Credential (Get-Credential -UserName $UserName -Message &quot;Enter credentials&quot;) -ScriptBlock `
{
Import-Module RemoteDesktop;`
Get-RDPersonalVirtualDesktopAssignment -CollectionName $Using:VDICollection -ConnectionBroker $Using:ConnectionBroker
} -Authentication CredSSP

I would like to thank my buddy Fulvio Ferrarini and Marc van Orsouw for helping troubleshooting this issue.

This is an old problem but it does not always present you with an “Access Denied” error or anything like that as you can see in this example. I hope it save you some time!

stefanroth
http://www.stefanroth.net

Related Articles
Configuration Management Pack Software Testing Xplat

SCOM 2012 R2 Java APM – Install Ubuntu / Tomcat (Part 1)

Posted on Author stefanroth

Few weeks ago Microsoft released a new management pack for Java Application Performance Monitoring (Java APM). You might are familiar with the .NET Application Performance Monitoring (.NET APM) and now a similar solution is available for Java applications. What is Java APM? SCOM Java Application Performance Monitoring (Java APM) allows you to get performance and […]
Configuration Recommended Troubleshooting

SCOM 2012 R2 – Operations Manager Survival Guide

Posted on Author stefanroth

Some are might not aware that there is an excellent maintained list of very useful sources for System Center Operations Manager called The System Center 2012 R2 Operations Manager Survival Guide . If you are working with SCOM this is a must have in your link list. You will find a summary of excellent blog […]
ARM Azure Configuration Development OMS Troubleshooting

ARM Template – Deployment Error “[Subscription().SubscriptionId]” The request is invalid…

Posted on Author stefanroth

Recently I authored some ARM stuff in Visual Studio and I had a need for getting the current subscription ID the template is being deployed to.  So there is a helper function you can call like this… “subscriptionId”: “[subscription().subscriptionId]” I used it in the template like this… …but as soon I tried to deploy the […]

One Reply to “PowerShell – Remote Desktop Cmdlets “A Remote Desktop Services deployment does not exist…”

  1. I’m running into this issue, but, I cannot remember the name of my Collection! So, none of these commands will work. How do I find that out?

    I think the problem was maybe I made a mistake in the way I installed my certs…?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.