Device registration pending during Hybrid ad autopilot
Question
Hi all,
I am doing hybrid domain join autopilot everything works until the device registration and fails on joining organization network (account setup stage). In event viewer it shows error attached files,in aad it shows registration pending and dsregcmd /status result attached. Please help
Answers ( 8 )
Great to hear that the issue is resolved.
I have not seen the experience that you explained above. But I never used OKTA. Probably this is something to do with the integration of OCTA and Azure AD authentication ?
Hi Anoop,
I am not sure either.
So as you stated it’s not the normal behavior. I will troubleshoot and update the same in the same thread once I find the root cause.
Thanks for your time and inputs.
Very detailed troubleshooting of this type of issue is highlighted in the following document
Have you already looked at this?
https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current
Thanks for prompt response.
I haven’t but will go thru now and will share findings and update if any query.
Hi Anoop,
Per troubleshooting with azure ad team as we have multi domain hierarchy.. For the domain/tenant we are trying to autopilot, it doesn’t have federation service but they use OKTA for authentication. Hence, they have asked to add the device in okta so that it can authenticate and and get token.
I am waiting for their confirmation post that will test again. Though I have question here.. Like when device gets synced and get visible in azure ad, it uses device token or user token to authenticate? As I am logging in with on prem user credentials.
OKTA ..really interesting to that experience with that …. for future reference …
” it uses device token or user token to authenticate”
To authenticate with which service? I don’t have the answer, to be honest …
but I have seen it with group policy that it works only with Device authentication ..whenever I select user authentication ..it never worked
Ok thanks.
Will keep you posted about the progress and once we find the root cause.
Hi Anoop,
Device registration issue was resolved.
ROOT cause : scp configuration issue. In the event log user registration section.. It was trying to connect to wrong tenant.
I have a query though.. Post registration status in aad. On device during account setup > post joining your organization it show login screen to put aad id i.e. [email protected].
After putting the credentials it completes successfully.
So why does it happen and can we bypass Or suppress it?