Device registration pending during Hybrid ad autopilot

Question

Hi all,

I am doing hybrid domain join autopilot everything works until the device registration and fails on joining organization network (account setup stage). In event viewer it shows error attached files,in aad it shows registration pending and dsregcmd /status result attached. Please helpIMG 20210120 171527 - How To Manage Devices Community Forum - Welcome to the world of Device Management! This is community build by Device Management Admins for Device Management Admins❤️ Ask your questions!! We are here to help you! - Device registration pending during Hybrid ad autopilot16111427068486298622149179323500 - How To Manage Devices Community Forum - Welcome to the world of Device Management! This is community build by Device Management Admins for Device Management Admins❤️ Ask your questions!! We are here to help you! - Device registration pending during Hybrid ad autopilot

solved 0
kashif Ali 5 months 2021-01-20T11:53:01+05:30 8 Answers 90 views Beginner 0

Answers ( 8 )

  1. Great to hear that the issue is resolved.

    I have not seen the experience that you explained above. But I never used OKTA. Probably this is something to do with the integration of OCTA and Azure AD authentication ?

      1
      2021-01-29T00:09:03+05:30

      Hi Anoop,

      I am not sure either.

      So as you stated it’s not the normal behavior. I will troubleshoot and update the same in the same thread once I find the root cause.

      Thanks for your time and inputs.

  2. Very detailed troubleshooting of this type of issue is highlighted in the following document

    Have you already looked at this?

    https://docs.microsoft.com/en-us/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current

      1
      2021-01-20T12:43:57+05:30

      Thanks for prompt response.

      I haven’t but will go thru now and will share findings and update if any query.

        0
        2021-01-21T11:57:23+05:30

        Hi Anoop,

        Per troubleshooting with azure ad team as we have multi domain hierarchy.. For the domain/tenant we are trying to autopilot, it doesn’t have federation service but they use OKTA for authentication. Hence, they have asked to add the device in okta so that it can authenticate and and get token.

        I am waiting for their confirmation post that will test again. Though I have question here.. Like when device gets synced and get visible in azure ad, it uses device token or user token to authenticate? As I am logging in with on prem user credentials.

        • OKTA ..really interesting to that experience with that …. for future reference …

          ” it uses device token or user token to authenticate”

          To authenticate with which service? I don’t have the answer, to be honest …

          but I have seen it with group policy that it works only with Device authentication ..whenever I select user authentication ..it never worked

            1
            2021-01-21T13:30:09+05:30

            Ok thanks.

            Will keep you posted about the progress and once we find the root cause.

            0
            2021-01-27T18:52:00+05:30

            Hi Anoop,

            Device registration issue was resolved.

            ROOT cause : scp configuration issue. In the event log user registration section.. It was trying to connect to wrong tenant.

            I have a query though.. Post registration status in aad. On device during account setup > post joining your organization it show login screen to put aad id i.e. [email protected].
            After putting the credentials it completes successfully.

            So why does it happen and can we bypass Or suppress it?

            Best answer

Leave an answer

Sorry, you do not have a permission to answer to this question .