Guest Vladislav GennFom Posted July 10, 2019 Posted July 10, 2019 Hi! Help me please! I used instruction for set up WHFB( on-premis on the key trust). I set up and every step of the guide and checked 10 times over. I use third-party MFA, I registrated MFA in ADFS and check. My MFA work. The client log Microsoft-Windows-HelloForBusiness/Operational errors out with: 1. The Primary Account Primary Refresh Token prerequisite check failed (Event ID 7201). 2. The device registration prerequisite check failed(Event ID 7200). 3. Windows Hello for Business prerequisites check failed. Error: 0x0(Event ID 7054). and repeat... Result comands DSREGCMD /DEBUG and DSREGCMD /STATUS: dsregcmd::wmain logging initialized. PreJoinChecks Complete. preCheckResult: DoNotJoin isPrivateKeyFound: undefined isJoined: undefined isDcAvailable: undefined isSystem: NO keyProvider: undefined keyContainer: undefined dsrInstance: undefined elapsedSeconds: 0 resultCode: 0x1 The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM. +----------------------------------------------------------------------+ | Device State | +----------------------------------------------------------------------+ AzureAdJoined : NO EnterpriseJoined : NO DomainJoined : YES DomainName : WINHELLO +----------------------------------------------------------------------+ | User State | +----------------------------------------------------------------------+ NgcSet : NO WorkplaceJoined : NO WamDefaultSet : NO +----------------------------------------------------------------------+ | SSO State | +----------------------------------------------------------------------+ AzureAdPrt : NO AzureAdPrtAuthority : NO EnterprisePrt : NO EnterprisePrtAuthority : NO +----------------------------------------------------------------------+ | Diagnostic Data | +----------------------------------------------------------------------+ Diagnostics Reference : www.microsoft.com/aadjerrors User Context : UN-ELEVATED User Client Time : 2019-07-10 11:49:29.000 UTC AD Connectivity Test : PASS AD Configuration Test : PASS DRS Discovery Test : PASS DRS Connectivity Test : PASS Token acquisition Test : FAIL [0xcaa9002c/0xcaa1000e] Correlation-id: {EE96163B-8710-42E0-8AC6-1F358EB5D6CD} Fallback to Sync-Join : ENABLED Previous Registration : 2019-07-10 11:16:58.000 UTC Registration Type : fed Error Phase : auth Client ErrorCode : 0xcaa1000e Correlation Id : {65934446-ABB9-468C-991E-DC6E78BFB692} +----------------------------------------------------------------------+ | Ngc Prerequisite Check | +----------------------------------------------------------------------+ IsDeviceJoined : NO IsUserAzureAD : NO PolicyEnabled : YES PostLogonEnabled : YES DeviceEligible : YES SessionIsNotRemote : YES CertEnrollment : none PreReqResult : WillNotProvision More... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.