Jump to content

Device Registration - Azure AD Join option missing in Win10??


Recommended Posts

Guest DMAS_Exchange
Posted

I'm having issues trying to device register a Win10 client into Azure AD using DRS through ADFS. The option seems to be removed in my version of Win10.

 

Having seen this post Azure AD Join button missing it seems like it's an easy fix, however you see here it's not there....

 

https://social.technet.microsoft.com/Forums/getfile/1006846

 

Bit of background to the issue:

 


    • Windows 10 Pro (winver: 1607 Build 14393.693)
    • Windows 10 updates fully completed
    • Windows 10 client is domain joined to a local Active Directory (please ignore the fact the image above says "join this device..." I've had the issue for a few days now and I'm testing if re-joining solves the issue.)
    • ADFS 3.0 configurations and claims rules updated to include new DRS claims rules (as per Azure article Configure DRS)
       
    • SCP is in place for Azure AD
    • Windows 7 client can device register to Azure AD Join fine and works. Running Get-MsolDevice -All presents all clients currently registered and Win7 client is there along with the federated user who registered the device. So basically, DRS config is working well from what I can see. I can also add a personal device using a federated domain account and this also registers the device into Azure AD and again you can this in the Get-MSolDevice output, so it does work.

 

E.g. https://social.technet.microsoft.com/Forums/getfile/1006861

 

  • GPO is configured on the AD OU containing the Win10 device to automatically join to Azure AD. This is working as the computers RSOP present this option as Enabled. (Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register domain joined computers as devices, and then select Edit. Then set Enable).

  • If you run dsregcmd /status in a cmd prompt you get AzureADJoined: NO and other "NO's" relating to Azure AD Join too. I've gone through the Troubleshooting DRS and FAQs articles too. Nothing is mentioned about the client itself not able to Azure Ad Join.

[*]I also have several Event logs showing that the device is trying to Azure AD Join, so the GPO is working and the scheduled task created by the GPO tries to run dsregcmd.exe, but it errors back as below:-

 

Event ID 331

 

Automatic device join pre-check tasks completed. Debug output:\r\n preCheckResult: DoNotJoin

isPrivateKeyFound: undefined

isJoined: undefined

isDcAvailable: undefined

isSystem: NO

keyProvider: undefined

keyContainer: undefined

dsrInstance: undefined

elapsedSeconds: 0

resultCode: 0x1

 

Event ID 233

 

The WinHTTP callback function failed. WINHTTP_STATUS_CALLBACK status code: 2097152. Error: Unknown Win32 Error code: 0x80072ee2

 

Event ID 201

 

The discovery operation callback failed with exit code: Unknown HResult Error code: 0x80072ee2. The server returned HTTP status: 0.

Server response was:

 

Event ID 309

 

Failed to discover the Azure AD DRS service. Exit code: Unknown HResult Error code: 0x801c0021.

 

Does anyone have ANY suggestions here?? I'm clutching at straws and feel I've been pretty comprehensive.

 

Event ID 333

 

Automatic device join pre-check tasks completed. The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM.

 

 

Does anyone have suggestions for me here? I feel I've been pretty thorough in my investigations, but I'm clutching at straws now!

 

Thanks in advance!!

 

More...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...