Forum Discussion
After enabling co-management users get prompt
Hi, I Enabled co-management, computers registers in AAD, enrolls in Intune, it seems that everything works - intune status - co-managed. But users get prompt that there is a problem with work or s...
Thank you for taking interest.
I wasn't able to find a solution by these logs.
event ID 1097 warning : Error: 0x4AA50081 An application specific account is loading in cloud joined session. Logged at ClientCache.cpp, line: 376, method: ClientCache::LoadPrimaryAccount.
event id 1098 error : Error: 0xCAA9001A No endpoint information in discovery response.
Exception of type 'class Exception' at UserRealm.cpp, line: 292, method: UserRealm::ParseResponse.
Log: 0xcaa1007d Failed to acquire token by integrated Windows authentication.
Logged at AggregatedTokenRequest.cpp, line: 182, method: AggregatedTokenRequest::UseWindowsIntegratedAuth.
event id 1098 error: Error: 0xCAA9001A No endpoint information in discovery response.
Exception of type 'class Exception' at UserRealm.cpp, line: 292, method: UserRealm::ParseResponse.
Log: 0xcaa10082 Failed to acquire new token.
Logged at AuthorizationClient.cpp, line: 304, method: ADALRT::AuthorizationClient::AcquireNewToken.
event id 1097 warning: Error: 0x8AA5007C A suspending event for the AAD plugin was received.
Logged at WebUIControllerWebView.cpp, line: 682, method: WebUIControllerWebView::WebViewSuspensionEvents::OnSuspending.
I wasn't able to find a solution by these logs.
event ID 1097 warning : Error: 0x4AA50081 An application specific account is loading in cloud joined session. Logged at ClientCache.cpp, line: 376, method: ClientCache::LoadPrimaryAccount.
event id 1098 error : Error: 0xCAA9001A No endpoint information in discovery response.
Exception of type 'class Exception' at UserRealm.cpp, line: 292, method: UserRealm::ParseResponse.
Log: 0xcaa1007d Failed to acquire token by integrated Windows authentication.
Logged at AggregatedTokenRequest.cpp, line: 182, method: AggregatedTokenRequest::UseWindowsIntegratedAuth.
event id 1098 error: Error: 0xCAA9001A No endpoint information in discovery response.
Exception of type 'class Exception' at UserRealm.cpp, line: 292, method: UserRealm::ParseResponse.
Log: 0xcaa10082 Failed to acquire new token.
Logged at AuthorizationClient.cpp, line: 304, method: ADALRT::AuthorizationClient::AcquireNewToken.
event id 1097 warning: Error: 0x8AA5007C A suspending event for the AAD plugin was received.
Logged at WebUIControllerWebView.cpp, line: 682, method: WebUIControllerWebView::WebViewSuspensionEvents::OnSuspending.
Just wondering but at the point in time when the devices get that policy , how does the dsregcmd /status /verbose looks like
- Output of C:\WINDOWS\system32>dsregcmd /status /verbose command. Some info was replaced with word hidden.
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
DomainName : hidden
Device Name : hidden
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : hidden
Thumbprint : hidden
DeviceCertificateValidity : [ 2022-08-22 07:20:55.000 UTC -- 2032-08-22 07:50:55.000 UTC ]
KeyContainerId : hidden
KeyProvider : Microsoft Platform Crypto Provider
TpmProtected : YES
DeviceAuthStatus : SUCCESS
+----------------------------------------------------------------------+
| Tenant Details |
+----------------------------------------------------------------------+
TenantName :
TenantId : hidden
Idp : login.windows.net
AuthCodeUrl : https://login.microsoftonline.com/hidden/oauth2/authorize
AccessTokenUrl : https://login.microsoftonline.com/hidden/oauth2/token
MdmUrl : https://enrollment.manage.microsoft.com/EnrollmentServer/Discovery.svc
MdmTouUrl :
MdmComplianceUrl :
SettingsUrl :
JoinSrvVersion : 2.0
JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
KeySrvVersion : 1.0
KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
WebAuthNSrvVersion : 1.0
WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/hidden/
WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
DeviceManagementSrvVer : 1.0
DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/hidden/
DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : ERROR
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority :
EnterprisePrt : NO
EnterprisePrtAuthority :
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : hidden\hidden, hidden@hidden
KeySignTest : PASSED
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : NO
SessionIsNotRemote : NO
CertEnrollment : none
PreReqResult : WillNotProvision- When user logins and policy is applied in dsregcmd output one line is changed
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
DeviceEligible : YESAlso looking at the error you posted earlier:
MDM enrollment error 0xcaa9001f for co-managed Windows devices - Intune | Microsoft Learn
It almost looks like the one above
- MdmTouUrl :
MdmComplianceUrl :
Are those url configured in the mdm scope configuration in Intune?.. are those filled in on working/enrolled devices