Forum Discussion
Device has no MDM URLs when running dsregcmd status
I have a peculiar problem with some of the devices at our organization. While almost all our devices enroll without any issues a few devices still cause me some headache.
With this specific device, I've tried what's suggested from the page MS homepage
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/pending-devices
Friday the 9th I did the following.
1) Ran dsregcmd /leave
2) gpupdate /force
3) Restarted the device
4) Left the device over the weekend so that it would have time to sync with our dynamic group.
The device is still pending in Intune. However, on the positive site, the device is now discovered in Intune. It wasn't possible to look it up before.
I've added the output from the Dsregcmd /status, Line 34, 35 and 36 are the interesting ones. The different MDM urls are missing and its hard to get a more concrete idea as to why. I've been doing quite an extensive search but without much luck.
Does anyone have any idea as to why this could happen?
Thanks in advance.
C:\Windows\system32>dsregcmd /status
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
DomainName : xxxxxxx
Device Name : xxxxxxxxxxx.xxxxxx.xxxxxx.local
+----------------------------------------------------------------------+
| Device Details |
+----------------------------------------------------------------------+
DeviceId : 8d7439dd-ae7d-4a60-91cb-a5d60766bec0
Thumbprint : 83BEEA77BA908C6B58CC7F3F6557304C1D2C63FC
DeviceCertificateValidity : [ 2023-06-13 05:20:20.000 UTC -- 2033-06-13 05:50:20.000 UTC ]
KeyContainerId : 285777bf-8b36-4d4d-86a0-b559d98a0468
KeyProvider : Microsoft Platform Crypto Provider
TpmProtected : YES
DeviceAuthStatus : SUCCESS
+----------------------------------------------------------------------+
| Tenant Details |
+----------------------------------------------------------------------+
TenantName :
TenantId : 081d9cdf-aa83-4294-8634-5b8ae24063ff
Idp : login.windows.net
AuthCodeUrl : https://login.microsoftonline.com/081d9cdf-aa83-4294-8634-5b8ae24063ff/oauth2/authorize
AccessTokenUrl : https://login.microsoftonline.com/081d9cdf-aa83-4294-8634-5b8ae24063ff/oauth2/token
MdmUrl :
MdmTouUrl :
MdmComplianceUrl :
SettingsUrl :
JoinSrvVersion : 2.0
JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
KeySrvVersion : 1.0
KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
WebAuthNSrvVersion : 1.0
WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/081d9cdf-aa83-4294-8634-5b8ae24063ff/
WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
DeviceManagementSrvVer : 1.0
DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/081d9cdf-aa83-4294-8634-5b8ae24063ff/
DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : ERROR (0x80070520)
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority :
EnterprisePrt : NO
EnterprisePrtAuthority :
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
AadRecoveryEnabled : NO
Executing Account Name : xxxxxxx\xxxxxxxxxx, email address removed for privacy reasons
KeySignTest : PASSED
DisplayNameUpdated : YES
OsVersionUpdated : YES
HostNameUpdated : YES
Last HostName Update : NONE
+----------------------------------------------------------------------+
| IE Proxy Config for Current User |
+----------------------------------------------------------------------+
Auto Detect Settings : YES
Auto-Configuration URL :
Proxy Server List :
Proxy Bypass List :
+----------------------------------------------------------------------+
| WinHttp Default Proxy Config |
+----------------------------------------------------------------------+
Access Type : DIRECT
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : YES
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
For more information, please visit https://www.microsoft.com/aadjerrors
- HiddenInTheCablesCopper ContributorBump
- LuxbieCopper Contributor
Hey so I've just had this issue where the device enrolled via as device but the user enrolment never finishes. I enabled the continue anyway button in the enrolment status page and now devices are not reporting back to intune etc.
What I have just noticed is all my MDM urls have gone missing from within the intune portal, it might be the same for you. Just trying to see if I can get them back on the device now I've restored them.
PS I didnt delete them, stuff worked fine 2 days ago now its gone so fun.
- rahuljindal-MVPBronze ContributorHow are the devices being enrolled? Anything in the MDM diag log related to AAD token being applied, like user vs device?