Forum Discussion
Solved
No logged events from ODJ connector service on Windows Server 2022
I am trying to enroll some workstations in our Intune environment via Hybrid AAD. We have the ODJ Connector installed on our Windows server, and the service is running. I have confirmed connectivit...
- Making some progress now. I don't know why it all of a sudden started working, but I did change my domain join profile back from mycompany.com to mycompany.local and that seemed to work. I was presented with the "Setting up your device for work" window and made it all the way to the Device setup - Apps section when it finally failed.
I have since removed all apps from Intune that I wanted to pre-load onto the device, with the exception of Company Portal and M365 apps. If those successfully install after the device reset is complete, then I will start adding each additional app individually until there is a failure.
Harm_Veenstra Thanks for your reply. When I launch the ODJ connector wizard on the server, it shows that it is enrolled. I am not able to sign in since that step has already been performed. If I look on my Intune account online, I can see that the connector status is active from that server and healthy. Wouldn't that indicate that the outbound firewall rules are properly configured on the server?
Seems ok, but firewall logs are always useful to double check... Hybrid Join is alway somewhat complex, domain join profile is correct you said and the deployment profile too regarding assignments?
- Yeah as far as I can tell, everything is setup correctly. I did just tracert to some of those FQDN and IPs listed on that page you referenced, and I was able to reach the destinations.
With regard to the domain-join profile, I kept it as simple as possible, by not using any custom OU for joining the computers to, and keeping my name prefix to just five characters of the company name, with no special characters, spaces, etc... I've also made sure the group where the devices are is included in the assignment.
For the profile, I have it assigned to the group that all of the new workstations are placed into when we purchase them (AutoPilot). I can see all of the devices in the group and there are no exclusions.
In our MDM/MAM settings for Azure, I have chosen "Some" under User Scope and then the AutoPilot group, per Microsoft Support's recommendation.- "The device is plugged into an ethernet cable in my office and should be able to ping the DC from there. I have also tried to use the wireless LAN connection, but the result is the same. I am unable to use the Shift+F10 trick during enrollment to bring up a cmd prompt to run any PowerShell scripts, to see where the hangup is occurring."
Should be able to ping --> You verified that it is possible from both LAN / WLAN?
Shift-F10 should work, FN-Shift-F10 perhaps?- So, I have no way of knowing if the workstation can ping the DC yet, but from speaking with our Engineer, there shouldn't be any restriction on the connection preventing it from seeing the DC. I have tried all combinations of Shift+F10, or Ctrl+F10, etc... Nothing seems to bring up a CMD prompt during the enrollment process.
When we used to manually join the new workstations to the domain, we would go through the steps in the Network ID section of Windows Advanced System Properties. This requires putting in the FQDN of the domain on the network (companyname.local), and then entering the creds of a user who is authorized to add devices to it.
Because this works in the way described above, this leads me to believe that the DCs are visible to any connected device on the network. The only thing I can think of is, because I have no way to specify what the domain FQDN is on the new device during the enrollment process, the device isn't able to find the DC, but I thought that information would be provided from Azure and the Intune connector.