Forum Discussion
Solved
Something went wrong (Hybrid Azure AD Join) Autopilot
During Hybrid Azure AD Join process as it is setting up the Windows 11 device it comes to a point where it stops and shows this screen attached.
The domain join profile is there everything is there. I know the Domain Controller is not in line of Sight. The device is being connected through Wireless network from home and trying to join the Autopilot process. It is not completing it, because it is not seeing the Domain Controller and getting the OJB file?
Add the app in blocking apps to make sure the VPN is installed (Enrollment Status Page - Microsoft Endpoint Manager admin center)
5 Replies
- Correct, without having a line of sight to the Domain Controller, it will not work. You can do it from home if you have a VPN connection, https://learn.microsoft.com/en-us/mem/autopilot/user-driven#user-driven-mode-for-hybrid-azure-ad-join-with-vpn-support / https://techcommunity.microsoft.com/t5/windows-it-pro-blog/new-for-windows-autopilot-vpn-support-and-esp-device-targeting/ba-p/1490152 . (Should be a auto-vpn without user input , always on-vpn something)
- Hi Harm,
We are trying to use CATO as the VPN, now we need to have this installed first on the device right and then it has to automatically prelogin? So do we have to do the device/user certificate to be issue for prelogin and if so should we go to the route of SCEP / NDES ?- It needs to be installed during ESP including the certificate. Don't know CATO and how that works, but if it can connect unattended like that. Yes!
But the biggest question, elephant in the room, why Hybrid join?
