Forum Discussion
Solved
Starting Wait for ODJ Blob
This is the status where I am having problems joining the device to Hybrid Autopilot domain. Not sure whether this is a connectivity issue between the laptop to the INTUNE connector? I can ping the d...
- The laptop has a connection to Endpoint Manager, gets the enrollment profile and the Intune connector is listening for Hybrid Join events. If needed, it will do an Offline Domain Join by sending the computer account blob to Endpoint Manager which sends it to the client. There is no direct connection between the laptop and Intune Connector needed,
Does the server which runs the Intune Connector have internet access to all the URLs mentioned in the deployment guide?
You can only deploy hybrid azure ad machines if they are a network on an office location with direct connection to your Domain Controller, you can't deploy machines at home. There's an exception to that rule, if you have a supported VPN client which can automatically connect to your network.. Then it also works, but the list of VPN suppliers that are supported isn't that big.
So... Can you deploy a windows 10/11 VM in your server network and try that just to see if that works? (Or a desktop/laptop at the office) Where are you testing now?
So... Can you deploy a windows 10/11 VM in your server network and try that just to see if that works? (Or a desktop/laptop at the office) Where are you testing now?
I am testing from my home not in office network. These are machines that are going to be shipped to users locations and they just take it out of the box and join.
- That's the purpose, but your client needs to complete the domain join on the machine using the blob file. And it can only do so when in line of sight of the Domain Controllers of your domain.
- Isn't the purpose of Intune Connector for Offline Domain Join to make sure that it can get the domain information and join the domain? Isn't it the reason why this Blob is being send to the device? I am kinda confused on this.
- I guess firewalling issues, but you did change a few things now for your deployment. You could try the office again? And those legacy applications... Are the client/server based? Can you create remote apps from them using RDS? Where is the fileserver data, are you moving to Teams? So many questions making Azure AD or Hybrid Azure AD join the option to choose...
- We earlier tried another laptop from our office network being inside the office, even that did not go through. So, I am going to try one more time. Well the reason being that there are legacy applications and they want to have it Hybrid AD till we decide to move to Azure AD. How that solves am not sure, I have never done Hybrid AAD, I have come from an AAD environment which was totally managed by Intune.
- Then this is not something that is going to work out for remote users. You will have to either stage them at work or don't use hybrid join.
I think I asked you that question many topics and replies ago, why do you what to hybrid join them? You can access fileservers for example with key trust and kerberos tickets from there on out