Forum Discussion
CraigTownend
Nov 25, 2024Copper Contributor
Weird issue accessing netlogon
Got a bit of a weird issue here...... We have just started using AAD machines via autopilot & intune and doing testing on them accessing resources on our current onprem domain, got things sorted so ...
Ankido
Dec 02, 2024Brass Contributor
1. Check ODJ Connector Logs
On the server hosting the ODJ Connector Service:
- Open Event Viewer.
- Navigate to:
Applications and Services Logs → Microsoft → Windows → OfflineDomainJoin → Operational.
Logs in this section may reveal:
- Failed connection attempts from the clients.
- Certificate or authentication issues.
- Problems creating device accounts in Active Directory.
2. DNS-Related Errors
If AAD devices cannot resolve domain names properly, this could also be reflected in these logs, as the ODJ process relies on functioning DNS and access to domain controllers.
3. Check Netlogon Logs
Since you mentioned Netlogon issues, also review the following:
- On the server, go to Windows Logs → System.
- Filter logs by the source Netlogon.
Specific errors to look for:
- Event ID 5719: "This computer was not able to set up a secure session with a domain controller."
- Event ID 5783: "The session setup to the Windows NT or Windows 2000 Domain Controller failed."
4. Look for Communication Errors Between Intune and ODJ Connector
Since Intune manages the hybrid device domain join via the ODJ Connector, failed communication can cause problems. Check:
- ODJ Connector Certificate: Is the certificate for the service valid, and does both Intune and AD DS trust it?
- Communication: Are port 443 (for Intune) and the necessary ports for AD DS open?
Troubleshooting Tips
- Run the following command on the ODJ Connector server to check its status: Get-AutopilotDiagnosticData This can reveal issues with connectivity or certificates.
- Check if the clients are logging any related issues in their own Event Viewer under: Applications and Services Logs → Microsoft → Windows → Provisioning-Diagnostics-Provider.