Forum Discussion
Solved
Cannot login to Surface Hub
We have on-prem a Surface Hub configured which was working perfeclty up to a few days ago. For some reason, it cannot login anymore to the calendar and mail account associated with it. When trying ...
- this sounds like the device has either rolled-back or system-restore/recovery has occurred, or, an AD admin has 'reset' the computer account password on the domain controller side.
effectively, the device can no longer authenticate to the domain using the secure-channel-password previously negotiated. the device is presenting an invalid password (according to the domain). this can happen to any device attempting to bind (logon), just as it can happen for a user account/password.
to recover, you will need a local admin identity. if you didn't set one of those up, when you unboxed the SHub (eg you only nominated a domain group for device admin), I think you will need to reset/recover/reimage the SHub and perform OOBE all over again, rejoin the domain etc. the trick, is that you will need to be authenticated as admin to initiate reset/recovery/reimage, AFAIK.
this sounds like the device has either rolled-back or system-restore/recovery has occurred, or, an AD admin has 'reset' the computer account password on the domain controller side.
effectively, the device can no longer authenticate to the domain using the secure-channel-password previously negotiated. the device is presenting an invalid password (according to the domain). this can happen to any device attempting to bind (logon), just as it can happen for a user account/password.
to recover, you will need a local admin identity. if you didn't set one of those up, when you unboxed the SHub (eg you only nominated a domain group for device admin), I think you will need to reset/recover/reimage the SHub and perform OOBE all over again, rejoin the domain etc. the trick, is that you will need to be authenticated as admin to initiate reset/recovery/reimage, AFAIK.
effectively, the device can no longer authenticate to the domain using the secure-channel-password previously negotiated. the device is presenting an invalid password (according to the domain). this can happen to any device attempting to bind (logon), just as it can happen for a user account/password.
to recover, you will need a local admin identity. if you didn't set one of those up, when you unboxed the SHub (eg you only nominated a domain group for device admin), I think you will need to reset/recover/reimage the SHub and perform OOBE all over again, rejoin the domain etc. the trick, is that you will need to be authenticated as admin to initiate reset/recovery/reimage, AFAIK.
Hi, Don.
The issue, I believe, is related to changing the password on the Domain Controller, and not having set a local admin account (or at least loosing that access on my records).
I do believe the only way to recover the device is, as you mentioned, restore from factory image, which was something I was trying to avoid, even being a smooth and relatively fast process.
The recovery process can be bypassed by using the power switch in a very specific way (did it once), so you don't really need access to device settings.
- The power switch trick, I'm familiar with, that forces Windows into Automated System Recovery (ASR). I did that once, and bricked the SSD. I'm not a fan :(
Although I've been working with Windows for 20 years, I feel a little constrained by this implementation on SHub, I haven't (yet) found a way to dig deeper using my traditional techniques (which have been very effective in enterprise scenarios for a long time) [old dog, needs new tricks] :)