Home

Automatic registration at join phase

%3CLINGO-SUB%20id%3D%22lingo-sub-411801%22%20slang%3D%22en-US%22%3EAutomatic%20registration%20at%20join%20phase%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-411801%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Everyone%2C%3C%2FP%3E%3CP%3EI'm%20trying%20enroll%20my%20devices%20in%20my%20hybrid%20environment%2C%20but%20when%20I%20see%20my%20event%20viewer%20i%20receive%20a%20message%3A%3C%2FP%3E%3CP%3E%3CSPAN%3EAutomatic%20registration%20failed%20at%20join%20phase.%26nbsp%3B%20Exit%20code%3A%20Unknown%20HResult%20Error%20code%3A%200x801c0021.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Eand%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EWindows%20Hello%20for%20Business%20provisioning%20will%20not%20be%20launched.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EDevice%20is%20AAD%20joined%20(%20AADJ%20or%20DJ%2B%2B%20%3A(%3C%2Fimg%3E%20No%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EUser%20has%20logged%20on%20with%20AAD%20credentials%3A%20No%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EWindows%20Hello%20for%20Business%20policy%20is%20enabled%3A%20No%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3ELocal%20computer%20meets%20Windows%20hello%20for%20business%20hardware%20requirements%3A%20Yes%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EUser%20is%20not%20connected%20to%20the%20machine%20via%20Remote%20Desktop%3A%20Yes%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EUser%20certificate%20for%20on%20premise%20auth%20policy%20is%20enabled%3A%20No%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EMachine%20is%20governed%20by%20none%20policy.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3ESee%20%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D832647%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D832647%3C%2FA%3E%20for%20more%20details.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EI%20already%20made%20all%20configurations%20following%20the%20docs%20of%20Microsoft%2C%20but%20I%20don't%20get%20a%20ideal%20result.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EIn%20my%20environment%20I%20have%20ADFS%20and%20Already%20have%20a%20GPO%20to%20automatic%20enroll%20devices%20and%20all%20W7%20devices%20appear%20as%20Hybrid%20Azure%20AD%20Join%2C%20but%20i%20dont%20have%20the%20same%20result%20with%20W10%20to%20manage%20this%20devices.%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3EAnd%20I%20also%20followed%20this%20steps%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-411801%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-471423%22%20slang%3D%22en-US%22%3ERe%3A%20Automatic%20registration%20at%20join%20phase%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-471423%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32045%22%20target%3D%22_blank%22%3E%40Paulo%20Silva%3C%2FA%3E%3C%2FP%3E%3CP%3EI%20still%20receiving%20the%20error%3A%3CBR%20%2F%3E%3CSTRONG%3EUser%20Device%20Registration%20Admin%20log%20%E2%80%93%20EventID%20304%3C%2FSTRONG%3E%3CSPAN%3E%20%E2%80%93%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CEM%3EadalResponseCode%3A%200xcaa1000e%3C%2FEM%3E%3CSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%E2%80%93%20recommended%20step%20is%20to%20check%20the%20AD%20FS%20claim%20rules%20per%20mentioned%20above%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevice-management-hybrid-azuread-joined-devices-setup%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Earticle%3C%2FA%3E%3CSPAN%3E.%20It%20is%20important%20to%20have%20the%20AD%20FS%20claim%20rules%20in%20the%20described%20order%20and%20if%20you%20have%20multiple%20verified%20domains%2C%20do%20not%20forget%20remove%20any%20existing%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSTRONG%3EIssuerID%3C%2FSTRONG%3E%3CSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Erule%20that%20might%20have%20been%20created%20by%20Azure%20AD%20Connect%20or%20other%20means.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAnd%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3EUser%20Device%20Registration%20Admin%20log%20%E2%80%93%20EventID%20204%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%E2%80%93%20Error%20code%3A%200x801c03f2%20(%E2%80%9CThe%20device%20object%20by%20the%20given%20id%20(xxx)%20is%20not%20found.%E2%80%9D)%20%E2%80%93%20make%20sure%20the%20on-premises%20computer%20object%20is%20synchronized%20to%20Azure%20AD.%20Run%20the%20Delta%20Azure%20AD%20Connect%20sync.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20devices%20in%20my%20environment%20register%20as%20Hybrid%20and%20another%20ones%20not.%3CBR%20%2F%3EI%20don't%20really%20understand%20what%20happens.%3C%2FP%3E%3CP%3EI%20have%20an%20ADFS%20and%20already%20followed%20all%20the%20docs%20from%20Microsoft.%3C%2FP%3E%3CP%3EAny%20ideia%20what%20could%20be%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Paulo Silva
Contributor

Hi Everyone,

I'm trying enroll my devices in my hybrid environment, but when I see my event viewer i receive a message:

Automatic registration failed at join phase.  Exit code: Unknown HResult Error code: 0x801c0021. 

 

and:

 

Windows Hello for Business provisioning will not be launched.

Device is AAD joined ( AADJ or DJ++ :( No

User has logged on with AAD credentials: No

Windows Hello for Business policy is enabled: No

Local computer meets Windows hello for business hardware requirements: Yes

User is not connected to the machine via Remote Desktop: Yes

User certificate for on premise auth policy is enabled: No

Machine is governed by none policy.

See https://go.microsoft.com/fwlink/?linkid=832647 for more details.

 

I already made all configurations following the docs of Microsoft, but I don't get a ideal result.

In my environment I have ADFS and Already have a GPO to automatic enroll devices and all W7 devices appear as Hybrid Azure AD Join, but i dont have the same result with W10 to manage this devices.

And I also followed this steps: https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

1 Reply

@Paulo Silva

I still receiving the error:
User Device Registration Admin log – EventID 304 adalResponseCode: 0xcaa1000e – recommended step is to check the AD FS claim rules per mentioned above article. It is important to have the AD FS claim rules in the described order and if you have multiple verified domains, do not forget remove any existing IssuerID rule that might have been created by Azure AD Connect or other means.

 

And

 

User Device Registration Admin log – EventID 204 – Error code: 0x801c03f2 (“The device object by the given id (xxx) is not found.”) – make sure the on-premises computer object is synchronized to Azure AD. Run the Delta Azure AD Connect sync.

 

Some devices in my environment register as Hybrid and another ones not.
I don't really understand what happens.

I have an ADFS and already followed all the docs from Microsoft.

Any ideia what could be ?

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies