Hello Team,
We are facing an issue with our on-premises Active Directory (AD) integrated with Active Directory Federation Services (AD FS). We have correctly configured Microsoft Entra hybrid join using Microsoft Entra Connect, following the official documentation.
However, we have observed that all our devices are showing up in Microsoft Entra devices with a status of "Pending", and this status remains unchanged indefinitely. To troubleshoot, we have already tried running the following command: dsregcmd /leave. After rebooting the PCs, the issue persists.
Running the below command, results in the following output:
C:\Users\abc> dsregcmd /debug /join
DsrCLI: logging initialized.
DsrCLI: logging initialized.
DsrCmdJoinHelper::Join: ClientRequestId: e58946ab-b851-1759-3658-69824b6857fDsrCmdAccountMgr::IsDomainControllerAvailable: DsGetDcName success { domain:contoso.local forest:contoso.local domainController:\\dc1.contoso.local isDcAvailable:true }
PreJoinChecks Complete.
preCheckResult: Join
deviceKeysHealthy: undefined
isJoined: undefined
isDcAvailable: YES
isSystem: YES
keyProvider: undefined
keyContainer: undefined
dsrInstance: undefined
elapsedSeconds: 1
resultCode: 0x0
Automatic device join pre-check tasks completed.
TenantInfo::Discover: Call to DsrBeginDiscover failed before wait. 0x80070057
DsrCmdJoinHelper::Join: TenantInfo::Discover failed with error code 0x80070057.
DSREGCMD_END_STATUS
AzureAdJoined : NO
EnterpriseJoined : NO
We also ran the DSRegTool PowerShell script but did not encounter any significant errors.
Given the error code 0x80070057 and the devices not registering with Azure AD, we suspect there could be an issue either with the tenant discovery process or with certain configuration steps that might have been overlooked.
Has anyone encountered this error before or have any insights into further troubleshooting steps to resolve this issue?
Any guidance would be greatly appreciated.
Thanks