Jun 29 2020 06:46 AM
I am simply trying to get Azure AD Hybrid join to work so I can manage our laptops via Azure InTune.
We have an on-prem AD and we use Okta for our authentication of users to Azure/O365.
The lack of details and support form both vendors is astounding and only thing holding us back from giving people our money.
I ran the configuration in Azure AD Connect client to do device joining and the SCP page gave me 2 options: ourdomain.okta.com or Azure AD. I chose the Okta one. Nothing else stood out as odd in the wizard.
Thereafter I'm still not sure what to do. I check my computer's event logs and it gives me this error under Applications and Service Logs > Microsoft > Windows > User Device Registration > Admin:
> Automatic registration failed at authentication phase. Unable to acquire access token.
> Exit code: Unknown HResult Error code: 0x801c0515
> Tenant Name: ourdomain.com.com
> Tenant Type: Federated
> Server error:
> AdalMessage: ADALUseWindowsAuthenticationTenant failed, unable to preform integrated auth
> AdalErrorCode: 0x2ee6
> AdalCorrelationId: undefined
> AdalLog: HRESULT: 0x2ee6
> AdalLog: HRESULT: 0x2ee6
> AdalLog: HRESULT: 0x2ee6
> AdalLog: AggregatedTokenRequest::GetAppliesTo: using resource ID "urn:federation:MicrosoftOnline" for authority "https://login.microsoftonline.com/common". ; HRESULT: 0x0
> AdalLog: AggregatedTokenRequest::UseWindowsIntegratedAuth- received realm info ; HRESULT: 0x0
> AdalLog: HRESULT: 0x4aa90010
> AdalLog: AggregatedTokenRequest::UseWindowsIntegratedAuth w Tenant ; HRESULT: 0x0
> AdalLog: AggregatedTokenRequest::AcquireToken- returns false ; HRESULT: 0x0
> AdalLog: AggregatedTokenRequest::AcquireToken- refresh token is not available ; HRESULT: 0x0
> AdalLog: AggregatedTokenRequest::AcquireToken get refresh token info ; HRESULT: 0x0
> AdalLog: Authority validation is completed ; HRESULT: 0x0
> AdalLog: Authority validation is enabled ; HRESULT: 0x0
> AdalLog: Token is not available in the cache ; HRESULT: 0x0
Jun 29 2020 07:17 PM
Jun 29 2020 08:22 PM
Hi @Moe_Kinani ,
Yes I've got the AD Connect in the environment.
Problem is there's no direction from MS or Okta on what to choose for the SCP.
I believe that is why I see the error log in my original post.
It gives me two options:
I wonder if I should choose "Azure Active Directory" instead of ourdomain.okta.com??
Jun 29 2020 08:44 PM
Jun 13 2023 08:04 PM