Device has no MDM URLs when running dsregcmd status

Copper Contributor

I have a peculiar problem with some of the devices at our organization. While almost all our devices enroll without any issues a few devices still cause me some headache.

 

With this specific device, I've tried what's suggested from the page MS homepage
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/pending-devices 

Friday the 9th I did the following.

1) Ran dsregcmd /leave

2) gpupdate /force 
3) Restarted the device
4) Left the device over the weekend so that it would have time to sync with our dynamic group.

The device is still pending in Intune. However, on the positive site, the device is now discovered in Intune. It wasn't possible to look it up before.
I've added the output from the Dsregcmd /status, Line 34, 35 and 36 are the interesting ones. The different MDM urls are missing and its hard to get a more concrete idea as to why. I've been doing quite an extensive search but without much luck.

Does anyone have any idea as to why this could happen?

Thanks in advance.

 

C:\Windows\system32>dsregcmd /status

+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

             AzureAdJoined : YES
          EnterpriseJoined : NO
              DomainJoined : YES
                DomainName : xxxxxxx
               Device Name : xxxxxxxxxxx.xxxxxx.xxxxxx.local

+----------------------------------------------------------------------+
| Device Details                                                       |
+----------------------------------------------------------------------+

                  DeviceId : 8d7439dd-ae7d-4a60-91cb-a5d60766bec0
                Thumbprint : 83BEEA77BA908C6B58CC7F3F6557304C1D2C63FC
 DeviceCertificateValidity : [ 2023-06-13 05:20:20.000 UTC -- 2033-06-13 05:50:20.000 UTC ]
            KeyContainerId : 285777bf-8b36-4d4d-86a0-b559d98a0468
               KeyProvider : Microsoft Platform Crypto Provider
              TpmProtected : YES
          DeviceAuthStatus : SUCCESS

+----------------------------------------------------------------------+
| Tenant Details                                                       |
+----------------------------------------------------------------------+

                TenantName :
                  TenantId : 081d9cdf-aa83-4294-8634-5b8ae24063ff
                       Idp : login.windows.net
               AuthCodeUrl : https://login.microsoftonline.com/081d9cdf-aa83-4294-8634-5b8ae24063ff/oauth2/authorize
            AccessTokenUrl : https://login.microsoftonline.com/081d9cdf-aa83-4294-8634-5b8ae24063ff/oauth2/token
                    MdmUrl :
                 MdmTouUrl :
          MdmComplianceUrl :
               SettingsUrl :
            JoinSrvVersion : 2.0
                JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
                 JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
             KeySrvVersion : 1.0
                 KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
                  KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
        WebAuthNSrvVersion : 1.0
            WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/081d9cdf-aa83-4294-8634-5b8ae24063ff/
             WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
    DeviceManagementSrvVer : 1.0
    DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/081d9cdf-aa83-4294-8634-5b8ae24063ff/
     DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net

+----------------------------------------------------------------------+
| User State                                                           |
+----------------------------------------------------------------------+

                    NgcSet : NO
           WorkplaceJoined : NO
             WamDefaultSet : ERROR (0x80070520)

+----------------------------------------------------------------------+
| SSO State                                                            |
+----------------------------------------------------------------------+

                AzureAdPrt : NO
       AzureAdPrtAuthority :
             EnterprisePrt : NO
    EnterprisePrtAuthority :

+----------------------------------------------------------------------+
| Diagnostic Data                                                      |
+----------------------------------------------------------------------+

        AadRecoveryEnabled : NO
    Executing Account Name : xxxxxxx\xxxxxxxxxx, email address removed for privacy reasons
               KeySignTest : PASSED

        DisplayNameUpdated : YES
          OsVersionUpdated : YES
           HostNameUpdated : YES

      Last HostName Update : NONE

+----------------------------------------------------------------------+
| IE Proxy Config for Current User                                     |
+----------------------------------------------------------------------+

      Auto Detect Settings : YES
    Auto-Configuration URL :
         Proxy Server List :
         Proxy Bypass List :

+----------------------------------------------------------------------+
| WinHttp Default Proxy Config                                         |
+----------------------------------------------------------------------+

               Access Type : DIRECT

+----------------------------------------------------------------------+
| Ngc Prerequisite Check                                               |
+----------------------------------------------------------------------+

            IsDeviceJoined : YES
             IsUserAzureAD : NO
             PolicyEnabled : NO
          PostLogonEnabled : YES
            DeviceEligible : YES
        SessionIsNotRemote : YES
            CertEnrollment : none
              PreReqResult : WillNotProvision

For more information, please visit https://www.microsoft.com/aadjerrors

 

 

3 Replies

Hey so I've just had this issue where the device enrolled via as device but the user enrolment never finishes. I enabled the continue anyway button in the enrolment status page and now devices are not reporting back to intune etc.

 

What I have just noticed is all my MDM urls have gone missing from within the intune portal, it might be the same for you. Just trying to see if I can get them back on the device now I've restored them.

 

PS I didnt delete them, stuff worked fine 2 days ago now its gone so fun.

 

@HiddenInTheCables 

How are the devices being enrolled? Anything in the MDM diag log related to AAD token being applied, like user vs device?