cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

error_missing_device when joining a domain with hybrid join config

ScottCIS
Copper Contributor

‎Jan 31 2024 01:04 PM - edited ‎Jan 31 2024 01:05 PM

‎Jan 31 2024 01:04 PM - edited ‎Jan 31 2024 01:05 PM

error_missing_device when joining a domain with hybrid join config

I just inherited this setup, and I've never done a hybrid environment before. I'm just looking for the next clue in the mystery.

 

I created a VM. I ran dsregcmd /status and it was clean, as expected. No errors.

I joined our domain. I immediatley ran dsregcmd /status again, without even rebooting. 

 

 

 

Previous Registration : 2024-01-30 20:53:16.000 UTC
         Registration Type : sync
               Error Phase : join
          Client ErrorCode : 0x801c03f3
          Server ErrorCode : invalid_request
       Server ErrorSubCode : error_missing_device
          Server Operation : DeviceRenew
            Server Message : The device object by the given id (f6628439-35ae-43c8-969f-7780d1b8d48f) is not found.
              Https Status : 400
                Request Id : c3ba163b-fcd7-4d3e-8525-9fe3b82ec5bb

 

This happens to all workstations and as far as I can tell, has always happened. Devices do not show up in Entra as expected. The Azure AD Connector seems to be working as users do show up in M365 and Entra.

 

I'd like to focus on the errors above.  Why is it saying "missing device"? What device is it looking for? Itself? Why? Why would it look for itself and not just create a new record (which is what I'm expecting)?

 

Any insight appreciated.

Labels:
2,963 Views
0 Likes
7 Replies
Reply
7 Replies
rahuljindal-MVP

‎Jan 31 2024 01:12 PM

‎Jan 31 2024 01:12 PM

Re: error_missing_device when joining a domain with hybrid join config

The error suggests that the device object has not synced in Entra ID. Do the devices have a line of sight to DC? Have you included the user certificate in attributes for syncing in Entra ID connect synchronisation settings?
0 Likes
Reply
ScottCIS

‎Jan 31 2024 01:33 PM

‎Jan 31 2024 01:33 PM

Re: error_missing_device when joining a domain with hybrid join config

So I discovered that Azure AD connect was not set to sync the OU which computers reside in. So this explains why they are not showing up in Entra. Cool. But can you explain what, then, is trying to "sync" it which results in the errors in my original post?
0 Likes
Reply
ScottCIS

‎Feb 06 2024 05:31 AM

‎Feb 06 2024 05:31 AM

Re: error_missing_device when joining a domain with hybrid join config

"The error suggests that the device object has not synced in Entra ID. "

@rahuljindal-MVP That was the case, but I still don't understand the error. What made it think it was SUPPOSED to sync to Entra ID? In other words, if the sync was never set up, why the error? Like, why doesn't my personal laptop get this error? It's not synced in Entra ID. See what I'm getting at?

0 Likes
Reply
rahuljindal-MVP

‎Feb 06 2024 01:38 PM

‎Feb 06 2024 01:38 PM

Re: error_missing_device when joining a domain with hybrid join config

I am not sure what you mean, but the sync is really a registration with Entra ID. There are some moving elements running in the background but at a high level your on-prem device objects need to be allowed to sync with default device & user certificate attributes through the Entra ID connect sync. Then you need to decide whether to provide details of your Azure tenant to the devices using SCP or targeted deployment involving GPO. As the final step your devices need to be allowed to go over internet to connect to relevant Azure URLs to register with service and pull down user certificate. This is where the device object in Entra ID is checked for. If missing, the user certificate will not come down to the device. Once satisfied, the device needs line if sight to DC to complete the handshake and finish the hybrid join process. Hope this helps.
0 Likes
Reply
ScottCIS

‎Feb 06 2024 01:41 PM

‎Feb 06 2024 01:41 PM

Re: error_missing_device when joining a domain with hybrid join config

Imagine I said I had an error that said my computer won't power on and you said "Did you power it on". So then I turned it on and it worked. Wouldn't you be curious about the initial error? That's how I feel about this sync error. Why was there a sync error if the sync had never been set up correctly?
0 Likes
Reply
rahuljindal-MVP

‎Feb 06 2024 02:06 PM

‎Feb 06 2024 02:06 PM

Re: error_missing_device when joining a domain with hybrid join config

There was an error because you didn’t have the configuration in place all the way. It is like any other thing. If your engine oil light comes on and you fix it by putting in more engine oil then the indicator did its job. :smiling_face_with_smiling_eyes:
0 Likes
Reply
ScottCIS

‎Feb 07 2024 05:39 AM

‎Feb 07 2024 05:39 AM

Re: error_missing_device when joining a domain with hybrid join config

| you didn’t have the configuration in place all the way

Right, that's what I'm trying to figure out. What part of the configuration was complete? Why was it trying to join if it wasn't in an OU with the policy?
0 Likes
Reply