Something went wrong (Hybrid Azure AD Join) Autopilot

Iron Contributor

During Hybrid Azure AD Join process as it is setting up the Windows 11 device it comes to a point where it stops and shows this screen attached.


The domain join profile is there everything is there. I know the Domain Controller is not in line of Sight. The device  is being connected through Wireless network from home and trying to join the Autopilot process. It is not completing it, because it is not seeing the Domain Controller and getting the OJB file?



5 Replies
Correct, without having a line of sight to the Domain Controller, it will not work. You can do it from home if you have a VPN connection, / . (Should be a auto-vpn without user input , always on-vpn something)
Hi Harm,

We are trying to use CATO as the VPN, now we need to have this installed first on the device right and then it has to automatically prelogin? So do we have to do the device/user certificate to be issue for prelogin and if so should we go to the route of SCEP / NDES ?
It needs to be installed during ESP including the certificate. Don't know CATO and how that works, but if it can connect unattended like that. Yes!

But the biggest question, elephant in the room, why Hybrid join?
Hi Harm,

Thanks for the information. Well with some of our applications they are thinking that having it Hybrid join would be beneficial. Some are custom apps and we are not sure whether it would work being AAD only.

Installed during ESP? ESP meaning?
best response confirmed by oryxway (Iron Contributor)




Add the app in blocking apps to make sure the VPN is installed (Enrollment Status Page - Microsoft Endpoint Manager admin center)