Mar 05 2019 03:16 AM
Mar 05 2019 03:16 AM
Hi my fellow engineers,
Autopilot Hybrid Azure AD join used to work fine in our environment but since 02/22 we are unable to make it work consistently.
Once the user provide its credentials the device gets stuck at “Please wait while we configure your device” for 25 minutes then it displays an error code 80070774, those 25 minutes mean the device was unable to join the domain.
After reboot we notice the device keeps its default name, instead of applying the one configured in our Intune Domain Join profile, and appears in the Intune console but neither in Azure AD nor in ADDS.
We checked the whole workflow provided by @Michael Niehaus in his blog post and we deducted the Intune ODJ Connector service never gets the Intune request for the ODJ Blob as there are no other events than 30121 and 30150 within the ODJ Connector service event logs.
We uninstalled and reinstalled our Intune Connector but Hybrid AAD join still does not work even if the service seems healthy.
We also checked our Intune Domain Join configuration profile and everything is OK, the delegation is correctly applied to the target OU.
One more thing to notice, we don’t know if it is related but we set up an Express Route and created our first Server 2016 DC in Azure (IaaS) on 02/22. Our network team checked the route and firewall logs but didn't see anything.
I can provide the Autopilot and Device Management event logs from a failing device as well as the Intune Connector Service event logs from the server if needed.
I have a Premier ticket opened but if you have any idea...
Mar 09 2019 04:54 AM
It turns out everything went back to normal. We don't know why yet but I'll update this thread with my findings.
Mar 12 2019 01:28 AM
I've observed this behaviour before, I found that if I rebuilt an existing device (already built by Autopilot) it would fail to get the Hybrid Join configuration policy (dynamic group membership issue I think). I now completely delete the device from Intune and AAD every time I rebuild, including removing the HWID. Then re-import the HWID.
Mar 12 2019 03:23 AM
Aug 12 2019 05:13 AM
Unfortunately it still does not work...
Premier support has no idea why it is failing, I'm going crazy!
This week-end we found out if we launch an Hybrid Autopilot process, let it fail once the 25 minutes timeout happens (0x80070774) then wait 24 hours the machine becomes domain joined! But I still have to reset it since the autopilot process failed...
Both ADDS computer object "whencreated" property and the ODJConnector event IDs (30130 + 30140) show that it happened 24 hours later, 24 hours too late... Why?
How can get rid of it? Any idea? @Michael Niehaus maybe?
Aug 19 2019 09:08 AM
@Mathieu Aït Azzouzène I believe I came across a similar issue that was resolved by updating the version of Windows I had on my USB stick.
Downloaded the latest 1903 ISO and flashed to USB with the media creation tool, then reinstalled on the device, deleted HWID and reuploaded, then it seemed to work
Aug 21 2019 12:36 AM
@nitvit610thank you for your reply.
We already tried to delete the HWID then reupload it, sometimes it works, sometimes not.
We use the latest 1809 ISO from MSDN, not 1903, and it used to work perfectly for months before it started to fail randomly.
Oct 25 2019 03:09 AM
It was all about the ping... a few DCs were implemented in Azure with ICMP echo blocked from our on-prem network. Hope this will help others
Jul 15 2020 11:15 PM