Dec 04 2018
05:03 AM
- last edited on
Feb 06 2023
03:44 AM
by
TechCommunityAP
Dec 04 2018
05:03 AM
- last edited on
Feb 06 2023
03:44 AM
by
TechCommunityAP
Hello All, I have also opened a ticket for over a week but I have not yet had feedback and I hope someone here can help me.
In company we have adopted Office 365 and users commonly have the business premium license.
One user, the only one currently running Windows 10 Pro, has recently been joined to the new domain (previously it was standalone in workgroup) Windows 2016.
After this step, the user was no longer able to use some Office 365 Sharepoint created by him or the TODO application by Microsoft, which previously used pre-join regularly used.
In the Azure AD logs I see as if the device were added and then automatically removed, that is how much in the image below.
If instead of the user, who uses his email as an account, I try to do the same operation with the same domain user but using the Office 365 admin user of the tenant, ie the one who has login with admin@xxxxx.onmicrosoft.com the operation takes place regularly.
Any Idea?
Dec 04 2018 11:13 AM
@Faber can you explain in some more details what exactly is the issue he's having with SPO? Device registration should not matter in general, unless you have some policies configured to restrict access to only AAD-joined devices.
Dec 04 2018 11:37 AM - edited Dec 04 2018 11:39 AM
I try to re-explain the matter.
I've a user that previous have his notebook, in workgroup mode before join a new Windows 2016 Domain.
Before join, he has Office 2016 installed and a O365 Business Premium license. He also create and it is owner (I checked) of some Sharepoint Team Sites. Before the join, if he need to modify a word document in one site; he opened the browser, authenticate with his name.surname@domain.ext and password credentials, click on the document and select modify document with Word installed on computer (not online).
So I create a domain, and join his computer, with forensit tool profwiz, to mantain his profile.
After this, to do the same operation it doesn't work. and in azure AD I see the log i attach in the first post.
Office application, for example Word 2016, ask the autentication, he enter his account like I wrote (name.suname.... and password), office ask another time the password, and word hang with this error:
Something went wrong
We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. (I translate the error because is in italian)
He has also TODO APP downloaded from windows app store, and also doesn't work with 0x80070520 error.
I also, from windows settings, removed O365 credentials and try to reconnect, but same result:
Something went wrong
We weren't able to register your device and add your account to Windows. Your access to org resources may be limited.
So the user is unable to use O365 Sharepoint site, and I don't know if there is some matters.
Is actually the only user that have this issue, because the only user that has Windows 10 (17134), Win7Pro users seems doesn't have this issue.
I've some headache after a week waiting also Microsoft 365 support for an help and feeback...
I also configure domain users, that username is the userprincipalname attribute, that is name.surname@domain.ext like O365; and I haven't sync anything of my local Active Directory with Azure AD "free version" in O365, for example password hash or something else.
I hope now is a bit clear, and sorry for my bad english I suppose ;)
Dec 04 2018 11:41 AM
I try to re-explain the matter.
I've a user that previous have his notebook, in workgroup mode before join a new Windows 2016 Domain.
Before join, he has Office 2016 installed and a O365 Business Premium license. He also create and it is owner (I checked) of some Sharepoint Team Sites. Before the join, if he need to modify a word document in one site; he opened the browser, authenticate with his name.surname@domain.ext and password credentials, click on the document and select modify document with Word installed on computer (not online).
So I create a domain, and join his computer, with forensit tool profwiz, to mantain his profile.
After this, to do the same operation it doesn't work. and in azure AD I see the log i attach in the first post.
Office application, for example Word 2016, ask the autentication, he enter his account like I wrote (name.suname.... and password), office ask another time the password, and word hang with this error:
Something went wrong
We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. (I translate the error because is in italian)
He has also TODO APP downloaded from windows app store, and also doesn't work with 0x80070520 error.
I also, from windows settings, removed O365 credentials and try to reconnect, but same result:
Something went wrong
We weren't able to register your device and add your account to Windows. Your access to org resources may be limited.
So the user is unable to use O365 Sharepoint site, and I don't know if there is some matters.
Is actually the only user that have this issue, because the only user that has Windows 10 (17134), Win7Pro users seems doesn't have this issue.
I've some headache after a week waiting also Microsoft 365 support for an help and feeback...
I also configure domain users, that username is the userprincipalname attribute, that is name.surname@domain.ext like O365; and I haven't sync anything of my local Active Directory with Azure AD "free version" in O365, for example password hash or something else.
I hope now is a bit clear, and sorry for my bad english I suppose ;)
Dec 04 2018 03:24 PM
I try to re-explain the matter.
I've a user that previous have his notebook, in workgroup mode before join a new Windows 2016 Domain.
Before join, he has Office 2016 installed and a O365 Business Premium license. He also create and it is owner (I checked) of some Sharepoint Team Sites. Before the join, if he need to modify a word document in one site; he opened the browser, authenticate with his name.surname@domain.ext and password credentials, click on the document and select modify document with Word installed on computer (not online).
So I create a domain, and join his computer, with forensit tool profwiz, to mantain his profile.
After this, to do the same operation it doesn't work. and in azure AD I see the log i attach in the first post.
Office application, for example Word 2016, ask the autentication, he enter his account like I wrote (name.suname.... and password), office ask another time the password, and word hang with this error:
Something went wrong
We weren't able to register your device and add your account to Windows. Your access to org resources may be limited. (I translate the error because is in italian)
He has also TODO APP downloaded from windows app store, and also doesn't work with 0x80070520 error.
I also, from windows settings, removed O365 credentials and try to reconnect, but same result:
Something went wrong
We weren't able to register your device and add your account to Windows. Your access to org resources may be limited.
So the user is unable to use O365 Sharepoint site, and I don't know if there is some matters.
Another detail: if I use the admin account of Office 365, instead the user account, for login as described before, so with the user in my case in the format admin@tenantdomain.onmicrosoft.com and password, the login was successful and in Azure AD log i see the device is registered.
Is actually the only user that have this issue, because the only user that has Windows 10 (17134), Win7Pro users seems doesn't have this issue.
I've some headache after a week waiting also Microsoft 365 support for an help and feeback...
I also configure domain users, that username is the userprincipalname attribute, that is name.surname@domain.ext like O365; and I haven't sync anything of my local Active Directory with Azure AD "free version" in O365, for example password hash or something else.
I hope now is a bit clear, and sorry for my bad english I suppose ;)
Dec 04 2018 03:46 PM
Do you use the same domain name for your local Active Directory as you use in Office 365?
Dec 04 2018 04:05 PM
Dec 04 2018 04:39 PM
Dec 04 2018 05:28 PM - edited Dec 04 2018 11:01 PM
Are you sure?! I see many other colleagues in other organization with same situation and no sync and no adfs and works correctly with no issues. I also don't understand.. they are atwo accounts; not one..
If you are right, I can temporary change the upn of the username from domain.it to domain.local and retry.
Dec 04 2018 05:32 PM
Dec 04 2018 08:21 PM
On the end user machine having the issue check
Windows integrated authentication enabled on the browser or try using private window.
In a elevated prompt run dsregcmd /status, maybe these would help to find out more.
Dec 05 2018 12:09 AM
So it does seem like device registration is enforced for their organization? Can you check the settings in the Azure AD portal, namely the "Users may join devices to Azure AD" group under https://portal.azure.com/#blade/Microsoft_AAD_IAM/DevicesMenuBlade/DeviceSettings/menuId/
In addition, check for any Intune or Conditional Access policies that are enforcing the device registration requirement.
Dec 05 2018 12:16 AM
That's the result. In the domain name there is like domain.it but only DOMAIN in uppercase, without .it
Dec 05 2018 12:20 AM
"Users may join devices to Azure AD" --> is set as TUTTO so i think in english mode is ALL without any user specified.
Check for any Intune or Conditional Access policies --> We havn't Intune, and azure premium either.
Meanwhile i do a dsregcmd /status (view before post) and also change the upn for the username to domain.local but the matter still remain.
Dec 05 2018 06:26 AM
Have you tried it with a new user profile on the client after changing the UPN?
Dec 05 2018 07:22 AM
I relogin with the same user, but instead name.surname@domain.it with name.surname@domain.local
Apr 03 2019 02:00 AM
Hello, could you solve this issue? If so, how? Seeing the exact same Problem. I think it is caused by profWiz, the same tool you used. Work Account cant be added and OneNote2016 is asking for authentification, but when i authentificat, i end up with Error 80090016 Key set (or storage) is missing (translated from german). When i try to add a Work Account i receive the same error as you did. We've used this tool with serveral hundred computer and did not have any issues before.
Apr 03 2019 07:44 AM
@Freddy86 after 4 months of investigations with microsoft, and full remove of O365 applications with a provided tool by microsoft, e full reinstall, unfortnately the problem still remained.
Meanwhile I found this post in the profwiz official forum:
http://forum.forensit.com/forum_posts.asp?TID=1633
there you can download a tool to try if this solve the matter.
If not, like my case, I resolved with completely delete the user profile with administrator account, and recreate with a "clean" login of the user.. Losing all user settings indeed.
Please let me know if you resolve. Good Luck.