AD Azure

2 Topics

Azure AD Endpoint Manager User Profile Corruption: Black Screen Flashing Taskbar Explorer Crash Loop
We are in the midst of a Azure/Endpoint Manager (Intune) Migration. 300+ Endpoints and are running into deployment nightmare: We are experiencing a very odd, completely random issue when a previously Synced Hybrid Azure AD User logs into their endpoint (which was previously working without issue for weeks/months) and then suddenly fails to load. This issue only seems to occur when NEW endpoints are added to the Azure AD tenant/domain. We know the issue is about to happen when you receive a call from an end-user stating their previously working credentials are "no longer working". When the the user attempts to login via "other user"; The login will proceed, and the user will login to a black desktop/screen and flashing taskbar. Windows Task Manager is not responsive; Safe-mode options will not produce a better end result. Upon reviewing the logs you will see "explorer.exe" crash loop prompting urtcbase.dll. Azure AD homed user accounts and local user accounts are able to login without issue into the endpoint. The issue is only specific to Hybrid Azure AD User Profiles (on-premise cached/home' d accounts). I'm thinking it has to do with a conflict of the on-premise SAM Account name. I'm not sure why adding new endpoints to the tenant causes the issue. This particular issue is happening across all different makes, models, and Window Image variations. The issue is specific to only Azure AD Profiles that attempt to login to the endpoint. Precursors: Incorrect password prompt. Requires uses to select "other user" After selecting other user, user profile experiences delayed "Welcome" Black screen appears with flashing taskbar, rending the profile useless If we attempt a Wipe/Restore the issue will randomly reoccur on another workstation. I believe the issue is specific in the way Windows try to load/create the profile for Azure AD users. I'm not sure if AutoPilot is attempting to configure these endpoints in Hybrid mode. However we've noticed discrepancies in the naming convention of some profiles and domains. For example: AzureAD\FirstLastName shortdomain\FLast I believe the User Profile Service is somehow bugged and causing a mismatch between the registry's SID for the user profile. Has anyone else experienced this issue? We are desperate for answers; this is worse than any virus as its random intermittent nature will return after a fresh system restore. I've received a call from another organization stating they are seeing the same issue occur throughout their deployment. I believe this is now a wide-spread issue. We have a ticket opened with the Microsoft on this. Windows Performance Team is reaching out to Azure Team.
Solved
Edmundo Pena
Sep 18, 2024 Place Windows 10
27KViews
0likes
52Comments
Join Devices using a provisioning package (.ppkg) in Azure AD - how does it work in detail?
For a project, we are checking whether there is a way to join the devices into AAD using a provisioning package. When creating a project with the Windows Configuration Designer under "Account Management" is the task for "Enroll in Azure AD" and "Get Bulk Token". Here are my questions about it: Which account do I normally used to register the token? Which rights and licenses must the account have? An enterprise app is being created, but I still must do something with the permissions? Something else needs to be done with the user that is created in AAD (package_)? Are there hurdles in sight regarding conditional access? I ask myself the questions because I tried it and failed with the following message (from the event log of the client which I wanted to integrate into AAD) Client: Windows 10 Pro 21H2, Windows 10 Enterprise 1909 (same Error) ProvXML category 'DeviceAADJoin' failed with '0x80180014' at CSP node 'AADJ/BPRT'. Provisioning failed
RomanK7
Mar 09, 2023 Place Windows deployment
2KViews
0likes
0Comments